Re: Linux box as firewall
From: Larry Offley (lucullus@telus.net)Date: 04/09/02
- Previous message: Jasmine Sim: "Security Issues on Internet Banking"
- In reply to: Jason Dixon: "Re: Linux box as firewall"
- Next in thread: Peter Hamilton: "RE: Linux box as firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Larry Offley" <lucullus@telus.net> To: "jeremy" <jeremy_cassidy@mindlink.bc.ca>, "Neil McKie" <neil.mckie@ntlworld.com>, "David Hayes" <David.Hayes@gmx.net>, "Jason Dixon" <jwdixon1@yahoo.com> Date: Tue, 9 Apr 2002 14:39:01 -0700
As of march 1st 2002 you can run it with the 2.4 kernal. it's a mini distro
and is redhat 7.2 rpm compatible. has snort installed by default has an easy
https web interface for people who don't want to mess with the cmd line. I
have a couple of them going and so far they have been very nice to work
with. I use one for my internet cafe and if there is a problem and of the
staff can easily reset the internet connection from and nice text menu on
the first console. The web interface make upgrading for bug/security patchs
very easy and if there is anything you wanto add well if it will run on
redhat 7.2 you can use the same rpms here.
Features:
Firewall
Interruption detection with Snort
Secure shell via SSH
Banner ad blocking with Junkbuster
PPTP VPN server (experimental)
Web Server
Apache web server
Support for CGI and PHP
SSL-enabled
File Services
Journalled file system with ext3
FTP server
Windows file server
AppleShare file server
WebDAV support
Printing
Print server support
Printer sharing for Samba/Windows networks
Easy Configuration
Web-based configuration
Optional Webmin package
Network Support
DSL (including PPPoE)
Cable Modem
Internal DHCP server
Caching nameserver
Larry Offley
Network Admin.
----- Original Message -----
From: "Jason Dixon" <jwdixon1@yahoo.com>
To: "jeremy" <jeremy_cassidy@mindlink.bc.ca>; "Neil McKie"
<neil.mckie@ntlworld.com>; "David Hayes" <David.Hayes@gmx.net>
Cc: <security-basics@securityfocus.com>
Sent: Monday, April 08, 2002 1:27 PM
Subject: Re: Linux box as firewall
> Unless you're really dedicated to using Linux, I'd really suggest you
> reconsider something like OpenBSD. *BSD, in general, is much simpler and
> elegant in design than Linux. This also makes *BSD systems much easier to
> configure and tighten for firewalls. OpenBSD, in particular, is regarded
> as one of the most secure OS's available, and runs on cheap commodity
> hardware. I have an old P133 with 16 megs of RAM working as my 3 pronged
> firewall gateway. It includes stateful packet inspection, VPN (isakmp),
> and wireless support "out of the box" (no recompilation required). If you
> wanted to try the same thing in Linux, you'd have to use a modern kernel
> (2.4.x) for IPtables, recompiling for FreeSwan VPN (if you choose
FreeSwan,
> the likely choice for Linux VPN's) and wireless driver support. You might
> find exceptions for the aforementioned items in some of the various
> firewall mini-distro's, but it's highly unlikely you'll find all three.
>
> IPcop and SmoothWall, for example, while very easy to administer via web
> interface, use the 2.2/IPchains kernel, which does NOT support stateful
> inspection. In fact, I have yet to come across *any* firewall
> mini-distro's that use the 2.4.x kernel.
>
> Just my $.02.
>
> -Jason
>
> At 03:22 PM 4/7/2002 -0700, jeremy wrote:
> >IPCOP is a great firewall machine, easy to set up and very nice help on
the
> >mailing lists....
> >
> >http://www.ipcop.org
> >
> >Jer
> >Privileged/Confidential Information may be contained in this message.
> >If you are not the addressee indicated in this message (or responsible
> >for delivery of the message to such person), you may NOT copy, forward,
> >CC, BCC or deliver this message to anyone. In such case, you should
destroy
> >this message and kindly notify the sender by reply email. Please advise
> >immediately
> >if you do not consent to Internet email for messages of this kind.
Opinions,
> >conclusions
> >and other information in this message do not relate to the anyone other
than
> >the sender.
> >
> >----- Original Message -----
> >From: "Neil McKie" <neil.mckie@ntlworld.com>
> >To: "David Hayes" <David.Hayes@gmx.net>
> >Cc: <security-basics@securityfocus.com>
> >Sent: Friday, April 05, 2002 11:52 AM
> >Subject: Re: Linux box as firewall
> >
> >
> > > I have been using Smoothwall for over a year now and have been very
> >pleased
> > > with it. I have cable now but I had 56k when I first started using it.
Its
> > > extremely easy to setup and maintain.
> > >
> > > Other than Smoothwall, there are quite a few firewall orientated
> > > mini-distros like it but IMO none of them are as good.
> > >
> > > You could also setup a Linux box using a normal distro like Slackware
or
> > > Debian and use iptables/chains.
> > >
> > > I have always liked Realtek as cheap and easy to use cards for Linux.
But
> > > you could always just use some old 10mb ISA (NE1000/2000 compat.).
> > >
> > > Any good serial modem should work with Linux (I think). Or get a good
> >Lucent
> > > chipset Internal modem.
> > >
> > >
> > > ----- Original Message -----
> > > From: "David Hayes" <David.Hayes@gmx.net>
> > > To: <security-basics@securityfocus.com>
> > > Sent: Friday, April 05, 2002 11:49 AM
> > > Subject: Linux box as firewall
> > >
> > >
> > > > Hi,
> > > > I've got an old p150 with about 64Mb Ram hanging around that I'm
going
> >to
> > > > set up as a firewall for when I get broadband. I have a few
questions
> >that
> > > > hopefully somebody can answer
> > > > 1. Whats the best distribution to use, I have had quite a bit of
> > > experience
> > > > with Linux but not for the last 4/5 years so I'm a bit out of touch.
> > > > 2. I'll need a network card for the box, any reccomendations for a
> > > > cheap(ish) card that will be easy to configure under linux
> > > > 3. Until I get broadband I'll probably set it up so the Linux box
dials
> >my
> > > > normal ISP, I've only got a cheap winmodem any reccomendations for a
> >good
> > > > modem to use with Linux
> > > > Thanks for all your help
> > > > David Hayes
> > > >
> > > > --
> > > > GMX - Die Kommunikationsplattform im Internet.
> > > > http://www.gmx.net
> > > >
> > >
> > >
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
- Previous message: Jasmine Sim: "Security Issues on Internet Banking"
- In reply to: Jason Dixon: "Re: Linux box as firewall"
- Next in thread: Peter Hamilton: "RE: Linux box as firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
