NYCPHP Meetup

NYPHP.org

[nycphp-talk] A little network help

inforequest sm11szw02 at sneakemail.com
Sat Jul 17 10:28:00 EDT 2004 

Hans Zaunere hans-at-nyphp.com |nyphp 04/2004| wrote:

> I have a ton of PHP and MySQL experience and I have decided to put a 
> little network in my apartment. So I got my Linux box, I have two 
> windows boxes, I have a single static IP, a Cisco router, and a 
> manual? Can anyone give me some pointers? A path in the right direction?
>
> 1) What Linux should I use? I have a free distribution of Red Hat 9? 
> Is Fedora better? Any advice?
>
> I've used Fedora Core 2 and have been very happy…. as far as Linuxes 
> go, anyway.
>
> 2) Currently my router is dynamically assigning TCP/IP #'s to each 
> machine. I know I have to set this up differently. I want the linux 
> box to be a http server, ftp, email, etc, and I want the windows boxes 
> to have access to the net. Any suggestions on how I should do this? I 
> think I have to setup a DNS, but with only one static IP I think this 
> gets tricky. Any assistance would be greatly appreciated.
>
> I have a Linksys router and it's a simple config to make a particular 
> IP part of the DMZ (ie, all traffic from the internet gets routed into 
> that IP, and vice versa). Meanwhile, the other boxes (Windows and Mac) 
> are tucked away behind NAT. I'm also able to setup a static IP address 
> assignment via the DHCP server in the Linksys router. If this isn't an 
> option, then you can just turn off DHCP on the Linux box and set the 
> IP manually. Nevertheless, you don't need a DNS server by any stretch.
>
> 3) Also, when I unpack RPM distributions and the RPM needs a library, 
> where is the best place to find it. And if you can't find it what do 
> you do. For example, I was trying to install PICO under Red Hat and it 
> kept asking for libncurses.so.5. I check the web but could not find 
> it. Any help?
>
> http://www.rpmfind.net <http://www.rpmfind.net/> can be helpful. If 
> you're using a particular distro, like Fedora, 99% of the RPMs are at 
> their download site. Otherwise, the particular library or package is 
> probably available as an RPM at its homepage.
>
> Or you could just use a ports based distro like Chris says… oh wait, 
> that's FreeBSD J
>
> H
>
Ditto to what Hanz said. I would have suggested ditch the router and use 
box #1 as a linux router ... if only for the the flexibility and 
educational value. If you enjoy configuring it todo the right things as 
a firewall then you'll love Astarro Linux.

With Netgear or Linksys routers at $80 with NAT and even an exptra print 
server (Netgear FR114P), DMZ, port forwarding, etc the last thing I need 
is a cisco router getting in the way... fast and flexible, youcan have 
as many as you like to cordon off whatever you need with peace of mind 
(keepthe firmware upated)


>From hans not junk at nyphp.com  Sat Jul 17 11:14:01 2004
Return-Path: <hans not junk at nyphp.com>
Received: from smtp11.intermedia.net (smtp11.intermedia.net [64.78.21.10])
	by virtu.nyphp.org (Postfix) with ESMTP id 95B5FA85F0
	for <talk at lists.nyphp.org>; Sat, 17 Jul 2004 11:14:01 -0400 (EDT)
Received: from ehost011-1.exch011.intermedia.net ([64.78.21.3]) by
	smtp11.intermedia.net with Microsoft SMTPSVC(6.0.3790.0); 
	Sat, 17 Jul 2004 08:13:59 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [nycphp-talk] Basic security question
Date: Sat, 17 Jul 2004 08:13:57 -0700
Message-ID: <41EE526EC2D3C74286415780D3BA9F87031D375C at ehost011-1.exch011.intermedia.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: [nycphp-talk] Basic security question
Thread-Index: AcRryfK19IAfpQP5TP2nu9AWI+ABIwARjo9w
From: "Hans Zaunere" <hans not junk at nyphp.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
X-OriginalArrivalTime: 17 Jul 2004 15:13:59.0789 (UTC)
	FILETIME=[AFCC39D0:01C46C10]
X-BeenThere: talk at lists.nyphp.org
X-Mailman-Version: 2.1.4
Precedence: list
Reply-To: NYPHP Talk <talk at lists.nyphp.org>
List-Id: NYPHP Talk <talk.lists.nyphp.org>
List-Unsubscribe: <http://lists.nyphp.org/mailman/listinfo/talk>,
	<mailto:talk-request at lists.nyphp.org?subject=unsubscribe>
List-Archive: <http://lists.nyphp.org/pipermail/talk>
List-Post: <mailto:talk at lists.nyphp.org>
List-Help: <mailto:talk-request at lists.nyphp.org?subject=help>
List-Subscribe: <http://lists.nyphp.org/mailman/listinfo/talk>,
	<mailto:talk-request at lists.nyphp.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jul 2004 15:14:02 -0000


> > I proudly run .php extensions, default error messages, and the
> > X-Powered-By: PHP   HTTP header.
>=20
> I agree with everything Hans said (of course), but I'm not sure one
should
> be so proud about displaying error messages. :-)
>=20
> Kidding aside, I think it's pretty easy to set display_errors to Off
and
> log_errors to On. I'm as guilty as anyone else about not adhering to
my
> own suggestions sometimes, but if you're concerned about giving away
too
> much information, I think error messages are the first place to be
> looking.

Yeah, I agree too (and always use php.ini-recommended which takes care
of this).

But that's not really what I meant.  I was speaking more to Apache's
default error pages (like a 404) which clearly states that Apache is in
fact serving the pages.  If someone goes the security through obscurity
route, then it's important to remember to modify this behavior, among
other things.

H

More information about the talk mailing list