Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hardware:
Intel PII 200Mhz, 1,3GB Fujitsu HD, 32MB EDO RAM, 2 NIC
The box will only be used as firewall expected with ipchains.
The LAN is mixed OS (XP, debian, gentoo) all connected to a router.
Question:
1. Which distribution will be best suited for this purpose?
2. Is it possible to include a virus protection to scan all incoming packets for virus?
3. Is there a better solution for use of this old box to prevent my LAN from attack through the Internet?
mosquito_dk
Last edited by mosquito_dk; 03-02-2005 at 09:50 AM.
What satinet is getting at is a virus isn't going to come in on one packet, which is what a firewall looks at. Rather, it is going to come in on multiple packets usually via email. What you would want to do is setup ClamAV on your mail server, which would filter emails for viruses, and then help prevent them from coming through to your LAN. There was a good article in a recent Linux Journal issue about ClamAV on your mail server that I will try to find for you.
Here is what I was looking for. I guess they are regarding ClamAV on your postfix server, may not be what you are looking for. Anyways here it is http://www.linuxjournal.com/article/7778 http://www.linuxjournal.com/article/7811
Also another point to make is what ports will you be opening on your firewall? You will want to check into what vulnerabilities there are on those servers that you will be running. Make sure you are keeping patches up to date, checking logs, etc.
To specifically answer your questions:
Quote:
1. Which distribution will be best suited for this purpose?
There are various linux based distro firewalls. The one I have worked with is smoothwall (www.smoothwall.org). Also, ipcop is a good choice (so I've heard, haven't worked with it).
Quote:
2. Is it possible to include a virus protection to scan all incoming packets for virus?
Not on your firewall. You can include AV on all the hosts, your servers, etc but a firewall won't be able to pick up a virus by one packet.
Quote:
3. Is there a better solution for use of this old box to prevent my LAN from attack through the Internet?
Yea, don't open any ports on your firewall. That may not be realistic, so my first suggestion would be only open the ports you need. Really there shouldn't be much of a need to open any ports to your LAN, as a DMZ is where you would/should put all of your public servers.
To answer the original Q
I am currently using Smoothwall, but in all honesty wouldn't recommend it as I've had all sorts of little hassles with it, nothing major, just little hassles.
I thinking seriously of converting to Monowall a BSD based firewall http://m0n0.ch/wall/
Yes you can run an anti-virus on a linux firewall, AVG make one and I think Kapersky which is included in Astaro ( firewall ). However with your RAM I think that would be out of the question. Even with Monowall - 32 Meg means your computer could struggle a little, so I would recommend chasing up another 32 meg of RAM if you can. Monowall recommend 64 Meg minimum. Like wise IP-Cop will run on 32 but 64 or more is recommended.
thx for your answers. Maybe I havent been specific enough in my questions. The firewall is not the isssue rather the underlaying linux distribution and the virus protection.
I was looking for a small minimal linux distribution for this old PC. No server vill be set up on this box. The only purpose for this box will be a firewall between my LAN and my Internet connection.
Since all data from the Internet will flow through this box. it will be convinient to scan all incoming files for virus aswell.
All your comments are usefull to me anyway but to get it strait:
Q1: which linuix distribution will be a first choice (thinking security) for such an old box with the mentioned specs. (debian, freeBSD... etc.) ? I want to install and compile ON this old box. Its only use is firewall and if possible a scanning tool aswell.
Q2: Is there a virus scanning tool to scan on the fly like a shield to protect the LAN from all incoming and infected files from eg. webbrowsing a picture, flash, streaming video etc. with a virus attatched.
Q3: Solved. I believe this setup is ok since my router have built in wireless too.
Internet - firewall box - router - LAN
If I had a wired router I expect this solution to fit better:
Internet - router - firewall - switch - LAN
Last edited by mosquito_dk; 03-03-2005 at 07:22 AM.
To find a linux distro that suits your needs, I think you will have the best luck researching a little on http://www.linuxiso.org This site lists a bunch of different distros and gives a little info on them. Also on the LQ site, check out http://www.linuxquestions.org/reviews/index.php?cat=2
I have really only used FC and RH, but from what I've read, you may want to look at Gentoo, as its main feature is customizability and only loading the stuff you want/need. However, the installation is not for the meek (or so I've heard). You will want to read the manual for the installation prior to installing.
Also, the ones mentioned before (smotthwall, ipcop, and monowall) are all linux distros as well, they are just used only for firewall/IDS/proxy just they come with a reduced amount of commands, programs, etc.
As far as the virus scanning, I'm not sure on that. You will probably want to follow up on what floppywhopper mentioned
thx jonlake. I believe I have read a lot but more over it is often better to hear the opinion of someone who have already been in similar situations. But of course reading and collecting new information gives a better foundation for a choice.
Btw I would prefer gentoo, as it is my preferred distribution and as you said its very flexible. Unfortunately it takes at least 64MB of Ram to install and compile on the box.
mosquito_dk I think you are missing the point about virus scan. Virus packets are not 'bad' as such. It's just TCP/IP traffic as far as the firewall is concerned - If you've requested to download a file - it will get it for you. Scanning files can't be done 'on the fly' as such. The only way to do this would be to use a proxy server that would cache all the data, and THEN scan it, before it hit your LAN. This would also be slow and complex. A router/firewall doesn't have the capacity to work out what a load of data will be when it hits your PC, or what the code may contain and what it will do.
so basically you need virus on your PC.
get IPCOP for your firewall... Note this will also be a router - there's not much point having a serpate one when this box will do it for you. It will also be your DHCP server and default internet gateway in this set up...........
thx for interesting answers. I jumped to the conclusion that IPcop was the better choice for my needs and Its running smoothly. A really nice distribution.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.