Hi all,

I'm hoping to move to a new broadband conenction in the next few months, but in the meantime, I want to at least have a network set up that is ready and to deal with an always on connection. I want to install use a linux box that will manage the IP routing between public and private networks, securely. I would normally use a W32 app to do this but I guess using Linux will allow me to understand the fundamentals of NAT and firewall technology.

What I'd like is some honest opinions on what s/w to run on the router, I know not to run anything but the routing s/w, but it's what firewall/proxy s/w should I use that I'm interested in. Has anyone come across Mandrakes new distro called Single Network Firewall? Or would you recommend something else that does the job just as well if not better?

Any help appreciated,
Chris

You can use the ipchains/iptables facilities that come in the linux kernel (2.2.x/2.4.x respectively) to effectively implement a firewall. If you do want a proxy for some reason check out Squid if you want something fully fledged to play with although it will be well over the top. The Squid guys are at http://www.squid-cache.org/ if you're interested. Also have a look at
http://www.linuxdoc.org/HOWTO/Cable-Modem/index.html
http://www.linuxdoc.org/HOWTO/DSL-HOWTO/index.html
http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html
http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html

For general security info search the forum for posts by razbot - Raz seems to know a little about security (the kind of 'little' that mean I ain't even gonna try to explain it)

HTH

Jamie...

Cheers Jamie for those comments.

Linux is just a hobby, The main stuff I do know is Nokia Fw1 and Cisco PIX's boxes + Solaris 8 & Oracle.
Basically all the stuff the banks use to secure there systems.

Linux is slowly getting more installations in the financial arena, so it's useful to get into something like redhat if you want to be paid more money in London.


Chris,
I would use a Linux OS with a 2.4.x Kernel, like Redhat 7.1
Then you could set it to act as a router for you and carry out NAT for your Windozes boxes with something like IPTABLES.

If you set it up correctly it's as good as a full blown firewall hardware solution.

Never heard of Mandrakes Single Network Firewall, normally it's better to not use these sort of things as they will make assumptions for you and if you want to learn start from scratch using the tools that come with the software.

Also if your using NAT you don't need a Proxy.

/Raz

Thanks very much fior the pointers, I appreciate the help guys.

Chris