Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Im looking for a very easy to use ( GUI please ) firewall that can be run on an older computer. This computer will protect a bunch of other computers that are behind it. The only catch to this is that it has to do many Public outbound IP's (20 for now and 50-100 later ).
I have found alot of info about alot of really great looking products, however most of them appear to only do 1 or 2 outbound IP's or have to forward to local IP addresses. I need something that can do many IP's and just hand them off without forwarding to local IP address.
Any ideas, links or just general info would be great.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
fwbuilder will do fine, but it's not a Linux distribution, it's a script builder (just like the name implies). It builds iptables scripts for a firewall. You'll still need to install a Linux distro and lock it down. I suspect that firestarter and guarddog are various flavors of firewall builders as well. In each case you would need to install the system and do the hardening yourself.
2Gunz, What do you mean, "many Public outbound IP's"? Do you mean public internet IP's?
I dont think IPCop will do "many Public outbound IP's" ...
IP cop is based on the GPL of Smoothwall. You can only have 1 WAN IP if your using the GPL. Smoothwall will do multiple WAN IP's if you have the Corp version (With an added module), but it costs $$.
If you mean you have 1 WAN IP and you want to have multiple private IP'S (internal network) then I recommend Smoothwall above all. The GPL is free, It has an EASY to use web interface (GUI), and the latest release (2 beta 7) has a load of new features. It does DHCP, web caching, port forwarding, IDS, remote acces, logging, dynamic DNS, basic VPN... & more from the web interface. It is secure (It does what it does for a living), and has a quick responding team for security patches, which can be applied also through the web interface.
See it here: http://www.smoothwall.org
Last edited by chrisknight; 10-26-2003 at 09:15 AM.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Well actually, IPCop is a fork of Smoothwall and it's superior to the GPL version in every way. I don't doubt the commercial version of Smoothwall is better than IPCop, but then of course you have to pay.
IPCop will actually listen on multiple public IPs for incoming connections. The only catch is that you cannot NAT to more than one IP for outbound connections (everything gets NAT'd to the default IP). You can do redirection (portforwarding) differently for each external IP, so you can direct traffic on multiple IPs to multiple web servers, etc, it's just that when anything inside the network opens an outbound connection that is not part of an existing stateful session, then it will use the default IP (which is one of the reasons why I switch to OpenBSD and wrote my own firewall in PF).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.