First question:
I'm not sure what to use to resolve host names. I've set up one of the linux boxes as a WINS and primary domain controller, but that won't resolve IP addresses into names. I don't want to give them aliases in /etc/hosts.
I'm guessing that I will need something like a DNS. What do I use? And I just want it to interact with my local network, incoming traffic is blocked but I want to make sure it doesn't start talking to other computers.
btw I'm on Slackware 8.1 if any of you still use it (I remember Chinasaur's initial reaction: what? that distro is still alive?) :D

Second question:
I was wondering if there was any benefit in using a computer as a firewall instead of one of those cable/dsl routers? Other than justification for having one more cruncher :p

Thanks in advance

You probably *do* want DNS if you don't want to use host files. WINS is primarily for Windows machines, and even for those I would drop it in favor of DNS.

Of course, if your Windows systems are all on the same subnet, you don't need WINS in any event. SMB based connections have their own broadcast type of name lookup when used on one subnet.

For IP resolution, your Slackware box running bind would be perfect. Install bind (if it's not already installed with your distro), setup a couple of config files, then point all your systems to it for DNS purposes.

If the rest of your systems have Internet access, you can even set up bind to handle DNS for that.

If you decide to go with DNS on your Linux box, and you have more questions about it, feel free to ask. DNS is one of the things I'm responsible for at work. ;)

As for the firewall question (another thing I do at work), the answer depends on which cable/dsl router you use.

Some are capable of stateful packet inspection and rulesets. Some are purely NAT (network address translation). For the home user, a good dsl/cable router is probably sufficient, but a good PC based firewall (if correctly configured) will almost always offer more flexibility and power if you need/want it.

I've done a bit of reading about BIND and I'm pretty sure I have it. If you could give me a brief overview of how to set things up I would appreciate it.

I'm pretty happy with my router, I was just wondering what neat features a computer firewall would offer.

If I drop WINS but I've got DNS running will it still be able to resolve requests like 'smbclient //comp/share' on both linux and windows machines?

/me perks right and begins to listen. :D

Make sure you've got the latest and greatest versions of all software...

BIND vulnerabilities -

http://www.isc.org/products/BIND/bind-security.html

http://www.cert.org/advisories/CA-2001-02.html

http://www.linuxsecurity.com/advisories/slackware_advisory-1121.html

A rules based, stateful packet inspection firewall gives you infinite configurability on what you want to allow or deny, Inbound/outbound traffic rules, etc. Coupled with Snort (one of the best/most used IDS (Intrusion Detection System) progs around) an iptables firewall gives you world class protection for free..OpenBSD is the perfect platform to base an iptables firewall on....

Firewall/iptables configuration -

http://www.cs.princeton.edu/~jns/security/iptables/

http://www.linuxguruz.org/iptables/

http://dhp.com/~whisper/mason/

http://users.pandora.be/stes/ipmenu.html

That said I use a SonicSys SonicWall (http://www.sonicsys.com/) hardware firewall because it has a nice easy to use integrated browser based java rules editor :)

Cool, and I was just looking for some good IPtables stuff too. Thanks!


Oh, and a technicality: Its probably not REALLY a hardware firewall. I'ts probably mostly software, like most electronics these days. No, but I think i remember hearing somewhere someone fit a packet filter into an ASIC. now that's cool.

Well fortunately for me Slackware 8.1 was released not to long ago so it shipped with the latest BIND. I appreciate the heads up though.

I probably won't get around to playing with OpenBSD and iptables befoer the summer ends but I might keep it in mind as something to do after first term exams.

My printer has been pretty uncooperative today so I spent all of my time trying to fix it, but if everything works out I'll probably read some of the named/bind documentation. Correct me if I am wrong but what I have read so far seems to indicate that named is a part of bind.

[ISC]

ISC BIND
BIND (Berkeley Internet Name Domain) is an implementation of the Domain Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System, including:

* a Domain Name System server (named)
* a Domain Name System resolver library
* tools for verifying the proper operation of the DNS server

The BIND DNS Server is used on the vast majority of name serving machines on the Internet, providing a robust and stable architecture on top of which an organization's naming architecture can be built. The resolver library included in the BIND distribution provides the standard APIs for translation between domain names and Internet addresses and is intended to be linked with applications requiring name service.

This is what I'm thinking of doing right now: use the /etc/hosts file for now and install a second OS (bsd/linux) on the machine.

I'll probably play with it when I get the chance during the school year (probably when I should be studying for midterms). So I would like a recommendation of an OS. Chinasaur has already suggested OpenBSD and I think it might be fun to play with a BSD so I'm leaning in that direction just now. What do the rest of you use/recommend?

I guess this is partly OS forum materials but it is asking about OSs for their networking merits so I don't really know where it goes.

Thanks for all the recommendations everyone.
:cheers: