|
|
||
Dial-Up Fine Tuning — Day 39© Copyright Darrell Anderson. A funny thing happened to me on the way to the forum. The discussions forums that is. I had configured Slackware on my primary box for dial-up. As mentioned previously, once properly configured I connected to the web with no issues. I went to http://www.grc.com web site to test my connection. As I expected, my ports were not “stealth” but closed, and my box accepted ping requests. From a basic security standpoint a closed port is adequate. I will not entertain the long-running debate of closed vs. stealth ports. Running “stealth” contains a degree of popular appeal, but functionally a closed port is a closed port. I’ll leave that discussion go. However, I read some info on the web about fortifying some configuration files, specifically resolv.conf, hosts.conf, hosts.allow, and hosts.deny. I had performed similar changes a long time ago with my Mandrake 9.2 setup, so I copied those files and added a couple of new lines. By the time I had finished the night was late so I retired for the evening. The next day I dialed out and returned to grc.com. All ports were “stealth.” I was suspicious. I had not changed anything much from my Mandrake configuration and I never had obtained a “stealth” response before. Nonetheless, I did some surfing and forgot my adventure. My primary concern was that my ports were all closed. I had other things to accomplish that day, so I logged out and rebooted into NT4. The next day I dialed out again in Slackware. This time I tested with all ports blocked. Something goofy was going on here. I have no idea what. One thing I did notice was that ports 135, 139, and 445 always appeared “stealth.” I rebooted into NT4 and dialed out. I ran the test with my firewall and everything appeared “stealth.” No surprise as I have been operating that way for years. Then I temporarily disabled the firewall and retested. All ports were closed except ports 135, 139, and 445. My guess is the ISP is blocking those ports automatically. I shrugged, enabled the firewall, and did some surfing. I found some information about blocking ICMP requests by configuring a handful of items in the /proc/sys/net/ipv4 pseudo file system. I rebooted into Slackware and added that information to the etc/rc.d/rc.firewall script. I don’t have a firewall script containing IPTable rules and those lines are the only lines in the script. I redialed and headed to grc.com. All ports were blocked, but this time my box passed the test of not responding to pings. I thought this wonderful considering I was running no firewall. However, when I selected the longer test, I then had a few blocks of ports that appeared as “stealth.” Hmm. I performed the test again and this time all ports were closed and only the three notorious Windows ports were “stealth.” I performed the same test again a while later after doing some surfing and had similar results. Sometimes I would have “stealth” ports and sometimes not. All very strange. Is the strangeness being generated from my box or the grc.com web site? I don’t know. Regardless, I am satisfied that my box is configured okay although I am not running IPTables yet. Configuring a front-end for IPTables is on my to-do list, but hardly an emergency. I am not running any internet services anyway. There is nothing listening on my box. The curious and the script kiddies can knock all day long. I’m here, but I don’t answer. However, after several days I find surfing with Konqueror too frustrating. Not because of the browser so much but because of the habits I have formed with more than three years of using Opera and Firefox/Phoenix/Firebird. Three years of customizing tends to entrench various habits and expectations. That is another reason why migrating is a challenge for me. I’m looking at 8 years of customizing and fine-tuning my NT4 system. However, I am making progress. I enjoy very much the overall look-and-feel of Slackware 10 and KDE 3.3.x. With each day I add a tweak or two, or add some polish. I’m happy with how my system runs and responds. I still flinch when I remember KDE 2.2. I also often have my nose under the hood in the command line. Thus, my comfort zone continues to expand and my confidence increase. Now that I have KDE configured to help with the GTK look-and-feel, my next step is to install and practice configuring Firefox on my text box. Having used Firefox for more than two years (since Phoenix 0.5), that effort hopefully requires only a few hours, possibly less as long as the installation script works fine. Then I will migrate my configuration knowledge to my primary box. After that point I can use the same browser in either operating system and share several configuration files. That degree of familiarity will help me. Being able to surf for information while in Slackware will help my progress because I no longer will have to reboot into Windows to surf. Unfortunately, my journal is in Word, not to mention all of my writing projects. Perhaps I can write journal notes in Kate or KWord and then copy and paste those notes when I reboot into NT4. Or possibly install OpenOffice. Although hardly the greatest product, I use Explore2fs in NT4 to help me copy or review files on my ext3 partitions. Unfortunately, Explore2fs refuses to connect to two of my ext3 partitions: /home, and /usr/local. Additionally, any time I access my Slackware /usr partition the program goes hog wild consuming RAM. The first few times this happened I had other programs simply quit and disappear. So now I am careful not to let Explore2fs run a long time once I look into the /usr partition. Too bad more time and polish is not provided for Explore2fs. What exists is functional but that is all. The program could be a wonderful product. Nonetheless, the product serves as a nominal tool and bridge between operating systems. The truly irritating part is that NT4 does not support ext3 partitions and the Linux kernel does not flawlessly support writing to the NT4 file system. I anticipate few problems with Firefox, and then I have a decision to make. Do I spend time testing Thunderbird, knowing that the product might not fit my needs, or do I jump straight into WINE, which I need for the long-term to run Word 97? I need WINE because of my Word environment, and once I go that far I will be tempted to run Eudora from WINE. Thunderbird might work and might not, but I have to test in two environments to know for sure. That takes time! Finis. |
||