Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
well, I'm not sure "how simple" you want things. If you want a secure firewall, you need to know what you're doing iptables would be my best shot, but redhat already seams to have some firewall configuration (guess it uses iptables internally)
To give all internal computers access to the internet, and redirect packets back, your firewall uses a technique called "NAT" (or masquerading). with a few lines, you should have nat enabled with iptables. To redirect a few ports back to internal clients, the firewall uses DNAT or SNAT. (not sure which one)
Last weekend I've experimented with iptables in slackware for the first time, and I've learned (and re-learned) a lot about network communications... and imho this is the greatest benefit of Linux; the endless learning curve.
First try to get the modem working at your redhat server. Then try to configure your firewall, that internal systems can connect to the internet too.. finally secure/tighten the firewall rules. If you start small and simple, you'll be able to learn quickly, and do the remaining things a lot better.
A humble suggestion: check out SmoothWall. You can set it up in 20 minutes. Linux kernel, runs on about anything 486/66 and up. I've set up many for folks with either dial-up or broadband access with no problems so far. It is a superior solution to "DIY" Linux firewall. Mine here has been running nearly continuously for three years... the only reboots have been as a result of periodic updates.
With SmoothWall, a NIC for the LAN and a modem for dial-up, and I strip everything else out of the box after it's been configured. Nothing but blanks in the front. GUI access from any other box on the LAN. With only the M/B, RAM and two cards there's no real overhead on the power supply and no way for anyone to "fiddle" with it physically (unless they have the administrative password). I haven't given FireStarter a try yet, 'cause Smoothie has worked so well for me. I don't have much time on me hands to experiment lately, so I stay with what works fer me.
When using Firestater as possibly any firewall it needs to sit between your internet connection/Gateway and your Lan. Firestarter picks up your Ethernet Cards and allows you to configure each NIC for its use.
Ie. Eth0 faces the internet/Gateway. Eth1 faces the Lan. Firestarter also allows you to setup your services that are accessible from the internet incoming side of things. It also sets up NAT and IP masquerading options. If you have a modem ie usb this would replace Eth0 in this case. Setup this interface instead of Eth0. You can enable the ports for use by selecting options in the rules tab.
Originally posted by stevkov Thank you guys for your fast reply, just to make thing clear...
I have my modem on one computer (Win2000) but I want to use other computer as firewall server...is this possible...
well, that implies that your network will look like this:
internet <--> gateway <--> firewall <--> other systems
In other words:
* your gateway has a modem and network card. It functions as gateway.
* The firewall system has 2 network cards, and filtering can be done with this situation; where you decide what to do with certain packages based on the network interface they arrive at.
This system would most likely be a gateway too
At school we've made a linux router+firewall system once: It had 3 network cards:
* one was connected to the internet, used dhcp to retrieve an IP address.
* the second one was connected to the webserver, it's subnet was 10.0.1.*. The firewall was configured to drop outgoing connection from the webserver for security reasons. (ie an DMZ)
* the third one was connected to a switch, it's subnet was 10.0.2.*, and our iptable rules were set "NAT" (masquerade) those connections.
This allowed the internal network (computers plugged into the switch) to surf the internet, but the webserver couldn't connect to anyone. Maybe this is something worth considering