Miles Brennan said: -------------------------------------------------------------- Although the document was written to suit Fedora Core, I tried to maintain generic configuration and commands where possible so other distros could also benefit from it. Also stayed away from the GUIs.
Converting the plain HTML version of the document to wiki format was much more painful than first anticipated. I wanted to keep the feel of the original HOWTO styled document, as I believe they are much easier to read and follow than the current wiki construct. However the wiki code does not easily support the formatting of tables, cells, preformatted text and other basis formatting. Working in RAW wiki code was very time consuming.
Here is the draft of the HOWTO I worked on:
http://fedoraproject.org/wiki/Docs/Drafts/ServerInstallationGuide
I installed moinmoin on my own server to work on the formatting issues a little easier and found I needed to make some significant changes to the CSS for the document to look and feel the way I wanted it to. It was also mentioned at the time that FDP would be moving to a Plone and Zope based system, making these type of migrations easier. Although I had no experience with these two applications, I was happy to try something new. I eventually gave up on transferring the documentation because the new system has not been implemented and I found the wiki frustrating.
If FDP is still willing to accept the documentation, I am happy to change the licensing and Tim is prepared to start some work on it. Perhaps we start a new thread on updating the HOWTO and moving it into the FDP.
Open to suggestions. --------------------------------------------------------------
I'm not quite sure if I am the Tim referred to here, but if I am then I would be happy to try my hand at bringing the HOWTO into the Fedora Documentation Project.
On the content side, there are a couple of points that I wondered about:
1. You talk a little about PPPoE in chapter 5. Is this still necessary? I had the impression that all *DSL modems now do this for you, and basically give an Ethernet connection to the Internet?
2. Does one have to understand IPtables any more (chapter 6)? I use shorewall, which seems to me to make this bit of life much easier. Am I right in thinking shorewall is more or less the default Fedora firewall nowadays?
3. Do people still use FTP (chapter 14)?
4. I wonder if a chapter on SVN might be worth while?
But these are probably better discussed off the list, if indeed I am given the task of trying to bring your HOWTO (and it would remain your HOWTO) into the FDP?
Tim
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Timothy Murphy wrote:
I'm not quite sure if I am the Tim referred to here, but if I am then I would be happy to try my hand at bringing the HOWTO into the Fedora Documentation Project.
http://www.redhat.com/archives/fedora-docs-list/2006-July/msg00000.html
My apologies, you commented in favour of bringing it into FDP, not actually doing the work.
On the content side, there are a couple of points that I wondered about:
- You talk a little about PPPoE in chapter 5.
Is this still necessary? I had the impression that all *DSL modems now do this for you, and basically give an Ethernet connection to the Internet?
Most modem/routers can connect to your ISP in "bridged" or "routed" modes. In routed mode your modem connects to the ISP and handles the PPPoE connection and firewall filtering, in bridged mode your modem makes a simple connection to the ISP's equipment and the PPPoE connection and firewalling is done by your Linux server (passing through your modem). Your setup choice will normally be determined by your network topology and what you feel comfortable with.
http://www.brennan.id.au/05-Broadband_Connectivity.html#ethernet
- Does one have to understand IPtables any more (chapter 6)?
I use shorewall, which seems to me to make this bit of life much easier. Am I right in thinking shorewall is more or less the default Fedora firewall nowadays?
Shorewall is a graphical tool for configuring iptables (Netfilter) and is similar to Firestarter. Chapter 6 is constructed to "walk" a new user through the complexities of iptables and Linux firewalls, so they have an understanding of what happens at the "packet" level. Shorewall is a higher level GUI that configures iptables with mouse clicks.
- Do people still use FTP (chapter 14)?
Surprisingly, this is the chapter that has the highest access.
- I wonder if a chapter on SVN might be worth while?
If Subversion is available as a Fedora package then theres no reason why not (I'm unfamiliar myself), is SVN something a home network user would use?
The normal trend for FDP docs addition is if the application is available as a Fedora package, otherwise sources that have to be unzipped and compiled into a Fedora installation are far more complex (FDP can't cater for all the different possibilities). If its "yum-able" then yep, if its not theres much more work.
But these are probably better discussed off the list, if indeed I am given the task of trying to bring your HOWTO (and it would remain your HOWTO) into the FDP?
Tim
Regards, Miles Brennan
On Saturday 22 December 2007 05:21:14 am Miles Brennan wrote:
- Does one have to understand IPtables any more (chapter 6)?
I use shorewall, which seems to me to make this bit of life much easier. Am I right in thinking shorewall is more or less the default Fedora firewall nowadays?
Shorewall is a graphical tool for configuring iptables (Netfilter) and is similar to Firestarter. Chapter 6 is constructed to "walk" a new user through the complexities of iptables and Linux firewalls, so they have an understanding of what happens at the "packet" level. Shorewall is a higher level GUI that configures iptables with mouse clicks.
I take your other points. But shorewall, at least as I use it, is not graphical at all. It provides 2 or 3 recipes - I use "two-interfaces" - and then it is easy to open any further ports with something like SSH/ACCEPT loc $FW HTTP/ACCEPT loc $FW in the "rules" file. (These use macro.SSH, macro,HTTP in /usr/share/shorewall . There are 20-30 macros for all conceivable services.)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Timothy Murphy wrote:
On Saturday 22 December 2007 05:21:14 am Miles Brennan wrote:
- Does one have to understand IPtables any more (chapter 6)?
I use shorewall, which seems to me to make this bit of life much easier. Am I right in thinking shorewall is more or less the default Fedora firewall nowadays?
Shorewall is a graphical tool for configuring iptables (Netfilter) and is similar to Firestarter. Chapter 6 is constructed to "walk" a new user through the complexities of iptables and Linux firewalls, so they have an understanding of what happens at the "packet" level. Shorewall is a higher level GUI that configures iptables with mouse clicks.
I take your other points. But shorewall, at least as I use it, is not graphical at all. It provides 2 or 3 recipes - I use "two-interfaces" - and then it is easy to open any further ports with something like SSH/ACCEPT loc $FW HTTP/ACCEPT loc $FW in the "rules" file. (These use macro.SSH, macro,HTTP in /usr/share/shorewall . There are 20-30 macros for all conceivable services.)
The shorewall package is an application designed to assist users in configuring iptables, in fact the structure of the files from what I have seen, mimic the iptables scripts to some extent.
At the end of the day however, if shorewall makes live easier for a home user to establish a secure firewall, then theres no reason not to add it.
It could be added as an extra chapter, or better suited at the end of the iptables chapter itself.
Cheers, Miles
On Sunday 23 December 2007 10:27:22 pm Miles Brennan wrote:
The shorewall package is an application designed to assist users in configuring iptables, in fact the structure of the files from what I have seen, mimic the iptables scripts to some extent.
Exactly. I found it quite difficult to set up iptables directly (this was before I read your HOWTO!) and more importantly I had no confidence that my iptables gave me reasonable security.
I'm not sure, as I said earlier, to what extent shorewall has become the standard way of setting up iptables. But I certainly think, if you are lazy like me, that it saves a lot of brain cells.
On Mon, 2007-12-24 at 00:25 +0000, Timothy Murphy wrote:
On Sunday 23 December 2007 10:27:22 pm Miles Brennan wrote:
The shorewall package is an application designed to assist users in configuring iptables, in fact the structure of the files from what I have seen, mimic the iptables scripts to some extent.
Exactly. I found it quite difficult to set up iptables directly (this was before I read your HOWTO!) and more importantly I had no confidence that my iptables gave me reasonable security.
I'm not sure, as I said earlier, to what extent shorewall has become the standard way of setting up iptables. But I certainly think, if you are lazy like me, that it saves a lot of brain cells.
To whatever extent is possible, it would be good if the HOWTO used system-config-firewall, since that's the new and future tool. If you find places where s-c-fw falls short, you could file an enhancement bug or two. :-) Shorewall is in the repositories too, so you're good to go there.
On Monday 24 December 2007 03:24:10 am Paul W. Frields wrote:
I'm not sure, as I said earlier, to what extent shorewall has become the standard way of setting up iptables. But I certainly think, if you are lazy like me, that it saves a lot of brain cells.
To whatever extent is possible, it would be good if the HOWTO used system-config-firewall, since that's the new and future tool. If you find places where s-c-fw falls short, you could file an enhancement bug or two. :-) Shorewall is in the repositories too, so you're good to go there.
I'll certainly look at that, but my experience of the system-config scripts (particularly system-config-printer and system-config-network) is not good. They seem to me to be simply add a layer of obfuscation which makes it harder to diagnose any problems that arise.
And I certainly don't think it is any part of a HOWTO to try to improve the system.
But I will look at it in due course, if I am updating the HOWTO.
On Monday 24 December 2007 12:00:40 pm Timothy Murphy wrote:
To whatever extent is possible, it would be good if the HOWTO used system-config-firewall, since that's the new and future tool. If you find places where s-c-fw falls short, you could file an enhancement bug or two. :-) Shorewall is in the repositories too, so you're good to go there.
I'll certainly look at that, but my experience of the system-config scripts (particularly system-config-printer and system-config-network) is not good.
Also, I think Miles Brennan wanted the HOWTO to be as distribution-independent as possible, given that it does assume the reader is running Fedora. I assume that system-config-* is a RedHat speciality?
Timothy Murphy wrote:
Also, I think Miles Brennan wanted the HOWTO to be as distribution-independent as possible, given that it does assume the reader is running Fedora. I assume that system-config-* is a RedHat speciality?
There isn't much Red Hat specific about it. System-config-printer is the default printer utility in the latest Ubuntu release as an example. Besides it is pretty ok for any Fedora documentation to assume that the user is running Fedora.
Rahul
On Monday 24 December 2007 12:57:23 pm Rahul Sundaram wrote:
There isn't much Red Hat specific about it. System-config-printer is the default printer utility in the latest Ubuntu release as an example.
Ok, I didn't see them on the live Kubuntu CD when I ran it recently, but I probably didn't look in the right place.
Besides it is pretty ok for any Fedora documentation to assume that the user is running Fedora.
Of course. But it is also OK for the author to want the HOWTO to be valuable to non-Fedora users, if that can be done without sacrifice.
Timothy Murphy wrote:
On Monday 24 December 2007 12:57:23 pm Rahul Sundaram wrote:
There isn't much Red Hat specific about it. System-config-printer is the default printer utility in the latest Ubuntu release as an example.
Ok, I didn't see them on the live Kubuntu CD when I ran it recently, but I probably didn't look in the right place.
It probably isn't default there. Kubuntu usually plays catch up to Ubuntu (with GNOME as default) the way things are developed.
Besides it is pretty ok for any Fedora documentation to assume that the user is running Fedora.
Of course. But it is also OK for the author to want the HOWTO to be valuable to non-Fedora users, if that can be done without sacrifice.
One of the reasons why we go through the licensing checks is to ensure that the content itself remains open for derivatives of forks.
Rahul
I'll certainly look at that, but my experience of the system-config scripts (particularly system-config-printer and system-config-network) is not good. They seem to me to be simply add a layer of obfuscation which makes it harder to diagnose any problems that arise.
And I certainly don't think it is any part of a HOWTO to try to improve the system.
But I will look at it in due course, if I am updating the HOWTO.
Sorry for my late reply on this, I am changing ISP plans at the moment and am currently disconnected at home between plans.
I am happy if Tim would like to work on updating the HOWTO and if there's anyone else who would like to offer him a hand.
I propose it would be easier to update the document in HTML format first, then move it into the wiki once the chapters are reviewed. I have the domain www.linuxgeeks.org available on a server to upload any HTML pages for review, if this would make it easier for basic HTML reviewing. You can use it as a "scratch pad" if need be.
Regards, Miles
On Sat, 2007-12-22 at 02:53 +0000, Timothy Murphy wrote:
But these are probably better discussed off the list, if indeed I am given the task of trying to bring your HOWTO (and it would remain your HOWTO) into the FDP?
It's generally a good practice to keep all discussions on the list, if you can. We'd all like the chance to learn and help each other.
thx - Karsten
docs@lists.stg.fedoraproject.org