Urgent!! Linux Firewall
Hi Experts
We've got a network of about 25 computers connected to a server running win 2003 server connected to the Internet
We want to secure our LAN via a firewall, so someone reccomended to use an old pc with a linux firewall between the internet and our server
The problem is I'm totally new to Linux, so I need an easy, very secure firewall and a step by step description for setting it up
I want to know which Linux firewall meets these conditions and safe for very critical data and a description of setting it up or a url to the description
Note: It was recommended to me not ot use RedHat Linux for security matters
We've got a network of about 25 computers connected to a server running win 2003 server connected to the Internet
We want to secure our LAN via a firewall, so someone reccomended to use an old pc with a linux firewall between the internet and our server
The problem is I'm totally new to Linux, so I need an easy, very secure firewall and a step by step description for setting it up
I want to know which Linux firewall meets these conditions and safe for very critical data and a description of setting it up or a url to the description
Note: It was recommended to me not ot use RedHat Linux for security matters
Hi again,
I read your post again, i wouldn't be so fast to dismiss Red Hat, its very popular in the industry, possibly the nearest thing to an Industry standard for Linux (though i'll probably start a flame war for saying that), I run a RHES for work, that has also been pen tested three times and not been compromised.
If your data is critical and you want high security you might want to think about spending a bit more money and going for something like a Watchguard Firebox, they are excellent and not too expensive and again fairly easy to administrate.
Simon,
I read your post again, i wouldn't be so fast to dismiss Red Hat, its very popular in the industry, possibly the nearest thing to an Industry standard for Linux (though i'll probably start a flame war for saying that), I run a RHES for work, that has also been pen tested three times and not been compromised.
If your data is critical and you want high security you might want to think about spending a bit more money and going for something like a Watchguard Firebox, they are excellent and not too expensive and again fairly easy to administrate.
Simon,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
RH is as good as any other linux "flavor" for your purposes- they are all basing their firewall's off the same code at netfilter.org, and the linux Tree in this case isn't going to affect much if anything in the stack. An easy thing to do is DL RH Fedora, core3 maybe core4 (is it out now?) Allow fedora to partition you HD's, select minimal install, and during setup enable the firewall.
On this page you'll find some guides to editing the firewall table on Fedora core2 or after...
http://xinn.org/lin-newb-guide1.html
The programs given by the others are also good, I was partial to fwbuilder myself, then I went and readone of the best IPtables article out and just started doing it myself. http://www.siliconvalleyccie.com/linux-hn/iptables-intro.htm Netfilter.org has some good doc's too
-rich
On this page you'll find some guides to editing the firewall table on Fedora core2 or after...
http://xinn.org/lin-newb-guide1.html
The programs given by the others are also good, I was partial to fwbuilder myself, then I went and readone of the best IPtables article out and just started doing it myself. http://www.siliconvalleyccie.com/linux-hn/iptables-intro.htm Netfilter.org has some good doc's too
-rich
I agree w/ 2hype.
Especially since you say "The problem is I'm totally new to Linux"
Once you burn a IPCop CD, it's literally a 20 minute process from powering up the old dinosaur to having a working and basically configured fully functional firewall (I say "basically configured" because I don't know how much port forwarding you'd need to set up or if you need VPN's, etc).
Administration of IPCop is done via a pretty point-n-click web interface (usually from a web browser of a machine elsewhere on the lan...your windows workstation, for example)
I run several IPCop boxes myself, ranging from a 96 Meg P75 to a 1GHz Athlon. Not too long ago on the IPCop user mailing list there was a question about what hardware people were running on and there are several in use on 486's.
IPCop is r0x0rz. You don't have to make decisions during install that are intimidating to new 'nix users (like disk partitioning) and there is good documentation on ipcop's website as well as very responsive support from their mailing lists.
Especially since you say "The problem is I'm totally new to Linux"
Once you burn a IPCop CD, it's literally a 20 minute process from powering up the old dinosaur to having a working and basically configured fully functional firewall (I say "basically configured" because I don't know how much port forwarding you'd need to set up or if you need VPN's, etc).
Administration of IPCop is done via a pretty point-n-click web interface (usually from a web browser of a machine elsewhere on the lan...your windows workstation, for example)
I run several IPCop boxes myself, ranging from a 96 Meg P75 to a 1GHz Athlon. Not too long ago on the IPCop user mailing list there was a question about what hardware people were running on and there are several in use on 486's.
IPCop is r0x0rz. You don't have to make decisions during install that are intimidating to new 'nix users (like disk partitioning) and there is good documentation on ipcop's website as well as very responsive support from their mailing lists.
I've just now tried this, and I'd have to agree, this program is very very good with reguard to administration and esp setup, thanks for the link, I'll have to play around with this program more. :)
-rich
-rich
ASKER
Thanks to all experts that answered my question
I'm going to accept 2hype answer because its the easiest and this issue must be delt with as soon as possible.
I'll consider all other answers in the future and I'll upgrade the firewall if needed
again thanks very much
I'm going to accept 2hype answer because its the easiest and this issue must be delt with as soon as possible.
I'll consider all other answers in the future and I'll upgrade the firewall if needed
again thanks very much
smoothwall, which i suggested earlier is exactly the same thing .....
anyways, good luck.
simon
anyways, good luck.
simon
you could try this Linux distribution - http://www.smoothwall.org/
it is designed to only be a firewall and it installs from a CD and is fairly straight forward to configure through a web interface, this would probably be your easiest \ fastest solution.
Or you could do as i do - use iptables, I use it under Fedora Core 3 and i use the Webmin package to setup and admin the rules etc. i've found it to be a very strong firewall, we've had 3 penetration tests carried out against it and they haven't got through it or crashed it yet. It can be a little confusing to get your head around to begin with, but once you understand its structure its pretty easy.
Simon.