LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-29-2003, 04:47 AM   #1
stevkov
LQ Newbie
 
Registered: Sep 2003
Posts: 4

Rep: Reputation: 0
Linux Home Firewall


Hi there, I want to install a linux firewall for my home network here is my situation...

- 5-6 computers on Win2000 network, one computer has ISDN modem and is sharing internet connection to others...

- 1 computer (Celeron 3) with two network cards who will have RedHat 9 installed and will be used as firewall server....

I'm new in Linux world so I have a lot of questions but first...

Could someone give me short procedure how to install firewall, something like this:

1. Install RedHat 9 with following options...
2. Do this...
3. Do that...
4. Install this...

As I said I need simple firewall, only thing that i need extra is that i can use PcAnywhere, ports TCP 5631, UDP 5632...

Also where should this firewall server be placed...

If you need more info I would be happy to respond...
 
Old 10-29-2003, 05:51 AM   #2
yapp
Member
 
Registered: Apr 2003
Location: Netherlands
Distribution: SuSE (before: Gentoo, Slackware)
Posts: 613

Rep: Reputation: 30
well, I'm not sure "how simple" you want things. If you want a secure firewall, you need to know what you're doing iptables would be my best shot, but redhat already seams to have some firewall configuration (guess it uses iptables internally)

To give all internal computers access to the internet, and redirect packets back, your firewall uses a technique called "NAT" (or masquerading). with a few lines, you should have nat enabled with iptables. To redirect a few ports back to internal clients, the firewall uses DNAT or SNAT. (not sure which one)

Last weekend I've experimented with iptables in slackware for the first time, and I've learned (and re-learned) a lot about network communications... and imho this is the greatest benefit of Linux; the endless learning curve.

First try to get the modem working at your redhat server. Then try to configure your firewall, that internal systems can connect to the internet too.. finally secure/tighten the firewall rules. If you start small and simple, you'll be able to learn quickly, and do the remaining things a lot better.

just my $0.02

hope this helps.
 
Old 10-29-2003, 05:59 AM   #3
DrEntropy
LQ Newbie
 
Registered: Oct 2003
Location: Mostly between me ears.
Distribution: RH9, Mandrake9.2, SuSE8.0
Posts: 15

Rep: Reputation: 0
A humble suggestion: check out SmoothWall. You can set it up in 20 minutes. Linux kernel, runs on about anything 486/66 and up. I've set up many for folks with either dial-up or broadband access with no problems so far. It is a superior solution to "DIY" Linux firewall. Mine here has been running nearly continuously for three years... the only reboots have been as a result of periodic updates.
 
Old 10-29-2003, 06:07 AM   #4
RHmicko
LQ Newbie
 
Registered: Oct 2003
Location: Ireland
Distribution: Redhat 9.0, ES3.0, Fedora Core 2, Mandrake 10
Posts: 22

Rep: Reputation: 15
I agree. Smoothwall rocks! Try also Firestarter from http://firestarter.sourceforge.net/ This is a very easy to setup and use and works in gnome or kde.
 
Old 10-29-2003, 06:08 AM   #5
coldy
Member
 
Registered: Nov 2002
Distribution: Debian GNU/Linux, Gentoo
Posts: 75

Rep: Reputation: 15
Check these out:
http://morizot.net/firewall/gen/
http://www.linux-firewall-tools.com/...all/index.html
 
Old 10-29-2003, 06:09 AM   #6
stevkov
LQ Newbie
 
Registered: Sep 2003
Posts: 4

Original Poster
Rep: Reputation: 0
Thank you guys for your fast reply, just to make thing clear...

I have my modem on one computer (Win2000) but I want to use other computer as firewall server...is this possible...

My friend told me about FireStarter Firewall I'll also check SmoothWall, is there something else i need to know? Some tips maybe...
 
Old 10-29-2003, 06:22 AM   #7
DrEntropy
LQ Newbie
 
Registered: Oct 2003
Location: Mostly between me ears.
Distribution: RH9, Mandrake9.2, SuSE8.0
Posts: 15

Rep: Reputation: 0
With SmoothWall, a NIC for the LAN and a modem for dial-up, and I strip everything else out of the box after it's been configured. Nothing but blanks in the front. GUI access from any other box on the LAN. With only the M/B, RAM and two cards there's no real overhead on the power supply and no way for anyone to "fiddle" with it physically (unless they have the administrative password). I haven't given FireStarter a try yet, 'cause Smoothie has worked so well for me. I don't have much time on me hands to experiment lately, so I stay with what works fer me.
 
Old 10-29-2003, 07:55 AM   #8
stevkov
LQ Newbie
 
Registered: Sep 2003
Posts: 4

Original Poster
Rep: Reputation: 0
Firestarter

OK, I installed FireStarter, mostly cause it's small and it looks simple i'll try to configure it today or tommorow, i have other questions...

- where should computer with firewall be placed on the network?
- nobody didn't respond me is it possible to have modem on one and firewall on other computer.
- how can I enable specific port for use?
 
Old 10-29-2003, 08:55 AM   #9
RHmicko
LQ Newbie
 
Registered: Oct 2003
Location: Ireland
Distribution: Redhat 9.0, ES3.0, Fedora Core 2, Mandrake 10
Posts: 22

Rep: Reputation: 15
When using Firestater as possibly any firewall it needs to sit between your internet connection/Gateway and your Lan. Firestarter picks up your Ethernet Cards and allows you to configure each NIC for its use.

Ie. Eth0 faces the internet/Gateway. Eth1 faces the Lan. Firestarter also allows you to setup your services that are accessible from the internet incoming side of things. It also sets up NAT and IP masquerading options. If you have a modem ie usb this would replace Eth0 in this case. Setup this interface instead of Eth0. You can enable the ports for use by selecting options in the rules tab.
 
Old 10-29-2003, 08:59 AM   #10
yapp
Member
 
Registered: Apr 2003
Location: Netherlands
Distribution: SuSE (before: Gentoo, Slackware)
Posts: 613

Rep: Reputation: 30
Quote:
Originally posted by stevkov
Thank you guys for your fast reply, just to make thing clear...

I have my modem on one computer (Win2000) but I want to use other computer as firewall server...is this possible...
well, that implies that your network will look like this:

internet <--> gateway <--> firewall <--> other systems

In other words:

* your gateway has a modem and network card. It functions as gateway.
* The firewall system has 2 network cards, and filtering can be done with this situation; where you decide what to do with certain packages based on the network interface they arrive at.
This system would most likely be a gateway too


At school we've made a linux router+firewall system once: It had 3 network cards:
* one was connected to the internet, used dhcp to retrieve an IP address.
* the second one was connected to the webserver, it's subnet was 10.0.1.*. The firewall was configured to drop outgoing connection from the webserver for security reasons. (ie an DMZ)
* the third one was connected to a switch, it's subnet was 10.0.2.*, and our iptable rules were set "NAT" (masquerade) those connections.

This allowed the internal network (computers plugged into the switch) to surf the internet, but the webserver couldn't connect to anyone. Maybe this is something worth considering
 
Old 10-29-2003, 07:27 PM   #11
JoAnywhere
Member
 
Registered: Oct 2003
Location: denver
Distribution: Debian
Posts: 97

Rep: Reputation: 15
Re: Firestarter

Quote:
Originally posted by stevkov
OK, I installed FireStarter, mostly cause it's small and it looks simple i'll try to configure it today or tommorow, i have other questions...

- where should computer with firewall be placed on the network?
- nobody didn't respond me is it possible to have modem on one and firewall on other computer.
- how can I enable specific port for use?
stevkov,
Second question first. YES you can have one computer having your internet connection, and a second computer having the firewall.

BUT think about it... the computer connected to the internet is in front of the firewall, therefore it is inherently insecure.

What you are currently looking at (if you leave the modem on your W2000 box) is
Internet <-> Unprotected Computer <-> Firewall <-> Hub/Switch <-> Protected Computers

The best option for your small network is
Internet <-> Firewall <-> Hub/Switch <-> Protected Computers

Which begins to answer your first question which was where should the firewall be placed on the network.

The answer to that is as close to the internet as possible!

You need to realise that every machine (as you may have gathered from my schematics above) essentially hangs from the firewall by way of a hub/switch.

The Firewall needs TWO network connections.
1. Goes to the outside world (be this a NIC or a Modem)
2. Goes to the protected portion of the network.

As to question 3, that will depend on the firewall that you use.

Cheers
Jo
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
build linux firewall for home ADSL ah_man04 Linux - Networking 7 05-06-2005 05:30 AM
Antivirus on home LAN firewall. fipeso Linux - Security 7 05-01-2005 02:47 PM
home firewall for a newbie tgardner Linux - Hardware 1 01-17-2004 08:20 PM
home firewall/proxy options? beegster Linux - Networking 2 02-21-2003 11:21 AM
How to Setup Firewall for home network julesbrat Linux - Networking 1 05-19-2002 04:17 PM


All times are GMT -5. The time now is 04:25 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration