Internet Connect of FC6..

Tue Feb 20 00:53:55 UTC 2007

Thanks for all of the info you have given me. I'll have to see what I can do 
over the weekend.

I know it sounds really crazy but I'm living in a 3rd world country, and my 
modem is a no-name modem and the manual is in a foreign language. I can make 
out the part where they are telling me the IP address, Netmask, Default 
Gateway etc. but I don't believe this modem stores the info inside.

It's actually not even my modem. I was just borrowing a co-workers' ADSL 
internet connection to get some updates and get XGL working... Currently, I 
don't have the internet at my place because I move around so much. I'm 
moving again in less than 2 weeks and will only be at my next place for 
about 2 months. Then I'll be moving once again to another country, but I'll 
be staying there for a long time. If I don't get all this working now, I'll 
handle it then. And maybe by then Fedora 7 will be out! Thanks again to all 
of you who have helped me so far... I'll keep trying~

Later,
Ryan
(Running FC6 on an Intel iMac)

P.S. What about the KPPP that can be found in the 'Applications -> Internet' 
tab? Will that work?

> >>you'll need to go and get PPPoE and install it, then setup iptables to
> >> do some NAT translation so you can use a private (192.168.x.x) address
> >> block and filter the net at the same time.
> >
> >Go and get PPPoE? you mean that PPPoE is a program or something separate
> >that isn't already included in the OS, or that it's already there, and I
> >just need to set it up? How about iptables?
>
>Well, it may have been installed, but more than likely its still on the
>installation cd's.  PPPoE stands for Point to Point Protocol over
>Ethernet.  Your connection to the modem is via an ethernet cable, but the
>protocol itself is PPP.  To do this, an 8 byte identifying header is
>prepended to the normal PPP packet of data of size MTU, or Maximum
>Transfer Unit.  For this reason, when setting the MTU of the ethernet
>link, one usually uses a setting of 1492 so the usual 1500 is all
>accounted for.
>
>Then PPPoE will need to be told the username and password it takes to
>access the login servers at your ISP.  This is required to actually make
>a connection to the internet.
>
>Then most ISP's will make you login to the mail server machines, probably
>using the same username/password.  This is required because the mail
>servers themselves are generally sitting right on the backbone or very
>close to it and they have to be sure that you are in fact a customer
>before they will allow access.  This is very handy in that you can take
>your machine with you when going on a business/working trip and you plug
>into the motels wifi with their little box that plugs into an ethernet
>port, with their little box taking care of all the details, fire up your
>email agent and get your email, from your ISP's servers, from anyplace on
>the planet with an available net connection.
>
> >>Its a bit more complex than that and not really coverable in one
> >> message, but ask as you proceed for better answers...
> >
> >Unfortunately I can't try to hook up my Fedora box again until the
> > weekend because I have to bring my computer over to a friends place.
> > And, this will be my last message for the day since I won't have
> > internet access again until tomorrow. If you don't mind, please include
> > any details that you can in your next message, and I'll read it first
> > thing tomorrow morning.
>
>In which case my reply probably isn't going to be timely, I'm down with a
>cold, and have a house full of outofstate company due to a death in the
>family & I'm running in hibernate as much of the time as I can mode.  I
>certainly don't want to send anybody home with a cold.
>
>Back to your problems in setup.  Please see to it that iptables is
>started, and read up on a help program called firestarter.  It can ask
>you questions and write iptables rules that will to a very large degree
>protect your machine from attacks.   Let me describe what I ran for about
>3.5 years here, running it on an old 500mhz k6 box with 2 NIC's in it.
>
>One NIC (Network Interface Card), an old 10base-T, was hooked to one of
>the LAN ports of a consumer grade Linksys router, a BEFSR41, about $70
>USD, and this was set with an address inside the 192.168.x.x network.
>
>I can recommend the router as a GP solution that will give you a much
>improved sense of security, and you won't be forced to put up with
>PPPoE's tendency to go all a-gaga from time to time.
>
>This address block (192.168.x.x) is NOT relayed to the outside world when
>that router is set to run in the 'gateway' mode.  By accessing the
>routers builtin web pages at 192.168.1.1, using the (IIRC)
>username/password of admin/admin, then the ISP issued username and
>password are committed to the router, and its WAN port set to use the
>PPPoE protocol, and the MTU set to custom and 1492.  At this point you
>should be able to goto the routers status page and tell it to connect.
>If you've got everything right, it should connect to the ISP and the
>builtin DHCP protocol should then obtain the router an internet address.
>You won't need this data, and it could change if for some reason you
>disconnect and reconnect.
>
>The idea now is to take that 192.168.1.1 address your using to access the
>router, and using iptables configured to place itself between that
>particular NIC and the rest of the machine which is addressed at some
>other 192.168.x.n where the rest of your home network lives, and in my
>case to the second NIC, which was a faster 100base-T NIC, which in turn
>fed an 8 port netgear switch that all the rest of the machines here are
>connected to.  The additional layer of address translation iptables does
>is a one way circuit, if your machine asks for it, it works, but to
>someone from the outside trying to break in, it doesn't.
>
>There are at least 3 machines online, sometimes more here.
>
>I also ran tcpwrappers on that firewall box, which gave me the ability to
>make my machines disappear to any other outside address I entered in
>the /etc/hosts.deny file.
>
>But, to make that automatic, so I simply disappeared from an attackers
>radar, I also ran portsentry set so it watched the traffic coming into
>that ethernet port.  In an online 24/7/365 situation, 3 attacks in 4
>years have made it to the logs, and that's as far as they got.
>Portsentry tripped, wrote the offending address into /etc/hosts.deny in
>real time, and tcpwrappers then disallowed any tcp or udp traffic to that
>address.  It also wrote an entry to the log with all the data it could
>get, and wrote and applied a new iptables rule dropping any further
>connection attempts from that address on the floor.  Overkill, maybe, but
>it worked 100%.
>
>Now in the last 60 days I've been playing with the x86 build of dd-wrt
>(google for it) running on an old small 400mhz k6 box with 2 NICS in it,
>all running from a small CF card plugged into an IDE cable adaptor ($3 a
>copy if you shop around) so the CF card looks like a hard drive.  No
>other drives in the box at all, its doing the same job rather nicely so
>far and 250 of the 300 watts or so the other machine used has now been
>cut from my power bill.  And I believe its faster by about 20%.
>
>The older box that's now shut down, also had an automatic dialup on demand
>script running on it so that back in the distant mists of time when I was
>on dialup, it would dial up the isp, login, and collect and send any
>email on an on-demand schedule, all I had to do was tell kmail how often
>to do it.  I can get you a copy of that script too if you need it.
>
>Finally, I don't think this is much of a tutorial because there's so much
>of the dirty fingernails details glossed over, but those parts are all
>available by the usual reading of the man-pages.  Once its working you'll
>think its slick, but its a bit like the 20 step quitting smoking
>campaign, one step at a time.  The difficult part for a relative newbie
>is in detecting when that step is a success, and that you can then go on
>to the next.
>
>And I can't recommend too strongly the purchase of a router and letting it
>worry about the connection details once its configured, its quite a peace
>of mind feeling knowing there is another layer of security between you
>and the black hats.
>
> >Thanks again~
> >Ryan
>
>--
>Cheers Ryan, Gene
>"There are four boxes to be used in defense of liberty:
>  soap, ballot, jury, and ammo. Please use in that order."
>-Ed Howdershelt (Author)
>Yahoo.com and AOL/TW attorneys please note, additions to the above
>message by Gene Heskett are:
>Copyright 2007 by Maurice Eugene Heskett, all rights reserved.

_________________________________________________________________
Refi Now: Rates near 39yr lows!  $430,000 Mortgage for $1,399/mo - Calculate 
new payment 
http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9632-17727&moid=7581