Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I have an old computer (not that old, PIII 866MHz, 256RAM, 4GB HD) and I wanted to turn it into a Firewall/Gateway as well as a server. My current router, a D-Link DI-604 isn't very strong, and it bogs down as soon as I connect to a torrent, or do a lot of things which take advantage of UPnP, so using an old computer would surely be a lot better. I also run a small site, and since I don't get that many visitors, I would like to run it myself.
I want to know how I would go about doing this. I looked at some solutions such as IPcop, or Coyote Linux, but they don't seem to be able to support Apache, MySQL and PHP. I'm guessing that I would probably need to use a general distro and just have seperate software take care of everything, but I'm not sure how I would go about doing that. The Firewall/Gateway component would have to be able to support UPnP, as well as a feature to disable the network during certain hours, and many other kinds of things that routers tend to do. I'm willing to buy a switch for the network, as well as a second network card for the PC, so that won't be a problem.
First of all, is it even possible to achieve what I want to do? And second of all, if it is, what distro should I use along with what software? I'm guessing something light weight, since I don't need a fancy desktop environment for all this. All I want is for the computer to work, and to work well.
I don't think you want to run apache on your firewall machine. That means the firewall is running a server. That's insane. You run apache behind the firewall, on a separate machine. Smoothwall is probably the easiest firewall to set up. Debian can be set up as an apache web server.
With a firewall box, I think you would want to have Tripwire and RootKitHunter installed on it as well. I think configuring Tripwire on a system with more than the bare minimums for a firewall would be really, really, really, hard.
Also, in the configuration you are considering, monitoring the logs would be a real pain as well.
A dedicated firewall is really the easiest and best way to go. Nice thing about it is that it can be a 486-66 or something like it. The cost could be zero.
You can have your server run services and work as a firewall if you want. It's just not as secure as setting it up separately. Linux has the ability to do everything you are looking for in a firewall. As far as which distro to use, I prefer slackware. It hasn't received the highest marks as a desktop environment, but it rocks the house when it comes to stability and security for networking purposes. If this was the network to some company or houses sensitive material on it, you probably wouldn't want to run web services on the same machine as your firewall. I see no problem in doing this on a home network however. The truth is, most hackers out there could care less about getting into your network, they have bigger fish to fry. As long as you can keep the script kiddies out of it, your good.
I keep hearing a lot about these "firewall programs" (not sure of the proper name) shurewall, guarddog, firestarter, ..etc. What ever happened to good ol' iptables? Call me old fashion I guess. Sorry if this is a little off topic, but what are the benefits to using these preconfigured firewalls? Are they more secure or are they just easier to use? I've always just written my own iptable rulesets, should I start looking into some of these as well?
Quite honestly iptables is an artform that most new users are not able to easily grasp.
firestarter, guarddog, and fwbuilder are all gui front ends that do a nice job of writing the rule sets for you, with firestarter being the most basic, and fwbuilder giving you an object oriented gui that will allow you to not only build iptables rules but also create configs for your PIX or Checkpoint firewall.
The gui gives a nice intro where a user can check some boxes, then look at the iptables rules to see how it was actually done.
firestarter for instance has a checkbox for internet sharing.. WOW can't get much easier than that to setup a machine as a gateway for your network.. if you've been writing yur own rules, firestarter will probably be a disapointment to you, but for a new user that isn't used to firewalls or configuring them it's got a low learning curve. http://www.fs-security.com/
Thanks for the info. I think I'll just stick to writing my own rules sense it has been working in the past. I might check out some of the more advanced apps that you mentioned and see how they created the policies. I might be able to learn a thing or two.
The thing is, I don't really care about security. Even if my Linux box won't be as secure, it doesn't really matter. As far as I know, most attacks are against Windows machines, and mine will be safely behind the Linux firewall.
The Firestarter program looks exactly like what I need.
Thanks a lot for the help, and the warnings. If I can get my hands on another PC, I'll try and set it up as a firewall only, since it would also be nice to have some of the features that many dedicated firewall distro's offer, such as editing through a webpage. Until then though, this will suffice.