LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-10-2013, 02:24 AM   #1
LeoPap
Member
 
Registered: Jan 2013
Distribution: Centos
Posts: 93

Rep: Reputation: 5
CentOS as a second Firewall in my network


Hello all,

I have a PC with CentOS, where i use it for just doing random things ( FTP, NTP etc).

I already have a hardware firewall in my network, but i want to increase the security level and make this server a secondary firewall. Can someone tell me how i can do that?

Below is my network configuration:

Network.PNG

Any idea how i can do my CentOS pc a hardware firewall?
 
Old 04-10-2013, 12:03 PM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
What do you mean by increase the security level and more importantly, what threats would you be trying to protect against with a secondary firewall?
Based upon your diagram, I assume you have PC's set up in private zone. No ingress traffic should be allowed, unless it is related to an existing connection. No ports should be exposed either. I also assume you have your servers in a form of DMZ where only the ports or services you want exposed are. Do you have proper rules in place to allow and prohibit traffic in a sane manner? For example, do you allow SSH into these machines from your PCs but not the Internet? I also assume that you have these in separate VLANs so that there is no direct route between the two zones and that traffic must be processed by the firewall / router.

Personally, I really can't think of where a second firewall will add much if anything of benefit in your arrangement. You should be running firewalls on each of the PCs and servers to keep any ports that don't have services running on them closed and that should be more than sufficient for a firewall coupled with your front one.

If you have an extra machine on the system, my suggestion would be to use it as a SNORT node instead of another firewall.
 
Old 04-10-2013, 12:18 PM   #3
LeoPap
Member
 
Registered: Jan 2013
Distribution: Centos
Posts: 93

Original Poster
Rep: Reputation: 5
Hello there,

Thank you for your reply! NO my system is properly configured with AntiVirus on every PC and firewall enabled as well.
Only few pc have internet connection.

I just wanted to install a firewall on that Linux system, because i really don't know what to do with it!!

Am i am new to the Linux world, and i am playing with my system!
 
Old 04-10-2013, 09:05 PM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,289

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
Well, Linux comes with iptables by default, so read up on that: Sections 42.8, 42.9 http://www.linuxtopia.org/online_boo...ion/index.html.
See also http://www.netfilter.org/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall Rules to add VPN Network into my LAN Network ed182 Linux - Networking 1 06-04-2010 03:17 PM
Problem with network and RAID on Centos 5.2 and Centos 5.4 thesirwolf Linux - Hardware 1 04-02-2010 11:47 AM
Centos Firewall...needed if already behind a firewall? JohnRock Linux - Networking 7 05-22-2009 02:49 PM
CentOS 4.3 Outside of Firewall msound Linux - Security 1 08-22-2006 07:58 PM
MDK Multi-network-firewall - where are the network logs stored? Avatar Mandriva 5 02-11-2004 08:44 PM


All times are GMT -5. The time now is 01:26 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration