LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   CentOS as a second Firewall in my network (https://www.linuxquestions.org/questions/linux-security-4/centos-as-a-second-firewall-in-my-network-4175457600/)

LeoPap 04-10-2013 02:24 AM
CentOS as a second Firewall in my network
 
1 Attachment(s)
Hello all,

I have a PC with CentOS, where i use it for just doing random things ( FTP, NTP etc).

I already have a hardware firewall in my network, but i want to increase the security level and make this server a secondary firewall. Can someone tell me how i can do that?

Below is my network configuration:

Attachment 12278

Any idea how i can do my CentOS pc a hardware firewall?

Noway2 04-10-2013 12:03 PM
What do you mean by increase the security level and more importantly, what threats would you be trying to protect against with a secondary firewall?
Based upon your diagram, I assume you have PC's set up in private zone. No ingress traffic should be allowed, unless it is related to an existing connection. No ports should be exposed either. I also assume you have your servers in a form of DMZ where only the ports or services you want exposed are. Do you have proper rules in place to allow and prohibit traffic in a sane manner? For example, do you allow SSH into these machines from your PCs but not the Internet? I also assume that you have these in separate VLANs so that there is no direct route between the two zones and that traffic must be processed by the firewall / router.

Personally, I really can't think of where a second firewall will add much if anything of benefit in your arrangement. You should be running firewalls on each of the PCs and servers to keep any ports that don't have services running on them closed and that should be more than sufficient for a firewall coupled with your front one.

If you have an extra machine on the system, my suggestion would be to use it as a SNORT node instead of another firewall.

LeoPap 04-10-2013 12:18 PM
Hello there,

Thank you for your reply! NO my system is properly configured with AntiVirus on every PC and firewall enabled as well.
Only few pc have internet connection.

I just wanted to install a firewall on that Linux system, because i really don't know what to do with it!!

Am i am new to the Linux world, and i am playing with my system! :)

chrism01 04-10-2013 09:05 PM
Well, Linux comes with iptables by default, so read up on that: Sections 42.8, 42.9 http://www.linuxtopia.org/online_boo...ion/index.html.
See also http://www.netfilter.org/


All times are GMT -5. The time now is 05:07 AM.