LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-04-2003, 02:21 AM   #1
chingasman
Member
 
Registered: Dec 2002
Location: Orange County, CA
Distribution: Mandrake 9.0 x2
Posts: 91

Rep: Reputation: 15
Want to have a computer be gateway w\xp clients


I want to replace my belkin gateway with a pc that is running mdk 9.1 It will need to support winxp clients that have to share files as well as internet (of course)

cable modem
|
pc (mdk 9)
|
hub
| |
1 win xp clients 2

want to be able to detect a prick window$ point&clicker from meddling in my files - thought was to replace the current belkin gateway with a pc running linux of some flavor (decided on mandrake) bad or good idea (lost my question mark key) suggestions on detection and prevention basic net security ideas = any help would be given a big thanks!
 
Old 10-04-2003, 02:43 AM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
I would not use a full-blow distro for a firewall (i.e. no Mandrake, no Red Hat, no SuSE, etc). They are all tailored to install a lot of things by default to make your life easier. The problem is that all those extra packages also make security expoits a lot easier. They do not belong on a firewall.

From this point you have several choices. You could use a dedicated Linux distro for firewalls, such as IPCop, Astaro, etc (there are several others of varying degrees of usefulness). You could build a from scratch distro of Linux and only add the stuff you need (build your own kernel, etc). I'm assuming you want this to be Linux, but I just have to mention that OpenBSD is just about tailor-made for being a bastion host. OBSD installs very minimally, less than 200MB with the bare basics. Then you configure pf and you're on your way.

I digress. As for packages, obviously if it's Linux you need to build the kernel with iptables support. You will want the Snort package for NIDS and Tripwire for HIDS. You may want to install Bastille to help you lock the box down. Your logs should be sent to an internal machine (syslog is very good for this). You may wish to configure Squid as an HTTP proxy, but for few clients this might be more trouble than it's worth. If you do install Squid, make VERY SURE it's not accessible from the Internet side. Open proxies generate a lot of ill-will towards their owners and likely your ISP will revoke your account.

O'Reilly's Building Internet Firewalls is highly recommend reading, and Hacking Exposed wouldn't be a bad read, either (you can probably pick up old editions very cheaply since a new ed. comes out every several months).
 
Old 10-04-2003, 06:07 AM   #3
AshleyK
Member
 
Registered: Sep 2003
Location: Northants, UK
Distribution: RedHat 8, Damn Small
Posts: 39

Rep: Reputation: 15
Try smoothwall (http://smoothwall.org) as well for an out of the box firewall distro that I found really easy to get installed on an old piece of tin I had lying around.

HIH
Ashley
 
Old 10-05-2003, 10:31 PM   #4
chingasman
Member
 
Registered: Dec 2002
Location: Orange County, CA
Distribution: Mandrake 9.0 x2
Posts: 91

Original Poster
Rep: Reputation: 15
thanks for your help. minimal stuffs to avoid exploits is the key though right?
 
Old 10-06-2003, 02:28 AM   #5
AshleyK
Member
 
Registered: Sep 2003
Location: Northants, UK
Distribution: RedHat 8, Damn Small
Posts: 39

Rep: Reputation: 15
No problem. What do you mean by 'minimal stuffs'? I'm not familiar with the term.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux gateway - It doesn't allow run logon script of all clients to win2k3 b:z Linux - Networking 1 04-21-2005 11:17 PM
Anyway to let ONE X clients to see the actions which operated by another X clients? proxyz Linux - Software 0 03-16-2004 12:44 AM
Gateway problem, clients can't access some sites pheron Linux - Networking 2 03-06-2004 02:22 PM
Linux gateway computer can't resolve names krsnendu Linux - Networking 4 12-17-2003 09:30 AM
Network Configuration to allow internet connection through gateway computer Ultrakapy Linux - Networking 3 07-30-2003 04:06 PM


All times are GMT -5. The time now is 07:25 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration