Penguin
Recent Changes
Diff: MetaNetConfiguration
EditPageHistoryDiffInfoLikePages

Differences between version 6 and predecessor to the previous major change of MetaNetConfiguration.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 6 Last edited on Thursday, June 5, 2003 9:52:05 pm by JohnMcPherson Revert
Older page: version 4 Last edited on Saturday, May 17, 2003 1:22:18 pm by CraigBox Revert
@@ -55,18 +55,25 @@
 __Note__: You may wish to change the paths based on your distribution. Debian Woody prefers "/var/cache/bind/stubs", but doesn't create it by default. __Make sure the directory you have named in the config file exists on the filesystem!__ 
  
 You should then be able to restart named(8) (debian: /etc/init.d/bind restart, or reload if it's already running) and then ping "www.tla". 
  
-You are now properly on the !MetaNet. You should now be able to visit http://www.tla/ and http://www.plaz.tla/.  
+You are now properly on the !MetaNet. You should now be able to visit http://www.tla/ 
  
 !Other clients on your network 
  
-Make sure any clients on your network that you want to resolve !MetaNett addresses have the address of your nameserver as the first nameserver in /etc/resolv.conf, or their native DNS configuration. You can put your [ISP]'s nameserver after it as a precaution, if you like. 
+Make sure any clients on your network that you want to resolve !MetaNet addresses have the address of your nameserver as the first nameserver in /etc/resolv.conf, or their native DNS configuration. You can put your [ISP]'s nameserver after it as a precaution, if you like. 
  
-!Root CA 
+!!Firewalling  
+see FirewallNotes and PerrysFirewallingScript. Although you should be able to mostly trust other people on the metanet, you should at the very least do some basic firewalling.  
+  
+For example, samba/nmbd does broadcasts that will go across the metanet. You can either block traffic to and from the metanet on ports 137, 138 and 139 (both [TCP] and [UDP]) or you can add the following in smb.conf's global section:  
+ bind interfaces only = yes  
+ interfaces = 10.x.y./24  
+  
+! !Root CA 
 The !MetaNet has a CertificateAuthority that it uses for signing SSL websites and potentially other cool stuff. To add this "root CA" to your browser, visit http://www.meta.net.nz/install-cert.html 
  
 Now, go to MetaNetResources to see what you can do with your new internetwork. 
  
 ----- 
  
 [1] The reason is if you use a forwarder, then all queries get forwarded to the other server and it won't be able to resolve metanet names and addresses.