Urgent!! Linux Firewall

Hi Experts

We've got a network of about 25 computers connected to a server running win 2003 server connected to the Internet

We want to secure our LAN via a firewall, so someone reccomended to use an old pc with a linux firewall between the internet and our server

The problem is I'm totally new to Linux, so I need an easy, very secure firewall and a step by step description for setting it up

I want to know which Linux firewall meets these conditions and safe for very critical data and a description of setting it up or a url to the description

Note: It was recommended to me not ot use RedHat Linux for security matters
LVL 13
iHadiAsked:
Who is Participating?
 
2hypeCommented:
I would use IPCOP.  I use IPCOP on 7 of my networks and love it.

Just download the ISO from the website.  Burn it to a cd.  Does not need a pre-installed OS it is its own OS.  IT has a web interface and very easy to configure.

www.IPCOP.org
0
 
simonenticottCommented:
Hi,

you could try this Linux distribution - http://www.smoothwall.org/
it is designed to only be a firewall and it installs from a CD and is fairly straight forward to configure through a web interface, this would probably be your easiest \ fastest solution.

Or you could do as i do - use iptables, I use it under Fedora Core 3 and i use the Webmin package to setup and admin the rules etc.  i've found it to be a very strong firewall, we've had 3 penetration tests carried out against it and they haven't got through it or crashed it yet.  It can be a little confusing to get your head around to begin with, but once you understand its structure its pretty easy.

Simon.

0
 
simonenticottCommented:
Hi again,
I read your post again, i wouldn't be so fast to dismiss Red Hat, its very popular in the industry, possibly the nearest thing to an Industry standard for Linux (though i'll probably start a flame war for saying that), I run a RHES for work, that has also been pen tested three times and not been compromised.

If your data is critical and you want high security you might want to think about spending a bit more money and going for something like a Watchguard Firebox, they are excellent and not too expensive and again fairly easy to administrate.

Simon,

0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
Rich RumbleSecurity SamuraiCommented:
RH is as good as any other linux "flavor" for your purposes- they are all basing their firewall's off the same code at netfilter.org, and the linux Tree in this case isn't going to affect much if anything in the stack. An easy thing to do is DL RH Fedora, core3 maybe core4  (is it out now?) Allow fedora to partition you HD's, select minimal install, and during setup enable the firewall.
On this page you'll find some guides to editing the firewall table on Fedora core2 or after...
http://xinn.org/lin-newb-guide1.html 

The programs given by the others are also good, I was partial to fwbuilder myself, then I went and readone of the best IPtables article out and just started doing it myself. http://www.siliconvalleyccie.com/linux-hn/iptables-intro.htm Netfilter.org has some good doc's too
-rich
0
 
fixnixCommented:
I agree w/ 2hype.

Especially since you say "The problem is I'm totally new to Linux"

Once you burn a IPCop CD, it's literally a 20 minute process from powering up the old dinosaur to having a working and basically configured fully functional firewall (I say "basically configured" because I don't know how much port forwarding you'd need to set up or if you need VPN's, etc).

Administration of IPCop is done via a pretty point-n-click web interface (usually from a web browser of a machine elsewhere on the lan...your windows workstation, for example)

I run several IPCop boxes myself, ranging from a 96 Meg P75 to a 1GHz Athlon.  Not too long ago on the IPCop user mailing list there was a question about what hardware people were running on and there are several in use on 486's.

IPCop is r0x0rz.  You don't have to make decisions during install that are intimidating to new 'nix users (like disk partitioning) and there is good documentation on ipcop's website as well as very responsive support from their mailing lists.
0
 
Rich RumbleSecurity SamuraiCommented:
I've just now tried this, and I'd have to agree, this program is very very good with reguard to administration and esp setup, thanks for the link, I'll have to play around with this program more. :)
-rich
0
 
iHadiAuthor Commented:
Thanks to all experts that answered my question

I'm going to accept 2hype answer because its the easiest and this issue must be delt with as soon as possible.

I'll consider all other answers in the future and I'll upgrade the firewall if needed

again thanks very much
0
 
simonenticottCommented:
smoothwall, which i suggested earlier is exactly the same thing .....

anyways, good luck.

simon
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.