LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-02-2004, 08:19 AM   #1
tibby
LQ Newbie
 
Registered: Jun 2004
Posts: 3

Rep: Reputation: 0
Talking Network Security


Hello all. I have worked with Linux since Slackware 3, but it was in an ISP environment and I didn't require the use of Firewall and Proxy. Well, no I do. I went out and downloaded the Smoothwall product, while it is great and the scripts are wonderful, it is lacking alot of things. So, I have to set out, and using LFS, create a Firewall/Proxy that suits my needs. So, first off, I'm going to be running kernel 2.6.6, and definatly going to have Squid running. So, my basic questions are:

1) Setup IPTables, and block all ports except whats specified to be open, including >1024

2) Setup Port Forwarding

3) Setup PAM Authentication to authenticate against my Windows AD Server, or some way of syncing the local passwd/shadow files wiht the Active Directory Domain

4) Setup Squid, possibly with above authentication relm.

After I get this LFS distro built and working, I'm going to offer it as a general distro if anyone is interested. One of my biggest problems with Smoothwall is that the USB system, for the most part, is crippled, so I cannot use a USB 56k modem as a backup to the WAN interface, and there's no possiblity of setting up a wireless on the LAN side.
Also, if anyone else has any suggestions, like Spam filtering, or AV that can run on a firewall/proxy, let me know and I'll try and integrate it into a Linux system that will knock the socks off of anything M$ can dream of.

Thanks,
Tibby
 
Old 06-03-2004, 09:43 AM   #2
Astro
Member
 
Registered: Jan 2003
Location: Ballston Lake, NY
Distribution: Slackware, Debian
Posts: 665

Rep: Reputation: 30
To tell you the truth, IMHO LFS is great for learning what all goes into a distro and such but I wouldn't want to run it for something like that. I would simply take a slackware 9.1 install, with no X, and the basic needed for networking and such, and throw shorewall on it, and use webmin to administrate it. It's a quick solution compared to the compile time of the other... Shorewall has everything you'd need for what you're doing, and it's a small install, if you've got limited space. However if you're all about the compiling and it's not a problem then go for it. I found that since I like slack a ton, and have used it since 3 myself as you have, I generally ended up with a slimmed down slack distro when I built my LFS one soooo theres my $0.02
 
Old 06-03-2004, 10:14 AM   #3
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
I don't think your going to be able to beat SmoothWall. It is the best dedicated firewall distro out there. I think you are probably the first person I can remember having anything bad to say about SmoothWall as well.

Why do you want your firewall to authenticate against Active Directory?

And as for SmoothWall not supporting 56K, well, that is just it's design. SmoothWall is designed as an Ethernet firewall, as are 90% of firewalls out there (hardware anyway). You would be hard pressed to find a hardware firewall that supports 56K, let alone any sort of USB modems.

Besides, any sort of fall-over for the WAN should be done at the gateway, not the firewall. If you don't have a gateway (using a broadband modem instead of a router maybe) then you could setup a machine as a gateway, and setup your broadband device and a 56K modem on it, and connect that to the WAN side of the SmoothWall with a crossover cable. Then the SmoothWall could be fed either broadband or 56K.

And I don't see why you can't setup wireless on the LAN side. You should be able to connect a wireless access point (access point only, no integrated router) to the LAN side of the SmoothWall, and SmoothWall should hand out dynamic IPs to anything within range of the access point.
 
Old 06-03-2004, 10:21 AM   #4
Astro
Member
 
Registered: Jan 2003
Location: Ballston Lake, NY
Distribution: Slackware, Debian
Posts: 665

Rep: Reputation: 30
I'll have to agree with tibby, Smoothwall is lacking in some things. At my previous job we chose Shorewall over smoothwall for that fact that Shorewall had everything we needed and smoothwall didn't.
 
Old 06-03-2004, 11:08 AM   #5
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
What did you find lacking?

I have run SmoothWall in a 120+ client network (I have since moved over to a dedicated hardware firewall) and didn't have any problems.

I'm just curious as to what others expect from their firewall.
 
Old 06-03-2004, 11:38 AM   #6
Astro
Member
 
Registered: Jan 2003
Location: Ballston Lake, NY
Distribution: Slackware, Debian
Posts: 665

Rep: Reputation: 30
Well we needed to be able to have multiple IP's for the same interface to allow static nat, that was one thing that smoothwall didn't support at the time of the implementation. We also wanted to be able to monitor the box better, such as with MRTG and snmp and such, of which smoothwall wouldn't do for that.
 
Old 06-03-2004, 01:43 PM   #7
bagira
LQ Newbie
 
Registered: Dec 2003
Location: Germany
Distribution: Gentoo
Posts: 27

Rep: Reputation: 15
I have got an Astaro Firewall it it works great. There are many features, like HTTP,SMTP, POP3-Proxies, Intrusion Prevention, Virus Scanning for Web and Mail, Spam Protection ... .
Have a look at www.astaro.com.
/bagira
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
security issue? network casey24601 Linux - Security 2 11-04-2004 05:56 PM
Network Security Breach nbjayme Linux - Security 0 03-17-2004 06:49 PM
I want to get into Network Security h1tman Linux - Security 15 09-10-2003 09:09 PM
testing my network security? prophet621 Linux - Networking 2 05-27-2003 02:16 PM
linux network security aparna Linux - Security 3 03-03-2002 05:11 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration