LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-08-2012, 10:00 AM   #1
piradeep
LQ Newbie
 
Registered: May 2012
Distribution: RedHat/CentOS
Posts: 27

Rep: Reputation: Disabled
Need help in implementing Linux Firewall


Hi Friends,

I need your suggestions. I need to implement a Linux firewall. As far I inquired, friends are suggesting me to go for Squid. I need to know is there any other package that act as a exact Firewall. IF so, please share the URL or document if possible. I really need your valuable suggestions over this task.

Thank you,

Last edited by piradeep; 06-08-2012 at 10:00 AM. Reason: linux firewall
 
Old 06-08-2012, 10:05 AM   #2
PrinceCruise
Member
 
Registered: Aug 2009
Location: /Universe/Earth/India/Pune
Distribution: Slackware64 -Current
Posts: 889

Rep: Reputation: 182Reputation: 182
I was really not tough searching Google for 'Linux Firewall Setup'. I generally look for most of my networking queries on LinuxHomeNetworking.com-

HTH.

Regards.
 
Old 06-08-2012, 10:05 AM   #3
414N
Member
 
Registered: Sep 2011
Location: Italy
Distribution: Slackware
Posts: 635

Rep: Reputation: 186Reputation: 186
squid is a proxy, not a firewall.
If you're looking for a firewall, I guess you should at least read something about iptables, starting from its man page.
 
Old 06-08-2012, 10:10 AM   #4
piradeep
LQ Newbie
 
Registered: May 2012
Distribution: RedHat/CentOS
Posts: 27

Original Poster
Rep: Reputation: Disabled
Thanks Prince & 414N. I just came across ClearOS, IPCop, eBox Platform, Monowall. Do you have any idea over these? Let me know your feedback.
 
Old 06-08-2012, 10:17 AM   #5
PrinceCruise
Member
 
Registered: Aug 2009
Location: /Universe/Earth/India/Pune
Distribution: Slackware64 -Current
Posts: 889

Rep: Reputation: 182Reputation: 182
Quote:
Originally Posted by piradeep View Post
...ClearOS, IPCop, eBox Platform, Monowall. Do you have any idea over these....
No idea, never used any. These are specialized distributions. If you want to test them, install and observe.
I'd still strongly suggest checking firewall using IPtables, that's the basic thing you must know before anything else.

Regards.
 
Old 06-16-2012, 01:09 PM   #6
montel
Member
 
Registered: Jun 2012
Location: Canada
Distribution: Ubuntu/Debian/CentOS
Posts: 45

Rep: Reputation: 18
I dont know if you are still looking, but Endian 2.5.1 Community is a free firewall. I just built one the other day, and its fairly robust. I haven't messed around with the other firewalls that were listed, and you may be fine by just implementing IPtables, depending on what you need accomplished.

Endian is standalone though, so if you were wanting to throw a firewall on your Linux box, it wont work for you.
 
Old 06-16-2012, 03:59 PM   #7
nick2day
LQ Newbie
 
Registered: Jun 2012
Distribution: Arch Linux
Posts: 11

Rep: Reputation: Disabled
For physical firewalls in the past, I have had some nice times with Alpine. I've also used ClearOS,which seemed a bit resource intensive for me, but it is very user friendly.

For an add on application to your desktop PC, you really can't go wrong with IPtables. IP tables can have a bit of a learning curve at first. If you need to deploy ASAP, there is a GUI frontend for IP tables called Firestarter that allows you to do basic firewall configuration via a GUI.
 
Old 06-16-2012, 04:51 PM   #8
Mike_P
LQ Newbie
 
Registered: Apr 2012
Posts: 15

Rep: Reputation: Disabled
Quote:
Originally Posted by piradeep View Post
Hi Friends,

I need your suggestions. I need to implement a Linux firewall. As far I inquired, friends are suggesting me to go for Squid. I need to know is there any other package that act as a exact Firewall. IF so, please share the URL or document if possible. I really need your valuable suggestions over this task.

Thank you,


Hi,

here are some good videos on linux networking and firewalls

Linux Network Configuration

If you're new to linux networking this is a good introduction. He uses ubuntu server for this video. The firewall setup is at 33:07 into the video, just drag the time line to that point in the video. The firewall he discusses is ufw with examples.




In case you want a basic tutorial on IPTABLES here are three good videos from youtube

Mastering IPTables, Part I
Mastering IPTables, Part 2
Mastering IPTables, Final Installment

Hope this helps

Last edited by Mike_P; 06-16-2012 at 07:19 PM.
 
1 members found this post helpful.
Old 06-17-2012, 02:51 AM   #9
piradeep
LQ Newbie
 
Registered: May 2012
Distribution: RedHat/CentOS
Posts: 27

Original Poster
Rep: Reputation: Disabled
@montel, @nick2day, @Mike_P - Thank you. Thanks a lot. Being a php programmer and partially working with Linux for past 2 years, I just became a full time Linux System Administrator two months back. I am still at the research stage in implementing Linux Firewall.

Right now going through the document that Prince has suggested me. My client has a windows administrator and he needs a GUI interface to manage Linux Firewall and filter Websites, so that he can manage the network, after my implementation. He has given me 2 months. So I am in no rush. I am planning to do a lot of research with what you friends have suggested for me.

I am planning to go through all the documents that you all have suggested. Got three testing machines now. Implement it, test all those mentioned above and will give you all a detailed post after successfully implementing at my client network. Thanks for all your support guys. Do let me know, if you comeup with anything.
 
Old 06-17-2012, 01:25 PM   #10
PrinceCruise
Member
 
Registered: Aug 2009
Location: /Universe/Earth/India/Pune
Distribution: Slackware64 -Current
Posts: 889

Rep: Reputation: 182Reputation: 182
Good luck.
 
Old 06-17-2012, 02:52 PM   #11
montel
Member
 
Registered: Jun 2012
Location: Canada
Distribution: Ubuntu/Debian/CentOS
Posts: 45

Rep: Reputation: 18
Let me know what you decide on. I have only setup Endian, and have never heard of, or researched the other options thoroughly. Whatever you go with, I would like to look into.

Good Luck
 
Old 06-18-2012, 08:10 PM   #12
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,286

Rep: Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347
Just to clarify, iptables is the default Firewall technology that comes as std on Linux.
You can find GUI front-ends eg Firestarter I believe, but you really do need to understand it in depth if you are to set it correctly.
Nothing worse than over-confidence in a security tool....

Once you understand it, then feel free to manage via a GUI if that suits you.
You'll find that most of the suggestions above (if not all for Linux based solns) are in fact running iptables underneath anyway ...
 
Old 06-25-2012, 07:10 PM   #13
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,286

Rep: Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347
Hope this clarifies things:

1. iptables is the current built-in technology inside linux to setup a 'firewall'.
ipcahins was the old tech; ignore ...

2. Bastille is a system tightening tool; basically a set of scripts that change settings etc to make more secure. It is not a firewall or a proxy.
Read the linked site carefully and do not accept any changes if you don't understand them.

3. as near top qn; squid is a proxy, not a firewall.

4. see also tcp wrappers
http://www.cyberciti.biz/faq/tcp-wra...deny-tutorial/

5. see also the Security forum stickies for in-depth advice


You may find these links handy
http://rute.2038bug.com/index.html.gz
www.linuxtopia.org, particularly the sysadmin section

Last edited by chrism01; 06-25-2012 at 07:12 PM.
 
Old 06-26-2012, 07:25 AM   #14
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,060

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
Just to clarify the clarifications, a little:
  • I think there may have once been some other content in this thread which, while on a similar topic, a mod has decided constituted a thread hijack. So Chris's answers about bastille and ipchains, while looking to be random answers to questions that no one had asked, would have made perfect sense when the other content was present
  • covering the basics: iptables/netfilter is the firewall for modern versions of Linux: some people don't like working with iptables directly and use a 'front end' (ie, a nice, friendly graphical program for configuring); the firewall is still iptables, though, and it is a good idea to have some feeling for what iptables can (and cannot) do for you, even if you use a graphical thingy (iptables)
  • things like ClearOS, IPCop, eBox Platform, Monowall (and a slew of others) are intended as single-box sme solutions; one of those might be appropriate if you want to dedicate a box to providing this kind of function for a network; as montel put it "if you were wanting to throw a firewall on your Linux box, it wont work for you" (because firewalling, or maybe firewalling plus mail serving and similar functions will be all that box will then do for you)

Quote:
My client has a windows administrator and he needs a GUI interface to manage Linux Firewall and filter Websites, so that he can manage the network, after my implementation.
I feel horrible doing this, but when I don't it goes wrong
  1. your client is a person, rather than something client/server related
  2. this person employs another person, who is a windows admin
  3. the windows admin is thought able to use a gui, but beyond that is useless (and I'm extra sorry about that)
  4. (s)he is expected to manage the firewall
  5. that person is expected to organise the filtering of websites
Notes:
  • windows admins are often not the ideal people to do anything other than admin windows; there is a certain amount of 'untraining' and 'seeing the wider picture' that they need to be able to cope. No guarantees on how that will work. It is probably in the minority of cases that it actually works well, and sometimes it works really badly. Any time like this, tradition is to finish the section with the letters YMMV.
  • with regard to filtering the websites, iptables is not the right tool. Squid (a caching proxy server) is the right tool. You could make iptables sort of work for you, but it works at the wrong layer of the iso model (amongst other problems).
  • there might be some mileage in investigating something like webmin; I haven't used it for administrating either iptables or squid, but its probably the closest you'll get to a GUI tool
  • note that on Linux, a firewall is a firewall; on windows, a firewall is often a bundle of security programs that do various things beyond being a firewall; if you want the functions beyond the firewall functions (eg Antivirus, for windows machines on the network) you'll have to get those separately
 
Old 06-28-2012, 12:25 AM   #15
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,286

Rep: Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347Reputation: 2347
Thanks for that; I think you may be right; I'm sure my notes made sense at the time.
Good clarifications by the way
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Implementing WIN32_FIND_DATA in Linux thirumalesh Programming 1 02-03-2009 02:03 AM
rc.firewall not implementing at boot up Jukas Linux - Security 9 05-04-2005 01:22 AM
implementing a firewall nitinatindore Linux - Security 1 01-04-2005 09:21 AM
Implementing an ISA firewall tbhebe Linux - Security 2 12-01-2001 02:12 AM
Implementing an ISA firewall tbhebe Linux - Security 2 11-29-2001 08:53 AM


All times are GMT -5. The time now is 10:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration