Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I'm starting on my Linux Journey finaly. It looks like its going to be fun. I did this because my employers want me to utlilize it for building a firewall for the company. I'm installing RedHat 9 on this machine and am getting ready to start researching firewalling techniques. Can anyone make some suggestions as to whats better, Linux native Firewall capabilities or some FIREWALL addon?
Additionally,because our Cisco routers are doing all of our NAT for our LAN, how do you go about setting up the firewalls two NICS? Do both receive internal (LAN) IPS or do I still need to assign the outside NIC a "real" IP?
WOW, am I a
Is it a big/medium size company or just a small office? If it is a first one I'd suggest implementing CheckPoint firewall solution from http://www.checkpoint.com , also regarding the NIC cards - one supposed to recieve/transmit packets to/from outiside so yes it must be configured with external IP, and the other to your LAN. As for linux - linux provides stateful software based firewall with netfilter configured for iptables I believe it will suffice for a home/small office network scheme - visit our linux-security forums to familirize yourself with them. Good luck
Because the Cisco is doing NAT for our bogus 192.168 network addresses, why should I give the firewall's external NIC an outside address? Should the external NIC still have a 192.168 address? Because we are limited to a very few "real" IP addresses for our site, Im not even sure there IS an extra one available.
Any documents to get my noobie ass in the right direction?
Thanks again guys (and girls?)
There is always the solution to set your firewall PC up as a router as well. This is what I am doing. Give the external NIC the public IP and the internal on the 192.168.x.x and configure iptables with a NAT. With iptables you can set up a NAT (SNAT and DNAT) use port forwarding and pretty much everything else. If you are running other servers, you can also set up a DMZ to add another layer of protection for you LAN.
Like I mentioned, this is how I have mine set up so I am not sure how you would set up a firewall without having it route as well.
Edit: Humm, it may be as easy as giving the firewall private IP for both nics and then just pointing your pcs to the incoming NIC as their gateway. It still seems like you are doing double work as all traffic would be coming to the router and being directly routed to the firewall only. Humm.... Okay, I am not so sure that will do what you want.....
If your Cisco router is doing NAT, then the Linux server can have a private IP (192.168.x.x).
The Cisco 2600 router series has a firewall system that is included into the router -- no extra cost.
The firewall rules are called Access Control Lists (ACL).
I strongly suggest reading the manuals and documentation on your Router.
You will find that you can do alot with the router including firewall (ACL), Virtual Private Networks (VPN), inter-VLAN routing, etc.