Thanks Bruce,
That looks like a useful list and one that I'll have to try out - right
now
I've had to put everything on hold while I deal with BellSouth and DSLhell.
Once that is fixed my plan is to try and set up a simple firewall/VPN -
assuming that I can get Bellsouth to give me a subnet that works.
Just as a general FYI - I've had no problems with dynamic IP DSL - it
works
well and is fast (using an Alcatel DSL modem and a Netgear DSL/router) -
however the Bellsouth solution for an IP subnet seems to be supported only
if you use a Cayman DSL/router with all the routing features disabled...
--
Edmund Cramp
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Behalf Of Bruce Kives
Sent: Tuesday, January 15, 2002 11:55 PM
To: [EMAIL PROTECTED]
Subject: [brluglist] Firewall
Edmund,
I new to to BRLUG, but I've recently upgraded my single floppy Linux
firewall,
so I can give you a quick run down on what's currently available. There are
some CD-ROM based firewalls that use a floppy to store configurations, but I
haven't tried any of them. I don't have a 486 or early Pentium machine that
can boot off a CD-ROM. I also haven't tried FreeSCO.
Once the floppy is built, all of these routers can be easily modified just
by
logging in and follow the menu to edit the appropriate file. The reason for
this is that they all started in the same place. The father of the floppy
router is LRP - Linux Router Project. You can create the boot floppy in
Linux,
or download a pre-built floppy 'idiot image' in Windows and write it to the
floppy using rawrite. You then boot off of it and configure it the way you
want. LRP is more more powerful in that you can add more programs, but you
have to know how you want your firewall rules set up.
Coyote Linux is basically LRP with a few additions and a ready to go set of
firewall rules. It also has the best installer of them all. You can
configure
and create the floppy from either Linux or Windows. And setting it up was
just
simple. I had to modify the rules to get VPN to work, but other than that,
it
was easy. When doing a scan of the firewall using GRC's Shields Up port
scan,
all ports were closed.
Frazier Firewall is an off-shoot of Coyote Linux. It has two strong features
going for it. The first is a built in web server so that you can see the
status of your firewall, and a log of who is scanning the firewall; all from
your web browser. You can even have this log emailed to you daily. The
second
feature is a much better set of pre-built firewall rules. I didn't need to
change anything. On the Shields Up port scan, one port showed up as closed.
All the rest were in stealth mode. Closed means that and outside computer
can
see the port, but can't access the port. Stealth means that an outside
computer could not even see the port.
Frazier has a few minor problems. It uses an earlier version of the Coyote
installer, and CAN NOT be created in Windows. You have to use the
192.168.128.0-255 range of addresses for the internal LAN. If you have
problems getting Frazier to work, create a Coyote Linux floppy and see how
the
modules file is set up, then set up Frazier the same. And I still can't get
the DHCP server to work, so I just use static IP addresses. But it's
increased
security and ease of use once set up make it my personal choice.
LRP: http://master-www.linuxrouter.org:8080/
Coyote Linux: http://www.coyotelinux.com/
Frazier Firewall: http://www.frazierwall.com/
Shields Up: http://grc.com/default.htm
-Bruce Kives
____________________________________________________________________
Get free e-mail and a permanent address at http://www.amexmail.com/?A=1
================================================
BRLUG - The Baton Rouge Linux User Group
Visit http://www.brlug.net for more information.
Send email to [EMAIL PROTECTED] to change
your subscription information.
================================================
================================================
BRLUG - The Baton Rouge Linux User Group
Visit http://www.brlug.net for more information.
Send email to [EMAIL PROTECTED] to change
your subscription information.
================================================
