[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 428
  • Last Modified:

linux os / ipchain queries

Hi

I'm about to implement a Checkpt fw but due to Checkpt license constraints, would
like to explore my options further. I'm new to linux and am wondering if I can use it
for my sun ultra10 server's os and ipchain to be my firewall. Have a few queries
which I hope linux folks out there can help me with:

1. Can linux run on sparc (ultra10)?
2. Can ipchain run on sparc (ultra10) as well?
3. Can linux/ipchain support more than 2 network cards?
4. Can ipchain do NAT (many-to-one xlation, one-to-one xlation)?
5. Can I group network objects in ipchain (just like Checkpt)?
6. It's free (as I understand rite)?
7. If you have any other information that you think is useful ;)

Hope you dun mind clearing my doubts. Hope to be able to implement my fw
solution using ipchain. Thanks in advance.

Rusti
(kytam@singnet.com.sg)


0
rusti
Asked:
rusti
2 Solutions
 
superschlonzCommented:
1: I lnow tha linux runs on SUN machines (I hav some) and that it also runs on
ultras and im not 100% sure if it runs on an ultra10 but I never read about a
problem running Linux on an ultra 10. So you chance that it runs is very good.
perhaps you should ask the sparclinux mailing list sparclinux@cger.kernel.org

2: If you get it running so ipchains will also do (except with very old kernels
version < 2.2.0 I think).

3: Yes.

4: Im not sure, I never used NAT before kernel 2.4.0 except masquerading.

6: Yes.

7: I use Kernel 2.4.4 at the moment. It supports SNAT and DNAT and many
other features like connection tracking.
But you have to use another tool for configuring it: iptables (http://netfilter.filewatcher.org/
 there you find also some HOWTO's).
0
 
BlackDiamondCommented:
rusti,
superschlonz is correct, but I'll try to fill in some more details for you. (if you find these comments useful, please give super the points).

1: There are many distributions of Linux that have full support for sparc and ultrasparc platforms.  A couple include Debian and Suse.  Redhat stopped support after their 6.2 release, and they have no intention (as far as I know) of doing any future releases for the sparc platforms.  For this type of application, I would consider a unix platform (such as Free-BSD ) as well.

2: Yep, it is included with all newer distributions.

3: Definitely

4: Yes

5: Not really.  The management features are quite different between ipchains and Checkpoint.  Ipchains, unlike Checkpoint, is not a state based firewall.  If you require the features of a state based firewall, then you should investigate iptables instead.  Iptables is also available on most newer Linux distributions using the 2.4 kernel.  More info and the source is available at http://my.netfilter.se/ ..

6: Yes.  Before using free software, you should become familiar with open-source licensing.  The 2 most commonly used licenses are the GPL and the BSD license.  You can get information on these at http://www.gnu.org and http://www.bsd.org respectively .  It is always free to use software released under either license, but there are different stipulations if you modify the software and use it for commercial use.  Good to know the stuff regardless.
0
 
zenlion420Commented:
Hey people,

No comment has been added in roughly 2 years, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts split between BlackDiamond and superschlonz.
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Zenlion420
EE Page Editor
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now