Firewall install

Install minimal Debian

In file /etc/apt/sources.list replace stable by sarge.


Log on root

apt-get install sudo vim visudo

Add at end :

# Members of the admin group may gain root privileges %admin ALL=(ALL) ALL
groupadd admin adduser //username// admin exit

Log as username

sudo passwd -l root

Edit bashrc

vi ~/.bashrc


if [[ -f /etc/bash_completion ]]; then     . /etc/bash_completion fi

And add:

export PATH=$PATH:/sbin:/usr/sbin


 sudo apt.get install sysv-rc-conf

edit file /etc/network/interface and put

auto eth0 iface eth0 inet static   address   netmask   gateway   broadcast  auto eth1 iface eth1 inet static   address   netmask   network   broadcast

edit file /etc/network/option and activate forward

gunzip /usr/share/doc/iptables/examples/oldinitdscript.gz -c > /etc/init.d/iptables chmod +x /etc/init.d/iptables mkdir /var/lib/iptables chmod 700 /var/lib/iptables

with sysv-rc-conf activate level 2, 3, 4, 5, 6, S

/etc/init.d/iptables store inactive
iptables -F iptables -t nat -F   - All outgoing connections, except to lcmpc15 (which is in local network) shall   - be SNATted   -2bd iptables -t nat -A POSTROUTING -s -j ACCEPT   -2bd iptables -t nat -A POSTROUTING -d -j ACCEPT iptables -t nat -A POSTROUTING -s -j SNAT --to-source    - SSH to shall go to fileserver   -iptables -t nat -A PREROUTING -p tcp --dport 22 -d -j DNAT --to-destination   -iptables -t nat -A PREROUTING -p tcp --dport 80 -d -j DNAT --to-destination    - Everything coming from intern is accepted iptables -A INPUT -s -j ACCEPT iptables -A INPUT -s -j ACCEPT iptables -A INPUT -s -j ACCEPT    - And everything from the internal network iptables -A INPUT -s -j ACCEPT    - Accept some things from the outside: http iptables -A INPUT -p tcp --dport 80 -j ACCEPT   - Accept all from iptables -A INPUT -p all -s -j ACCEPT   -iptables -A INPUT -p udp -s -j ACCEPT    - Accept some things only from EPFL: dns   -iptables -A INPUT -p udp --sport 53 -s -j ACCEPT    - And allow also for established, related connections iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT    - Skip the rest iptables -A INPUT -j DROP
/etc/init.d/iptables store active


sudo apt-get install nis

domain name: msr

on file /etc/yp.conf add:


on file /etc/passwd add:


on file /etc/shadow add:


on file /etc/group add:


add the public IP ( to the fileserver file /etc/ypserve.securenet.


sudo apt-get install ntpdate ntp-server

Edit file /etc/default/ntpdate :change NTPSERVERS to ⇒

NTPSERVERS="" #NTPSERVERS="" # # additional options for ntpdate #NTPOPTIONS="-v" NTPOPTIONS="-u"


In the file /etc/fstab add:

fileserver:/home        /home        nfs defaults       0       0 fileserver:/home/sradio /home/sradio nfs defaults       0       0

Asis (matlab) – Abandoned

See :

sudo apt-get install xbase-clients
sudo addgroup --gid 449 asis sudo adduser --uid 449 --ingroup asis asis sudo addgroup asis staff
sudo mkdir /asis.local sudo chgrp staff /asis.local sudo chmod g+w /asis.local
sudo mkdir /net sudo mkdir /net/castor sudo mkdir /net/castor/asis sudo mount castor:/asis /net/castor/asis
su asis /net/castor/asis/adm/bin/asisinstall export /usr/local/bin/tkwsm


Get a licenses on

sudo mkdir /net sudo mkdir /net/linuxline sudo mkdir /net/linuxline/export sudo mkdir /net/linuxline/export/mirror sudo mount linuxline:/export/mirror /net/linuxline/export/mirror sudo apt-get install alien alien -dv /net/linuxline/export/mirror/LICENSES/MATLAB74/Matlab-std-7.4-1.i386.rpm dpkg -i matlab-std_7.4-2_i386.deb


Create file /etc/cron.daily/apt contains :

#! /bin/sh apt-get update; apt-get -y upgrade;


edit file /etc/ssh/sshd_config change PermitRootLogin yes by

PermitRootLogin no

change X11Forwarding no by

X11Forwarding yes