Configuring Solaris 8 for FW-1 --------------------------------------- 1) stick Solaris software 1 CD in drive. Power up machine and hit "stop-a". Type "boot cdrom" to boot off cdrom. 2) follow prompts. Language = english?? Networked = yes DHCP = no hostname = whatever lab says (eg: fwmadrid) IP address = external IP of fw IPv6 = no Kerberos = no Name Service = DNS Domain Name = eg: intersec.com Server's IP Address = 10.2.1.3 Search Domain = n/a (you may get error about DNS lookup. Ignore and say "no") Part of subnet = yes Netmask = probably 255.255.0.0 Specify timezone = Geographic Region, United States/Central Specify date and time Installation Type = Initial Geographic Region = North America/USA 3) Select Software: choose "End User", then hit "Customize" Uncheck: 64-bit iconv for Eastern Europe Font Downloader Russian Fonts Solaris Product Registry Solaris User Registration Spell Checking Engine Sun Fibre Channel stuff Thai stuff Web based enterprise management X11 Arabic fonts (they install in /bin/laden) X11 sun_eu_greek fonts XSH4 conversion for Eastern Europe Check: Freeware Compression Utilities - gzip Freeware Shells - tcsh and bash On-line Manual Pages 4) Configuring partitions: there should be 1 ~4GB hard disk. Make sure it is selected and hit "continue". - choose "auto layout" - check "/" and "swap" only. - hit "customize", and table should look like: 0 / 3590 1 swap 512 2 overlap 4102 3 4 5 6 7 /export/home where /export/home is removed. About 2x physical memory is allocated to swap, and the rest goes to /. Leave overlap alone. If it complains about "slice too small", give /export/home ~10MB. 5) additional options Remote Mounts = continue begin installation auto reboot (installation will take ~20 minutes) 6) after reboot -enter root password -energy saver questions = say "no" twice -X windows will come up and ask for the 2nd cd. Say next, and insert disk 2. reboot. 7) log in and choose "CDE" 8) make customizations desktop changes run "catman &" to index man pages (this takes upwards of 30-60 minutes) harden OS: comment out /etc/inetd.conf in /etc/rc2.d, disable (S->s): sendmail lp xntpd ldap.client nfs.client savecore slpd automountd power spc cron autoinstall in /etc/rc3.d: everything -/etc/defaultrouter: ip of default route -/etc/netmasks: set network masks, eg: 10.1.1.0 255.255.255.0 -/etc/resolv.conf: nameserver 10.2.1.3 -/etc/nsswitch.conf: specify DNS resolution for: hosts: files dns ipnodes: files dns -/etc/nodename: change hostname (if necessary) -/etc/hostname.xxx: add multiple NIC configs. DO NOT USE BLANK LINES or else netmasks don’t set correctly -/etc/profile: add FWDIR=/opt/CPfw1-41 (for version 4.1 anyway) PATH=$PATH:/opt/CPfw1-41/bin SHELL=/usr/bin/tcsh export LOGNAME PATH FWDIR SHELL -allow ip forwarding on OS: ndd -set /dev/ip ip_forwarding 1 this must be added to a startup script, eg create a /etc/rc2.d/S99local file 9) software: copy and load additional software: firewall (WARNING: in class, load service packs before attempting "cpconfig") patches NIC drivers 10) video resolution (for ultra5 only) m64config -res 1024x768x75 reboot *note: "m64config -prconf" will show available modes 11) 64-bit kernel: by default, 64 bit kernel is booted. You will have to boot 32-bit kernel for fw-1 v4.1 for 32 bit: eeprom boot-file=kernel/unix for 64 bit: eeprom boot-file=kernel/sparcv9/unix (or = nothing) 12) Define unique MAC addresses on all NICs. Usually a good idea if you are using a switch (even with VLANs). To do this, you need to reset an eeprom variable: eeprom “use-local-addresses?”=true Certain cards such as FDDI, token, or older Ethernet cards cannot use this feature, and MACs must be set manually in a startup script: ifconfig qe0 ether 0a:0:20:09:c8:2 Addendum for FP3 Following Packages required: SUNWter Following Patches required: (latest cluster covers all) 109147-18 108528-06 109326-07 108434-01 (32bit) 108435-01 (64bit) Patch notes: load 32bit patches first, use “showrev –p” to show patch revs.