April 18th, 2002, 04:43 PM
I am getting Mandrake Linux 8.2 pretty soon (I hope), and I'm already thinking about how to secure my box. I know zip about ipchains and the rest of that, although I hope to learn one day. Right now I am looking a ready made firewalls. Do any of you have any experience with any of these firewalls?
Mandrake Linux Single Network Firewall
Astaro Security Linux 2.016
Falcon Firewall Project 0.1.5
Secure Point 1.16
Please give me your comments good or bad if you use one of these or have any experience with them. If you don't use them, what do you use? Thanks.
Looking forward to becoming another *nixer.
For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
(Romans 6:23, WEB)
April 18th, 2002, 05:01 PM
Never used the other ones, although I have heard some good things about the single network firewall from mandrake.
I have used IPchains, IPtables, and IPFilter. There are numerous HOWTO's about these firewalls.
www.ipfilter.org (ipfilter duh)
http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html (since ipchains doesn't have its own homepage, here is the howto link)
I would suggest using one of these rather than an 'out-of-the-box' firewall. You will learn more, and they are a bit more powerful.
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
April 18th, 2002, 05:12 PM
goto Kernel.org get the latest kernel (2.4.18 at time of writing) and start using IPTABLES.
Hogfly is right about the older firewalls, your best bet is to read a handful of the howto's and make your own.
During this process you'll almost certinly manage to lock yourself out of your own machine, but thats just part of the fun you'll have.
[glowpurple]manually editing your config files can break them. If this happens, you get to keep both pieces. [/glowpurple]
April 20th, 2002, 12:35 AM
My company use Mandrake firewall as a NAT firewall (i.e. Masquerading) and don't seem to have any problems. As I'm the most experienced person with UNIX, and I've never been asked for help with it, it can't be hard to set up
The one I personally use at home and recommend for all but the most awkward configurations, is freesco (www.freesco.org).
It is a single-floppy disk distro totally dedicated to routing and firewalling (although there are some other nice features too), and if you enable the security options sensibly it should be pretty secure.
It's dead easy too and works with ethernet to ethernet or analogue modems
April 20th, 2002, 04:21 AM
Mandrake Linux 8.2 Good choice.
Until I replace my crappy win modem I have no need for a firewall but hereís a link that you might find useful. http://linux.tucows.com/internet/firewall.html
Its not software piracy. Iím just making multiple off site backups.
April 20th, 2002, 08:12 AM
I think that you should go with IPTables and set up your firewalls on the ports you need them only, dont let them enterfere with anything else.... also use nmap to look at open ports and close the services you dont use or need......
As far as freesco goes, its a very good firewall/router to use, especialy if you dont have much cash, just get a crappy 100MHz machine with a little bit of ram no HD or CDRom is required, just pop the floppy in, ge ta few NICs to work for your routing needs and your set
April 20th, 2002, 10:28 AM
www.psionic.com this site has portsentry 1.1 which works along side ipchains or iptables.
This is an excellent program that everyone running linux should have go check it out,you wont regret it.
April 20th, 2002, 01:13 PM
About exactly the same as freesco does, can also be done with BBIagent.
BBIagent is a also a single floppy Linux distro that does NAT for you. So get yourself an old box, with some RAM and a Floppy drive. You don't even need a monitor or HDD or CDROM.
Installation is easy.
April 22nd, 2002, 12:36 AM
I forgot to mention:
like freesco, BBIagent also is FREEware... so if you want to get a cheap router or firewall for home or small to medium business, those type of *nix solutions are worth considering. And the performance is good, even better than some 'real hardware' routers.
April 22nd, 2002, 02:15 AM
I just upgraded to RedHat 7.1 and during the install it asked you to configure ipchains. It was quite a simple process. It just gave you a box and you checked what traffic you would like to permit...ie- http, SMTP etc etc etc..