Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-10-2006, 08:49 AM
|
#1
|
LQ Newbie
Registered: Jun 2006
Posts: 27
Rep:
|
Help with Guarddog
Hi, I am trying to setup a linux firewall between the internet and the computers on my network. My buffalo router does come with a built in firewall, but it seems to be lacking so I was wondering what I have to do to get Guarddog to work on Mepis. I already installed another NIC on my computer so that is done, but I just don't know exactly how to set it up. What should I do?
BTW: My router is now configured to act as a dhcp server and a firewall.
Thanks
Last edited by flashstar; 08-10-2006 at 08:52 AM.
|
|
|
08-10-2006, 06:30 PM
|
#2
|
LQ Newbie
Registered: Jun 2006
Posts: 27
Original Poster
Rep:
|
Does anyone have a suggestion? I would like the server to just act as a firewall, but if I need it to be a dhcp server, I can probsbly do that.
|
|
|
08-10-2006, 09:31 PM
|
#3
|
Member
Registered: Jan 2006
Location: Connecticut
Distribution: Ubuntu 10.10, Lubuntu 10.10, #!Crunchbang 10 "Statler"
Posts: 84
Rep:
|
I'm assuming your setting up a seperate machine to act as a firewall between your router and network, you might be better off using a version of linux designed to act as just a firewall...
check out www.smoothwall.org
hope this helps
I have used guard dog, but only on local machines.
Mike
|
|
|
08-10-2006, 10:26 PM
|
#4
|
LQ Newbie
Registered: Jun 2006
Posts: 27
Original Poster
Rep:
|
Thanks for the recommendation, but I need to be able to run a CSS server and a music server on this machine as well.
|
|
|
08-11-2006, 12:27 PM
|
#5
|
Member
Registered: Aug 2006
Distribution: MEPIS
Posts: 73
Rep:
|
When I ran the live CD of MEPIS Linux some weeks ago, it 'installed' Guarddog by default, even though it couldn't get the network set up. Maybe you only need to burn an ISO of the new version?
So how will this PC-as-firewall thing work? You connect that one PC to the Web, then connect all your other PCs to that PC (twisted wire Ethernet?)? I'm still quite ignorant about networks, and just divide all my computing between online PC (only Web stuff, e-mail) and offline PC (any actual writing or other data production/manipulation).
|
|
|
08-11-2006, 02:38 PM
|
#6
|
Member
Registered: Mar 2006
Location: Oakville
Distribution: Mandrake
Posts: 37
Rep:
|
computer to computer you need to use a crossover cable. You will be making an internal network so for your internal network you can leave your selected ports open, example DHCP, music, etc.. Then on the connection going to the internet (different IP address range) you block all the ports you dont want open. Then for your DHCP server your going to have to change your gateway to your extenal address.
Edit: your cable depends on your situation. You use a cross over cable from like devices to like devices, router to router, switch to switch, computer to computer..
Last edited by Super7; 08-11-2006 at 02:39 PM.
|
|
|
08-11-2006, 06:19 PM
|
#7
|
LQ Newbie
Registered: Jun 2006
Posts: 27
Original Poster
Rep:
|
I would like to put my linux box between the cable modem and my wireless router if this is possible. This requires a standard cable right? Anyway, so what you said Super7 is all I need to do? How do I configure each NIC independently? My internal netowrk which is configured by my wireless router has the ip range 192.168.2.x with the router being 192.168.2.1 and the external network by my cable provider has a dhcp address. What do I need to set each card to (eth0 is the external network and eth1 is the internal network) and what should the linux box's address be? Also, how would I go about setting the IP address of my linux box which will be the firewall?
EDIT: Do I need to set the gateway on my wireless router?
Thanks a bunch
Last edited by flashstar; 08-11-2006 at 06:21 PM.
|
|
|
08-11-2006, 09:18 PM
|
#8
|
Member
Registered: Jan 2006
Location: Connecticut
Distribution: Ubuntu 10.10, Lubuntu 10.10, #!Crunchbang 10 "Statler"
Posts: 84
Rep:
|
Quote:
Originally Posted by techwatcher
When I ran the live CD of MEPIS Linux some weeks ago, it 'installed' Guarddog by default, even though it couldn't get the network set up. Maybe you only need to burn an ISO of the new version?
So how will this PC-as-firewall thing work? You connect that one PC to the Web, then connect all your other PCs to that PC (twisted wire Ethernet?)? I'm still quite ignorant about networks, and just divide all my computing between online PC (only Web stuff, e-mail) and offline PC (any actual writing or other data production/manipulation).
|
You might be able to get that to work,... but the easier way is to put the firewall PC between the Cable/DSL modem and a seperate router, That way the firewall becomes "transparent" to all your local machines connected to your router & internet.
I don't know if its possible to have ONE PC be both an independant firewall for your network AND a game server. The whole idea behind a good firewall is that it's NOT visible to anyone on "the outside".
but I could be wrong....
|
|
|
08-11-2006, 09:48 PM
|
#9
|
Member
Registered: Jan 2006
Location: Connecticut
Distribution: Ubuntu 10.10, Lubuntu 10.10, #!Crunchbang 10 "Statler"
Posts: 84
Rep:
|
Quote:
Originally Posted by flashstar
I would like to put my linux box between the cable modem and my wireless router if this is possible. This requires a standard cable right? Anyway, so what you said Super7 is all I need to do? How do I configure each NIC independently? My internal netowrk which is configured by my wireless router has the ip range 192.168.2.x with the router being 192.168.2.1 and the external network by my cable provider has a dhcp address. What do I need to set each card to (eth0 is the external network and eth1 is the internal network) and what should the linux box's address be? Also, how would I go about setting the IP address of my linux box which will be the firewall?
EDIT: Do I need to set the gateway on my wireless router?
Thanks a bunch
|
In theory this is a very cool idea, but the way I can see it physically connected you would need 3 nics
2 for the in and out of the firewall and a seperate nic for the CSS server.
That way the Nic assigned to the server would get an ip address from the router and the 2 Nics for the firewall would be configured to just pass through allowed packets...
wait, maybe...no that won't work....I have no idea.. my head hurts...
|
|
|
08-12-2006, 12:24 AM
|
#10
|
Member
Registered: Mar 2006
Location: Oakville
Distribution: Mandrake
Posts: 37
Rep:
|
yes you only need 2 nics, the earleir post about transparent firewall also is ideal, transparent firewalls can be a little harder to control. you dont need 3 nics to complete the task from the ip addresses that you listed it sounds like you have a linksys wireless router and that itself is a Nat/firewall. you can put all that want behind it. If you had a switch I would keep wireless seperate from the rest of your network as wep keys are easy to crack with airsnort(etc..) and put the rest of your services on the rest. firewalls can support many contexts so its like layering your security. if you could tell us what hardware you have and how it is laid out it would help alot to tell us what you really desire, or how we can help you change what you have.
Last edited by Super7; 08-12-2006 at 12:25 AM.
|
|
|
08-12-2006, 02:06 AM
|
#11
|
LQ Newbie
Registered: Jun 2006
Posts: 27
Original Poster
Rep:
|
I hope I don't need 3 nics because they won't fit into this small computer case I have. I can have 2 though. Anyway, here is a layout of my network as of now. We are using WDS so that's why we have so many wireless routers. Only the first one does dhcp though. I think that if this is not possible, I might just buy a hardware firewall and use the linux server for a CSS server and music server only. If it's possible to configure though, I don't mind setting the linux box up to be a firewall.
http://www.godsofallmedia.com/images...ut General.bmp
Thanks again.
|
|
|
All times are GMT -5. The time now is 07:22 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|