Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
Linnux firewall for network
Results 1 to 9 of 9

Thread: Linnux firewall for network

  1. #1
    Associate
    Join Date
    Aug 2002
    Posts
    10

    Linnux firewall for network

    Is it possible to have linux serve as the firewall for my existing w2k network? This network is currently configured as follows:
    w2k server w/AD
    linksys 4-port router
    e2k server
    w2k prof & xp system
    linux server ver7.3
    Can someone point me to documentation that will instruct me on using the linux server as a firewall for this network?
    Or is this even possible. Or is the firewawll limited to the system it's installed on.
    Any help is appreciated.

  2. #2

    Re:Linnux firewall for network

    This is completely possible, however I would suggest using a dedicated
    486 or P1 for a firewall being that less services/processes on a firewall
    limits the amount of possible exploits from the internet.

    My personal choice is one of the LEAF projects products (http://leaf.sourceforge.net).
    Other similar products would include Coyote Linux, ESmith, FreeSCO, and many others.

    I hope this helps,
    ~Lynn

  3. #3

    Re:Linnux firewall for network

    I have one existing linux/iptables firewall on my (primarily)Win2k domain and am going to add a few more iptables/FreeSWAN boxes. It's entirely possibly and, with the propery set up, can do replace most commercial firewall solutions. I suggest this book http://www.bookpool.com/.x/na7odhoek4/sm/0735710996

    Also, you will definately need a box dedicated to that purpose alone with zero services running (ok maybe just SSH for remote administration).

    You might want to also looking into something like ulogd for logging your firewall traffic to a MySQL database.

  4. #4
    Associate
    Join Date
    Aug 2002
    Posts
    10

    Re:Linnux firewall for network

    OK...so there is hope.
    My domain is also primarily w2k plus this new linux server that I just installed. Would you happen to have any documentation on this? I'll have to try and work that book into my budget sometime in the near future. My concern or lack of knowledge deals with the actual setup of the linux system. Are there any modifications that I'll need to make to my w2k network before or after this, or can I simply add that system, assign a static IP to it, and setup the firewall accordingly?

    thanks

  5. #5

    Re:Linnux firewall for network

    You will need to make no changes to your domain other than possibly adding an entry to your local nameserver and changing some default gateways and routing tables to accomidate for the new firewall. If it is replacing an old firewall, then you probably won't have to do a thing.

    Before you build the firewall, you will need to lock down the box it is going to be installed on completely.

    I will say this however, if you are new to Linux, you have some work ahead of you before you get this firewall to where it needs to be as a production level box. But that dosne't mean you cannot do it. The book I posted really is the best reference I have found. The netfiler website may also be of some help, though their documentation is a little more cryptic. A book or two on linux security might also be helpful.

    Setting up a linux firewall is rougher than a turnkey solution like Checkpoint, but as far as firewalls go, IMHO, if set up properly, it can be every bit as good.

    My advice, get the right books, do the right reading, make sure you know what you are doing, lock down your linux box--test, test, test--then build the firewall. Otherwise, you'll just be building a false sense of security.

  6. #6

    Re:Linnux firewall for network

    [quote author=tolstoy link=board=5;threadid=4651;start=0#46426 date=1029879130]

    Setting up a linux firewall is rougher than a turnkey solution like Checkpoint, but as far as firewalls go, IMHO, if set up properly, it can be every bit as good.

    [/quote]

    This is excellent advice Tolstoy, but I would like your opinion of something.
    The LEAF distro "Bering" does all that you have mentioned (including IPSEC,
    CIPE, PPTP, etc....) and uses Shorewall to "easily" setup IPTables.... other
    than the obvious advantage of learning iptables, do you find anything wrong
    with using a distro similar to this??? It is much faster to setup and locked down
    from the original image and has been used in commercial settings with up to
    16 IFACES.

    TIA

  7. #7

    Re:Linnux firewall for network

    [quote author=Guitarlynn link=board=5;threadid=4651;start=0#46530 date=1029938052]
    [quote author=tolstoy link=board=5;threadid=4651;start=0#46426 date=1029879130]

    Setting up a linux firewall is rougher than a turnkey solution like Checkpoint, but as far as firewalls go, IMHO, if set up properly, it can be every bit as good.

    [/quote]

    This is excellent advice Tolstoy, but I would like your opinion of something.
    The LEAF distro "Bering" does all that you have mentioned (including IPSEC,
    CIPE, PPTP, etc....) and uses Shorewall to "easily" setup IPTables.... other
    than the obvious advantage of learning iptables, do you find anything wrong
    with using a distro similar to this??? It is much faster to setup and locked down
    from the original image and has been used in commercial settings with up to
    16 IFACES.

    TIA
    [/quote]

    I don't really have much or an opinion on any of those linux solutions, though that's not to say they are not good. I usually just do the leanest RH install I can. Then I write an iptables script and compile in support for FreeSWAN. The scripts take a while to write and debug, but I like writing them for some odd reason. Currently I'm looking into ulogd so I can log dropped packets to a mysql box and manage the logs with a php script of some sort (thesea re my winter plans at least). Just as a security precaution, and as a way to centralize log management, I always log to a dedicated syslog server.

  8. #8

    Re:Linnux firewall for network

    I hear ya, I have a couple that send syslog back to a dedicated
    dot-matrix printer so I don't chance losing the info on a server.
    As long as the DROP's are put in right, I don't go through *too*
    much paper. :-)

    I'll have to check on that "ulogd" as well, sounds neat!

  9. #9
    Guest

    Re:Linnux firewall for network

    mandrake has a nice firewall setup. I believe that it is the 7.2 security distro. easy install with a gui interface if needed.

Similar Threads

  1. Network is running even if network service is off
    By achtanijeetu in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 03-09-2010, 03:58 PM
  2. a firewall for small network
    By Frederic09 in forum Linux - Software, Applications & Programming
    Replies: 5
    Last Post: 10-26-2009, 05:26 AM
  3. Rhel5.0 firewall server for my network
    By aamdevan in forum Linux - Software, Applications & Programming
    Replies: 1
    Last Post: 04-05-2009, 04:02 PM
  4. installing Linux firewall network question
    By matt in forum Security
    Replies: 1
    Last Post: 07-06-2005, 06:51 PM
  5. Madrake Single Network Firewall
    By nfallon in forum Mandriva
    Replies: 1
    Last Post: 03-06-2002, 07:32 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •