November 11th, 2001, 12:40 PM
I'm reading a book about Firewalls at the moment... I currently use ZoneAlarm Pro on every computer on the network (except the Linux box) since they all have a direct internet connection via a dial-up modem (except the linux machine)... However, I am considering putting a Linux box with a real modem and a net card in the network so that all machines can connect through this, which will be firewalled, and probably also run some kind of site filter (since my sister keeps going on web sites she should't).
The one problem i've encountered so far is the distinct lack of real modems around... if anyone knows where I can buy one it would be a great help!!!
What I'm thinking is, would I still be best running ZAPro on each individual machine as well, as a backup, and to set local network based restrictions, or would it defeat the whole point of having a linux firewall designed to take the load off slow computers which already have antivirus and firewall and other stuff running.
I use a proxy server on one of the computers so my existing linux box can connect to the net, but that further slows the computers down...
Thoughts? Comments? Suggestions?
November 11th, 2001, 01:36 PM
Most external modems should be linux compatible - i'd steer clear of usb external though, i used to use a multitech modem and never had any problems with any distro.
You should definately proxy your windows machines through your linux box - and ditch zonealam as soon as you do, i like to keep a tight gateway running and then i can relax with the setup of the boxen on my internal network
November 11th, 2001, 04:41 PM
Re: evolving security concerns
Just about any hardware modem should work well for you, you may even be interested in a LAN modem, I think 3COM makes one.
As for your firewall, you are already running one of the most highly respected firewall OS's out there. Depending on whether you are running Linux kernel 2.2.x or 2.4.x will determine whether you use ipchains or iptables /* respectively */. There are a number of other options available too, ranging from NAT and Netfilter to some commercial firewalls for Linux.
A pretty good proxy is Squid, if it did not come with your distro you can get it at http://www.freshmeat.net . It is an outstanding proxy, I would recommend reading the doc's thoroughly before attempting configuration.
A great book that may be at your local library or bookstore on the subject of firewalls is "Building Internet Firewalls, 2nd ed." by Elizabeth D. Zwicky, Simon Cooper & D. Brent Chapman published by O'reilly ISBN 1-56592-871-7
Hope that helped
Know this..., you may not by thyself in pride claim the Mantle of Wizardry; that way lies only Bogosity without End.
Rather must you Become, and Become, and Become, until Hackers respect thy Power, and other Wizards hail thee as a Brother or Sister in Wisdom, and you wake up and realize that the Mantle hath lain unknown upon thy Shoulders since you knew not when.
November 11th, 2001, 04:48 PM
ok. Again, Thanks for your help and suggestions!