LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   routers as a security measure (https://www.linuxquestions.org/questions/linux-security-4/routers-as-a-security-measure-437790/)

cylarz 04-22-2006 02:58 PM

routers as a security measure
 
As mentioned in my other posts, I run a stand-alone FC-5 box. It's located in the DMZ area on a spur of a large network.

I'm thinking of obtaining a small router/firewall of some kind and adding it as a security measure. I would assign it my static IP, and have it forward requests bound for ports 80, 22, and 25 to the server. (Those are the only 3 that I want open to the outside world.)

Question. Do you see any advantages or disadvantages to a scheme like that? One advantage I see is that by adding a hardware firewall, it would make absolutely sure only those ports were open. Any drawbacks?

TigerOC 04-22-2006 03:57 PM

It's kind of double insurance and does work. I have a firewall on my adsl/modem router and a separate more sophisticated one on the server. The router firewall does a very good job and I can then fine tune exclusions such a s abusive ip addresses on the server firewall.

cylarz 04-24-2006 02:57 AM

re: routers as a security measure
 
Which model do you recommend for me and how much can I expect to pay? Remember, all I need is a basic firewall device that will prevent banned IP's from reaching the box. There will be only one machine (the server) attached.

Preferably something with an easy-to-use terminal program that will let me type in those addresses via remote access.

ioerror 04-24-2006 05:39 AM

Quote:

Which model do you recommend for me and how much can I expect to pay?
One solution would be an old laptop with a couple of pcmcia nics. This would give you a full-blown Linux system (much more flexible than the firmware in a router), a built-in UPS etc. A 486 would suffice, the only snag would be getting sufficient ram (4mb would be tight (but usable with some tweaking), 8mb would be doable, 12mb should be very comfortable, any more than 16mb would probably be overkill for a small dedicated firewall). Should be cheaper than a hardware router too.

TigerOC 04-24-2006 12:20 PM

Following on ioerror there is a Linux based version available called coyotelinux that would do this very well on 486 + boxes.


All times are GMT -5. The time now is 07:22 AM.