Fedora and Snort HW firewall
Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: Fedora and Snort HW firewall

  1. #1
    Member
    Join Date
    Aug 2004
    Posts
    32

    Fedora and Snort HW firewall

    Is Fedora and Snort still my best option for a Hard Ware firewall to protect my network?

    I have a pentium 333mh 384mb ram 8gb hdd and Athlon 2400+ 512mb ram and 80gb hdd

    Does speed and ram make a significant effect to firewall/ network speed?

    Is there any special way to install OS? Always been told less is more?

    What about physical position of Firewall, what is best?

    Any advice really appreciated.

    Thanks

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    First things first. Fedore is an OS and snort is an NIDS. Neither of them are considered a "hardware firewall". People tend to call Cisco PIX, Nokia-Checkpoint FW-1, Sonicwalls etc hardware firewalls. Dedicated boxes with everything buildin out-of-the-box.

    On the other hand, you can turn this into a great firewall with intrusion detection.

    Speed and RAM does have an effect on the performance.
    How much bandwidth are you planning on firewalling?

    As for installation of the OS, only install the bare minimum you need.

    And the physical position? How about at the edge of your network?
    Or did you mean in a closed (server) room?


    As a side note, I have an old P90, 24MB ram, 512MB HDD that's protecting my 4Mbit adsl connection. Works like a charm
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Your hardware is probably overkill unless you have a massive amount of custom rules
    and are prioritizing voice data over all other data types...My guess is you won't be.

    Fedora+Snort does not a firewall make...!!
    Any Linux using netfilter and snort among other configurations can be.
    Why not use something like smoothwall (http://www.smoothwall.org) and get your
    feet wet with it.

    Physical location will depend on what your choices are...Details Details Details
    I don't know about the others, but I flunked ESP in College..

  4. #4
    Member
    Join Date
    Aug 2004
    Posts
    32
    Thanks for coming to the plate.

    T1 inbound cisco router straight through, eth0 and eth1 circuits to internet related MS servers.

    All software individual firewalls to date, just wanted to provide security umbrella and start to investigate potential security holes with some self generated attacks.

    I am off to investigate your suggested url

    If you need more info, just let me know what is is.

    Thank you.

  5. #5
    Member
    Join Date
    Aug 2004
    Posts
    32
    Smoothwall was not responding, I kept trying and finally it came up.
    It the delay is anything to go by it doesn't look a viable proposition.

    Will keep open mind and review further.

  6. #6
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Well unless you change your router config, you will need a firewall interface for each
    router interface leading into your trusted network.

    Placing enough NICS in your box will do the trick. More than one trusted interface will
    just add a few more rules but not much complexity.

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Can I suggest where to place this (whatever you decide to put on) machine?

    Code:
    T1>---[cisco router]--[DYI Firewall/IDS]-----[Internal LAN]
                              \
                               ----DMZ----[MS webservers]
    Oh, and my firewall is running on FreeBSD-4-stable with IPFilter.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Member
    Join Date
    Aug 2004
    Posts
    32
    Their IP pings at TTL=246
    But the website navigation is like waiting for paint to dry
    is this perhaps the Firewall in action?
    Are you experiencing the same delays?

  9. #9
    Member
    Join Date
    Aug 2004
    Posts
    32
    Thank you SirDice

    There is only a couple of us on the trusted network.

    There are MS servers on both eth circuits does that mean two
    firewalls?

    Network mainly consists of individual single workgroups, dns, email server, webservers, sql, couple of workstations.

  10. #10
    Member
    Join Date
    Aug 2004
    Posts
    32
    ss2chef
    Router is managed by provider of T1, it is open.

    I thought I could put a FW box upstream of router between it and t1
    input.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •