LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-31-2003, 04:29 PM   #1
MATPHAT
LQ Newbie
 
Registered: Jul 2003
Location: Boulder,CO
Distribution: RedHat Linux 9
Posts: 4

Rep: Reputation: 0
Firewall?


I'm starting on my Linux Journey finaly. It looks like its going to be fun. I did this because my employers want me to utlilize it for building a firewall for the company. I'm installing RedHat 9 on this machine and am getting ready to start researching firewalling techniques. Can anyone make some suggestions as to whats better, Linux native Firewall capabilities or some FIREWALL addon?
Additionally,because our Cisco routers are doing all of our NAT for our LAN, how do you go about setting up the firewalls two NICS? Do both receive internal (LAN) IPS or do I still need to assign the outside NIC a "real" IP?
WOW, am I a

Thanks for any help.
 
Old 07-31-2003, 06:09 PM   #2
Looking_Lost
Senior Member
 
Registered: Apr 2003
Location: Eire
Distribution: Slackware 12.0, OpenSuse 10.3
Posts: 1,120

Rep: Reputation: 45
If that's the specific purpose firewalling take a look at smoothwall which is dedicated to the purpose
 
Old 07-31-2003, 06:29 PM   #3
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Rep: Reputation: 56
Is it a big/medium size company or just a small office? If it is a first one I'd suggest implementing CheckPoint firewall solution from http://www.checkpoint.com , also regarding the NIC cards - one supposed to recieve/transmit packets to/from outiside so yes it must be configured with external IP, and the other to your LAN. As for linux - linux provides stateful software based firewall with netfilter configured for iptables I believe it will suffice for a home/small office network scheme - visit our linux-security forums to familirize yourself with them. Good luck
 
Old 07-31-2003, 08:47 PM   #4
Mathieu
Senior Member
 
Registered: Feb 2001
Location: Montreal, Quebec, Canada
Distribution: RedHat, Fedora, CentOS, SUSE
Posts: 1,403

Rep: Reputation: 46
iptables is the firewalling subsystem of Kernel 2.4

Netfilter has documentation, HowTOs and tutorials for iptables.
http://www.netfilter.org/


GUI frontends for iptables
http://firestarter.sourceforge.net/
http://www.shorewall.net/

Firewalls
http://www.ipcop.org
http://www.fwbuilder.org/
 
Old 08-01-2003, 10:08 AM   #5
MATPHAT
LQ Newbie
 
Registered: Jul 2003
Location: Boulder,CO
Distribution: RedHat Linux 9
Posts: 4

Original Poster
Rep: Reputation: 0
Thanks alot guys! Lots of good information there! Back to my NIC question. Our set up looks like this..

Internet - CiscoRouter - FireWall - Internal network
Router - 206.101.11.1
INternal Network - 192.168.1.x

Because the Cisco is doing NAT for our bogus 192.168 network addresses, why should I give the firewall's external NIC an outside address? Should the external NIC still have a 192.168 address? Because we are limited to a very few "real" IP addresses for our site, Im not even sure there IS an extra one available.
Any documents to get my noobie ass in the right direction?
Thanks again guys (and girls?)

Last edited by MATPHAT; 08-01-2003 at 10:10 AM.
 
Old 08-01-2003, 10:45 AM   #6
Mathieu
Senior Member
 
Registered: Feb 2001
Location: Montreal, Quebec, Canada
Distribution: RedHat, Fedora, CentOS, SUSE
Posts: 1,403

Rep: Reputation: 46
You can give your Firewall's external NIC a private IP.
And keep your public IPs for servers that connect directly to the Internet.

However, your Cisco Router has a built-in Firewalling subsystem.
You can add ACLs on your Cisco Router.

You can download the documentation for your router at the Cisco web site.
http://www.cisco.com/
 
Old 08-01-2003, 12:47 PM   #7
MATPHAT
LQ Newbie
 
Registered: Jul 2003
Location: Boulder,CO
Distribution: RedHat Linux 9
Posts: 4

Original Poster
Rep: Reputation: 0
So then the Linux firewall could have a 192.168 address on the external NIC?
Yes, Cisco 2600 has firewall but isnt that an additional liscense and package?
The keyword here is free!
 
Old 08-01-2003, 01:46 PM   #8
PhilD
Member
 
Registered: Mar 2003
Location: Iowa, US
Distribution: Gentoo!!, Mandrake 9.1
Posts: 170

Rep: Reputation: 30
There is always the solution to set your firewall PC up as a router as well. This is what I am doing. Give the external NIC the public IP and the internal on the 192.168.x.x and configure iptables with a NAT. With iptables you can set up a NAT (SNAT and DNAT) use port forwarding and pretty much everything else. If you are running other servers, you can also set up a DMZ to add another layer of protection for you LAN.

Like I mentioned, this is how I have mine set up so I am not sure how you would set up a firewall without having it route as well.

PhilD

Edit: Humm, it may be as easy as giving the firewall private IP for both nics and then just pointing your pcs to the incoming NIC as their gateway. It still seems like you are doing double work as all traffic would be coming to the router and being directly routed to the firewall only. Humm.... Okay, I am not so sure that will do what you want.....

Last edited by PhilD; 08-01-2003 at 01:49 PM.
 
Old 08-01-2003, 01:54 PM   #9
Mathieu
Senior Member
 
Registered: Feb 2001
Location: Montreal, Quebec, Canada
Distribution: RedHat, Fedora, CentOS, SUSE
Posts: 1,403

Rep: Reputation: 46
If your Cisco router is doing NAT, then the Linux server can have a private IP (192.168.x.x).

The Cisco 2600 router series has a firewall system that is included into the router -- no extra cost.
The firewall rules are called Access Control Lists (ACL).

I strongly suggest reading the manuals and documentation on your Router.
You will find that you can do alot with the router including firewall (ACL), Virtual Private Networks (VPN), inter-VLAN routing, etc.

Cisco 2600
http://www.cisco.com/en/US/products/...259/index.html
 
Old 08-01-2003, 02:12 PM   #10
MATPHAT
LQ Newbie
 
Registered: Jul 2003
Location: Boulder,CO
Distribution: RedHat Linux 9
Posts: 4

Original Poster
Rep: Reputation: 0
I will certainly give it every bit of my attention. I wasnt aware it was standard with the router.
Thanks so much!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
BSD Firewall vs Linux Firewall ? rootlinux Linux - Security 5 08-29-2007 08:38 AM
Firewall lets ips which are not in the firewall ... why ? sys7em Linux - Networking 2 06-30-2005 01:50 PM
Firewall with features of a Sidewinder firewall? abcampa Linux - Security 4 04-22-2005 05:24 PM
slackware's /etc/rc.d/rc.firewall equivalent ||| firewall script startup win32sux Debian 1 03-06-2004 10:15 PM
Firewall Builder sample firewall policy file ? (.xml) nuwanguy Linux - Networking 0 09-13-2003 01:32 PM


All times are GMT -5. The time now is 12:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration