[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

linux os / ipchain queries

Posted on 2001-06-08
3
Medium Priority
?
424 Views
Last Modified: 2010-05-18
Hi

I'm about to implement a Checkpt fw but due to Checkpt license constraints, would
like to explore my options further. I'm new to linux and am wondering if I can use it
for my sun ultra10 server's os and ipchain to be my firewall. Have a few queries
which I hope linux folks out there can help me with:

1. Can linux run on sparc (ultra10)?
2. Can ipchain run on sparc (ultra10) as well?
3. Can linux/ipchain support more than 2 network cards?
4. Can ipchain do NAT (many-to-one xlation, one-to-one xlation)?
5. Can I group network objects in ipchain (just like Checkpt)?
6. It's free (as I understand rite)?
7. If you have any other information that you think is useful ;)

Hope you dun mind clearing my doubts. Hope to be able to implement my fw
solution using ipchain. Thanks in advance.

Rusti
(kytam@singnet.com.sg)


0
Comment
Question by:rusti
3 Comments
 
LVL 3

Assisted Solution

by:superschlonz
superschlonz earned 100 total points
ID: 6174942
1: I lnow tha linux runs on SUN machines (I hav some) and that it also runs on
ultras and im not 100% sure if it runs on an ultra10 but I never read about a
problem running Linux on an ultra 10. So you chance that it runs is very good.
perhaps you should ask the sparclinux mailing list sparclinux@cger.kernel.org

2: If you get it running so ipchains will also do (except with very old kernels
version < 2.2.0 I think).

3: Yes.

4: Im not sure, I never used NAT before kernel 2.4.0 except masquerading.

6: Yes.

7: I use Kernel 2.4.4 at the moment. It supports SNAT and DNAT and many
other features like connection tracking.
But you have to use another tool for configuring it: iptables (http://netfilter.filewatcher.org/
 there you find also some HOWTO's).
0
 
LVL 5

Accepted Solution

by:
BlackDiamond earned 100 total points
ID: 6175709
rusti,
superschlonz is correct, but I'll try to fill in some more details for you. (if you find these comments useful, please give super the points).

1: There are many distributions of Linux that have full support for sparc and ultrasparc platforms.  A couple include Debian and Suse.  Redhat stopped support after their 6.2 release, and they have no intention (as far as I know) of doing any future releases for the sparc platforms.  For this type of application, I would consider a unix platform (such as Free-BSD ) as well.

2: Yep, it is included with all newer distributions.

3: Definitely

4: Yes

5: Not really.  The management features are quite different between ipchains and Checkpoint.  Ipchains, unlike Checkpoint, is not a state based firewall.  If you require the features of a state based firewall, then you should investigate iptables instead.  Iptables is also available on most newer Linux distributions using the 2.4 kernel.  More info and the source is available at http://my.netfilter.se/ ..

6: Yes.  Before using free software, you should become familiar with open-source licensing.  The 2 most commonly used licenses are the GPL and the BSD license.  You can get information on these at http://www.gnu.org and http://www.bsd.org respectively .  It is always free to use software released under either license, but there are different stipulations if you modify the software and use it for commercial use.  Good to know the stuff regardless.
0
 
LVL 5

Expert Comment

by:zenlion420
ID: 9706084
Hey people,

No comment has been added in roughly 2 years, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts split between BlackDiamond and superschlonz.
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Zenlion420
EE Page Editor
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
Ransomware, the malware that locks down its victim’s files until they pay up, has always been a frustrating issue to deal with. However, a recent mobile ransomware will make the issue a little more personal… by sharing the victim’s mobile browsing h…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question