LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-06-2004, 12:39 AM   #1
InTheWired
LQ Newbie
 
Registered: Apr 2004
Location: Sydney, Australia
Distribution: Mandrake
Posts: 29

Rep: Reputation: 15
how secure is a fully patched linux firewall?


1) if i was to setup an old pc as a firewall box running something like mandrake 9.2 what do i need?

i assume 2 nic cards? 1 connected to adsl modem other connected to a hub/switch which i connect home pcs too?

2) Also say i _was_ to use a linux firewall instead of the built in port forwarding in my adsl/router how much more safe is it... assuming i keep all patches up-to-date.

in short, basically how hard is it for someone to hack a patched up linux firewall with all ports closed except ports 80 and 23? (i'll be using it for basic home webhosting and email)

cheers for any help

Last edited by InTheWired; 04-06-2004 at 04:14 AM.
 
Old 04-06-2004, 06:15 PM   #2
nex6
Member
 
Registered: Apr 2004
Distribution: Ubuntu;Debain;Redhat
Posts: 46

Rep: Reputation: 16
It all depends on your needs,


I have a on old p133 with a minimum install , and iptables with NAT.

and yes you need 2 network cards altho it is possible to do it with one. It is better to use 2.

As far as getting hacked, It all depends on your firewall script and how well
you locked down the machine your using as a firewall box.


hope this answers your question, if not let me know.



-Nex6
 
Old 04-06-2004, 10:56 PM   #3
InTheWired
LQ Newbie
 
Registered: Apr 2004
Location: Sydney, Australia
Distribution: Mandrake
Posts: 29

Original Poster
Rep: Reputation: 15
nex
cheers, big help so basically i just install the bare minimum and only open the low ports for 80, 23 and 25. for mail, ftp and web
 
Old 04-06-2004, 11:08 PM   #4
vi0lat0r
Member
 
Registered: Aug 2003
Location: Lewisville, TX
Distribution: Kubuntu
Posts: 295

Rep: Reputation: 30
well maybe 8080... are you going to be running any chat clients? If so, keep the ports they use open also.
 
Old 04-06-2004, 11:25 PM   #5
InTheWired
LQ Newbie
 
Registered: Apr 2004
Location: Sydney, Australia
Distribution: Mandrake
Posts: 29

Original Poster
Rep: Reputation: 15
yep i'll remember to only open ports as they are specifically needed... im fairly disciplined in that regard as i use port forwarding on my adsl router at home with windows and know i have to open ports when a program is requesting them
 
Old 04-07-2004, 10:30 PM   #6
nex6
Member
 
Registered: Apr 2004
Distribution: Ubuntu;Debain;Redhat
Posts: 46

Rep: Reputation: 16
you can also use 3 network cards and have a DMZ,


just a thought....



Nex6
 
Old 04-07-2004, 11:43 PM   #7
InTheWired
LQ Newbie
 
Registered: Apr 2004
Location: Sydney, Australia
Distribution: Mandrake
Posts: 29

Original Poster
Rep: Reputation: 15
nex hmm whats the 3rd card used for in regards to dmz? Could you just use two cards? one which has a dmz from the modem and the other connected to a switch?
 
Old 04-07-2004, 11:58 PM   #8
nex6
Member
 
Registered: Apr 2004
Distribution: Ubuntu;Debain;Redhat
Posts: 46

Rep: Reputation: 16
basicly, you setup iptables,


eth0 = internet
eth1 = internal LAN
eth2 =DMZ

you setup iptables to send incomming traffic to the dmz, and block ALL incomming traffic to the internal LAN


this way you can have the public server thats not public and a secured internal network.

note: you can get all fancey with ip alias's and othe funky things to have less network cards , but it easyer to use 3 keep it simple.




-nex6

Last edited by nex6; 04-08-2004 at 12:01 AM.
 
Old 04-08-2004, 02:52 PM   #9
paijm021
LQ Newbie
 
Registered: Apr 2004
Location: Germany
Distribution: Slackware 9.1
Posts: 20

Rep: Reputation: 0
I have the same problem, interesting thread!
 
Old 04-08-2004, 09:10 PM   #10
InTheWired
LQ Newbie
 
Registered: Apr 2004
Location: Sydney, Australia
Distribution: Mandrake
Posts: 29

Original Poster
Rep: Reputation: 15
I'll have to read up more on DMZ, as far as i've gathered so far...

You have web/mail/ftp - basically anything public - inside the DMZ attached to eth2. For example, You setup routes so that any traffic going to http is directed to webserver x within the DMZ, you can either use public IPs for those servers or internal.

You have all external web traffic coming into eth0 checked then routed internally if need be

eth1 is internal

am i understanding that correctly? sorry its just really re iterating what you said anyways but i just needed to get it clear in my head
 
Old 04-09-2004, 08:45 AM   #11
mychl
Member
 
Registered: Jul 2001
Location: Earth
Posts: 164

Rep: Reputation: 30
Sounds about right to me....

DMZ's are a good thing!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH /firewall problems with mdk 10.0 linux-secure thomas.nichols Mandriva 3 03-25-2005 03:13 PM
firewall cant make me secure!!help vermaamitabh Linux - Security 1 11-02-2004 07:46 AM
is this secure without a firewall? shanenin Linux - Security 2 01-09-2004 01:56 AM
How secure is the D-Link firewall? /bin/bash Linux - Security 1 09-19-2003 07:46 AM
Secure samba through firewall Leffe Linux - Software 0 07-16-2002 07:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration