Hi Greg,
Check out Smoothwall (www.smoothwall.org). It's built for doing firewalling,
and has web interfaces for setting everything up. Firewalls don't need to
be all that powerful, so a lightweight firewall config is going to be
best for you.
-Mark
Greg Kettmann wrote:
> I'm an "Architect", which means I design computer solutions. Once upon
> a time I was a network administrator but my hands on skills are not what
> I'd like them to be, certainly not in the Linux space. This is sort of
> an apology for asking potentially dumb questions.
>
> Recently my Linux Firewall, connected to MediaOne, was cracked. I'm
> absolutely furious about the way M1/ AT&T handled the situation. I knew
> my firewall wasn't tightened down very well, but it's just my house and
> I kept procrastinating. So last week I get a nastygram from M1 saying
> my machine had been "caught" port scanning and that this activity was in
> violation of the "Terms and Conditions" for use. This was a slap on the
> wrist and the next time they'd permanently pull my account. Well, being
> on the road more often than not, I was only able to tighten up the
> machine, not reformat and rebuild. Besides, I checked out the logs and
> there were tracks everywhere. The idiot even built themselves an
> account. I thought it was juvenile, amateur script kiddy stuff. The
> following Sunday, about the only time I have time to work on anything,
> was Easter and family comes first. So, on Friday, I was in New York
> City, Times Square and I get a call from my kids, very upset. It seems
> that "tightening up" my firewall wasn't enough and they'd left a back
> door. My machine had again been cracked and had been port scanning
> again. Oops, my bad, I should have formatted the darn thing. So, M1
> says, goodbye...forever. Man am I mad at them. I REALLY hate
> monopolies now.
>
> Well, I talked to their legal department, a million times better than
> their security department and it appears we can work something out. So,
> my purpose here is two things. One, to vent a little (thanks :-) ) and
> two to ask about known vulnerabilities. My machine is a reformatted RH
> 6.2 installation. I intend (downloading the kernel from a modem really
> stinks) to upgrade to 2.2.18 (any reason to go to .19?) because I heard
> there was some fix there. Additionally I am going to get the latest
> BIND to fix that exploit. I'm going to run a fairly tight IPCHAINS
> script. I don't run an HTTP server on the firewall, nor any other
> services. I will have SSH and FTP open. Other than that I will open
> only things for my Masquerading machines inside to get out. (POP, SMTP,
> HTTP, Time (13), Probably IRC and IDENTD (needed for many IRC's), FTP,
> etc pretty much the standard list. Could one of you really good Network
> Admin guys tell me if I'm on the right track? Any other suggestions?
> Thanks.
>
> Also, one other vent. I wish those jerks at M1, instead of pulling the
> plug on my account, would first trace the darn thing and go try to catch
> the bad guy instead of harassing their customers. Then they can pull
> the plug and give me a chance to fix it. These procedures of theirs are
> doing nothing to fix the problem and just punishing the victims. Rather
> like punishing someone because their car was stolen. Argh.
>
>
>
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
--
Mark Komarinski - Senior Systems Engineer - VA Linux Systems
(cell) 978-697-2228
(email) [EMAIL PROTECTED]
"Have one day pleasant" - Babelfish
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************