Firewalls
Jonathan Hutchins
hutchins at tarcanfel.org
Mon Aug 11 14:56:25 CDT 2003
Since the discussion on Firewalls has come around again, I have to recommend
the works of David Ranch, both in the IP Masquerade HOWTO, and in the
expanded version of this, the TrinityOS documentation and scripts, found at
http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html
The former will get you through setting up a basic firewall from any main
distribution, and is regularly updated (7/9/03). I've found that the
configuration rarely needs updating, as it's secure by default. If you want
to do something new, like Voice-over-IP, you have to enable it.
The TrinityOS documents themselves include scripts that will do most of the
configuration for you with a few minor customisations (hostname, IP
addresses, things like that). They are a much more thorough exploration of
placing a secure server on the internet and implementing a protected private
network behind it. They discuss a lot of aspects of security and
configuration, and are a very helpfull guide for anyone setting up a system.
I haven't doen everything according to the Trinity scripts, having come upon
them after I'd started building hardened servers, but they are an excellent
reference and I belive that they would be a great starting place for someone
new to linux who wanted to build a firewall.
These scripts assume that if you're building a system that's meant to be a
server and/or firewall you do NOT need to install any GUI on the system.
They work entirely in text mode with the standard configuration files.
I haven't worked with any of the packaged firewalls aside from one (quickly
wiped) installation of Mandrake's MNF, but I would highly recommend that
anyone considering a Linux firewall read David's work first before they
decide on how to proceed. They will work fine on a P120 with a 1.2G disk.
I've run with 16M but would recommend 32.
http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html
More information about the Kclug
mailing list