Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
06-08-2012, 11:00 AM
|
#1
|
LQ Newbie
Registered: May 2012
Distribution: RedHat/CentOS
Posts: 27
Rep: 
|
Need help in implementing Linux Firewall
Hi Friends,
I need your suggestions. I need to implement a Linux firewall. As far I inquired, friends are suggesting me to go for Squid. I need to know is there any other package that act as a exact Firewall. IF so, please share the URL or document if possible. I really need your valuable suggestions over this task.
Thank you,
Last edited by piradeep; 06-08-2012 at 11:00 AM.
Reason: linux firewall
|
|
|
06-08-2012, 11:05 AM
|
#2
|
Member
Registered: Aug 2009
Location: /Universe/Earth/India/Pune
Distribution: Slackware64 -Current
Posts: 890
Rep: 
|
I was really not tough searching Google for 'Linux Firewall Setup'. I generally look for most of my networking queries on LinuxHomeNetworking.com-
HTH.
Regards.
|
|
|
06-08-2012, 11:05 AM
|
#3
|
Member
Registered: Sep 2011
Location: Italy
Distribution: Slackware
Posts: 651
Rep: 
|
squid is a proxy, not a firewall.
If you're looking for a firewall, I guess you should at least read something about iptables, starting from its man page.
|
|
|
06-08-2012, 11:10 AM
|
#4
|
LQ Newbie
Registered: May 2012
Distribution: RedHat/CentOS
Posts: 27
Original Poster
Rep: 
|
Thanks Prince & 414N. I just came across ClearOS, IPCop, eBox Platform, Monowall. Do you have any idea over these? Let me know your feedback.
|
|
|
06-08-2012, 11:17 AM
|
#5
|
Member
Registered: Aug 2009
Location: /Universe/Earth/India/Pune
Distribution: Slackware64 -Current
Posts: 890
Rep: 
|
Quote:
Originally Posted by piradeep
...ClearOS, IPCop, eBox Platform, Monowall. Do you have any idea over these....
|
No idea, never used any. These are specialized distributions. If you want to test them, install and observe.
I'd still strongly suggest checking firewall using IPtables, that's the basic thing you must know before anything else.
Regards.
|
|
|
06-16-2012, 02:09 PM
|
#6
|
Member
Registered: Jun 2012
Location: Canada
Distribution: Ubuntu/Debian/CentOS
Posts: 45
Rep:
|
I dont know if you are still looking, but Endian 2.5.1 Community is a free firewall. I just built one the other day, and its fairly robust. I haven't messed around with the other firewalls that were listed, and you may be fine by just implementing IPtables, depending on what you need accomplished.
Endian is standalone though, so if you were wanting to throw a firewall on your Linux box, it wont work for you.
|
|
|
06-16-2012, 04:59 PM
|
#7
|
LQ Newbie
Registered: Jun 2012
Distribution: Arch Linux
Posts: 11
Rep: 
|
For physical firewalls in the past, I have had some nice times with Alpine. I've also used ClearOS,which seemed a bit resource intensive for me, but it is very user friendly.
For an add on application to your desktop PC, you really can't go wrong with IPtables. IP tables can have a bit of a learning curve at first. If you need to deploy ASAP, there is a GUI frontend for IP tables called Firestarter that allows you to do basic firewall configuration via a GUI.
|
|
|
06-16-2012, 05:51 PM
|
#8
|
LQ Newbie
Registered: Apr 2012
Posts: 15
Rep: 
|
Quote:
Originally Posted by piradeep
Hi Friends,
I need your suggestions. I need to implement a Linux firewall. As far I inquired, friends are suggesting me to go for Squid. I need to know is there any other package that act as a exact Firewall. IF so, please share the URL or document if possible. I really need your valuable suggestions over this task.
Thank you,
|
Hi,
here are some good videos on linux networking and firewalls
Linux Network Configuration
If you're new to linux networking this is a good introduction. He uses ubuntu server for this video. The firewall setup is at 33:07 into the video, just drag the time line to that point in the video. The firewall he discusses is ufw with examples.
In case you want a basic tutorial on IPTABLES here are three good videos from youtube
Mastering IPTables, Part I
Mastering IPTables, Part 2
Mastering IPTables, Final Installment
Hope this helps
Last edited by Mike_P; 06-16-2012 at 08:19 PM.
|
|
1 members found this post helpful.
|
06-17-2012, 03:51 AM
|
#9
|
LQ Newbie
Registered: May 2012
Distribution: RedHat/CentOS
Posts: 27
Original Poster
Rep: 
|
@montel, @nick2day, @Mike_P - Thank you. Thanks a lot. Being a php programmer and partially working with Linux for past 2 years, I just became a full time Linux System Administrator two months back. I am still at the research stage in implementing Linux Firewall.
Right now going through the document that Prince has suggested me. My client has a windows administrator and he needs a GUI interface to manage Linux Firewall and filter Websites, so that he can manage the network, after my implementation. He has given me 2 months. So I am in no rush. I am planning to do a lot of research with what you friends have suggested for me.
I am planning to go through all the documents that you all have suggested. Got three testing machines now. Implement it, test all those mentioned above and will give you all a detailed post after successfully implementing at my client network. Thanks for all your support guys. Do let me know, if you comeup with anything.
|
|
|
06-17-2012, 02:25 PM
|
#10
|
Member
Registered: Aug 2009
Location: /Universe/Earth/India/Pune
Distribution: Slackware64 -Current
Posts: 890
Rep: 
|
Good luck. 
|
|
|
06-17-2012, 03:52 PM
|
#11
|
Member
Registered: Jun 2012
Location: Canada
Distribution: Ubuntu/Debian/CentOS
Posts: 45
Rep:
|
Let me know what you decide on. I have only setup Endian, and have never heard of, or researched the other options thoroughly. Whatever you go with, I would like to look into.
Good Luck 
|
|
|
06-18-2012, 09:10 PM
|
#12
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,426
|
Just to clarify, iptables is the default Firewall technology that comes as std on Linux.
You can find GUI front-ends eg Firestarter I believe, but you really do need to understand it in depth if you are to set it correctly.
Nothing worse than over-confidence in a security tool....
Once you understand it, then feel free to manage via a GUI if that suits you.
You'll find that most of the suggestions above (if not all for Linux based solns) are in fact running iptables underneath anyway ...
|
|
|
06-25-2012, 08:10 PM
|
#13
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,426
|
Hope this clarifies things:
1. iptables is the current built-in technology inside linux to setup a 'firewall'.
ipcahins was the old tech; ignore ...
2. Bastille is a system tightening tool; basically a set of scripts that change settings etc to make more secure. It is not a firewall or a proxy.
Read the linked site carefully and do not accept any changes if you don't understand them.
3. as near top qn; squid is a proxy, not a firewall.
4. see also tcp wrappers
http://www.cyberciti.biz/faq/tcp-wra...deny-tutorial/
5. see also the Security forum stickies for in-depth advice
You may find these links handy
http://rute.2038bug.com/index.html.gz
www.linuxtopia.org, particularly the sysadmin section
Last edited by chrism01; 06-25-2012 at 08:12 PM.
|
|
|
06-26-2012, 08:25 AM
|
#14
|
Senior Member
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,070
|
Just to clarify the clarifications, a little:
- I think there may have once been some other content in this thread which, while on a similar topic, a mod has decided constituted a thread hijack. So Chris's answers about bastille and ipchains, while looking to be random answers to questions that no one had asked, would have made perfect sense when the other content was present
- covering the basics: iptables/netfilter is the firewall for modern versions of Linux: some people don't like working with iptables directly and use a 'front end' (ie, a nice, friendly graphical program for configuring); the firewall is still iptables, though, and it is a good idea to have some feeling for what iptables can (and cannot) do for you, even if you use a graphical thingy (iptables)
- things like ClearOS, IPCop, eBox Platform, Monowall (and a slew of others) are intended as single-box sme solutions; one of those might be appropriate if you want to dedicate a box to providing this kind of function for a network; as montel put it "if you were wanting to throw a firewall on your Linux box, it wont work for you" (because firewalling, or maybe firewalling plus mail serving and similar functions will be all that box will then do for you)
Quote:
My client has a windows administrator and he needs a GUI interface to manage Linux Firewall and filter Websites, so that he can manage the network, after my implementation.
|
I feel horrible doing this, but when I don't it goes wrong - your client is a person, rather than something client/server related
- this person employs another person, who is a windows admin
- the windows admin is thought able to use a gui, but beyond that is useless (and I'm extra sorry about that)
- (s)he is expected to manage the firewall
- that person is expected to organise the filtering of websites
Notes: - windows admins are often not the ideal people to do anything other than admin windows; there is a certain amount of 'untraining' and 'seeing the wider picture' that they need to be able to cope. No guarantees on how that will work. It is probably in the minority of cases that it actually works well, and sometimes it works really badly. Any time like this, tradition is to finish the section with the letters YMMV.
- with regard to filtering the websites, iptables is not the right tool. Squid (a caching proxy server) is the right tool. You could make iptables sort of work for you, but it works at the wrong layer of the iso model (amongst other problems).
- there might be some mileage in investigating something like webmin; I haven't used it for administrating either iptables or squid, but its probably the closest you'll get to a GUI tool
- note that on Linux, a firewall is a firewall; on windows, a firewall is often a bundle of security programs that do various things beyond being a firewall; if you want the functions beyond the firewall functions (eg Antivirus, for windows machines on the network) you'll have to get those separately
|
|
|
06-28-2012, 01:25 AM
|
#15
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,426
|
Thanks for that; I think you may be right; I'm sure my notes made sense at the time.
Good clarifications by the way 
|
|
|
All times are GMT -5. The time now is 01:13 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|