Linux ipfwadm is a packet-filtering firewall that comes with the Linux
distribution. I'm using RedHat 5.2, which is fairly easy to install, for
Linux. You could probably get by with a fast 486, but I'm using a P166.
Since my early-adopter DSL modem did not include any routing (just a
bridge), I had to build both a router and a firewall myself. Hence Linux.
I did more or less what Allen suggests, with the dual-homed PC, but I didn't
need IP masquerading. I did need the firewall though -- from my logfiles
I'm REAL convinced of that.
You can also put a third Ethernet card in the machine and have a DMZ for a
mailserver/webserver/FTP/?? that is neither inside or outside.
In order to set it up and get it to work, you need to read the man pages and
some of the documentation available online such as
http://sunsite.unc.edu/LDP/HOWTO/Firewall-HOWTO.html
I also suggest that you read and understand the book
"Building Internet Firewalls" by Chapman and Zwicky
available from O'Reilly (www.oreilly.com) or your favorite online bookstore.
This book will give you a good understanding of what the various protocols
require to work, and what needs to be done to allow or disallow them.
----
Kevin Murphy
Native Sun Systems
Los Angeles
>
>Date: Thu, 11 Mar 1999 12:08:55 -0500
>From: Allen Jantzen <[EMAIL PROTECTED]>
>Subject: Re: Linux Firewall solutions
>
>What I have done is attach a linux Red Hat 5.2 box to my cable modem.
>The linux box is a dual-homed host (I believe thats the term). It has
>2 network interface cards - one goes out to the cable modem, and the
>other goes out to an internal network by way of a hub. My internal
>network consists of a single windows box, which is attached to the hub.
>
>I believe this qualifies as sort of a quasi-firewall, although really
>the only functionality I am using is IP masquerading. So I can web surf
>with the windows box OR the linux box, and to the outside world I am a
>single IP address.
>
>For the firewall gurus on this list: Is IP masquerading something that
>a firewall can always provide?? Can IP masquerading exist outside the
>context of a firewall?
>
>As for linux, I have used the ipfwadm program to set up a few simple
>rules. Example: don't allow packets in that come from yourself (a sign
>of IP-spoofing). In the newer 2.2 kernel I believe this ipfwadm has
>been replaced by something called ipchains, which I have not used yet.
>
>I was planning to add additional rules about how to allow telnet on a
>certain port only from certain hosts and other such stuff. But then I
>started using the ssh secure shell which provides a nice encrypted
>transmission that prevents sniffing, so I just turned the telnet service
>off.
>
>Overall, with my limited experience, I consider Linux to be a great way
>to build a firewall. Its easy to configure, fast, and its cheap. The
>linux box providing the firewall does _not_ have to be a powerful
>machine.
>
>HTH
>
>cheers
>Allen
>
>
>[EMAIL PROTECTED] wrote:
>>
>> I'm sure there must have been some chatter about using Linux as a
>> firewall
>> on this list.
>>
>> I'm looking for what is available for linux to either make it a
>> firewall or
>> configure it as one. I'm also looking for opinons as to why or why
>> not I
>> would even want to consider using linux as a firewall.
>>
>> Many thanks
>>
>> Mike
>>
>> -
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
