John, I've set up several firewalls/gateways over the past 2 years or so using Trustix and Shorewall and I'm a big fan of Tom Eastep's iptables configuration tool.
It can handle PPPoE and NAT without any question, and you can certainly run snort on the same box. Whether you should run an IDS on your firewall is a whole other topic which depends on your point of view, traffic load etc. You can find shorewall at http://www.shorewall.net Pete Rotheroe. ========================== -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 06, 2005 5:00 AM To: [email protected] Subject: tsl-discuss Digest, Vol 21, Issue 7 Send tsl-discuss mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://lists.trustix.org/mailman/listinfo/tsl-discuss or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of tsl-discuss digest..." Today's Topics: 1. Internet Gateway/Firewall (John Tate) 2. Re: Internet Gateway/Firewall (Thomas) 3. Re: Internet Gateway/Firewall (Mikael Bak) 4. SV: Internet Gateway/Firewall (Nicolay H?y) 5. Re: SV: Internet Gateway/Firewall (Ari?n Huisken) ---------------------------------------------------------------------- Message: 1 Date: Fri, 6 May 2005 14:37:30 +1000 From: John Tate <[EMAIL PROTECTED]> Subject: Internet Gateway/Firewall To: "[EMAIL PROTECTED] Trustix. Org" <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 Hello, I plan on setting up a trustix box as an internet gateway and firewall running snort in inline mode. It has been a long time since I have done a NAT setup. I also want to put my (very buggy) router in bridged mode and use PPPoE, I have no idea about doing that either. So basically I want pointers on setting up a NAT and PPPoE. I could not find anything in the trustix wiki that could help me with either. Thanks in advance, John. -- John "Rockstar" Tate Mobile: 0413 348 815 (Yep, old number, but I have a new phone) New Personal Website: http://kintaro.noobify.com ------------------------------ Message: 2 Date: Fri, 06 May 2005 08:11:31 +0200 From: Thomas <[EMAIL PROTECTED]> Subject: Re: Internet Gateway/Firewall To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hello John, I love Trustix as much as the next guy, but I would opt for a m0n0wall solution instead. It's build for that purpose and it works like a charm. Extremely easy to setup and unbelievably stable. http://www.m0n0.ch/wall/ You will not regret going the m0n0wall way. :o) Thomas John Tate wrote: >Hello, > >I plan on setting up a trustix box as an internet gateway and firewall >running snort in inline mode. It has been a long time since I have >done a NAT setup. I also want to put my (very buggy) router in bridged >mode and use PPPoE, I have no idea about doing that either. > >So basically I want pointers on setting up a NAT and PPPoE. I could >not find anything in the trustix wiki that could help me with either. > >Thanks in advance, >John. > > > ------------------------------ Message: 3 Date: Fri, 06 May 2005 08:54:14 +0200 From: Mikael Bak <[EMAIL PROTECTED]> Subject: Re: Internet Gateway/Firewall To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain On Fri, 2005-05-06 at 06:37, John Tate wrote: > So basically I want pointers on setting up a NAT and PPPoE. I could > not find anything in the trustix wiki that could help me with either. > I would also wote for m0n0wall for most of the times. I don't remember seing anything like snort in it though. IPCop has snort built in, but isn't as flexible as m0n0wall when it comes to defining firewall rules. But it has a nice plugin system, so there might be solutions I don't know of. Have a look at it here: http://www.ipcop.org/ HTH, Mikael ------------------------------ Message: 4 Date: Fri, 6 May 2005 10:15:31 +0200 From: Nicolay H?y <[EMAIL PROTECTED]> Subject: SV: Internet Gateway/Firewall To: <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" Hey... >-----Oprindelig meddelelse----- >Fra: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] P� vegne af John Tate >Sendt: 6. maj 2005 06:38 >Til: [EMAIL PROTECTED] Trustix. Org >Emne: Internet Gateway/Firewall > >Hello, > >I plan on setting up a trustix box as an internet gateway and firewall >running snort in inline mode. It has been a long time since I have done >a NAT setup. I also want to put my (very >buggy) router in bridged mode and use PPPoE, I have no idea about doing >that either. > >So basically I want pointers on setting up a NAT and PPPoE. I could not >find anything in the trustix wiki that could help me with either. http://doc.trustix.org/cgi-bin/trustixdoc.cgi?FirewallSettings That should give you a kickstart on Iptables/Nat. -- Venlig hilsen / Kind Regards Nicolay H�y [EMAIL PROTECTED] http://www.nerdonline.dk ICQ: 7553073 ------------------------------ Message: 5 Date: Fri, 6 May 2005 11:35:51 +0200 From: Ari?n Huisken <[EMAIL PROTECTED]> Subject: Re: SV: Internet Gateway/Firewall To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format="flowed" > Hello, > > I plan on setting up a trustix box as an internet gateway and firewall > running snort in inline mode. It has been a long time since I have done > a NAT setup. I also want to put my (very > buggy) router in bridged mode and use PPPoE, I have no idea about doing > that either. > > So basically I want pointers on setting up a NAT and PPPoE. I could not > find anything in the trustix wiki that could help me with either. You could take a look at the firehol package. It's a very easy iptables script, that uses a human readable config file. Enable the contrib section in your swup.conf and install with swup --install firehol. If you like I could give you my config for a NAT with PPPoE setup, just let me know. -- Ari�n Huisken Xilay Software ------------------------------ _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss End of tsl-discuss Digest, Vol 21, Issue 7 ****************************************** _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
