Hi,
> -----Original Message-----
> From: Randy Millis (List Acct.) [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 21, 2001 5:12 PM
> To: [EMAIL PROTECTED]
> Subject: Linux firewall/VPN solution?
>
>
> I have a project fast approaching that I'm ill prepared for
> it seems. I'm
> looking for some more help on setting up a secure
> firewall/VPN solution and
> appreciate any advice or resources anyone might have.
Wow...
>
> I've read the Linux Firewall How-To, lurk on some of the more popular
> security lists and just subscribed to the firewall list. So I
> am starting to
> develop a sense of what I need to do, but need more help.
Ok...
>
> I've setup Bastille under Redhat 6.2 on a 486/80 at home and
> am playing
> around to get a better understanding of it.
>
> I did a workstation install of Redhat 6.22 via FTP from a
> local mirror and
> selected a minimum level of components. Then I downloaded the
> updates and
> did an rpm -Fvh * to update all the packages, but I'm not
> sure if they all
> updated correctly and need to go though this more.
>
> I'm very happy with how easy it was to get this set up
> Bastille and have a
> sense that this is a fairly secure firewall, especially
> considering for my
> level of ability in this area. But I'm not sure.:-(
I haven't use it. I'm using Racho's or Eucho's, I couldn't remember his name
:-)
>
> My questions are:
>
> - What is the better version of Linux to use 6.2 or 7.1 in
> terms of security
> and stability?
Maybe, you're talking about Redhat. There are so many distro of Linuxes. For
me, I'd stick with 6.1 or 5.2. Those are the best versions of Redhat. That's
for me only. Other's might have different opinions. I usually patch right
after the installation. Then I also apply security to it like assigning
users to wheel group, the group that can only run su, or any group you want.
>
> - Is Linux the best choice because of my familiarity with it
> or should I
> delve into unfamiliar territory with something like OpenBSD
> (or another
> flavor) because of better default security configuration?
When it comes to fw design, usually, they say it like this
internet -----> free/openbsd fw ------- >win95/linux
>
> - What is the best method for installing the bare minimum needed for a
> firewall with Redhat or another recommended flavor?
Kill all services in inetd. Patch vulnerable programs.
>
> Without starting a war, in each individuals opinion:
>
> - Is there an easy and or more effective way to way to
> upgrade Redhat rpms
> what I did above?
I love doing it the hard way, tar.gz, I like editing errors, I learn c. :-)
>
> - What's the are some of the best ways to set up a VPN and
> what are some of
> the best open source packages for VPN to support Windows and
> UNIX clients?
FreeSwan is able to connect to Checkpoint FW as a VPN client. Go to
www.checkpoint.com, there are docs.
>
> - Through VPN/or another method can I give PC and UNIX
> clients access to SMB
> and NFS file systems?
Sure with SMB, but NFS, you will need a program like hummingbird. But sure,
there are also opensource for it.
>
> - I have only set up a previous NAT box and the current
> Bastille firewall
> using an external IP and a private internal network. I want
> to set up a
> firewall for a lab that contains machines with external IP
> addresses. How
> would I do that or am I better off to redo the internal network with a
> private IP range? What are the security implications of both
> alternatives?
You can make use of ipmasqadm for kernel 2.2.x to redirect for example http
traffic request to an internal web server.
Hope this helps.
Neil
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
