LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 04-22-2006, 02:58 PM   #1
cylarz
Member
 
Registered: Aug 2005
Location: California
Distribution: CentOS 5
Posts: 54

Rep: Reputation: 15
routers as a security measure


As mentioned in my other posts, I run a stand-alone FC-5 box. It's located in the DMZ area on a spur of a large network.

I'm thinking of obtaining a small router/firewall of some kind and adding it as a security measure. I would assign it my static IP, and have it forward requests bound for ports 80, 22, and 25 to the server. (Those are the only 3 that I want open to the outside world.)

Question. Do you see any advantages or disadvantages to a scheme like that? One advantage I see is that by adding a hardware firewall, it would make absolutely sure only those ports were open. Any drawbacks?
 
Old 04-22-2006, 03:57 PM   #2
TigerOC
Senior Member
 
Registered: Jan 2003
Location: Devon, UK
Distribution: Debian Etc/kernel 2.6.18-4K7
Posts: 2,380

Rep: Reputation: 49
It's kind of double insurance and does work. I have a firewall on my adsl/modem router and a separate more sophisticated one on the server. The router firewall does a very good job and I can then fine tune exclusions such a s abusive ip addresses on the server firewall.
 
Old 04-24-2006, 02:57 AM   #3
cylarz
Member
 
Registered: Aug 2005
Location: California
Distribution: CentOS 5
Posts: 54

Original Poster
Rep: Reputation: 15
re: routers as a security measure

Which model do you recommend for me and how much can I expect to pay? Remember, all I need is a basic firewall device that will prevent banned IP's from reaching the box. There will be only one machine (the server) attached.

Preferably something with an easy-to-use terminal program that will let me type in those addresses via remote access.
 
Old 04-24-2006, 05:39 AM   #4
ioerror
Member
 
Registered: Sep 2005
Location: Old Blighty
Distribution: Slackware, NetBSD
Posts: 536

Rep: Reputation: 30
Quote:
Which model do you recommend for me and how much can I expect to pay?
One solution would be an old laptop with a couple of pcmcia nics. This would give you a full-blown Linux system (much more flexible than the firmware in a router), a built-in UPS etc. A 486 would suffice, the only snag would be getting sufficient ram (4mb would be tight (but usable with some tweaking), 8mb would be doable, 12mb should be very comfortable, any more than 16mb would probably be overkill for a small dedicated firewall). Should be cheaper than a hardware router too.
 
Old 04-24-2006, 12:20 PM   #5
TigerOC
Senior Member
 
Registered: Jan 2003
Location: Devon, UK
Distribution: Debian Etc/kernel 2.6.18-4K7
Posts: 2,380

Rep: Reputation: 49
Following on ioerror there is a Linux based version available called coyotelinux that would do this very well on 486 + boxes.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Posing a new security measure..... zhizaki Slackware 4 09-28-2005 11:13 PM
Measure how much I upload and Download barryw Linux - Networking 1 06-02-2005 03:21 AM
measure program performance cranium2004 Programming 1 05-04-2005 10:49 AM
measure memory usage unosoft Linux - Software 1 10-07-2003 06:25 PM
accurately measure time rasselin Programming 1 09-05-2003 05:18 PM


All times are GMT -5. The time now is 04:13 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration