What I have done is attach a linux Red Hat 5.2 box to my cable modem.
The linux box is a dual-homed host (I believe thats the term). It has
2 network interface cards - one goes out to the cable modem, and the
other goes out to an internal network by way of a hub. My internal
network consists of a single windows box, which is attached to the hub.
I believe this qualifies as sort of a quasi-firewall, although really
the only functionality I am using is IP masquerading. So I can web surf
with the windows box OR the linux box, and to the outside world I am a
single IP address.
For the firewall gurus on this list: Is IP masquerading something that
a firewall can always provide?? Can IP masquerading exist outside the
context of a firewall?
As for linux, I have used the ipfwadm program to set up a few simple
rules. Example: don't allow packets in that come from yourself (a sign
of IP-spoofing). In the newer 2.2 kernel I believe this ipfwadm has
been replaced by something called ipchains, which I have not used yet.
I was planning to add additional rules about how to allow telnet on a
certain port only from certain hosts and other such stuff. But then I
started using the ssh secure shell which provides a nice encrypted
transmission that prevents sniffing, so I just turned the telnet service
off.
Overall, with my limited experience, I consider Linux to be a great way
to build a firewall. Its easy to configure, fast, and its cheap. The
linux box providing the firewall does _not_ have to be a powerful
machine.
HTH
cheers
Allen
[EMAIL PROTECTED] wrote:
>
> I'm sure there must have been some chatter about using Linux as a
> firewall
> on this list.
>
> I'm looking for what is available for linux to either make it a
> firewall or
> configure it as one. I'm also looking for opinons as to why or why
> not I
> would even want to consider using linux as a firewall.
>
> Many thanks
>
> Mike
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
