LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices


Reply
  Search this Thread
Old 01-23-2006, 04:47 AM   #1
gugabaga
Member
 
Registered: Jan 2006
Distribution: Fedora
Posts: 61

Rep: Reputation: 15
Fedora Core in Intel P4 firewall guarding Windows 2003 server


Hi,

I have to install Fedora Core 3/4 in an Intel P4 machinne with 512 MB ram on Intel motherboard. Two DLink ethrenet cards.

This will act as a firewall(iptables enabled) to my local area network with Windows 2003 Server. The iptables configuration should be such that only trusted MAC addresses will be allowed through the firewall and rest of the packets will be dropped. I am trying to learn up iptables configuration the hard way by going trough its documentation and lots of stuff from the net. Is it worth it? Should I just get a gui configuration tool and understand how to use it or I should continue my slogging on the iptables?

I am new to Linux system (read 1 week) and I would appreacite any heads up from the linux community.

Regards
 
Old 01-23-2006, 05:52 AM   #2
Notwerk
Member
 
Registered: Apr 2005
Location: Jordan
Distribution: Debian (Sarge), Ubuntu (6.06)
Posts: 271

Rep: Reputation: 31
First let me start by saying that the PC you described is way too powerful to be dedicated to running iptables. I'd suggest a *much* less powerful machine. The keyword here is "dedicated".

You can find an excellent -IMO- iptables tutorial here:
http://iptables-tutorial.frozentux.n...-tutorial.html

You can find a couple of GUI based iptables configuration tool here:
http://www.fwbuilder.org/archives/cat_about.html
http://kmyfirewall.sourceforge.net/
though I'd advise you to read up on iptables, it's gonna be worth it later
 
Old 01-23-2006, 06:05 AM   #3
gugabaga
Member
 
Registered: Jan 2006
Distribution: Fedora
Posts: 61

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Notwerk
First let me start by saying that the PC you described is way too powerful to be dedicated to running iptables. I'd suggest a *much* less powerful machine. The keyword here is "dedicated".

You can find an excellent -IMO- iptables tutorial here:
http://iptables-tutorial.frozentux.n...-tutorial.html

You can find a couple of GUI based iptables configuration tool here:
http://www.fwbuilder.org/archives/cat_about.html
http://kmyfirewall.sourceforge.net/
though I'd advise you to read up on iptables, it's gonna be worth it later
Hi Notwerk,

Thanks for your post.

Maybe that kind of configuration will lead to overkill - but that is the spare machine we have. To be precise we have 2 of the same config. One will be kept on standby while the other will act as firewall.

But I am a little apprehensive about the connection through to Windows 2003 server. Because that is what stores our database and that is what everyone will be trying to access. I hope that goes without a hitch.

And about the tutorial i am halfway through it already. But thanks anyway.

I will look up the gui(s) after I get through with the hard way. I got till Wednesday. So I guess I should just about cut it.

Thanks again for your prompt post.

Regards
 
Old 01-23-2006, 07:03 AM   #4
Notwerk
Member
 
Registered: Apr 2005
Location: Jordan
Distribution: Debian (Sarge), Ubuntu (6.06)
Posts: 271

Rep: Reputation: 31
I really hate to tell you this when you're pushed for time, but MACs can be easily spoofed. So if a potential attacker gets a valid MAC address -which can be done by evesdropping or physical access to a client machine- s/he becomes a dangerous attacker.
http://www.cuyamaca.net/gainswor/security/002-MAC Spoof.pdf

On the other hand, if you want to allow traffic IN from the internet, MAC addresses won't work cause every router between the source and destination replaces the MAC address with its own.
 
Old 01-23-2006, 07:13 AM   #5
gugabaga
Member
 
Registered: Jan 2006
Distribution: Fedora
Posts: 61

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Notwerk
I really hate to tell you this when you're pushed for time, but MACs can be easily spoofed. So if a potential attacker gets a valid MAC address -which can be done by evesdropping or physical access to a client machine- s/he becomes a dangerous attacker.
http://www.cuyamaca.net/gainswor/security/002-MAC Spoof.pdf

On the other hand, if you want to allow traffic IN from the internet, MAC addresses won't work cause every router between the source and destination replaces the MAC address with its own.
Hi,

I know about MAC spoofing. Basically the architecture of the system will be such that after the firewall has let in through a trusted MAC the Windows 2003 server will password authenticate it. That part will be taken care by the Windows Server and Linux dosent have to do anything about it. I hope!!!

But since u tell me that MAC address filtering wont work..... I will have to rethink.

Also the Linux machine will have port scanners and the rest of all the security stuff that I can master in 2 days to prevent hacking into our local system.

There will be no information whatsover on the Firewall m/c, just firewall and scanners.

I hope this will work.

Regards

Last edited by gugabaga; 01-23-2006 at 07:17 AM.
 
Old 01-24-2006, 02:14 AM   #6
ethics
Senior Member
 
Registered: Apr 2005
Location: London
Distribution: Arch - Latest
Posts: 1,522

Rep: Reputation: 45
Take a look at http://www.smoothwall.org/

Never used it myself but i see it recomended alot for this sort of thing
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Red Hat Linux 9 + Windows Server 2003 + Windows XP + Fedora in same domain wolfy339 Linux - Networking 5 03-02-2005 06:03 AM
Fedora Core 3 PC , how to be connected as client to windows server 2003 domain omaramir Linux - Networking 4 02-03-2005 02:28 AM
Fedora Core 2 & Windows 2003 Domain sfagundes Fedora 1 07-10-2004 10:11 AM
Windows 2003 server & Fedora / GRUB wont boot win UrbanDEV Linux - Newbie 6 04-28-2004 09:34 AM
grub - fedora - windows server 2003 amatin Linux - Software 5 12-18-2003 02:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora

All times are GMT -5. The time now is 03:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration