|
-
January 27th, 2003, 05:36 PM
#1
Embarking on a New Project - *nix
I'm going to finally take the advice I have received from many here, and embark on a new project. I need a hardware firewall for my network. Many people here have recommended creating a *nix box, and turning it into a dedicated firewall. I have dabbled in *nix a little bit. I don't know too much, but I understand the basic commands, and how to install it. I understand the theory involved with using a *nix OS as a firewall.
Update: I've decided to go with a FreeBSD setup using IPFilter. Has anyone done this before? I could use as much info as possible! I'm new when it comes to this stuff. Thanks!
Original Post: (kinda not important)
I am looking for suggestions from people who have done this before. What flavor OS was used, and what kind of software or scripting was used for the firewall. Also how customizable will this be? The type of setup I am looking for would be able to allow/unallow specific ports for specific IP Addresses of machines on my network. I want to be able to customize each IP address, and what ports will be allowed to be opened for each one.
Thanks for any info. This should be a fun new adventure.
An Ounce of Prevention is Worth a Pound of Cure...
 
-
January 27th, 2003, 05:41 PM
#2
Since you are going to dedicate a box for your firewall...
You should check out smoothwall and ipcop.
They serve as a proxy, firewall and router and the cost is just right! 
I have used smoothwall and it is very easy to setup. The online docs are perfect help.
Just make sure that your hardware is supported.
If you didn't want to do it this way... you have the option of setting up ip tables or ipchains .
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
January 28th, 2003, 05:04 PM
#3
I am having my friend come over today, and we are going to give this project a try. I'm going to use a bare minimum installation of FreeBSD and install the IPFilter package.
I will be testing this box out on my cable connection. The cable connection uses a dynamic IP, but that shouldn't matter as long as I setup the FreeBSD box to request an IP from the host right? I'm hoping that this FreeBSD box will be able to replace my linksys router, and act as both the router and gateway.
Does this setup sound like it will work? Any suggestions before I give it a shot?
Thanks!
An Ounce of Prevention is Worth a Pound of Cure...
-
January 28th, 2003, 05:35 PM
#4
I am using a dedicated computer running a security enchanced linux version that runs off a live cd (no harddrive needed). The firewall rules itself are iptables based. I always recomend setting up your own firewall rules from scratch manually. The version i use is called devil-linux. www.devil-linux.org . The support and docs that this site offers are really great, but you would have to know what you are doing. Its not the best if you have never worked in a *nix enviroment before. The reason i am recomending this firewall though is because its very very secure compared to other firewalls that just execute ready scripts. I would recomend that you first learn as much as you can about the linux OS itself, then how to do netwroking in the linux enviroment, then learn iptables and setup your own firewall rules. Its not advisable just to setup a dedicated firewall running linux because people say its safe. The safety depends on your knowledge. If you have never worked under *nix before, then the last thing you would do is setup a firewall. Once you understand the *nix OS, networking in *nix, and iptables, then think of the idea to create a firewall. Im not saying that you will not find a simple firewall in linux and be able to set it up. Im saying that if you dont understand the details, the security will not be effective. Its more than filling out information in a script. Further more, the firewall box should not be running any x server (NO GUI).
For more help on this topic i would recomend that you browse through google and antionline looking for tutorials based on iptables.
I hope that this has helped you. Remember, before you setup a firewall in *nix, be sure to understand it. Good luck.
--instronics--
Ubuntu-: Means in African : "Im too dumb to use Slackware"
-
January 28th, 2003, 07:07 PM
#5
Hmm... I've been doing some research on IPFilter. Is this even a package? So far I have seen tutorials that say you just have to enable it in the FreeBSD kernel. Is this true? I do not have to install a package?
I ask a lot of basic questions, but bare with me. :-)
An Ounce of Prevention is Worth a Pound of Cure...
-
January 31st, 2003, 09:14 PM
#6
Hmm.. i thought ipfilter would be like iptables for linux: you setup the kernel to accept it, and use an userspace program to add/delete rules dinamically. But I discovered it isn't how it works.. I found this text here,
http://www.defcon1.org/~ghostrdr/Fre..._IPFILTER.html
Which you might like... Oh, something else: http://www.freebsddiary.org/ipfilter.php
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
