Link to home
Start Free TrialLog in
Avatar of Kejtar
Kejtar

asked on

Simple Linux Proxy (router) and firewall

I am lookin to experiment with linux's proxy and firewall capabilities.  I purchased an el-cheapo for that purpose of egghead (Pentium 100, 1GB HD, 16MB of RAM, though I will most likely end up upgrading the RAM).
After adding two network cards, I am planning to install Red Hat6.2 through a network and then go for it.
I am looking for suggestions.... This is for experimental home use, with cable modem connection which assigns me an ip.  Other Clients in the house include win2k, linux 6.2, win98....

So what am I looking for? suggestions!
I will choose one based on easiness of setting up, it's usefulness and security.

I know that this question is worth more than 200 points, but for now I give 100 points since I will probably have to assign partial credit to different people, but I promise to give you credit for your input (valid input that ends up being used by me!) and if one person ends up being the winner, I will bump up the points accordingly.
Kejtar
P.S. Please do not lock the question!!! I want to analyze, rethink and test out different approaches!!!!!
Kejtar
Avatar of jlevie
jlevie

If all you want is a simple Internet gateway, you might want to look at the Linux Router Project (http://www.linuxrouter.org/). It works very well and requires very little hardware on the gateway.

If you want to use RH 6.2, then I'd suggest a custom install with only the minimum set of packages. Don't install X, or any of the other things that you'd ordinarily have on a workstation. Then set up both NIC's (see the Ethernet HowTo) and follow procedures in the IPMasq & Ipchains HowTo's.
Avatar of Kejtar

ASKER

I looked at what ZDNET had posted regarding building a small firewall and a router with only a floppy drive, but I want a little bit more.... Down the road for the sheer purpose of just playing with it I was thinking about putting small webserver, maybe ftp server..... which would make the linux router project a little bit too limited... appreciate the input though..
Kejtar
Yeah, if you wanted a web or ftp server the Linux Router wouldn't be a good choice. I believe it might could be done with that, but it would be easier with a more general Linux installation running from a hard disk.
You should take a look at the ipchains HOWTO. This describes in detail how to set up a firewall. Basically it's just a set of ipchains commands, but you need to know what you're doing to not leave open holes. Webserver wise Apache is a good choice(comes with Linux6.2) and FTP serverwise probably the default wu-ftpd should do fine. If you need more detail, I'd be happy to provide it, based on your previous Linux experience(i.e. how much do you know about Linux?)
Avatar of Kejtar

ASKER

My knowledge of Linux is fairly limited.  I am looking to actually play with it a little in order to learn it (nothing beats a hands on experience).  I am actually considering using built in features of RH to setup the firewall and then the server down the road.  My biggest hurdle is finding some material on the web about it.  Most of the stuff I have found so far refers to the prior versions (up to 6.1) and they list that there were some drastic changes in 6.2 .
Anyways, looks like I might post a question later regarding precise instructions, but for now I am looking for ideas.
Kejtar
BTW would I see any slowdown in the Internet connection by using only pentium 100, and if so would it be significant?
Kejtar
ASKER CERTIFIED SOLUTION
Avatar of tibori
tibori

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I don't generally use RH as a router/firewall, primarily because it doesn't provide true NAT, and I normally need to be able to NAT into a pool of external addresses, not into a single IP. There's the beginning of support for that in the 2.2.14 kernel with iproute2, but initial investigation suggests to me that it "may not be quite ready for prime time yet", certainly there is a darth of info about its use. Normally I use FreeBSD as an Internet Gateway as it includes/supports ipfilter (see http://cheops.anu.edu.au/~avalon/ip-filter.html for more info). It's been around for quite a while and is pretty well proven. I think it's a lot more flexible than IPMasq/ipchains.

Okay the point of that is that I've got some "real world" experience with various installations using FreeBSD as an Internet gateway (and also a lesser amount with RH). I find that even a 486, configured to be a router/firewall, can pretty well support 10Mbps into and out of the router. Since the ordinary home network isn't going to have a 10Mbps connection to the Internet, one can reasonably state that anything equal to or better than a 486 isn't going to be a bottle neck.
Avatar of Kejtar

ASKER

Hmmmm as tempting as freebsd looks, for now I will stay with RH 6.2 ... FreeBSD might be my next project (maybe in fall?)

tibori thanks for the link I looked at the HOWTO's and I feel ready (till the system comes probably).  Anyways, if I have problems, I will post a question

BTW I will leave it open for couple more days, see if other suggestions come it, but so far the box score will be tibori 100 and 50 for jlevie for a good idea for a next project.
Kejtar
A good way to avoid the hassle is to download a firewall from http://firewall.langistix.com and run through it allowing the servicesyou want and disabling those you dont want.
Also the usual routing should work just fine with masquerading and so on.Apache should be quite okay and it is really simple.
once that is set up the the linux box could be your gateway.You may also want to try out Virtual hosting which allows you to have multiple sites on the same IP for documentation on this see http://www.apache.org/docs/vhosts
I am sure with all that we have said you will be kept busy for some time.
Avatar of Kejtar

ASKER

Thanks for all your help... I finally got the firewall up and running on rh6.2 (took some work, but it's worth it).

jlevie I am posting a separate question with points for you.

Kejtar