Linux Firewalls
Results 1 to 10 of 10

Thread: Linux Firewalls

  1. #1
    Senior Member
    Join Date
    Feb 2002
    Posts
    856

    Linux Firewalls

    Hi all,
    I am getting Mandrake Linux 8.2 pretty soon (I hope), and I'm already thinking about how to secure my box. I know zip about ipchains and the rest of that, although I hope to learn one day. Right now I am looking a ready made firewalls. Do any of you have any experience with any of these firewalls?

    Mandrake Linux Single Network Firewall
    Astaro Security Linux 2.016
    Falcon Firewall Project 0.1.5
    Secure Point 1.16

    Please give me your comments good or bad if you use one of these or have any experience with them. If you don't use them, what do you use? Thanks.

    Looking forward to becoming another *nixer.
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  2. #2
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    Never used the other ones, although I have heard some good things about the single network firewall from mandrake.

    I have used IPchains, IPtables, and IPFilter. There are numerous HOWTO's about these firewalls.

    www.netfilter.org (iptables)
    www.ipfilter.org (ipfilter duh)
    http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html (since ipchains doesn't have its own homepage, here is the howto link)

    I would suggest using one of these rather than an 'out-of-the-box' firewall. You will learn more, and they are a bit more powerful.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  3. #3
    Senior Member
    Join Date
    Sep 2001
    Posts
    429
    after installing..
    goto Kernel.org get the latest kernel (2.4.18 at time of writing) and start using IPTABLES.
    Hogfly is right about the older firewalls, your best bet is to read a handful of the howto's and make your own.
    During this process you'll almost certinly manage to lock yourself out of your own machine, but thats just part of the fun you'll have.



    J.
    [glowpurple]manually editing your config files can break them. If this happens, you get to keep both pieces. [/glowpurple]

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Hi there

    My company use Mandrake firewall as a NAT firewall (i.e. Masquerading) and don't seem to have any problems. As I'm the most experienced person with UNIX, and I've never been asked for help with it, it can't be hard to set up

    The one I personally use at home and recommend for all but the most awkward configurations, is freesco (www.freesco.org).

    It is a single-floppy disk distro totally dedicated to routing and firewalling (although there are some other nice features too), and if you enable the security options sensibly it should be pretty secure.

    It's dead easy too and works with ethernet to ethernet or analogue modems

  5. #5
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,211
    Mandrake Linux 8.2 Good choice.

    Until I replace my crappy win modem I have no need for a firewall but hereís a link that you might find useful. http://linux.tucows.com/internet/firewall.html
    Its not software piracy. Iím just making multiple off site backups.

  6. #6
    Banned
    Join Date
    Sep 2001
    Posts
    522
    I think that you should go with IPTables and set up your firewalls on the ports you need them only, dont let them enterfere with anything else.... also use nmap to look at open ports and close the services you dont use or need......

    As far as freesco goes, its a very good firewall/router to use, especialy if you dont have much cash, just get a crappy 100MHz machine with a little bit of ram no HD or CDRom is required, just pop the floppy in, ge ta few NICs to work for your routing needs and your set

  7. #7
    Banned
    Join Date
    Sep 2001
    Posts
    97
    www.psionic.com this site has portsentry 1.1 which works along side ipchains or iptables.
    This is an excellent program that everyone running linux should have go check it out,you wont regret it.

    Crimina1

  8. #8
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Posts
    1,542
    About exactly the same as freesco does, can also be done with BBIagent.

    BBIagent is a also a single floppy Linux distro that does NAT for you. So get yourself an old box, with some RAM and a Floppy drive. You don't even need a monitor or HDD or CDROM.
    Installation is easy.

    http://www.bbiagent.com
    http://www.bbiagent.net

  9. #9
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Posts
    1,542
    I forgot to mention:

    like freesco, BBIagent also is FREEware... so if you want to get a cheap router or firewall for home or small to medium business, those type of *nix solutions are worth considering. And the performance is good, even better than some 'real hardware' routers.

  10. #10
    I just upgraded to RedHat 7.1 and during the install it asked you to configure ipchains. It was quite a simple process. It just gave you a box and you checked what traffic you would like to permit...ie- http, SMTP etc etc etc..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •