LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Linux firewall (https://www.linuxquestions.org/questions/linux-newbie-8/linux-firewall-4175572883/)

sub320 02-22-2016 02:50 AM

Linux firewall
 
I just would like to setup firewall in linux , would advise what is the most common tool/module ?

if I need to do the NAT , what tool/module should be use ?

thanks

JJJCR 02-22-2016 02:56 AM

What distro are you using?

You don't have a firewall or router on your network that will do the NAT'ing?

Check out link below for CentOS:

https://www.centos.org/docs/4/html/r...l-ipt-fwd.html

sub320 02-22-2016 03:19 AM

Quote:

Originally Posted by JJJCR (Post 5504094)
What distro are you using?

You don't have a firewall or router on your network that will do the NAT'ing?

Check out link below for CentOS:

https://www.centos.org/docs/4/html/r...l-ipt-fwd.html

does it support multiple external IP ?

thanks

jefro 02-22-2016 05:42 PM

There are many levels of what one might call a firewall. Depends on how advanced you wish to get.

Every linux distro has the ability to use some of the common tools. Most people create rules and use iptables.

If you want, you can select one of the custom firewall distro's that are available. Choice like Untangle and pfsense and others could be a choice.

NAT is a common way to use one external IP address with one or more internal IP addresses. It isn't really a firewall. It simply translates one address to another.

JJJCR 02-22-2016 08:07 PM

Quote:

Originally Posted by sub320 (Post 5504100)
does it support multiple external IP ?

thanks

Private IP Address are not routable on the internet, only public IP Addresses.

NAT (network address translation) allows internal network to communicate the internet or external network by modifying the packets that internet routers can used.

A single Public IP Address should be able to translate Class C or /24 network(192.168.1.0 / 255.255.255.0 [254 private IPs]) to connect to internet.

check out links below:

https://technet.microsoft.com/en-us/...(v=ws.10).aspx

http://www.cisco.com/c/en/us/support.../13772-12.html

Search DDG, for NAT and PAT topics.


For multiple external IP, if you're talking about Public IPs it would depend on your ISP subscription. You can check the subnet mask given to you by your ISP and from there you can determine the IP Address range. Whether you have multiple IPs or not.

Here's a link to check your range of IPs: http://www.subnet-calculator.com/

Good luck!!!

frankbell 02-22-2016 08:41 PM

A firewall is baked into the Linux kernel; it's called iptables, as jefro mentioned. Generally, Linux "firewall programs" are frontends for configuring iptables.

This article is a good introduction to iptables. http://www.howtogeek.com/177621/the-...inux-firewall/

sag47 02-23-2016 01:25 AM

Quote:

Originally Posted by frankbell (Post 5504548)
A firewall is baked into the Linux kernel; it's called iptables, as jefro mentioned. Generally, Linux "firewall programs" are frontends for configuring iptables.

This article is a good introduction to iptables. http://www.howtogeek.com/177621/the-...inux-firewall/

That article is ok; my only beef with it is that it doesn't cover established and related connections. Configuring a firewall is greatly simplified if you don't need to worry about return traffic that was "established" by an allowed rule. Here is an iptables tutorial which covers that bit to help supplement your suggestion. https://wiki.centos.org/HowTos/Network/IPTables

I publish an example of my own firewall rules. https://github.com/samrocketman/home...iptables.rules (note: my last name is Gleske in case you were looking up terminology)

DavidMcCann 02-23-2016 12:18 PM

If you are running an internet server, you may need to understand iptables, but even that isn't always true.

If you are talking about a desktop or laptop, it depends on how you connect to the internet. A router should have its own firewall, but if you use a modem (which includes a mobile-phone company dongle), you need a firewall on the computer.

Some distros have it set up, but those derived from Debian generally don't. If you have something like Mint or Ubuntu (you really do need to tell us your distro when asking a question!) then

1. open a terminal window
2. enter gufw
3. if it says that it can't find gufw, then install it with sudo apt-get install gufw and then use it.
4. gufw will open a window with a box labeled "status off". Click on that, give your password, and wait patiently until it changes to "status on". That's it!


All times are GMT -5. The time now is 05:54 PM.