On Thu, 6 Sep 2001, Ryan wrote: > Ok, I've got an old 486 sitting in my > closet that I got from my dad a while > ago, intending to set it up as a linux > based server/bridging firewall. It has > 2 NICs so I was hoping to set up some > routing software and whatnot to allow > me to run a webserver and mail server > on the 486 while still being able to > use games and whatnot that need to act > accept incoming connections on my main > box. You have to be a little more careful with multi-function computers also acting as firewalls, but it is doable. Multiple functions allow hackers more flexibility if they get through your outer perimeter. > My prefered setup for dealing with > incoming connections on eth0 is to have > a list of ports to block connections > to and a list of ports to allow incomming > connections to, and what IP on the > internal network those requests should > be directed to (or to direct it to a > server that's running localy). More commonly, all incoming connections are blocked, unless they meet specific requirements. You only end up with one list that way. > > Traffic to the internet from eth1 (the > internal network) should sent out to > the WAN, prefreably without a proxy. Masquerading. > > Oh, and I do only have one internal IP. Definitely on the poor side of the tracks. ;) Actually, I think you mean one _external_ IP. > Suggestions on what programs would be > needed to do this stuff and hints on > setting things up? I use a customized Linux Router Project configuration, but that takes a little more doing to include mailservers and webservers. Seems like there are a lot of variations on this base now... LEAF (http://leaf.sourceforge.net), Coyote (http://www.coyotelinux.com) are two that come to mind. http://www.linuxsecurity.com has information on quite a few Linux security issues. There are a few configurable firewall scripts, like rcf (http://rcf.mvlan.net/) or seawall (http://seawall.sourceforge.net/) for ipchains. There are some advantages to going with Linux 2.4's iptables, but fewer people are familiar with it... you can try shorewall (http://shorewall.sourceforge.net/). > I currently have Storm installed on it, > but I have A copy on Mandrake SNF and > could get and burn any other Distro off > the net. I would expect that either of these could do the job, assuming you have enough disk space and ram in this box. Use whichever you find more familiar. Look for Bastille Linux, a script for hardening a RedHat-based distribution. --------------------------------------------------------------------------- Jeff Newmiller The ..... ..... Go Live... DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/Batteries O.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k ---------------------------------------------------------------------------
