Details:
CentOS Linux distribution comes with the iptables which is enabled by
default. In previous several labs, you have to turn iptables off in
order for those labs to work. In this lab, you will leave your
iptables on (turn it on if not already), and make sure that your DNS
server, web server and mail server are still working by adding extra
rules into the iptables.
Every time when ssh'ing to a machine, a password needs to be entered. It could be troublesome sometime. This problem can be mitigated by using ssh-agent and ssh-add. Additionally, when ssh'ing to a machine with X11 Forwarding enabled, one has to use -X command line option. By creating a local ssh configuration file with X11 Forwarding option enabled, -X option is no longer needed.
$ /etc/init.d/iptables start
/etc/sysconfig/iptables
. Add a rule that accepts
connections for UDP protocol on port 53.
$ /etc/init.d/iptables restart
Extra Credits (10%): Getting NFS and NIS to work with iptables is a bit tricky. Google "NFS iptables" and "NIS iptables", and get NFS and NIS to work with iptables.
$ /usr/bin/ssh-keygen -t dsa -b 2048When asked about the file in which to save the key, use the default one by hitting the enter key. When prompted for a passphase, enter a good and secure passphase you can remember. Re-enter the same passphase when asked again.
~/.ssh/id_rsa.pub
to the
file ~/.ssh/authorized_keys
on the machine to which you
want to connect. In this case, since you would like ssh to any CS
machine without typing any password, you could simply
copy ~/.ssh/id_rsa.pub
to ~/.ssh/authorized_keys
.
~/.ssh/config
~/.ssh/config
ForwardX11 yes ForwardX11Trusted yes
/etc/sysconfig/iptables
, you have to do
"/etc/init.d/iptables restart"
/etc/services
for known protocols and
ports.