LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 04-27-2006, 07:49 PM   #1
Enrickey
LQ Newbie
 
Registered: Apr 2006
Posts: 3

Rep: Reputation: 0
Firewall/Gateway + Server


I have an old computer (not that old, PIII 866MHz, 256RAM, 4GB HD) and I wanted to turn it into a Firewall/Gateway as well as a server. My current router, a D-Link DI-604 isn't very strong, and it bogs down as soon as I connect to a torrent, or do a lot of things which take advantage of UPnP, so using an old computer would surely be a lot better. I also run a small site, and since I don't get that many visitors, I would like to run it myself.

I want to know how I would go about doing this. I looked at some solutions such as IPcop, or Coyote Linux, but they don't seem to be able to support Apache, MySQL and PHP. I'm guessing that I would probably need to use a general distro and just have seperate software take care of everything, but I'm not sure how I would go about doing that. The Firewall/Gateway component would have to be able to support UPnP, as well as a feature to disable the network during certain hours, and many other kinds of things that routers tend to do. I'm willing to buy a switch for the network, as well as a second network card for the PC, so that won't be a problem.

First of all, is it even possible to achieve what I want to do? And second of all, if it is, what distro should I use along with what software? I'm guessing something light weight, since I don't need a fancy desktop environment for all this. All I want is for the computer to work, and to work well.


Thanks in advance.
 
Old 04-27-2006, 09:14 PM   #2
AwesomeMachine
Senior Member
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian jessie/sid; OpenSuSE; Fedora
Posts: 1,593

Rep: Reputation: 162Reputation: 162
I don't think you want to run apache on your firewall machine. That means the firewall is running a server. That's insane. You run apache behind the firewall, on a separate machine. Smoothwall is probably the easiest firewall to set up. Debian can be set up as an apache web server.
 
Old 04-27-2006, 11:00 PM   #3
Enrickey
LQ Newbie
 
Registered: Apr 2006
Posts: 3

Original Poster
Rep: Reputation: 0
The thing is I only have one spare machine at the moment. Couldn't Apache somehow be set up to run behind the firewall?

I guess I could install Apache on my father's Windows machine which he rarely uses, I was just kind of hoping for a dedicated machine to do everything.
 
Old 04-27-2006, 11:25 PM   #4
guzzi
Member
 
Registered: Jun 2004
Location: Lawrence, KS
Distribution: Slackware
Posts: 294

Rep: Reputation: 32
an idea to consider

Hello Enrickey

With a firewall box, I think you would want to have Tripwire and RootKitHunter installed on it as well. I think configuring Tripwire on a system with more than the bare minimums for a firewall would be really, really, really, hard.

Also, in the configuration you are considering, monitoring the logs would be a real pain as well.

A dedicated firewall is really the easiest and best way to go. Nice thing about it is that it can be a 486-66 or something like it. The cost could be zero.

Good Luck
 
Old 04-27-2006, 11:28 PM   #5
drkstr
Senior Member
 
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191

Rep: Reputation: 45
You can have your server run services and work as a firewall if you want. It's just not as secure as setting it up separately. Linux has the ability to do everything you are looking for in a firewall. As far as which distro to use, I prefer slackware. It hasn't received the highest marks as a desktop environment, but it rocks the house when it comes to stability and security for networking purposes. If this was the network to some company or houses sensitive material on it, you probably wouldn't want to run web services on the same machine as your firewall. I see no problem in doing this on a home network however. The truth is, most hackers out there could care less about getting into your network, they have bigger fish to fry. As long as you can keep the script kiddies out of it, your good.

Hope this was of some help,
...drkstr
 
Old 04-27-2006, 11:53 PM   #6
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,232
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
you could always setup pretty much any distro, install guarddog or firestarter on it as well as your LAMP webserver setup. configure the firewall settings for ipmasq.

Although I would tend to agree a dedicated firewall machine should be just that..
Smoothwall is a nice choice for a gateway machine.
 
Old 04-28-2006, 02:46 AM   #7
drkstr
Senior Member
 
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191

Rep: Reputation: 45
I keep hearing a lot about these "firewall programs" (not sure of the proper name) shurewall, guarddog, firestarter, ..etc. What ever happened to good ol' iptables? Call me old fashion I guess. Sorry if this is a little off topic, but what are the benefits to using these preconfigured firewalls? Are they more secure or are they just easier to use? I've always just written my own iptable rulesets, should I start looking into some of these as well?

regards,
...drkstr
 
Old 04-28-2006, 09:58 AM   #8
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,232
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
Quite honestly iptables is an artform that most new users are not able to easily grasp.

firestarter, guarddog, and fwbuilder are all gui front ends that do a nice job of writing the rule sets for you, with firestarter being the most basic, and fwbuilder giving you an object oriented gui that will allow you to not only build iptables rules but also create configs for your PIX or Checkpoint firewall.

The gui gives a nice intro where a user can check some boxes, then look at the iptables rules to see how it was actually done.

firestarter for instance has a checkbox for internet sharing.. WOW can't get much easier than that to setup a machine as a gateway for your network.. if you've been writing yur own rules, firestarter will probably be a disapointment to you, but for a new user that isn't used to firewalls or configuring them it's got a low learning curve.
http://www.fs-security.com/


Guarddog builds a much more complete set of rules by default but also requires alittle more knowledge as it allows you to control more services and ports in more directions..
http://www.simonzone.com/software/guarddog/#screenshots

fwbuilder is pretty impressive as well and requires an even higher level of understanding to utilize. the way it is designed gives you the most flexability for complex configurations.
http://www.fwbuilder.org/archives/cat_about.html

Last edited by farslayer; 04-28-2006 at 11:45 AM.
 
Old 04-28-2006, 10:18 AM   #9
drkstr
Senior Member
 
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191

Rep: Reputation: 45
Thanks for the info. I think I'll just stick to writing my own rules sense it has been working in the past. I might check out some of the more advanced apps that you mentioned and see how they created the policies. I might be able to learn a thing or two.

regards,
...drkstr
 
Old 04-28-2006, 03:44 PM   #10
Enrickey
LQ Newbie
 
Registered: Apr 2006
Posts: 3

Original Poster
Rep: Reputation: 0
The thing is, I don't really care about security. Even if my Linux box won't be as secure, it doesn't really matter. As far as I know, most attacks are against Windows machines, and mine will be safely behind the Linux firewall.

The Firestarter program looks exactly like what I need.

Thanks a lot for the help, and the warnings. If I can get my hands on another PC, I'll try and set it up as a firewall only, since it would also be nice to have some of the features that many dedicated firewall distro's offer, such as editing through a webpage. Until then though, this will suffice.

Thanks again.
 
Old 05-18-2006, 10:33 AM   #11
elf0r
LQ Newbie
 
Registered: May 2006
Posts: 2

Rep: Reputation: 0
Hey sorry to revive a deceased topic but are any of these 3 listed firewalls upnp compatible? looking for something for my bit torrent client to autoconfig thanks
~elfy
 
Old 05-18-2006, 11:37 AM   #12
drkstr
Senior Member
 
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191

Rep: Reputation: 45
try:

http://linux-igd.sourceforge.net/documentation.php

regards,
...drkstr
 
Old 05-18-2006, 11:59 AM   #13
cs-cam
Senior Member
 
Registered: May 2004
Location: Australia
Distribution: Gentoo
Posts: 3,544
Blog Entries: 4

Rep: Reputation: 56
Ick, why bother with UPnP? All it does is forward the ports for you, surely you can do that yourself?
 
Old 05-18-2006, 12:58 PM   #14
drkstr
Senior Member
 
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191

Rep: Reputation: 45
Quote:
Ick, why bother with UPnP? All it does is forward the ports for you, surely you can do that yourself?
yes, this should give you what you need for bittorrent clients
Code:
iptables -A INPUT -p TCP --dport 6881:6889 -i ${WAN} -j ACCEPT
Update accordingly to your configuration (device, network setup/forwarding).

regards,
...drkstr
 
Old 05-18-2006, 05:23 PM   #15
elf0r
LQ Newbie
 
Registered: May 2006
Posts: 2

Rep: Reputation: 0
thanks muchly guys
~elfy
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Debian as a gateway/server/firewall powadha Debian 2 07-14-2004 01:32 PM
second gateway from second ISP on FEdoara Firewall NAT Router SERVER saint99 Linux - Networking 1 05-23-2004 07:02 PM
gateway(NAT),firewall,server,DMZ andjules Linux - Networking 1 11-22-2002 06:55 PM
gateway(NAT),firewall,server,DMZ andjules Linux - Newbie 2 11-22-2002 09:11 AM
ADSL firewall/gateway/samba server hazza96 Linux - Distributions 2 06-26-2001 06:42 PM


All times are GMT -5. The time now is 09:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration