Windependent

some people noted problems with MNF's webmin having "personality issues" with internet explorer. reportedly, these problems don't occur with netscape. in comparison, i had no problems with Konqueror under MDK 9.2 or IE under 98/2000/XP, then all of a sudden everything just "broke." i could not access the webmin from any of the systems on the LAN. this problem was discussed in the "cookies not found" thread and appears to be caused by a time-synchronization problem between the machine running MNF and the webmin client. reportedly, if the system clocks are off by more than an hour the MNF system won't log on the admin. this can be a real problem, as MNF's installation routines are very deficient in allowing the configuration of different time zones, and it doesn't allow you the option of setting the hardware clock to local time or Zulu. unlike Mandrake 9.2, which allowed very flexible system clock configuration, when MNF determined i was in the USA it automatically set my time zone to ET and created a configuration that conflicted with clock settings on other PCs in the network which reside in the CT zone. this "feature" of defaulting to ET and ignoring local versus Zulu hardware clocks makes it very easy to have mutually exclusive clock configurations on different machines on the LAN that will torpedo the MNF's wembin functinoality. this feature is poorly documented or purposefully undocumented in the download release of MNF. in regard to your firewall question, my recommendation would be to give up hope on the idea of getting a turnkey installation that doesn't cost anything. if the commercial release of MNF works as advertised, it offers a turnkey solution at a rather exhorbitant price. my guess is that they don't sell many MNF packages. if they did, maybe they would spend more time on it updating the package to that its built upon a different kernel. my personal recommendation for a firewall package is to roll your own. unfortunately, there's no way around getting into the depths of linux to set up a firewall, so even if youi choose a "free" option you end up paying for it with your time. if you want as simple an installation as possible that is robust and reliable and zero cost, my personal choice is FreeBSD. when I first configured my system I googled the string "FreeBSD firewall" and found a tutuorial page with sample configuration files. all things considered, that was alot more helpful from just starting off with a clean slate. don't forget to read the Firewall How-To at TLDP. there's lots of good info there. best of luck. bob

did you read through the threads that mentioned the MNF/IE pesonality issue? the answer was spelled out pretty clearly. i noticed your other post that complained about the password expirations, where you mentioned that they answer wasn't in the threads. you may want to re-read the MNF threads, as the answer is there. you must have just skipped some of the threads. eventually, you will come to realize that the download version of MNF is crippleware and that you're better off not wasting your time with it.

well, I've scoured Groklaw too. a search for "SuSE 9.1" fails to turn up any URL hits for a downloadable CD. Darkelve, you are a TROLL.

I scoured the SuSE site over the weekend and could not find the 9.1 LiveEval CD image. I also scoured some mirrors and couldn't find it either. If you know a link, do us a favor and post it! Regarding taking forever to load, it is a LiveEval CD. To be fair, you should be comparing the load speed of the 9.1 LiveEval CD to the 9.0 Live Eval CD.

i think that SuSE 9.1 is a finished product that's ready to ship. 10-CE is a glorified beta.

net installs are pretty much the only way to get the download versions of Gentoo and SuSE. hth.

i have also wondered about the 4-different PDF generators. In Windows, you can hide a share from visibility on the network by appending the "$" character to the share name. as a weak effort at security, this will prevent the share from showing up in the network neighborhood and only users who know what to look for (the share name) will be able to access the device. i'm guessing that Samba follows this convention, and that the "$" renders the print$ share invisible.

Fwiw, I've never been able to get MDK Move to work on any of my PCs that run MDK 9.2. I never get past a blank blue screen during bootup. Fwiw, the MD5SUMS check out and the CDs burn without errors, so I'm dumbfounded. I ended up giving up on MDK Move, and tried Knoppix. Wow, Knoppix was great. The only problem is that you have to be fairly patient to run Linux off of a live CD. The latency of the loading the system on a P3-800, for example, would take the wind out of your sails if you were trying to impress anyone. This could be a very different situation on a fast P4, though. I've recently been demonstrating Linux using the Suse 9.0 LiveEval CD. Like Knoppix, you can boot from the CD and it puts on a pretty impressive demonstration. In may ways I like it more than Knoppix, so its worth checking out. hth!

http://www.linuxminicd.org/mklivecd/

thanks for posting that. i was unable to go from 9.2 to 10.0 CE because I have a SCSI subsystem and the system choked when trying to read the partition tables. Lack of SCSI support? This is not exactly what I'd call a friendly installation routine for workstation class systems. Maybe I should just downgrade my PC to be more like a cheap consumer system in order to make it 10.0 complaint. :P

Man, if my situation sucked like that I'd go to a computer show and spend $50 on a new computer that worked.

fwiw i tried running a dual-head system in MDK by adding a Matrox Mil 2 video board to a system that already had a Mil 2 video board (active) and an Intel on-board graphics display (inactive). the system wouldn't load any X programs, and left me at the CLI.

well, MOVE is advertised as a portable platform that uses a USB key. if you look on the Mandrake web site there's no disclosure that the USB key functionality is not available in the download version. (at least i couldn't find such a statement). so using MOVE as an example, Mandrake is putting out demos that are crippled without telling you that they're crippled. somebody please correct me on this if i am wrong. now if i'm right on the previous assumption, and Mandrake has published a crippled version of MOVE for download without disclosing it as such, why would anyone think that the $1900 MNF demo would be anything other than crippleware? I agree completely! what is the point in downloading trial software that doesn't even let you try out the features of the software? Mandrake, WAKE UP! There's a reason that Knoppix is more popular than Move! I don't mean to bash Mandrake, but as a distribution, I've always been a bit skeptical of Mandrake because the crippled demos and the absence of the source code. There are just too many other good distro options available that are more user friendly.

1. do you have hands-on experience with MNF installation, or are you just familiar with linux in general? During MNF installation the administrator is not allowed to set the security level. the installation script makes all of the changes transparently to the user. from a practical standpoint, you have no input whatsoever beyond selecting your language and location, telling MNF what the interfaces hardware is for the WAN and LAN connections, and specifying your passwords for root, admin, and user accounts. MNF does the rest in black box fashion. you have no input and no control. 2. yes 3. yes 4. yes

fair enough. i have to admit, i was pretty upset when i started this thread, after having had MNF lock up on me and require an umpteenth reinstallation. I am getting the same results on three different boxes: 1. Dell Optiplex P3/800 MHz with 256 MB RAM 2. FIC PA-2007 MB, with P200 with 128 MB RAM 3. Gateway P133 with 64 MB RAM The problems I've encountered have been the same on each machine. Just for the sake of verifying that the boxes aren't hostile to Linux, I've successfully used the following distros on them without any install problems: Mandrake 9.2 (ISO Download), Suse 9.0 (FTP), RedHat 9.0 (Distro CD), and the current release of Knoppix (Distro CD). All of them installed without a hitch - no command line editing required. Interestingly I can't even get MDK Move (download) to boot on any of them. During bootup, none of the machines go any farther than a blank blue screen. Just for reference the LiveEval versions of other distro like Suse 9.0 and Knoppix work just fine, and the checksums on the MNF and MOVE CDs check out alright. Now I can understand somebody pointing the finger at a pair of old Pentium-class PCs as potential problems, but the Dell Optiplex is a standard business-class PC that is certified on RedHat. What BIOS settings are you referring to? My point wasn't to argue that I expect to run a linux box without ever going to root. Rather, I'm just concerned that MNF is advertised to be completely manageable and configurable from the Administrator's Web Interface. Unfortunately, MNF-download doesn't work as advertised. There are plenty of threads in this message base about MNF-download locking up when people try to utilize the Administrative interface as it was designed to be used. There are also plenty of threads in this message base from users with varying levels of expertise who have NEVER been able to get MNF to work as advertised. Playing the devil's advocate, I can't see that there's any added value in an expensive package like MNF (which claims to offer easy setup and turnkey installation through the Admin Web Interface) if you end up having to do all of the system configuration via the command line. If I had planned on designing and entire system and configuring it from the command line, I might as will have built a firewall on FreeBSD. As it stands right now, it looks like I'm dealing with one of two situations: 1) MNF-download is crippleware, or 2) MNF-download isn't crippleware, and MNF just sucks as a turnkey solution. Unless MNF-download is crippleware, it seems pretty hard to justify the $1900 price tag for MNF. With MNF, you're being asked to pay a $1900 premium to someone who's designed a turnkey solution that spares you from having to design the system yourself and to do all of the configuration manually. If you end-up having to reverse engineer MNF and do all of the work yourself from the command line, wouldn't it make more sense to just save $1900 and start-off on a clean slate with FreeBSD? That fits my criteria!

fwiw, i had no problems whatsoever in getting MDK 9.2 to work properly with my D-Link personal router. I just configured the router to provide DHCP services, and configured Mandrake to obtain a network address using DHCP. Instant results. have you tried opening a console on your linux box and pinging the address of the DHCP server in your router?

After spending a number of weeks beating my head against the wall trying to get the download version of Mandrake's Multi-Network Firewall to work properly, I've given up. I'm absolutely convinced that there's no way to get the download version of the software to work properly using the program's default installation methods. Its almost as if the free-download edition of this product (the retail version costs US$1,900.00) is nothing but a fake download that's been designed as a ruse to make it appear that Mandrake is actually satisfying the terms of the Linux GPL. I wouldn't be surprised if the download version has been intentionally crippled in order to force customers to buy the $1900 retail version of the software. If ANYONE here has successfully installed the download version of MNF and gotten the software to work using the default installation procedure and the web based interface, I want to hear about it. Hell, I'll even PAY you to come over to my place and prove to me that its possible. One caveat -- all of the installation has to be done using the default installation procedure and the web based administrative interface -- No custom programming or editing of the configuration files through the root account will be allowed. After weeks of trying to get MNF to work, I'm convinced that the download version is nothing more than a totally bogus GPL compliance fake. I'd love to have somebody here prove me wrong, so please speak up!

no, its not like i'm saying that linux is a big gaping security hole... i'll save terms like that for Windows. :P

i ran into the same problems with MNF. if you read through the MNF threads here, you'll find that there are a few undocumented "features" in MNF that will cause problems like those you've experienced, including little things like time/time zone sync between the client machine and the MNF machine. i have also had the experience that you are limited in how successful you will be in attempting to use the web interface to make changes to the NIC configurations. more often than not, making changes results in a lockup, forcing you to reinstall MNF. imho the MNF setup is not at all fault tolerant. i spent about three full weeks banging on MNF trying to get it to act as a firewall/router between a verizon DSL modem and a home LAN. although i was able to connect to MNF via the LAN, like you i was NEVER successful in getting a connection between MNF and the outside world. i never got the package to work, and nobody here has been able to suggest any ideas. i threw away my MNF disk and bought a hardware router. i think that MNF may be worth trying if you pay for a license and get the support. without the support package, my experience has been that the download version is worthless, and i've even started to wonder if the download version is crippleware -- ie: you have to buy the retail version to get a package that even works. i hope that somebody here will prove me wrong, but i'm still waiting... fwiw, nobody i know has ever gotten the download version of MOVE to work either. OTOH, i've had good luck with the download version of MDK 9.2. good luck.

i'm using Setup 1 with a D-Link firewall/router and various Win and MDK machines plugged into the router. the router itself acts as the gateway. i'm going to step out on a limb here, and say that if you just want to keep the outside world on the outside, Setup 1 is the safest way to go for most people. i say this because its pretty easy to improperly set-up a linux box acting as your gateway/firewall, and have your mistake result in a penetrable system. otoh, its very easy for the average guy to buy a plug and play routing appliance and hook it up between his DSL modem and home LAN without making any configuration mistakes, with the end result being a very secure system. just for reference, i went the route (pardon the pun) of the $30 D-link appliance. after setting it up, I pinged and portscanned my IP address from the outside. the little appliance type router worked exceptionally well -- with VPN disabled it refused to respond to any pings or originating packets from the outside world. in contrast, i also tried setting up a dedicated PC running Mandrake MNF acting as my firewall/gateway/proxy server, with the intent of having the MNF firewall and the D-Link firewall in series between the net and my home LAN. i gave up on this idea, as i couldn't get MNF to work properly on its own, not to mention putting it in front of or behind the D-Link router. i ended up giving up on the idea. as others have suggested, if you want to run a linux box as your firewall, its best not to run any X apps on the linux box, and not to allow any users to log onto that box for any reason other than administrative functions.

if you want to share an internet connection, you'll need some method (hardware or software) of providing network address translation (NAT). in my home lan where i share a DSL connection between a bunch of Win and Lin boxes, I use an inexpensive hardware router for this purpose. it was a simple plug and play solution that cost about $30 at the local office store. it is possible to enable the Internet Connection Sharing feature within windows to perform NAT if the modem is on your XP box. doing it that way will save you the cost of the hardware router, but will add one more service to the list of resource munchers that are running in the background on your windows box. you will still need a network hub or switch between your two PCs ifyou decide to use straight through cables. if you're only hooking up two PCs, you may be able to get away with using a crossover cable and no hub/switch between the two PCs. my experience with ICS in Windows is that it was just too cumbersome to work with in Win98. it was sporadically difficult to implement - sometimes it would work, and sometimes it wouldn't. ease of implementation is improved under 2000 and XP. for security and performance reasons I won't let a MSFT product be a front end on my system, so I chose to go with a hardware router instead. one thing to think about -- WinXP is notoriously succeptible to attacks from the outside. be sure to get the critical security updates, enable the XP firewall, and remember: if you don't want to be hacked, by running an XP gateway, you're putting alot of faith in a MicroSoft product. hth!

although the phone company likes to make DSL installation sound easy, you're likely to get bad results if you follow their "easy installation" recommendations. most self-install kits include nothing more than a Y-adapter and a bunch of bandpass filters. the phone company tells you to plug a "filter" into each outlet that has a phone connected, and plug the phone into the filter. the net result is that the phone company's filter removes DSL-induced "static" from your voice line. it does nothing to help your DSL connection. in fact, a bunch of filters can acutally degrade your DSL performance. the problem arises in how the DSL and voice signals are separated on your phone line. the multiple filter method, although easy to implement, is a bad way to do things. a little background information will be helpful. DSL transmits at barely "ultrasonic" frequencies on your phone line, somewhwere around 25 KHz. typical voice data is below 5KHz. if you use a DSL modem on a voice line withouit some method of filtration, you'll hear some degree of "static" interference from the DSL modem. the cure to this problem is to put a low frequency bandpass filter on the voice segment of the line so that high frequencies (above 5kHz) are attenuated at 12 dB/octave. the low-pass filters are actually pretty simple to make (and cheap to buy), as they only have a few resistors/inductors/caps inside of them. the problem is that if you put filters on multiple segments of the house's phone line, you're going to end up adding capacitance to the line in proportion to the number of filters you add, and this will decrease your DSL throughput. the solution to this problem in the telco parlance is called a "Home Run." A home run involves putting a splitter at the service panel that includes the bandpass filters, and then running separate lines into the home, one set of lines exclusively for voice, the other exclusively for data. my telco told me that splitter installation at the box would cost $130. instead, i just cut the line inside of the house, and wired up my own splitter using one of the free DSL filters that were provided with my modem. voila! 161 kbps! hth!

i have been beating on my MNF box for three weeks now and I still can't get it to work. i've run into every problem that's been discussed here, and then some. instead of using MNF, i took the easy way out and just bought a cheap router/firewall appliance, with the intent of throwing it away once I got MNF up and running... three weeks later, and I'm still using the appliance because i can't MNF to work as advertised. even when MNF states that all of the services have successfully initialized at bootup, many of the services just aren't available. indeed, when shutting down the system, MNF reports failures to shut down daemons that it had said were started successfully at bootup. if ANYONE here has had success in getting MNF to work with Verizon DSL, please speak up. i'd love to hear from just ONE person who's gotten it to work as expected. my experience with MNF so far is that its a very buggy system that's not ready for prime time. fwiw, 9.2/FiveStar has been much easier to work with.

LL, thanks for the links to the documentation! It will be alot easier to tweak the system now!

I have a couple of questions related to the installation of MNF. Unfortunately, I'm using the download version of MNF, for which there are no manuals. If I'm wrong about this, and there are indeed manuals available for the download version, please let me know! I have come across the following problems/questions during installation: 1. Is it safe to have a broadband connection to a PC upon which MNF is being installed? Does the installation routine keep all ports closed during the install process, so that its safe to be connected via broadband during installation, or should you keep the broadband connection disconnected until MNF installation is complete? I've tried it both ways, and run into different problems each way. In my case, I want to install MNF on a freestanding PC with an empty hard disk. The machine will be configured as a firewall/proxy for a LAN, and it will ultimately proivde the LAN with a DSL connection to the internet. (I won't hook up any of the other LAN PCs to the same switch until the installtion is completed). 2. Is it normal to get an "eth0 failure - no link" during the install process? In my case, I have a DSL modem that establishes an ethernet link to the NIC(green "link" light are on at both the modem and NIC). The phone company advises me that my DSL signal is on (which is confirmed by a green "sync" LED that is on at the modem), even though the ISP hasn't turned on service yet. During Install and subsequent boots, I get the following error: eth0: FAILED -- no link -- check cable eth1: OK Interestingly, both NICS are the exact same card, a D-Link DFE-530TX+. I know that its not a problem with the NIC because I've tried the obvious tricks of switching cables, shuffling the PCI cards around in the slots, etc. Both cards use the same drivers. The good news is that Windows works with both cards without any problems, so I'm beginning to think it could be a linux problem. Is this a MNF/linux problem, or is it a problem that's caused by the lack of DHCP coming into the modem from the ISP? Will I will continue to get an eth0 link failure until the DSL service is turned on and Verizon allocates an IP address to the modem/NIC? 3. During shutdown, I get the following errors: IPLOG Shutdown - FAIL PPOE/PPD Shutdown - FAIL Am I correct in assuming that I'm getting the errors at shutdown because the services were never brought up as a result of the eth0 failure at bootup? Will these failures go away as soon as the DSL is on? Sorry to be asking such basic questions, but due to the lack of any documentation available for MNF, I can't use the RTFM approach! thanks for your insights! bob