LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-06-2011, 04:34 AM   #1
ckluyts
LQ Newbie
 
Registered: Apr 2010
Location: Rawsonville, South Africa
Distribution: Debian
Posts: 4

Rep: Reputation: 0
How to configure Proxy & Firewall on SuSE 11.4?


I need to restrict access to the internet and keep unwanted software out of LAN with 45 workstations at the school I teach at.
I thought about configuring a proxy and firewall on SuSE 11.4?
Any suggestions and directions on how to will be appreciated.
 
Old 04-06-2011, 05:56 AM   #2
saavik
Member
 
Registered: Nov 2001
Location: NRW, Germany
Distribution: SLES11 / FC20/ OES / CentOS
Posts: 601

Rep: Reputation: 32
I am an admin in a company having 800 empl.

We use SLES9 and squid.

I migrated that from time to time. I really like it. Runs perfectly. Viruswall may be amavis.

If you need help do not hasitate to contact me.
You should think about personell account for each user, as users tend to make stupid things in the internet. Can be ldap or local pw-file, we did both but now we are using ldap as the users get to much to store the pw at two locations.

Did you think about using CentOS ? Maybe the better sollution. Depends on what you know about RedHat/Fedora. OpenSuSE may requiere an OS change more often ?

As we changed the OS three times now ( Started with SuSE7, then SLES8, then SLES9 ) I can say that it is easy but takes some time.

So my suggestion:

- Firewall : Iptables / really easy, fast and stabil if you once get used to it
- Proxy : Squid / I use it for 6-8 years now and its perfect
- Viruswall: Amavis / Not perfect, but how is ?
- Authentication : What you like : Ldap or local file

Last edited by saavik; 04-06-2011 at 05:58 AM.
 
Old 04-06-2011, 05:16 PM   #3
jefro
Guru
 
Registered: Mar 2008
Posts: 11,954

Rep: Reputation: 1482Reputation: 1482Reputation: 1482Reputation: 1482Reputation: 1482Reputation: 1482Reputation: 1482Reputation: 1482Reputation: 1482Reputation: 1482
A layer 7+ device or application would be a choice. If you want, a Vm running something like untangle may work.
 
Old 04-07-2011, 10:06 AM   #4
ckluyts
LQ Newbie
 
Registered: Apr 2010
Location: Rawsonville, South Africa
Distribution: Debian
Posts: 4

Original Poster
Rep: Reputation: 0
Thank you for the directions.

I am downloading CentOS. Haven't used it before, will look at it.

I will give iptabels and a squid as transparent proxy a try. Haven't done before.

Also saw ipfire on the internet. Is it worth trying/investigating?
 
Old 04-07-2011, 05:56 PM   #5
jefro
Guru
 
Registered: Mar 2008
Posts: 11,954

Rep: Reputation: 1482Reputation: 1482Reputation: 1482Reputation: 1482Reputation: 1482Reputation: 1482Reputation: 1482Reputation: 1482Reputation: 1482Reputation: 1482
There are many good products that you should look at and consider. Many make easy work of protecting your lan and wan.

Don't like untangle?

http://www.techradar.com/news/softwa...rewalls-697177

http://www.fsckin.com/2007/11/14/7-d...alls-reviewed/

http://en.wikipedia.org/wiki/List_of..._distributions
 
Old 04-08-2011, 04:47 AM   #6
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,916

Rep: Reputation: 777Reputation: 777Reputation: 777Reputation: 777Reputation: 777Reputation: 777Reputation: 777
Quote:
Originally Posted by ckluyts View Post
I need to restrict access to the internet and keep unwanted software out of LAN with 45 workstations at the school I teach at.
I thought about configuring a proxy and firewall on SuSE 11.4?
Any suggestions and directions on how to will be appreciated.
and

@saavik
Quote:
We use SLES9 and squid.
Squid will give you lots of control about who can do what and when, and so is the obvious thing to use.

A linux firewall will be iptables/netfilter underneath; there is a variety of 'friendly' front-ends that you could use and a variety of net-appliance type boxes that you could get that package and (somewhat) pre-configure things for you, but none of this is necessary, and may even be unhelpful if you have a network arch that is different from the default for the system that you are using.

I would advise that anyone tries to understand iptables and networking; even if you use an 'easy' front end, having a look at the ruleset that it generates is a good thing, and gives you an extra degree of confidence that its understanding of what is needed and your understanding are in line.

Given all this, it is less about 'What firewall product should I get' than 'Do I understand networking and firewalling well enough to get the best out of it'.

You don't say anything about your network arch; I'm guessing that the firewall you mention is a separate box, rather than firewalling the individual user workstations.

@saavik
Quote:
Viruswall: Amavis / Not perfect, but how is ?
If the workstations are windows or include windows machines, you will want some kind of virus scanning.
 
Old 04-08-2011, 07:36 AM   #7
ckluyts
LQ Newbie
 
Registered: Apr 2010
Location: Rawsonville, South Africa
Distribution: Debian
Posts: 4

Original Poster
Rep: Reputation: 0
My idee is to put a linux box, with firewall (iptables) and transparent proxy (squid) between the wireless internet router and the windows network and to have a per user or per group access with usernames and passwords to access the internet. Preferable with logging and caching of pages as sometimes a whole class group nedd to access the same web pages. In that way redising to bandwidth used. I hope my idee is correct? Implementing is another challenge.
 
Old 04-08-2011, 02:45 PM   #8
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,916

Rep: Reputation: 777Reputation: 777Reputation: 777Reputation: 777Reputation: 777Reputation: 777Reputation: 777
Quote:
Originally Posted by ckluyts View Post
My idee is to put a linux box, with firewall (iptables) and transparent proxy (squid) between the wireless internet router and the windows network.

So
Code:
    Win          ---->            Router          ------->     Internet
    Netwk       (Wireless)           |
                                     |
                                 Squid/iptables
                                    box
If that understanding is correct, you are giving the win network no real (extra) protection and doing nothing to stop workstations on the windows network from downloading undesirable content or malware. Each to their own, I suppose...but I'd have to be better informed about your aims in doing this, if this is what you intend.

Code:
    Win          ---->            Router    ---->     Squid/iptables       ------->     Internet
    Netwk       (Wireless)                               box
(which obviously needs the squid/ipt box to have an extra eth, which isn't a big issue, but it is unclear whether you mean this)

Quote:
In that way redising to bandwidth used.
Reducing? Well, it should, a bit. But it won't be very dramatic, in most cases, simply because most of the time, people will be looking at pages that other people haven't previously browsed. If all of a class has to look at a small set of particular pages, for a particular class, it will help more, obviously.
 
Old 04-09-2011, 02:21 AM   #9
ckluyts
LQ Newbie
 
Registered: Apr 2010
Location: Rawsonville, South Africa
Distribution: Debian
Posts: 4

Original Poster
Rep: Reputation: 0
Sorry for the typing errors.

My idee is like this:

Windows Network (Wired LAN with Win 2003 Server)
-----> Squid IP tables box
-----> Router - MicroTik Installed by ISP
-----> Wireless Internet

Hope this is more clear.

Last edited by ckluyts; 04-09-2011 at 02:25 AM.
 
Old 04-09-2011, 06:27 PM   #10
saavik
Member
 
Registered: Nov 2001
Location: NRW, Germany
Distribution: SLES11 / FC20/ OES / CentOS
Posts: 601

Rep: Reputation: 32
sounds good to me.

Except of the wlan we use(ed) it in the same way.

If you need help...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Install & Configure Proxy / Content Filtering Server elsc Linux - Newbie 1 10-23-2009 11:55 AM
Like to have some sugestion for a proxy&firewall, and web monitor on a XP computer Fortis General 2 09-06-2006 02:10 PM
Setting up a proxy & firewall mayordc Red Hat 3 11-24-2004 11:23 AM
Iptables Firewall & Proxy Server chrisfirestar Linux - Security 22 12-22-2003 10:30 AM


All times are GMT -5. The time now is 06:54 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration