|
Fedora Core in Intel P4 firewall guarding Windows 2003 server
Hi,
I have to install Fedora Core 3/4 in an Intel P4 machinne with 512 MB ram on Intel motherboard. Two DLink ethrenet cards. This will act as a firewall(iptables enabled) to my local area network with Windows 2003 Server. The iptables configuration should be such that only trusted MAC addresses will be allowed through the firewall and rest of the packets will be dropped. I am trying to learn up iptables configuration the hard way by going trough its documentation and lots of stuff from the net. Is it worth it? Should I just get a gui configuration tool and understand how to use it or I should continue my slogging on the iptables? I am new to Linux system (read 1 week) and I would appreacite any heads up from the linux community. Regards |
First let me start by saying that the PC you described is way too powerful to be dedicated to running iptables. I'd suggest a *much* less powerful machine. The keyword here is "dedicated".
You can find an excellent -IMO- iptables tutorial here: http://iptables-tutorial.frozentux.n...-tutorial.html You can find a couple of GUI based iptables configuration tool here: http://www.fwbuilder.org/archives/cat_about.html http://kmyfirewall.sourceforge.net/ though I'd advise you to read up on iptables, it's gonna be worth it later ;) |
Quote:
Thanks for your post. Maybe that kind of configuration will lead to overkill - but that is the spare machine we have. To be precise we have 2 of the same config. One will be kept on standby while the other will act as firewall. But I am a little apprehensive about the connection through to Windows 2003 server. Because that is what stores our database and that is what everyone will be trying to access. I hope that goes without a hitch. And about the tutorial i am halfway through it already. But thanks anyway. I will look up the gui(s) after I get through with the hard way. I got till Wednesday. So I guess I should just about cut it. Thanks again for your prompt post. Regards |
I really hate to tell you this when you're pushed for time, but MACs can be easily spoofed. So if a potential attacker gets a valid MAC address -which can be done by evesdropping or physical access to a client machine- s/he becomes a dangerous attacker.
http://www.cuyamaca.net/gainswor/security/002-MAC Spoof.pdf On the other hand, if you want to allow traffic IN from the internet, MAC addresses won't work cause every router between the source and destination replaces the MAC address with its own. |
Quote:
I know about MAC spoofing. Basically the architecture of the system will be such that after the firewall has let in through a trusted MAC the Windows 2003 server will password authenticate it. That part will be taken care by the Windows Server and Linux dosent have to do anything about it. I hope!!! But since u tell me that MAC address filtering wont work..... I will have to rethink. Also the Linux machine will have port scanners and the rest of all the security stuff that I can master in 2 days to prevent hacking into our local system. :rolleyes: There will be no information whatsover on the Firewall m/c, just firewall and scanners. I hope this will work. Regards |
Take a look at http://www.smoothwall.org/
Never used it myself but i see it recomended alot for this sort of thing |
| All times are GMT -5. The time now is 09:40 PM. |