LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-07-2009, 08:49 AM   #1
HHodge
LQ Newbie
 
Registered: Nov 2008
Location: O'Fallon Mo
Distribution: Suse, Red Hat
Posts: 1

Rep: Reputation: 0
Question Firewall/Proxy help please


I am setting up a Firewall/Proxy server for our church. Proxy is to provide a limited amount of web filtering. The two people who help me have very little to no experience with Linux of any kind so I am trying to set these up with a GUI interface available (will boot run level 3) for them. I admin AIX but also use SuSE and Red Hat. My questions are:
A) Which type of Linux will best meet these requirements. I am not limited to the above types. I am looking for simple and easy to install and easy for those helping me to manage.
B) With limited exposure is there any extreme risk to not do both the firewall and proxy on the same server.
C) I plan to use iptables for firewall. Suggestions for a good GUI interface to this?
D) I plan to use DansGuardian for the proxy. Thoughts/suggestions/am I crazy for doing this?

Thanks in advance for the help.
 
Old 01-07-2009, 11:36 AM   #2
strick1226
Member
 
Registered: Feb 2005
Distribution: CentOS, Fedora, OS X, SLES, Ubuntu
Posts: 273

Rep: Reputation: 51
Given the fact you have others involved with little/no linux experience it might be wise to use a mini-distro specifically designed to provide these services, instead.

WebGUI-based administration, relatively easy proxy configuration, and the ability to perform a complete restoration from backup in the event of hardware failure are all possible with many of these distro's.

IPCop (http://ipcop.sourceforge.net) is one of the most popular and easiest-to-use freely-available linux-based firewall distro's. It's a very reliable and stable iptables-based solution, and can be configured to work with DansGuardian as well. It's a great setup--I really recommend you check it out.

I was a long-time IPCop user, but now implement a few other solutions in clients' offices, depending on their requirements.

pfSense (http://www.pfsense.org) is a FreeBSD-based firewall platform which is a fork of the m0n0wall project. It provides some pretty advanced features, including failover between multiple machines, and the ability to run from a bootable CD with a configuration saved on a USB key (great for non-proxy setups where no real HD is needed). It uses pf (the *BSD packet filter) instead of iptables, but you would not notice this as it's also WebGUI-based and you really don't need to use the command line past the initial configuration/installation. It provides a bit more advanced options in comparison to IPCop, but most would be out of place in a small environment anyway, and might only add complexity, anyway.

dd-wrt (http://www.dd-wrt.com) is a great platform for installing on a lot of mainstream wireless router hardware--it's a replacement firmware which provides much of what IPCop and pfSense provide. Since it's mainly intended to be used on diskless router hardware, and would require the purchase of additional equipment, it's probably not the best choice if you're working with limited funds and existing equipment.

Since you're planning on running a basic proxy with limited filtering, you definitely want to use a machine with a hard drive (not running from a USB key or compact flash card), regardless of which solution you chose. I would recommend at least a Pentium 3-class machine with 128 MB of RAM or more, and 540 MB HD or larger. If you're planning on having more than a few active clients at a time I definitely would go for more RAM.

Naturally, you will need two NIC's in the box, as well...

To answer your other question, with limited exposure, you're not necessarily exponentially increasing your risk in running both firewall and proxy services on the same box. In theory, though, the risk will be greater -- but ask yourself how much worse things would be if the church was not going to install a firewall at all (especially if the clients are Windows machines).

If you have the hardware, you certainly could setup one box to provide firewall services, and another to receive all requests for web traffic for proxy/filter services, but that can bet complicated fairly quickly.

There's a bunch of other options out there, too, but the above are the ones I've had a lot of experience using, and feel are good solutions.

Overall, I really would recommend you try IPCop and see what you think of it. There's a fairly active community around it (http://www.ipcops.com), and it's probably going to be the easiest one for you both to get running and have others assist in maintaining.

Hope this helps. Sorry for all the text...
 
Old 01-07-2009, 11:41 AM   #3
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Quote:
Originally Posted by strick1226 View Post
Given the fact...<SNIP>... Hope this helps. Sorry for all the text...
Good advice and seconded.
 
Old 01-07-2009, 01:03 PM   #4
miedward
Member
 
Registered: Feb 2007
Distribution: RHEL 4, SOLARIS 10
Posts: 91

Rep: Reputation: 15
I have used Smoothwall (http://www.smoothwall.org/) which is a fairly simple firewall/gateway that is dedicated and does not require much hardware wise to run.

It has a nice gui interface and is generally run from a web interface.
 
  


Reply

Tags
firewall, proxy


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Proxy/Firewall JaimeLopes Linux - Newbie 1 06-28-2008 02:21 PM
about proxy firewall mallikk_in Linux - Networking 1 05-17-2007 06:34 AM
Firewall - like reverse proxy andy.l Linux - Security 3 04-20-2007 03:24 AM
Firewall and Proxy sreedhartp Linux - Security 2 06-16-2006 12:43 PM
Firewall and proxy!? hommih Linux - Networking 7 01-16-2002 09:58 AM


All times are GMT -5. The time now is 11:41 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration