Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 04-10-2013, 03:24 AM   #1
Registered: Jan 2013
Distribution: Centos
Posts: 97
Blog Entries: 1

Rep: Reputation: 10
CentOS as a second Firewall in my network

Hello all,

I have a PC with CentOS, where i use it for just doing random things ( FTP, NTP etc).

I already have a hardware firewall in my network, but i want to increase the security level and make this server a secondary firewall. Can someone tell me how i can do that?

Below is my network configuration:

Click image for larger version

Name:	Network.PNG
Views:	17
Size:	14.0 KB
ID:	12278

Any idea how i can do my CentOS pc a hardware firewall?
Old 04-10-2013, 01:03 PM   #2
Senior Member
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778
What do you mean by increase the security level and more importantly, what threats would you be trying to protect against with a secondary firewall?
Based upon your diagram, I assume you have PC's set up in private zone. No ingress traffic should be allowed, unless it is related to an existing connection. No ports should be exposed either. I also assume you have your servers in a form of DMZ where only the ports or services you want exposed are. Do you have proper rules in place to allow and prohibit traffic in a sane manner? For example, do you allow SSH into these machines from your PCs but not the Internet? I also assume that you have these in separate VLANs so that there is no direct route between the two zones and that traffic must be processed by the firewall / router.

Personally, I really can't think of where a second firewall will add much if anything of benefit in your arrangement. You should be running firewalls on each of the PCs and servers to keep any ports that don't have services running on them closed and that should be more than sufficient for a firewall coupled with your front one.

If you have an extra machine on the system, my suggestion would be to use it as a SNORT node instead of another firewall.
Old 04-10-2013, 01:18 PM   #3
Registered: Jan 2013
Distribution: Centos
Posts: 97
Blog Entries: 1

Original Poster
Rep: Reputation: 10
Hello there,

Thank you for your reply! NO my system is properly configured with AntiVirus on every PC and firewall enabled as well.
Only few pc have internet connection.

I just wanted to install a firewall on that Linux system, because i really don't know what to do with it!!

Am i am new to the Linux world, and i am playing with my system!
Old 04-10-2013, 10:05 PM   #4
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.7, Centos 5.10
Posts: 16,925

Rep: Reputation: 2215Reputation: 2215Reputation: 2215Reputation: 2215Reputation: 2215Reputation: 2215Reputation: 2215Reputation: 2215Reputation: 2215Reputation: 2215Reputation: 2215
Well, Linux comes with iptables by default, so read up on that: Sections 42.8, 42.9
See also


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall Rules to add VPN Network into my LAN Network ed182 Linux - Networking 1 06-04-2010 04:17 PM
Problem with network and RAID on Centos 5.2 and Centos 5.4 thesirwolf Linux - Hardware 1 04-02-2010 12:47 PM
Centos Firewall...needed if already behind a firewall? JohnRock Linux - Networking 7 05-22-2009 03:49 PM
CentOS 4.3 Outside of Firewall msound Linux - Security 1 08-22-2006 08:58 PM
MDK Multi-network-firewall - where are the network logs stored? Avatar Mandriva 5 02-11-2004 09:44 PM

All times are GMT -5. The time now is 07:41 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration