|
Linux Home Firewall
Hi there, I want to install a linux firewall for my home network here is my situation...
- 5-6 computers on Win2000 network, one computer has ISDN modem and is sharing internet connection to others... - 1 computer (Celeron 3) with two network cards who will have RedHat 9 installed and will be used as firewall server.... I'm new in Linux world so I have a lot of questions but first... Could someone give me short procedure how to install firewall, something like this: 1. Install RedHat 9 with following options... 2. Do this... 3. Do that... 4. Install this... As I said I need simple firewall, only thing that i need extra is that i can use PcAnywhere, ports TCP 5631, UDP 5632... Also where should this firewall server be placed... If you need more info I would be happy to respond... |
well, I'm not sure "how simple" you want things. If you want a secure firewall, you need to know what you're doing ;) iptables would be my best shot, but redhat already seams to have some firewall configuration (guess it uses iptables internally)
To give all internal computers access to the internet, and redirect packets back, your firewall uses a technique called "NAT" (or masquerading). with a few lines, you should have nat enabled with iptables. To redirect a few ports back to internal clients, the firewall uses DNAT or SNAT. (not sure which one) Last weekend I've experimented with iptables in slackware for the first time, and I've learned (and re-learned) a lot about network communications... and imho this is the greatest benefit of Linux; the endless learning curve. First try to get the modem working at your redhat server. Then try to configure your firewall, that internal systems can connect to the internet too.. finally secure/tighten the firewall rules. If you start small and simple, you'll be able to learn quickly, and do the remaining things a lot better. just my $0.02 hope this helps. |
A humble suggestion: check out SmoothWall. You can set it up in 20 minutes. Linux kernel, runs on about anything 486/66 and up. I've set up many for folks with either dial-up or broadband access with no problems so far. It is a superior solution to "DIY" Linux firewall. Mine here has been running nearly continuously for three years... the only reboots have been as a result of periodic updates.
|
I agree. Smoothwall rocks! Try also Firestarter from http://firestarter.sourceforge.net/ This is a very easy to setup and use and works in gnome or kde.
|
|
Thank you guys for your fast reply, just to make thing clear...
I have my modem on one computer (Win2000) but I want to use other computer as firewall server...is this possible... My friend told me about FireStarter Firewall I'll also check SmoothWall, is there something else i need to know? Some tips maybe... |
With SmoothWall, a NIC for the LAN and a modem for dial-up, and I strip everything else out of the box after it's been configured. Nothing but blanks in the front. GUI access from any other box on the LAN. With only the M/B, RAM and two cards there's no real overhead on the power supply and no way for anyone to "fiddle" with it physically (unless they have the administrative password). I haven't given FireStarter a try yet, 'cause Smoothie has worked so well for me. I don't have much time on me hands to experiment lately, so I stay with what works fer me.
|
Firestarter
OK, I installed FireStarter, mostly cause it's small and it looks simple i'll try to configure it today or tommorow, i have other questions...
- where should computer with firewall be placed on the network? - nobody didn't respond me is it possible to have modem on one and firewall on other computer. - how can I enable specific port for use? |
When using Firestater as possibly any firewall it needs to sit between your internet connection/Gateway and your Lan. Firestarter picks up your Ethernet Cards and allows you to configure each NIC for its use.
Ie. Eth0 faces the internet/Gateway. Eth1 faces the Lan. Firestarter also allows you to setup your services that are accessible from the internet incoming side of things. It also sets up NAT and IP masquerading options. If you have a modem ie usb this would replace Eth0 in this case. Setup this interface instead of Eth0. You can enable the ports for use by selecting options in the rules tab. |
Quote:
internet <--> gateway <--> firewall <--> other systems In other words: * your gateway has a modem and network card. It functions as gateway. * The firewall system has 2 network cards, and filtering can be done with this situation; where you decide what to do with certain packages based on the network interface they arrive at. This system would most likely be a gateway too :confused: At school we've made a linux router+firewall system once: It had 3 network cards: * one was connected to the internet, used dhcp to retrieve an IP address. * the second one was connected to the webserver, it's subnet was 10.0.1.*. The firewall was configured to drop outgoing connection from the webserver for security reasons. (ie an DMZ) * the third one was connected to a switch, it's subnet was 10.0.2.*, and our iptable rules were set "NAT" (masquerade) those connections. This allowed the internal network (computers plugged into the switch) to surf the internet, but the webserver couldn't connect to anyone. Maybe this is something worth considering ;) |
Re: Firestarter
Quote:
Second question first. YES you can have one computer having your internet connection, and a second computer having the firewall. BUT think about it... the computer connected to the internet is in front of the firewall, therefore it is inherently insecure. What you are currently looking at (if you leave the modem on your W2000 box) is Internet <-> Unprotected Computer <-> Firewall <-> Hub/Switch <-> Protected Computers The best option for your small network is Internet <-> Firewall <-> Hub/Switch <-> Protected Computers Which begins to answer your first question which was where should the firewall be placed on the network. The answer to that is as close to the internet as possible! You need to realise that every machine (as you may have gathered from my schematics above) essentially hangs from the firewall by way of a hub/switch. The Firewall needs TWO network connections. 1. Goes to the outside world (be this a NIC or a Modem) 2. Goes to the protected portion of the network. As to question 3, that will depend on the firewall that you use. Cheers Jo |
| All times are GMT -5. The time now is 12:45 PM. |