LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-22-2016, 02:50 AM   #1
sub320
Member
 
Registered: Jan 2016
Posts: 40

Rep: Reputation: Disabled
Linux firewall


I just would like to setup firewall in linux , would advise what is the most common tool/module ?

if I need to do the NAT , what tool/module should be use ?

thanks
 
Old 02-22-2016, 02:56 AM   #2
JJJCR
Senior Member
 
Registered: Apr 2010
Posts: 1,102

Rep: Reputation: 181Reputation: 181
What distro are you using?

You don't have a firewall or router on your network that will do the NAT'ing?

Check out link below for CentOS:

https://www.centos.org/docs/4/html/r...l-ipt-fwd.html
 
Old 02-22-2016, 03:19 AM   #3
sub320
Member
 
Registered: Jan 2016
Posts: 40

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by JJJCR View Post
What distro are you using?

You don't have a firewall or router on your network that will do the NAT'ing?

Check out link below for CentOS:

https://www.centos.org/docs/4/html/r...l-ipt-fwd.html
does it support multiple external IP ?

thanks

Last edited by sub320; 02-22-2016 at 03:37 AM.
 
Old 02-22-2016, 05:42 PM   #4
jefro
Moderator
 
Registered: Mar 2008
Posts: 15,374

Rep: Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198
There are many levels of what one might call a firewall. Depends on how advanced you wish to get.

Every linux distro has the ability to use some of the common tools. Most people create rules and use iptables.

If you want, you can select one of the custom firewall distro's that are available. Choice like Untangle and pfsense and others could be a choice.

NAT is a common way to use one external IP address with one or more internal IP addresses. It isn't really a firewall. It simply translates one address to another.
 
Old 02-22-2016, 08:07 PM   #5
JJJCR
Senior Member
 
Registered: Apr 2010
Posts: 1,102

Rep: Reputation: 181Reputation: 181
Post

Quote:
Originally Posted by sub320 View Post
does it support multiple external IP ?

thanks
Private IP Address are not routable on the internet, only public IP Addresses.

NAT (network address translation) allows internal network to communicate the internet or external network by modifying the packets that internet routers can used.

A single Public IP Address should be able to translate Class C or /24 network(192.168.1.0 / 255.255.255.0 [254 private IPs]) to connect to internet.

check out links below:

https://technet.microsoft.com/en-us/...(v=ws.10).aspx

http://www.cisco.com/c/en/us/support.../13772-12.html

Search DDG, for NAT and PAT topics.


For multiple external IP, if you're talking about Public IPs it would depend on your ISP subscription. You can check the subnet mask given to you by your ISP and from there you can determine the IP Address range. Whether you have multiple IPs or not.

Here's a link to check your range of IPs: http://www.subnet-calculator.com/

Good luck!!!
 
Old 02-22-2016, 08:41 PM   #6
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mint, OpenBSD
Posts: 11,333
Blog Entries: 12

Rep: Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729
A firewall is baked into the Linux kernel; it's called iptables, as jefro mentioned. Generally, Linux "firewall programs" are frontends for configuring iptables.

This article is a good introduction to iptables. http://www.howtogeek.com/177621/the-...inux-firewall/
 
Old 02-23-2016, 01:25 AM   #7
sag47
Senior Member
 
Registered: Sep 2009
Location: Orange County, CA
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,831
Blog Entries: 36

Rep: Reputation: 451Reputation: 451Reputation: 451Reputation: 451Reputation: 451
Quote:
Originally Posted by frankbell View Post
A firewall is baked into the Linux kernel; it's called iptables, as jefro mentioned. Generally, Linux "firewall programs" are frontends for configuring iptables.

This article is a good introduction to iptables. http://www.howtogeek.com/177621/the-...inux-firewall/
That article is ok; my only beef with it is that it doesn't cover established and related connections. Configuring a firewall is greatly simplified if you don't need to worry about return traffic that was "established" by an allowed rule. Here is an iptables tutorial which covers that bit to help supplement your suggestion. https://wiki.centos.org/HowTos/Network/IPTables

I publish an example of my own firewall rules. https://github.com/samrocketman/home...iptables.rules (note: my last name is Gleske in case you were looking up terminology)

Last edited by sag47; 02-23-2016 at 01:29 AM.
 
Old 02-23-2016, 12:18 PM   #8
DavidMcCann
Senior Member
 
Registered: Jul 2006
Location: London
Distribution: CentOS, Salix
Posts: 4,160

Rep: Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223
If you are running an internet server, you may need to understand iptables, but even that isn't always true.

If you are talking about a desktop or laptop, it depends on how you connect to the internet. A router should have its own firewall, but if you use a modem (which includes a mobile-phone company dongle), you need a firewall on the computer.

Some distros have it set up, but those derived from Debian generally don't. If you have something like Mint or Ubuntu (you really do need to tell us your distro when asking a question!) then

1. open a terminal window
2. enter gufw
3. if it says that it can't find gufw, then install it with sudo apt-get install gufw and then use it.
4. gufw will open a window with a box labeled "status off". Click on that, give your password, and wait patiently until it changes to "status on". That's it!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Managing A Single Firewall Policy For Multiple Servers Using Firewall Builder LXer Syndicated Linux News 0 12-06-2010 11:20 AM
old CISCO PIX 515 firewall to Linux firewall Winanjaya Linux - Security 8 03-22-2010 12:56 PM
BSD Firewall vs Linux Firewall ? rootlinux Linux - Security 5 08-29-2007 08:38 AM
Linux Firewall Vs Firewall Appliance depam Linux - Security 4 11-20-2006 02:55 PM


All times are GMT -5. The time now is 12:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration