Solved

Simple Linux Proxy (router) and firewall

Posted on 2000-04-24
10
443 Views
Last Modified: 2010-03-18
I am lookin to experiment with linux's proxy and firewall capabilities.  I purchased an el-cheapo for that purpose of egghead (Pentium 100, 1GB HD, 16MB of RAM, though I will most likely end up upgrading the RAM).
After adding two network cards, I am planning to install Red Hat6.2 through a network and then go for it.
I am looking for suggestions.... This is for experimental home use, with cable modem connection which assigns me an ip.  Other Clients in the house include win2k, linux 6.2, win98....

So what am I looking for? suggestions!
I will choose one based on easiness of setting up, it's usefulness and security.

I know that this question is worth more than 200 points, but for now I give 100 points since I will probably have to assign partial credit to different people, but I promise to give you credit for your input (valid input that ends up being used by me!) and if one person ends up being the winner, I will bump up the points accordingly.
Kejtar
P.S. Please do not lock the question!!! I want to analyze, rethink and test out different approaches!!!!!
Kejtar
0
Comment
Question by:Kejtar
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
If all you want is a simple Internet gateway, you might want to look at the Linux Router Project (http://www.linuxrouter.org/). It works very well and requires very little hardware on the gateway.

If you want to use RH 6.2, then I'd suggest a custom install with only the minimum set of packages. Don't install X, or any of the other things that you'd ordinarily have on a workstation. Then set up both NIC's (see the Ethernet HowTo) and follow procedures in the IPMasq & Ipchains HowTo's.
0
 
LVL 1

Author Comment

by:Kejtar
Comment Utility
I looked at what ZDNET had posted regarding building a small firewall and a router with only a floppy drive, but I want a little bit more.... Down the road for the sheer purpose of just playing with it I was thinking about putting small webserver, maybe ftp server..... which would make the linux router project a little bit too limited... appreciate the input though..
Kejtar
0
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
Yeah, if you wanted a web or ftp server the Linux Router wouldn't be a good choice. I believe it might could be done with that, but it would be easier with a more general Linux installation running from a hard disk.
0
 
LVL 3

Expert Comment

by:tibori
Comment Utility
You should take a look at the ipchains HOWTO. This describes in detail how to set up a firewall. Basically it's just a set of ipchains commands, but you need to know what you're doing to not leave open holes. Webserver wise Apache is a good choice(comes with Linux6.2) and FTP serverwise probably the default wu-ftpd should do fine. If you need more detail, I'd be happy to provide it, based on your previous Linux experience(i.e. how much do you know about Linux?)
0
 
LVL 1

Author Comment

by:Kejtar
Comment Utility
My knowledge of Linux is fairly limited.  I am looking to actually play with it a little in order to learn it (nothing beats a hands on experience).  I am actually considering using built in features of RH to setup the firewall and then the server down the road.  My biggest hurdle is finding some material on the web about it.  Most of the stuff I have found so far refers to the prior versions (up to 6.1) and they list that there were some drastic changes in 6.2 .
Anyways, looks like I might post a question later regarding precise instructions, but for now I am looking for ideas.
Kejtar
BTW would I see any slowdown in the Internet connection by using only pentium 100, and if so would it be significant?
Kejtar
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 3

Accepted Solution

by:
tibori earned 100 total points
Comment Utility
Yah, you're right, it's still a bit difficult to find documentation on 6.2 since it's too new. However firewalling through ipchains(built in)should be pretty similar. Let me throw some useful links your way:
http://metalab.unc.edu/pub/Linux/docs/HOWTO. This is the full set of HOWTO's which go into detail on how to set up all kinds of things. They're updated fairly frequently so they should have 6.2 info in there too. For firewall setups look at the ipchains howto, but don't get intimated by it since it's a detailed all-inclusive guide. You can probably do what you want to do with three lines of the ipchains command. Another useful link that I use is www.rpmfind.net/linux/rpm. This is a good place to get RPM packages which are like installable EXE's for Windows. Of course redhat's homepage should have quite a bit of good information too.

NO, a P100 should be OK. We have a P133 with a whole office's traffic going through it, and the thing that makes the real difference is the speed of the netcards/the DSL line(not too much processing going on)
As you say though: Hands-on is the best, so give it a try and then post when you get stuck.
0
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
I don't generally use RH as a router/firewall, primarily because it doesn't provide true NAT, and I normally need to be able to NAT into a pool of external addresses, not into a single IP. There's the beginning of support for that in the 2.2.14 kernel with iproute2, but initial investigation suggests to me that it "may not be quite ready for prime time yet", certainly there is a darth of info about its use. Normally I use FreeBSD as an Internet Gateway as it includes/supports ipfilter (see http://cheops.anu.edu.au/~avalon/ip-filter.html for more info). It's been around for quite a while and is pretty well proven. I think it's a lot more flexible than IPMasq/ipchains.

Okay the point of that is that I've got some "real world" experience with various installations using FreeBSD as an Internet gateway (and also a lesser amount with RH). I find that even a 486, configured to be a router/firewall, can pretty well support 10Mbps into and out of the router. Since the ordinary home network isn't going to have a 10Mbps connection to the Internet, one can reasonably state that anything equal to or better than a 486 isn't going to be a bottle neck.
0
 
LVL 1

Author Comment

by:Kejtar
Comment Utility
Hmmmm as tempting as freebsd looks, for now I will stay with RH 6.2 ... FreeBSD might be my next project (maybe in fall?)

tibori thanks for the link I looked at the HOWTO's and I feel ready (till the system comes probably).  Anyways, if I have problems, I will post a question

BTW I will leave it open for couple more days, see if other suggestions come it, but so far the box score will be tibori 100 and 50 for jlevie for a good idea for a next project.
Kejtar
0
 
LVL 2

Expert Comment

by:ksemat
Comment Utility
A good way to avoid the hassle is to download a firewall from http://firewall.langistix.com and run through it allowing the servicesyou want and disabling those you dont want.
Also the usual routing should work just fine with masquerading and so on.Apache should be quite okay and it is really simple.
once that is set up the the linux box could be your gateway.You may also want to try out Virtual hosting which allows you to have multiple sites on the same IP for documentation on this see http://www.apache.org/docs/vhosts
I am sure with all that we have said you will be kept busy for some time.
0
 
LVL 1

Author Comment

by:Kejtar
Comment Utility
Thanks for all your help... I finally got the firewall up and running on rh6.2 (took some work, but it's worth it).

jlevie I am posting a separate question with points for you.

Kejtar
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video discusses moving either the default database or any database to a new volume.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now