[ULTRAMONKEY-USERS] moRe: are the directors firewalled?

Rick Graves gravesricharde at yahoo.com
Thu Dec 20 19:56:25 EST 2007 

Glen,

I tried again, and put the CD back in the CD drive
after the reboot.  This goes more smoothly, but I
still get the color full screen message that there was
a problem installing the selected software.  (Again, I
did not select any software to install.)

The second reboot finally results in a prompt.  (Which
is further than I got before.)

In general, there is big emphasis on applying updates
to installed software.  Does that not apply to
directors running Sarge?

Thanks,

Rick

--- Rick Graves <gravesricharde at yahoo.com> wrote:

> Glen,
> 
> > For this reason, my preference for directors is
> > Debian.
> 
> Installing Sarge goes so badly, I am wondering
> whether
> I am doing something wrong.
> 
> I have a Sarge CD (#1) that I burned when Sarge was
> the current release. 
> 
> The installation from the CD itself goes OK, but
> trouble begins after the reboot.
> 
> I set the clock to GMT/UTC and confirm my time zone.
> 
> I put in the root password and set up a user
> account. 
> 
> 
> Apt configuration is where the trouble begins.  I
> chose ftp and confirmed my country.  The first site
> on
> the list does not work, so I tried the 2nd one.  It
> accesses stable/main.  (I assume that is the
> problem.)
> 
> It eventually gets to a message that I am attempting
> to remove the kernel version that I am using.  The
> message says this is dangerous and recommends
> against
> doing this unless I know what I am doing and I am
> prepared to hose my system.  Since I do not know
> what
> I am doing and I do not want to hose this install, I
> answer "No". Then there are some unmet dependency
> error messages.
> 
> It gets to software selection, and I do not choose
> anything, just OK.
> 
> Then there is a color Debian base system
> configuration
> screen.  It says there was a problem installing the
> selected software -- one or more packages failed to
> install, etc.   I get to a color menu, and "Select
> and
> install packages" is highlighted.  I do not want any
> packages (yet).  Below that is configure mail
> transport agent, finish configuring the base system,
> and execute a shell.  I choose Finish configuring
> the
> base system. I just get a message then bash.
> 
> Rebooting results in lots of error messages.
> 
> How should I do a Debian install for the directors?
> 
> Thanks,
> 
> Rick
> 
> 
>  
> 
> 
> 
> --- Glen Kendell <glen at martianfireworks.com> wrote:
> 
> > No, Ultramonkey does not firewall the directors. 
> So
> > you will need to think
> > about firewalling SSH and anything else that might
> > an open avenue of attack.
> > 
> > There are potential issues with running iptables
> on
> > the directors
> > themselves, depending upon your configuration. 
> It's
> > certainly doable, but
> > if you have a Smoothwall in front of the directors
> > why not just do all your
> > firewalling there?
> > 
> > That being said, you should give some thought as
> to
> > what you would be
> > running on your directors that might need
> > firewalling.  Ideally, your
> > directors will be as "appliance like" as possible
> > and will be running the
> > absolute minimum amount of services and extra
> > "stuff" besides Ultramonkey.
> > 
> > For this reason, my preference for directors is
> > Debian.  Ubuntu is fine, but
> > do you really need all the extra goodies that come
> > along with even a minimal
> > install?
> > 
> > Keep it simple and you'll do fine.
> > 
> > - Glen
> > 
> > 
> > On 12/19/07 7:37 AM, "Rick Graves"
> > <gravesricharde at yahoo.com> wrote:
> > 
> > > Hello,
> > > 
> > > In the next 24 hours, I will attempt to set up 4
> > > computers in a high availability, load balancing
> > > configuration, as here:
> > > 
> > >
> >
>
http://www.ultramonkey.org/3/topologies/ha-lb-eg.html#real-servers
> > > 
> > > For the directors, I will either use ubuntu 6.06
> > LTS
> > > or debian sarge.  I have ubuntu installed on all
> 4
> > > boxes.  I am planning on trying debian sarge
> > again;
> > > installation did not go well when I tried it
> about
> > 10
> > > days ago, but this time I will use older (1998
> > > vintage) hardware.
> > > 
> > > The real severs will be web servers running
> > Apache2.
> > > My router will be a Smoothwall 3 box.
> > > 
> > > I note from the diagram that the directors are
> > exposed
> > > to the internet. 
> > > 
> > > For optimal security, I think each director
> should
> > > have an iptables firewall running that will
> allow
> > > access to the desired ports and block access to
> > all
> > > others.
> > > 
> > > Does ultramonkey firewall the directors?
> > > 
> > > Thanks,
> > > 
> > > Rick Graves
> > > 
> > > _______________________________________________
> > > Ultramonkey-users mailing list
> > > Ultramonkey-users at vergenet.net
> > >
> >
> http://lists.vergenet.net/listinfo/ultramonkey-users
> > 
> > -- 
> > Glen Kendell
> > Martian Fireworks Security
> > 206.965.8583 direct
> > 206.399.3510 cell
> > glen at martianfireworks.com
> > 
> > 
> > _______________________________________________
> > Ultramonkey-users mailing list
> > Ultramonkey-users at vergenet.net
> >
> http://lists.vergenet.net/listinfo/ultramonkey-users
> > 
> 
> 
> _______________________________________________
> Ultramonkey-users mailing list
> Ultramonkey-users at vergenet.net
> http://lists.vergenet.net/listinfo/ultramonkey-users
>

More information about the Ultramonkey-users mailing list