Linux firewall/IDS/NAT suggestions

From: Petty, Robert (
Date: 05/30/03

  • Next message: Sandra Hernandez: "deny deleting a file for users"
    To: "Petty, Robert" <>,
    Date: Fri, 30 May 2003 09:54:37 -0600

    I am a seasoned admin, working with Solaris, AIX and the fluffy penguin now
    for 8 years or so....

    I have learned quite a lot about the trade, including to be very cautious
    about proclaiming a system to be secure if I don't absolutely positively
    kinda believe it is....

    Thus my question:

    I want to setup a Linux firewall for a small network of 15 machines
    connected live to the internet via broadband. I don't want to put something
    in place that has a glaring hole I don't know about that makes the
    installation more insecure with a false sense of security.

    Which kernel would be best? 2.0.x, 2.2.x, or 2.4.x?

    Should snort be running on the firewall machine or another machine? If on
    another machine, should I put the firewall and IDS box on a hub as the first
    hop so they both see the same traffic? The customer's router is not
    manageable (linksys) and they have no budget for a Cisco Router or PIX.

    The Linux box will serve as a secondary NAT layer, any pitfalls with this?

    Should SSH go to the firewall machine or be passed through to an internal
    Linux box?

    Should the NAT and Firewall rules be written and maintained on CD-R media so
    a malicious attacker cannot hide rule changes? Should the firewall be
    re-initialized on a schedule to ensure the live rules are those from the
    read-only media?

    Last, but not least, what's a good HowTo that can be used as a basis? I
    would prefer one that starts off a little more strict so I can simplify
    rather than have to bone up on all of the current vulnerabilities.

    Thanks for any replies!


  • Next message: Sandra Hernandez: "deny deleting a file for users"