LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-11-2005, 12:08 PM   #1
cmt9000
LQ Newbie
 
Registered: Oct 2005
Location: USA
Posts: 10

Rep: Reputation: 0
Linux Firewall/Router


Apparently people think I'm crazy....

I want to replace my Cisco PIX 506e firewall and generic router with one, high-end linux machine that will be the router and firewall.

Am I really nuts???
 
Old 10-11-2005, 12:34 PM   #2
Keruskerfuerst
Member
 
Registered: Oct 2005
Location: Lat: 482356N, Lon: 104145E
Distribution: Gentoo 2006
Posts: 719

Rep: Reputation: 31
Hello!

Just visit www.ipcop.org

Greetings
 
Old 10-11-2005, 02:25 PM   #3
Imanerd
Member
 
Registered: Dec 2004
Location: Bay Area, California
Distribution: Fedora Core 3
Posts: 65

Rep: Reputation: 15
Also check out m0n0wall. It's FreeBSD-based (rather than Linux), but it works great, doesn't require high-end hardware, and is very easy to set up and use.
 
Old 10-11-2005, 06:58 PM   #4
IRIGHTI
Member
 
Registered: Oct 2003
Distribution: Slackware64 13.1 x86_64, Ubuntu 10.04 x86_64
Posts: 121

Rep: Reputation: 15
Also:

www.smoothwall.org

You don't need a very powerful system to be a firewall/router. A P200 would be more than enough, unless you get a rediculous amount of traffic e.i 1 Gbit.

Or if you want to build your rules yourself, which I would recommend:

http://iptables-tutorial.frozentux.n...-tutorial.html

That is the best Iptables tutorial out there. They also give you an example to go off of, which is what my firewall was originally. Its been hacked up since then though.
 
Old 10-12-2005, 04:13 PM   #5
linux.llama
Member
 
Registered: Oct 2005
Location: AZ
Distribution: Gentoo, Kubuntu, RHEL4.
Posts: 37

Rep: Reputation: 15
Hey
I'm preferential to Shorewall. I dunno how it compares to m0n0 or ip cop tho. But with all the exploits in IOS lately, i would not blame you for dropping the Cisco gear. Even if they are mad expensive.

Last edited by linux.llama; 10-15-2005 at 05:44 PM.
 
Old 10-13-2005, 09:56 AM   #6
makko
LQ Newbie
 
Registered: Apr 2004
Location: Earth
Distribution: Slackware 10, FreeBSD 4.10
Posts: 19

Rep: Reputation: 0
Id recomend you read as many tutorials on IPTables as you can and when confident build the firewall/router from scratch. Its the only way to make the firewall/router exactly as you want it. + you will be able to troubleshoot it incase of glitches. Then make a script to add the rules after every reboot.
 
Old 10-13-2005, 01:09 PM   #7
doublejoon
Member
 
Registered: Oct 2003
Location: King George, VA
Distribution: RHEL/CentOS/Scientific/Fedora, LinuxMint
Posts: 366

Rep: Reputation: 44
I imagine http://www.fwbuilder.org/ would make you feel comfortable coming from Cisco
 
Old 10-18-2005, 09:12 AM   #8
int0x80
Member
 
Registered: Sep 2002
Location: Cincinnati
Distribution: Debian GNU/Linux
Posts: 310

Rep: Reputation: 31
No, you are not nuts. In fact, we've had less problems administering and managing Linux iptables firewalls. Nothing against Cisco, but we've had several Pix firewalls fail on us, hardware or otherwise. There's nothing wrong with using a Linux iptables firewall, in fact they are all over the place in enterprise environments.
 
Old 10-20-2005, 09:41 PM   #9
colin7151
LQ Newbie
 
Registered: Sep 2005
Posts: 1

Rep: Reputation: 0
I'd have to go with Monowall. Its got a small footpring, extermely secure, and has a fantastic UI for creating and managing the box.
 
Old 10-22-2005, 09:55 AM   #10
ravee
Member
 
Registered: Jan 2005
Location: India
Distribution: Fedora Core 2
Posts: 83

Rep: Reputation: 15
Cisco is hardware based firewall which is more robust and used expecially in high traffic network environment. Where as using linux as a router is a software based solution. If your network has significantly less traffic , then it is more effective and less costly to embrace linux.
 
Old 10-22-2005, 01:54 PM   #11
IRIGHTI
Member
 
Registered: Oct 2003
Distribution: Slackware64 13.1 x86_64, Ubuntu 10.04 x86_64
Posts: 121

Rep: Reputation: 15
That brings up a good point. Even though there are software and hardware firewalls. You have to use those terms loosely because the hardware firewall has to have software i.e. firmware. And since iptables is on the kernel level, isn't a linux firewall pretty close to a hardware firewall?

I'm just curious. Because the kernel administers the rules before it even reaches the user space, right?
 
Old 10-22-2005, 02:11 PM   #12
Imanerd
Member
 
Registered: Dec 2004
Location: Bay Area, California
Distribution: Fedora Core 3
Posts: 65

Rep: Reputation: 15
That is a good point. I think quite a few "hardware" firewalls actually use a version of linux or BSD.
 
Old 10-23-2005, 11:52 AM   #13
mago
Member
 
Registered: Apr 2004
Location: Costa Rica
Distribution: slack current with 2.6.16.18 (still off the hook)
Posts: 284

Rep: Reputation: 33
Not nuts at all

As a matter of fact you can try to go a step further and buid a bridge firewall that will not be accessible from the outisde as a first line of defense.

You will have your machines with public ips but totally firewalled, or you can put just anothe machine after the bridge so you won't have to worry about loosing your main line of defense.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Small Linux Router/firewall behind D-Link Hardware router dleidlein Linux - Networking 6 04-30-2007 05:12 AM
linux as a firewall+router Doug Hammond Linux - Networking 1 02-03-2005 10:18 AM
Linux Router/Firewall Books kemplej Linux - Security 7 05-27-2004 01:15 AM
linux firewall - belkin fw/router stoffell General 3 09-30-2003 10:10 PM
pppoe through linux router/firewall ..Tookers.. Linux - Networking 2 04-30-2003 07:34 AM


All times are GMT -5. The time now is 04:19 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration