Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm starting on my Linux Journey finaly. It looks like its going to be fun. I did this because my employers want me to utlilize it for building a firewall for the company. I'm installing RedHat 9 on this machine and am getting ready to start researching firewalling techniques. Can anyone make some suggestions as to whats better, Linux native Firewall capabilities or some FIREWALL addon?
Additionally,because our Cisco routers are doing all of our NAT for our LAN, how do you go about setting up the firewalls two NICS? Do both receive internal (LAN) IPS or do I still need to assign the outside NIC a "real" IP?
WOW, am I a
Is it a big/medium size company or just a small office? If it is a first one I'd suggest implementing CheckPoint firewall solution from http://www.checkpoint.com , also regarding the NIC cards - one supposed to recieve/transmit packets to/from outiside so yes it must be configured with external IP, and the other to your LAN. As for linux - linux provides stateful software based firewall with netfilter configured for iptables I believe it will suffice for a home/small office network scheme - visit our linux-security forums to familirize yourself with them. Good luck
Because the Cisco is doing NAT for our bogus 192.168 network addresses, why should I give the firewall's external NIC an outside address? Should the external NIC still have a 192.168 address? Because we are limited to a very few "real" IP addresses for our site, Im not even sure there IS an extra one available.
Any documents to get my noobie ass in the right direction?
Thanks again guys (and girls?)
So then the Linux firewall could have a 192.168 address on the external NIC?
Yes, Cisco 2600 has firewall but isnt that an additional liscense and package?
The keyword here is free!
There is always the solution to set your firewall PC up as a router as well. This is what I am doing. Give the external NIC the public IP and the internal on the 192.168.x.x and configure iptables with a NAT. With iptables you can set up a NAT (SNAT and DNAT) use port forwarding and pretty much everything else. If you are running other servers, you can also set up a DMZ to add another layer of protection for you LAN.
Like I mentioned, this is how I have mine set up so I am not sure how you would set up a firewall without having it route as well.
PhilD
Edit: Humm, it may be as easy as giving the firewall private IP for both nics and then just pointing your pcs to the incoming NIC as their gateway. It still seems like you are doing double work as all traffic would be coming to the router and being directly routed to the firewall only. Humm.... Okay, I am not so sure that will do what you want.....
If your Cisco router is doing NAT, then the Linux server can have a private IP (192.168.x.x).
The Cisco 2600 router series has a firewall system that is included into the router -- no extra cost.
The firewall rules are called Access Control Lists (ACL).
I strongly suggest reading the manuals and documentation on your Router.
You will find that you can do alot with the router including firewall (ACL), Virtual Private Networks (VPN), inter-VLAN routing, etc.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
