Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 328
  • Last Modified:

Urgent!! Linux Firewall

Hi Experts

We've got a network of about 25 computers connected to a server running win 2003 server connected to the Internet

We want to secure our LAN via a firewall, so someone reccomended to use an old pc with a linux firewall between the internet and our server

The problem is I'm totally new to Linux, so I need an easy, very secure firewall and a step by step description for setting it up

I want to know which Linux firewall meets these conditions and safe for very critical data and a description of setting it up or a url to the description

Note: It was recommended to me not ot use RedHat Linux for security matters
0
iHadi
Asked:
iHadi
1 Solution
 
simonenticottCommented:
Hi,

you could try this Linux distribution - http://www.smoothwall.org/
it is designed to only be a firewall and it installs from a CD and is fairly straight forward to configure through a web interface, this would probably be your easiest \ fastest solution.

Or you could do as i do - use iptables, I use it under Fedora Core 3 and i use the Webmin package to setup and admin the rules etc.  i've found it to be a very strong firewall, we've had 3 penetration tests carried out against it and they haven't got through it or crashed it yet.  It can be a little confusing to get your head around to begin with, but once you understand its structure its pretty easy.

Simon.

0
 
simonenticottCommented:
Hi again,
I read your post again, i wouldn't be so fast to dismiss Red Hat, its very popular in the industry, possibly the nearest thing to an Industry standard for Linux (though i'll probably start a flame war for saying that), I run a RHES for work, that has also been pen tested three times and not been compromised.

If your data is critical and you want high security you might want to think about spending a bit more money and going for something like a Watchguard Firebox, they are excellent and not too expensive and again fairly easy to administrate.

Simon,

0
 
2hypeCommented:
I would use IPCOP.  I use IPCOP on 7 of my networks and love it.

Just download the ISO from the website.  Burn it to a cd.  Does not need a pre-installed OS it is its own OS.  IT has a web interface and very easy to configure.

www.IPCOP.org
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Rich RumbleSecurity SamuraiCommented:
RH is as good as any other linux "flavor" for your purposes- they are all basing their firewall's off the same code at netfilter.org, and the linux Tree in this case isn't going to affect much if anything in the stack. An easy thing to do is DL RH Fedora, core3 maybe core4  (is it out now?) Allow fedora to partition you HD's, select minimal install, and during setup enable the firewall.
On this page you'll find some guides to editing the firewall table on Fedora core2 or after...
http://xinn.org/lin-newb-guide1.html 

The programs given by the others are also good, I was partial to fwbuilder myself, then I went and readone of the best IPtables article out and just started doing it myself. http://www.siliconvalleyccie.com/linux-hn/iptables-intro.htm Netfilter.org has some good doc's too
-rich
0
 
fixnixCommented:
I agree w/ 2hype.

Especially since you say "The problem is I'm totally new to Linux"

Once you burn a IPCop CD, it's literally a 20 minute process from powering up the old dinosaur to having a working and basically configured fully functional firewall (I say "basically configured" because I don't know how much port forwarding you'd need to set up or if you need VPN's, etc).

Administration of IPCop is done via a pretty point-n-click web interface (usually from a web browser of a machine elsewhere on the lan...your windows workstation, for example)

I run several IPCop boxes myself, ranging from a 96 Meg P75 to a 1GHz Athlon.  Not too long ago on the IPCop user mailing list there was a question about what hardware people were running on and there are several in use on 486's.

IPCop is r0x0rz.  You don't have to make decisions during install that are intimidating to new 'nix users (like disk partitioning) and there is good documentation on ipcop's website as well as very responsive support from their mailing lists.
0
 
Rich RumbleSecurity SamuraiCommented:
I've just now tried this, and I'd have to agree, this program is very very good with reguard to administration and esp setup, thanks for the link, I'll have to play around with this program more. :)
-rich
0
 
iHadiAuthor Commented:
Thanks to all experts that answered my question

I'm going to accept 2hype answer because its the easiest and this issue must be delt with as soon as possible.

I'll consider all other answers in the future and I'll upgrade the firewall if needed

again thanks very much
0
 
simonenticottCommented:
smoothwall, which i suggested earlier is exactly the same thing .....

anyways, good luck.

simon
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now