Windependent

funny. i get an error message on bootup that my monitor is not reporting its resolution, and i am presented with a dialog box that asks if i want to configure it manually. if i click YES, i also get the BLANK SCREEN OF DEATH. i also get the same results when trying to use YaST to fix the display problem. fwiw, i have completed the online daily updates and the problem has not gotten any better. i have also got some wierd problems with a goofy character map, no sound, failure to recognize multiple displays... all of this is starting to make Windows look good...

well, i have had no luck with the Suse 9.1 LiveEval CD - I havent been able to get it to boot on ANY computers. so I mirrored the FTP site, planning on doing some network based installs. it figures, just as i am ready to start tinkering with the net install, my 9.1 Pro DVD arrives in the mail as part of Novells Linux Tecnhical Resource Kit. So I install 9,1 Pro, and configure it to do daily system updates. both before and after running the updates I run into a number of problems, including 1. dead sound 2. inability to detect the high res modes of my monitor 3. lockups when attempting to resize the display 4. keyboard mapping errors 5. failure to detect a multi display installation. in some respects, Windows is starting to look good....

well, i filled out the questionnaire to get my free SUSE stuff, and it arrived a few days ago. the package included 3 DVDs, 1. DVD 1A - Enterprise stuff suse linux enterprise server 8 Nterprise Linux services 1.0 GroupWise 6.5.1 Red Carpet Enterprise Server 2.02 ConsoleOne Linux services 2. DVD 1B - Suse Linux 8.2 Pro, Ximian Desktop 3. DVD 1C - Suse Linux 9,1 Pro This is definitely the best way to get a copy of Suse Pro 9.1 Unfortunately, even with daily automated updates there are still quite a few bugs...

cybrjackle, i gotta love your avatar!

i love hearing solutions like this. i'm painfully familiar with the shitty manual that looks just like the wizard help screens. can you provide a hyperlink to a real manual for MNF?

I fully appreciate the recommendation to RTFM. But with MNF, there isn't a real manual, is there? Sure, there's an online manual that's the equivalent of the crappy help screens in the mandrake wizards, but that's about it. Just so you don't get the idea I'm some dumbass who can't RTFM, I've set up shorewall/IPTables firewalls on multiple platforms, including BSD and Gentoo. The way I look at it, if I can put up with the tedium of a Stage 1 Gentoo installation and manually configuring shorewall/iptables, a "turnkey firewall" like MNF should be an easily attainable solution. The bottom line is that MNF is kludgy and the documentation just sucks. I'm convinced that some of the kludges are intentionally poorly documented in the download release. Most people would encounter alot less headaches by just skipping MNF and installing Shorewall on any modern secure linux kernel.

its too bad that RTFM isn't an option for people who are trying the download release of MNF. AFAIK there's no manual to accompany the download verison, which makes using it next to impossible. In this case, the absolute need for documentation to get MNF working, and the lack of documentation in the download release, support the MNF Download is Crippleware hypothesis.

getting back to Gnubie's original post, yep, I've tried FreeBSD and I've been very happy with the result. I had originally tried setting up Mandrake MNF as a firewall/proxy for my home-based LAN which uses a DSL hookup. After beating my head into the wall for over a solid week and getting nowhere with MNF, I just concluded that it was crippleware and gave up on it. I revisited the problem a few times over the following month and never got MNF to work properly. I ran into a Linux consultant at a local used PC shop and briefly discussed my problem, and that I was thinking about BSD. He recommended trying FreeBSD, as it has a history of being extremely robust while serving up complex applications such as Hotmail. (For those of you who weren't aware of it, the MS Hotmail system orignally ran on BSD -- that should be testament enough to its durability). So I went home and Googled the string "FreeBDS +firewall" and found a couple of sites with tutorials on how to set-up a Firewall/Proxy using FreeBSD. Following those directions, in one evening I had set-up the FreeBSD firewall/proxy and its still running on my LAN to this day. I have to admit that for workstations I still prefer the major Linux distros like Suse and Mandrake, but FreeBSD makes a great firewall/proxy. HTH! bob

tried the newest version of the 9.1 Live Eval CD dated 5/5/04 -- same problems as with the original 9.1 Live CD -- lockup on boot on all the machines i've tried...

As far as Live CDs go, I've tried three" Knoppix -- worked great! SuSe 9.0 -- worked great! Suse 9.1 -- locks up during boot on all machines tested. personally, i'm a big fan of Suse, but I really liked the Knoppix Live CD better. hth! bob

I'm just wondering if anyone else has had problems with the Suse 9.1 LiveEval CD. I've never been able to get it to work. I have a couple of workstations that are presently running Suse 9.0. Both of these systems ran fine under Suse 9.0, regardless of whether I was running the 9.0 LiveEval CD or whether I ran a network install of Suse 9.0 from the FTP mirrors. Interestingly, when Suse first introduced the 9.1 Live Eval CD, I tried using it and it just would not work on the two systems that successfully run both the 9.0 Live Eval CD and the 9.0 net install. Other members here have had the same problem. While browsing the FTP mirrors I noticed a new version of the 9.1 Live Eval CD dated 5/5/04. Thinking that Suse had fixed the problem, I tried the new CD. No Dice. Just like with the first one, the second version of the 9.1 Live Eval CD locks up during the boot cycle. I'm just wondering if anyone else had has problems like this. For reasons that I just can't understand both versions of the 9.1 demo CD just won't work on my systems that happily run 9.0. Is anyone else having this problem with the 9.1 Live Eval CD? If so, have you had any luck with the 9.1 network installation? tia! bob

Revisiting the Suse 9.1 LiveEval CD: I've been running Suse 9.0 on a couple of workstations without any problems. These were network installs from the FTP site, which I mirrored on my LAN. These systems also ran just fine using the Suse 9.0 LiveEval CD. Interestingly, I tried running the initial release of the Suse 9.1 Live Eval CD on both of those PCs without success. On each system, I ended up having system lockups during boot. Some other members here ran into the same problem. So as I thought I'd try the network install of 9.1 by mirroring the FTP site on my LAN. As I was looking over the FTP mirror I found a new release of the Suse 9.1 Live Eval CD (version 01) which is dated 5/5/04. I tried the new LiveEval CD, thinking that the bootup problems had been fixed... Unfortunately, the new 9.1 LiveEval CD has the same problems that the first one did. So I was just wondering if anyone else who has run into problems with the 9.1 LiveEval CD has tried the net installation yet, and if so, if they've run into any problems. TIA bob

damn. i need to start viewing the README.txt file with line wrapping turned on! :lol:

glad to hear that you're up and running. i still can't get the LiveCD 9.1 to boot, so i'm waiting for the real 9.1 to go onto the mirrors. has anyone heard when 9.1 will go live on FTP?

when you say "net" i'm assuming that you mean interNET, not NETwork, right? it may depend upon how you access the internet. if you disable all network interfaces, and you connect to the net via a LAN/NIC, you should not be able to connect to the network or to the internet. otoh, its possible that this may not preclude connection via a modem. so it may depend upon how you want to access the net. i'm sorry that i can't say more about XP, as i've abandoned it altogether and gone back to Win2k. hth!

its funny... i've got two systems that run 9.0 without a hitch, but when i try to run 9.1 LiveCD on them ... no dice.

Just wondering if anyone else has had problems with the Suse 9.1 LiveCD. I tried using it today on a system that runs Suse 9.0 without any problems, and also ran the Suse 9.0 LiveCD without any problems before I installed Suse 9.0 on it. Interestingly, when I try to run the LiveCD 9.1, I get SCSI initialization errors, out of memory errors, etc., with the ultimate result being a kernel panic. Has anyone heard about any issues?

yep, the 9.1 LiveCD went online on the FTP mirrors on 4/28 -- quite some time after the earlier references to it on this thread. interestingly, although i've had no problems with 9.0, i've had some serious problems with the 9.1 LiveCD. i'm getting SCSI init errors, memory errors, and kernel panics when trying to boot the 9.1 Live CD on a system that runs fine under 9.0 and with the 9.0 LiveCD. has anyone heard about issues with the 9.1 Live CD?

i don't follow why this would be a kernel problem. the same kernel is installed when Windows 2000 Pro accesses a FAT32 volume as when it accesses an NTFS volume, no? the same could be said for the XP Pro installation - the same kernel accesses volumes on two different file systems to produce the problems.

i've had some real headaches with NTFS. unfortunately, you don't have alot of choice if you've bought a big honking disk drive -- that is, unless you're willing to format it into a lot of little virtual drives. there are some real problems with NTFS, including differences between the implementations of NTFS on 200 Pro and XP Pro. I've hearned the hard way what it means to have programs that are not "Designed for XP." I have a bunch of technical analysis software for the securities market that was designed for Win95/98. XP views these apps as "legacy" software. unfortunately, when the legacy software is installed on XP under NTFS, user file permisions are not granted to the application to write to its own data files, even on a system that is configured with one user as the administrator. even though XP gives you the illusion that its allowed you manually change user permissions and to manually change the R-O flag on the files, it immediately and transparently resets the R-O flags to read-only. As a result, the "legacy" software can't append to its own data files. this seems to be an NTFS specific problem that occurs under both 2000 Pro and XP Pro. The problem completely disappears on both OS when the disks are formatted in FAT32. This appears to be either a glaring error in NTFS or an intentional effort to induce clients to enter the hardware/software upgrade cycle. My interim solution is to serve the files across the LAN from a 2000 Pro PC formatted under FAT32. My long term solution is to migrate away from Windows.

if you're looking for a good book on C, K&R's original book on C is a really good read. it contains all the info necessary to understand the basis for the C language. of course, it predates C++.

I'm glad that you've decided to pick-up one of those little firewall routers. You can often find them with rebates where your final cost will be $20 plus tax. I bought one of those as a temporary stopgap measure for my SOHO LAN while I tinkered with the Linux firewall. For $20, it was cheap enough to be a temporary throwaway solution. You may be happy enough with this type of device that you'll never want to go to a more sophisticated firewall. That's entirely up to you. There are plenty of people with broadband hookups that use an appliance firewall type router and have very secure systems. They really do offer alot of bang for the buck. A couple of caveats, though: Don't assume that just because you trust everyone at home, they'll never cause security problems for you. Even the best intentioned trustworthy people can make mistakes that threaten your LAN. I know more than the average Joe and I've made these types of mistakes myself. So just because you trust your users, this doesn't mean that everyone will be perfect and never make a mistake. A costly mistake can be something as simple as deploying a bad software program that circumvents your firewall by initiating transfers with the outside world. Look out for spyware. For obvious reasons, I don't like to use a wireless router. Samba will work pretty well with Windows/Linux once you're behind a firewall. If you use the firewall to keep the bad guys out, youmay decide to relax security on your LAN somewhat to facilitate file sharing. No matter what you do, though, I'd still require usernames and passwords to access Samba shares on the LAN. There are plenty of people who will turn off all security on the LAN side of the firrewall in a SOHO LAN, relying exclusively on the firewall for security. Although this makes Samba really easy to use, you should really think twice about giving everyone on the LAN access to your hard drive's root directory. best of luck.

it sounds like your network is already addressable by the outside world. go to the following web sites and run the tests from each PC on your LAN: http://www.auditmypc.com/freescan/prefcan.asp http://scan.sygatetech.com/quickscan.html to secure your system, you need to have an adequate firewall in place between your network and the outside world. if you don't have a firewall between the WAN and your LAN, your pants are down. a "typical" Linux solution is to put a firewall between your cable modem (WAN interface) and your hardware router/switch/hub (LAN interface). if you want the ultimate in control, this can be a PC running a linux firewall that performs firewall and routing services to the other machines that are connected by a switch or hub. configuring this sort of beast requires an extra PC and is not a task for the feint of heart and isn't quickly deployable if you're not already up to speed. a more simple interim implementation that is highly recommended for being easy to set-up and difficult to goof-up is to use an appliance type firewall/router -- your cable modem goes to the WAN connection on the router and each PC on your network plugs into the router's LAN ports. based on your description, it sounds like you're plugging each PC directly into a switch, with each individual PC having unrestricted internet access. wow. I'd NEVER set up a network that way. looking at INTERNAL threats first, in this type of configuration, each user on the network has complete and unrestricted access to the WAN. no administrative functions seem to be in place to limit the activity of your users. this could be okay if you're talking about a small SOHO environment where only a couple of extremely knowledgeable people are using the LAN, but if ANYONE who's not knowledgeable has access to your system, you're in big trouble. or if anyone who's knowledgeable and has bad intentions has access to your system, you're really screwed. from a safety perspective, its as important to control the people on the INSIDE of your network as it is to control people on the OUTSIDE. whether you can trust the people on the inside is a decision that only you can make. one thing to consider, though, is that by giving each PC direct connections to the internet you compound your firewalling and security problem by requiring that EACH PC is adequately configured securely. you're assuming quite a bit of diversification risk by spreading your security policies across a number of computers. IMHO a centralized approach is much easier to administrate. it also costs less overall. Looking at OUTSIDE threats, you have to consider that if you configure a SAMBA client/server on your network (aka a "broadcast" server), anyone on the WAN is going to have peer level access on your LAN, just as if their PC was plugged directly into your switch. IMHO, this is about as safe as loading a revolver with 6 rounds, putting it to your head, and pulling the trigger 6 times. at an absolute minimum, you need to place a device between your WAN and LAN connections that performs Network Address Translation with non-routable addresses so that the PCs on your network are not directly addressable from the internet. read that last sentence again. go to your local office store and buy a wired (not a wireless!) firewall/router tonight. for about $30-40 you can buy a something like a D-Link DI-604 that provides a reasonable level of protection that will cover your butt until you have enough time to adequately address this issue. an appliance such as this will have a web-addressible IP address at its WAN port (so the internet and your cable modem can talk to the router), and will perform NAT for the individual LAN ports so that the LAN PCs have IP addresses that can be addressed by any of the PCs behind the firewall, but these IP addresses cannot be directly accessed by the outside world. NAT is the absolute minimum security feature that you need to implement on your LAN to keep people on the outside from directly accessing your PC. with the combination of NAT (network address translation), SPI (stateful packet inspection) and the ability to be configured not respond to external pings, an inexpensive device like the D-Link router provides alot of protection bang for the buck. in a setup where each PC has direct access to the cable modem/web (and the web has direct access to each PC) you need to be running a damned good firewall on each PC. you also have to have extremely good security on each PC and its shared resources, which makes file sharing a bit cumbersome. practically speaking, if you're worried about attacks from the outside but you're not worried about attacks from the inside, its very easy to live with a SOHO network that facilitates communication between machines on the LAN but impedes communication with machines on the WAN. in contrast, a network that treats all PCs equally on the WAN and the LAN would be a headache. Btw, if you haven't done so already, check out the excellent How-To's at TLDP.org. best of luck! bob

check out the firewall how-to document at the linux documentation project!

Darkelve, I can't hold any grudges against anyone for a typo, so I apologize for calling you a troll. I mistakenly assumed that you were just yanking our chains by telling us that you had something that nobody else had.