July's Course of the Month is now available! Enroll to learn HTML5 and prepare for certification. It's free for Premium Members, Team Accounts, and Qualified Experts.
Course Of The Month
10 days, 1 hour left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Centos Firewall/Router
Posted on 2009-03-31
Hi,
I'm currently running a server at home with Fedora, and I think i've decided to move to Centos to save on the updates (and try something new, but not too different).
Whilst I make the move (also to a different machine to make things a little easier), I'd like some advice or direction on the following idea:
I'm fairly familiar with using an old PC set up running IPCOP, it works great, just an in/out network setup. My thoughts are, could I consolidate the functionality provided by the IPCOP machine onto the Centos machine??
So, the machine i'm, going to load my new CENTOS setup onto has 2 network interfaces, currently one will be spare. Rather than having the spare, can I connect it to the modem and make the CENTOS machine provide IPCOP-like service to the other network interface facing the internal home network? I've tried to illustrate this with the attached pic incase this is unclear - the proposed change in red.
Features I like in IPCOP - traffic shaping, spamassasin, dhcp, firewall, vpn, snort, the web interface.
Any cons on security for a server doubling up to do this?
Thanks in advance!
Cheers,
Phil.
ee-question.jpg
I'm currently running a server at home with Fedora, and I think i've decided to move to Centos to save on the updates (and try something new, but not too different).
Whilst I make the move (also to a different machine to make things a little easier), I'd like some advice or direction on the following idea:
I'm fairly familiar with using an old PC set up running IPCOP, it works great, just an in/out network setup. My thoughts are, could I consolidate the functionality provided by the IPCOP machine onto the Centos machine??
So, the machine i'm, going to load my new CENTOS setup onto has 2 network interfaces, currently one will be spare. Rather than having the spare, can I connect it to the modem and make the CENTOS machine provide IPCOP-like service to the other network interface facing the internal home network? I've tried to illustrate this with the attached pic incase this is unclear - the proposed change in red.
Features I like in IPCOP - traffic shaping, spamassasin, dhcp, firewall, vpn, snort, the web interface.
Any cons on security for a server doubling up to do this?
Thanks in advance!
Cheers,
Phil.
ee-question.jpg
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
4 Comments
Hve you considered the option of using virtualisation and virtualising ipcop on the server. This would keep you with a setup you are comfortable with and give you the ability to consolidate the machines. The overhead would be small about 256 mg of RAM and a gig of drive space. Also I would take a look at the free version of Astaro it will give you a lot more functionality in hte home version and is free.
@Multipath , ipcop can be virtualization, but it would not be same as Ipcop in standalone pc.
@author : ipcop is designed to work as Firewalll, its not like normal OS, ipcop cant be installed on top of any linux server, it has be dedicated.,
to get this kid of service in Centos
traffic shaping, : yes but you need Thirparty software
spamassasin, yes, again you need to install spamassasin software by your self
dhcp,: yes, download dhcp server
firewall, : use iptables, but if you need robust firewall, then you need to implement some third party software, or you will have to write robust iptables rules which is quite impossible , you have to iptables expert for that.
vpn, : yes, install open vpn
snort, : install this software by your self
the web interface. : install webmin you wiil get nice server admin web interface
remember : purpose of ipcop and Centos is totaly different. ipcop is to desing to work a firewall
if you have security conecern i would of say, keep ipcop as its,
install vmware in Centos, and then install as many as OS you want in centos ( as long as you have enough ram)
@author : ipcop is designed to work as Firewalll, its not like normal OS, ipcop cant be installed on top of any linux server, it has be dedicated.,
to get this kid of service in Centos
traffic shaping, : yes but you need Thirparty software
spamassasin, yes, again you need to install spamassasin software by your self
dhcp,: yes, download dhcp server
firewall, : use iptables, but if you need robust firewall, then you need to implement some third party software, or you will have to write robust iptables rules which is quite impossible , you have to iptables expert for that.
vpn, : yes, install open vpn
snort, : install this software by your self
the web interface. : install webmin you wiil get nice server admin web interface
remember : purpose of ipcop and Centos is totaly different. ipcop is to desing to work a firewall
if you have security conecern i would of say, keep ipcop as its,
install vmware in Centos, and then install as many as OS you want in centos ( as long as you have enough ram)
cons.....
The more services you have running on a server the more possible it *may* be to compromise....
If you have the firewall and mail/samba on the same server, if the firewall is compromised or has a faulty rule the nasty person on the other end will have access to everything.
Obviously, for a home setup this may not really be a problem especially if you have a different system requiring power etc. If you have a large enough system to run as a vm then it may also not be a problem.
The things you like can all (sort of) be provided as per fosiul's post but it may not be as integrated as what you may have now.
If you're asking if it's possible then yes, I had the same setup myself a few years ago, I prefer the separate router option now however.
If you want to give it a try then it may take a while sorting out the config. You could create your own firewall rules iptables or use something like a firewall builder or perhaps smoothwall to sort this for you.
The more services you have running on a server the more possible it *may* be to compromise....
If you have the firewall and mail/samba on the same server, if the firewall is compromised or has a faulty rule the nasty person on the other end will have access to everything.
Obviously, for a home setup this may not really be a problem especially if you have a different system requiring power etc. If you have a large enough system to run as a vm then it may also not be a problem.
The things you like can all (sort of) be provided as per fosiul's post but it may not be as integrated as what you may have now.
If you're asking if it's possible then yes, I had the same setup myself a few years ago, I prefer the separate router option now however.
If you want to give it a try then it may take a while sorting out the config. You could create your own firewall rules iptables or use something like a firewall builder or perhaps smoothwall to sort this for you.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
WARNING:
If you follow the instructions here, you will wipe out your VTP and VLAN configurations. Make sure you have backed up your switch!!!
I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg).
If you're looking for how to monitor bandwidth using netflow or packet s…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special.
It's completely agentless, but does let you create an agent, if you desire.
It offers powerful scalability …
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month10 days, 1 hour left to enroll
623 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.