hai all..

i'm quite new with linux.. but being the only one in my office that understand linux and using it, i have been chosen to install a firewall for my co.

now.. i know nothing about firewall.. except that they block u from accessing some juicy sites.. hhehehe.. but i want to try it and learn something new.

i google the internet about firewall (and here too) and to tell u the truth.. it made me even more confused.. i'm quite sure my co requirements is not that complicated and IMO it must be quite easy..

my co asked me to install ipcop. now i'm familiar with iptables and a few squid acls.. is ipcop using the same thing? whats bugging me.. during the installation my painintheass boss will be there during the installation + configuration. i dont want to look lost coz if i do.. he'll gonna raise some hell.

i've seen a working ipcop at my friend's office.. looks intimidating.. anyone know where to learn more about ipcop.. i meant a real world working example or walkthrough coz i dont want to scew up. i think installing it is not a problem for me just the configuration part.

Good luck man... I wouldn't tolerate my boss looking over my solder. No one can work like that and this isn't something that is going to take 5 minutes.

You will spend time installing, reading references, initial setup, reading more references, configuration, yeap.. more references, testing, tweaking, read why xxx isn't working, tweaking....

That is not the time for "why is it doing that?", "Ok tell me what you just did so I know how to do it", etc...

If I were you, I would ask my boss to leave me to it and once I had it completed I would provide a process on installation, configuration, and then a walk through. For the walk through hook a client pc up to it so he can see how it interacts, logs, etc.

Just be sure to take lots of notes Also, you definately should be installing it and testing it on your own if you plan on going through with this.

Hearing about someone with a boss like that makes me angry. Frankly, I wouldn't want to be in your shoes when/if it crashes. Running something like a firewall in a production environment with little or no real world experience is a dangerous endeavor. When it goes down you won't have access to the net, nor will you have a tech support number to call for help.

If the company is of any size I would suggest you spend some money on a product with support directly from the maker, such as Astaro. At the very least find a company near you that supports IPCop and contact them about their rates.

When the whole place goes down (it's only a matter of time) you will thank god you did

yea.. man. it sucks big time. but unfortunately, unless something bad happen to him *evil grin*, its unavoidable. *sigh*.

i guess i can go through the whole process of configuring quite easily.. its just that i need the cushion if it wont work. espcially when i lock myself out from the internet. *gulp*

Well, and easy way to be safe (cheaper anyways) is to get it all up and running and then use a product like Altiris to image the drive, create a restore disk, and cp the image to a server internally.

Then if anything goes wrong with it you will always be able to start fresh again without reinstall/configuration. If you decide to do something like that (be it altiris, ghost, etc) just be sure to create a new image ANY TIME you make a change

If you're looking around for a good firewall, I'd suggest taking a look
at homeLANsecurity 1.4.0.
I run this firewall myself and it not only has all the features I want,
but is incredibly easy to configure.

Just thought I'd put in my two cents about that part of it. I have no
idea about ipcop. I too would have a hard time putting up with a
boss like yours. Amazing what we'll do for a paycheck huh?

Good luck!

update..

well.. well.. well.. the installation went smoothly. all under 30 mins. ipcop works great! updating the patches was easy. setting the rule was simple. ipcop had been up and running for two weeks with no problem. i'm very impressed with it. and so does my boss. hehehehe...

maybe now is a good time to discuss with him about a pay raise eh?

I use Ipcop at home myself and it runs perfectly, just remember to check your firewall and IDS log files regularly

I like to use iptables, an important thing to know is your highs and low ports.
A server and a client machine send and receive though there ports a little differently.

i'll post up an example later,