Learning Linux

[Pahreyia]

I'm trying to build a linux system that will allow me to run a DHCP/VPN server without going out to buy a Cisco router. Now, I know that this is possible to do in Linux, unfortunately, my linux skills were trivial at best back when I was using it on a fairly regular basis.

I was curious if anyone knew where I could get a pretty decent, comprehensive, guide to Linux. Web based, preferably, but in book form if it's particularly good.

I'm interested in learning about the file tree/directory structure, commands, configuration of programs within the terminal, rpm's and probably a million other terms that I have no idea about.

[Ogbar]

http://www.linux.org/ is a pretty good place. I used the howtos linked from there to build my ip masquarade box 3 years ago ... and rebuild it last year.

[Neost]

The DHCP server is pretty easy, as well as a firewall using iptables. There are quite a few options for front-ends to configure those easily.

I looked at VPN solutions for my linux firewall a while back and there isn't really any one that looked very workable. There are caveats to every one of them that finally backed me off completely from putting a VPN on my firewall box.

Of course that was all the open source solutions. There are some commercial solutions that look cool, but typically costs too much for the home user.

[Aabidano]

Depends on what you mean by VPN really... Do you actually want encrypted tunnels, or just a NAT device?

DHCP, NAT, etc.. are pretty simple. Manpages are your friend (i.e: man dhcpd) Examples for setting up NAT are readily available with a little searching.

The best way to learn linux is to build a box and learn things as you have to do them. Dig up a reference on securing linux\unix before you put it up on the net, default installs are generally pretty open by default. Not nearly as bad as a windoze box, but with much greater capabilities once someone gets access. They actually implement IP fully

Read up a bit on system services, and disable all the networking daemons you don't need, which is nearly all of them. If a service isn't running no one can access it

*Edit - Neost, did you look at OpenSSH? You can do some creative stuff tunneling with it, it supports AES, 3des, etc.... I use it across our corporate network to compress\encrypt my X and VNC traffic among other things, they run much better.

[Voronwë]

i would suggest going with Red Hat as your first Linux installation.

The installation is as easy, if not easier than Windows. It has a very broad ranger of hardware support so you are less likely to run into problems there as well.

There is plenty of documentation available on the internet to solve any problem you come up with.

Find out if your city/town has a Linux Users Group and get on that email list. Those people will be able to help you solve any problem you come up with.

[Marbus]

Wow this is the "I use to be in OG thread..."

Depending on your needs you might consider one of those little LinkSys Hub/Routers. If you only need NAT and DHCP they do all of that, have a built-in Web interface and only run about $60 these days (for a 4 port).

If you need full blown VPN that's another story, just make sure the box is fast enough to handle the encryption and what the level of the encryption is, Cisco does some funny things from time to time.

Cheers!
Marb

[Sabek]

Another option, depending what you need from a "VPN", is doing SSH tunnels. You can tunnel pretty much any protocol using SSH.

[Ashur]

SSH = Advanced Iksar Technology. Check it out.

[vn_Tanc]

It has a very broad ranger of hardware support

grats freudian slip!

[Voronwë]

lol

[Aabidano]

Cisco does some funny things from time to time.

Heh, they make sure they talk to Cisco, and are pretty loose with standards.

Being at the top of the pile, they get away with it, just like MS.

[Zaelath]

Doing VPN w/ linux, while cheap, is non-trivial.. and unless you want a linux firewall at each location it's non-trivial for the end user..

[Neost]

I'm using openSSH since telnet is so dangerous but I haven't tried tunneling anything with it.

I looked at vpn type stuff so i could access my network at home from work (or anywhere else) but the problem I've seen is more with client side stuff than anything.

I don't want to have to lug my linux notebook with me everywhere I go alongside my windows notebook, which sadly to say is still my primary box.

[Sabek]

Just let SSH through your firewall to the LINUX box at home. Then get a windows SSH client and you are golden. I personally use SecureCRT for windows SSH. You can get it at http://www.vandyke.com.

[pyrella]

or use putty for free!

[Ebumar]

The new linksys routers running on the latest firmware have full VPN support. So if you're lazy (like me), just get one of them.

[Neost]

I port mapped SSH on a high port number to my linux laptop inside so i can get to it and that worked fine for a bit. Wasn't long before someone figured out I had ssh open and tried to exploit it. I eventually closed it and only open it if I know I'm going to be gone for awhile. That's the reason I wanted a full-blown VPN but I can't find one that reliably works with any windows client.

[Pahreyia]

thanks for the info guys.. I'm working on setting up my system now.

Not that I understand anything, but I'm installing/compiling/gmake'ing some packet that I needed to download and it's taking forever and a day.

For reference, I'm trying to set up the DHCP server/router so I have some stability/customization available for the network at my house. I also want to set up the VPN to run IPX over TCP/IP.

An old friend of mine recently got Warcraft2 and Duke Nukem 3d to work on IPX over TCP/IP and I still keep an old p133 around to relive the lost glory of truly well done games.

I don't so much care about encryption security over a VPN that's basically there to run old scholl games on, but I would like to have at least a firewall in place to keep people from crashing my network/computers.

[Kguku]

I may be out to lunch here, but wouldn't one of the DLINK - DI routers suite your needs?

[Mezzmor]

Webmin is your friend.

http://www.webmin.com

There is a package for redhat on their website and it is really easy to install. Configure most anything in webmin, including firewall.

[Pahreyia]

Getting the specific packs to do what I need in 1 hour flat wasn't the point of setting up the box. I also wanted to become even lightly proficient in Linux. I don't mind doing something the easy way, but I want to somewhat understand what I'm doing at the same time.

[Aabidano]

Doing VPN w/ linux, while cheap, is non-trivial.. and unless you want a linux firewall at each location it's non-trivial for the end user..

Building an enterprise VPN using linux boxes just wouldn't be practical, your HW maintenance and system support costs would get you.

Especially considering you can get Govt\ICSA certified, VPN capable routers for $1500-2000 that will do it for you, and aren't any additional overhead. Lucent (Access Point series) and Cisco (17xx) both make reliable stuff that fits the bill nicely. Of course, for single users an IPSec client is sometimes cheaper, your users are going to screw it up all the time.

I really like linux for a lot of uses, but usually end up running Sun for most things, primarily due to the hardware platform.

[Zaelath]

Doing VPN w/ linux, while cheap, is non-trivial.. and unless you want a linux firewall at each location it's non-trivial for the end user..

Building an enterprise VPN using linux boxes just wouldn't be practical, your HW maintenance and system support costs would get you.

Hrmm.. never really did understand the "enterprise" buzzword. Anyway, I've supplied linux VPN for far less than $2000 (I'm thinking $500 here.. if you had the economies of scale Cisco does you'd understand why they're thieving bastards), and a Government certification isn't really that useful unless you're in government. The upkeep and support costs do actually keep the boxes current however.. *someone* still has to do that for the hardware solutions..

However, if you mean "people that could really afford a dedicated T1 between sites but are pissing around w/ VPN cause it's cool" when you say enterprise, then yes they should just go the Cisco route.

[Aabidano]

However, if you mean "people that could really afford a dedicated T1 between sites but are pissing around w/ VPN cause it's cool" when you say enterprise, then yes they should just go the Cisco route.

I just mean something people are going to use for a living by enterprise, you might replace the phrase with coporate VPN.

I work in HW developement\testing, getting your system NIST certified is pretty useful, especially if it's something you're going to tie into your corporate network. The NIST folks are very anal in the testing procedures. A stripped down linux box isn't going to be much more maintenance than a router, but being able to script upgrades and push them via sftp with quick failure recovery isn't as feasible with linux.

We've got customers with 500-1000 node VPNs, a few with 5000+ "home" VPN users on top of it. All managed from a couple distributed management servers\database backends. That sort of scale isn't practical with linux (or cisco for that matter).

A T1 sounds neat, and a lot of execs still want one, but you're better off with cable\DSL anymore I think.