Gentoo Archives: gentoo-dev

From: Nathaniel Grady <nate@×××××××.org>
To: gentoo-dev@××××××××××.org
Subject: Re: [gentoo-dev] NAT iptables info
Date: Thu, 04 Oct 2001 14:30:52
Message-Id: 20011004163156.A23796@nutopia.org
In Reply to: Re: [gentoo-dev] NAT iptables info by Daniel Robbins
1 (note: I havn't really been able to keep up completly with the thread - darn classes getting in the way of important stuff :)
2
3 I would have to argue that I believe an openBSDish secure by default is the best approach. Make the default install very secure - not allowing any sort of insecure password auths (non-ssl ftp pop3 and imap) and the shuch. Having config files in portage is a bad idea as it will cause the biggest security hole windows has - "gee, I pressed a button and it worked so it's good enouhg." This promotes a lack of understanding about what the user has done and therefore they would have trouble even knowing what exactally the were using to know what patches and security vunarablity reports applied to them. That dosn't mean we should leave a newbie floating. I really think good how-to's are the answer. A websight of "how to make an X with gentoo linux" sort of thing - step by step documents describing how to make a firewall/NAT applience with a modem or a cablemodem or a DSL line, how to set up secure imap and pop servers (ssl that is), how to set up a webserver. I think those three are probably where the biggest number of newbies are going to come from and it would be a waste if each one had to be walked through those first steps indivigually. The most important aspect of the guides would be *REFRENCES* - eg: "install the certificate by doing.... [see the wonderfull guides by john at http://... and the part of the OpenSSL manual at ... and ]." A lot of guides seem to have a list of refrences at the bottom but I think maybe a lot of newbies are intimitated by "for more info see the homepage of XXX." Insted relevant refrences to the section of the manual, similar guides writtin by other projects, etc... (Oh, and including commented example configurations and such is good too - the current gentoo build doc and such are really good about that allredy - i think a few more docs along those lines would be good)
4
5 For example, looking at http://www.gentoo.org/doc/build.html, under 2. Booting there should be a line "By the way that prompt you're loking at is <a href=homepage>this program and the docs for it are <a href=program_docs> here </a>. The ISO was created with <a href=isolinux_homepage> isolinux. If you have problems you might want to glance at thier respective homepages to see if it's a known bug with your motherboard chipset... or looking at the next section - the real power of html is that when it sais use modprobe you can have use <a href=modprobe_manpage>modprobe</a>! I think that's whats going to help newbies start to learn how to really use linux and go beyond the microsoft programed "gee, i clicked someting and it seems to serve webpages now... on to mail serving"
6
7 That said I want to say I really think the gentoo docs are excellant - some of the best i've seen of any distro. And drobbins articles on developerworks kick ass - really found them usefull myself :) The openAFS doc i think is a model of how this sort of documentation for "newbies" should be produced. (newbies in quotes as non-newbies like me find is usefull as well).
8
9 in conclusion my main suggestion is that the current documentation trend (openafs, nvidia) is excellant and the only real change is maybe more hyperlinks to man pages, relevant sections of other guides sprinkled around the guides. If maintianers are intersted I'll start looking around suggestions of such links :)
10
11 Just my 2 cents
12
13 --Nathaniel Grady
14
15 ps: if nobody has taken it i'll offer to try and make a "making a simple firewall/nat with gentoo linux" oriented to newbies, but i only have a modem so i can't comment much on cable/dsl aside from "change ppp0 to ethX where X is the ethernet adapter your modem is connected to".... really, i can write better than this email would suggest *grin*