?
Solved

I want to install Linux based Firewall and Web Caching Server

Posted on 2009-04-18
10
Medium Priority
?
729 Views
Last Modified: 2013-12-16
Hi friends !

Presently we are using ISA 2006 installed on Windows 2003 Server as a basic firewall. We have also configured caching drive with default caching rules. Though...we are experiening VERY SLOW internet speed.

I want to use Linux Firewall + Caching Server which allows me to configure Packets Filtering so that I can allow / deny specific sites and messenger services and ports + Cache the web content for fast surfing experience.

I downloaded "Squid" from http://squid-cache.org/Download, but I didn't find the starting point to use it.

Please provide me the step by step procedure to follow. I mean...

1. Which Linux OS, I should use ?
2. What package I will need to download and install on Linux OS ?
3. How to alter the files in that package to get the required configuration ?

and so on...

Regards,

Hemant
0
Comment
Question by:JatinHemant
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 12

Accepted Solution

by:
rionroc earned 615 total points
ID: 24175814
>1. Which Linux OS, I should use ?
I've been using and learning Linux for almost 11 years, I recommend you to use SUSE.
SuSE is the simplest, understandable, many automated features, quickest to access, user friendly GUI windows.

>2. What package I will need to download and install on Linux OS ?
Linux SUSE has a default installation of SuSE firewall, but for squid web proxy caching server.   Just be sure to enable it  during installation, type/find it in the search prompt.
I recommend you to use the default version of Linus SuSE firewall and Squid, do not make any update like making/configuring a code package.  Just use the Linus SuSE default packages like Squid and SuSE Firewall.
 
>3. How to alter the files in that package to get the required configuration ?
You don't need to alter any file or package,  if you use SuSE Linux.  If you need to alter something, just use YAST, or type in the terminal, yast2, then go through software installation package.

This is why Linux SuSE became famous because of its automated GUI task called YAST.

Cheers...
Good Luck!
0
 
LVL 14

Assisted Solution

by:Roachy1979
Roachy1979 earned 615 total points
ID: 24176543
There are many ways to get to where you want to be with this.....some are easier than others.

Option 1)
You can install a linux/unix  based firewall districution such as IPCop, pfSense, untangle....see which of these sounds most appropriate and install on some spare hardware with a couple of network cards....for a small network you'll find a low spec machine will cope very well...all of the above have the ability to run squid either natively or as an installable plugin.

http://www.ipcop.org
http://www.pfsense.org
http://www.untangle.com/


Options 2)
Download a stable distibution such as Centos, Debian or Ubuntu Server....then also learn about iptables and squid....

Theres a tutorial on using squid here:

http://www.cyberciti.biz/tips/howto-rhel-centos-fedora-squid-installation-configuration.html

You can get to grips with firewall features using ufw or Firestarter on ubuntu or look to learning morte about iptables here: http://iptables-tutorial.frozentux.net/iptables-tutorial.html

Either of these options is fine....depending on the time you are prepared to put in and the amount you want to learn.....if you're after a quick result, getting pfsense wortking and proxying is possibly within 20 minutes of downloading the ISO. If you want to learn a lot and the device isn't mission critical, I'd build a centos box from the ground up to play with....
0
 
LVL 19

Assisted Solution

by:alextoft
alextoft earned 150 total points
ID: 24178242
As mentioned above, IPcop is the way to go for such a purpose. It's simple, quick to setup, but has many powerful features. It's a carefully tailored Linux distro for just such a purpose; the authors have done all the hard work, so you don't have to.

And yes, you're right. ISA is crap.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 7

Assisted Solution

by:darrickhartman
darrickhartman earned 120 total points
ID: 24179182
You could also use a 3rd party DNS server such as opendns.com which will allow you to block certain sites at the DNS level.  
0
 

Author Comment

by:JatinHemant
ID: 24185415
Thanks to all of you for your valuable comments.

One of my friends also suggested me to use SUSE linux. Let me install it and experience it.

Roachy1979 !
Bye the way, tell me...Do I need to use PCop, pfSense or untangle as firewall if I am using SUSE as rionroc told that SUSE comes with firewall.

Regards,

Hemant
0
 
LVL 14

Assisted Solution

by:Roachy1979
Roachy1979 earned 615 total points
ID: 24186149
Hi Hemant

No - the appliances mentioned would replace OpenSuse as the perimeter device.....

Suse - and all current linux distributions have IPtables built in.....so you could configure that as a firewall - I would recommend though having a separate device at the perimeter of your network as a firewall device, rather than attempting to secure a device with other services running at the perimeter of your network....

0
 
LVL 12

Assisted Solution

by:rionroc
rionroc earned 615 total points
ID: 24189417
Hi

You dont need to install anything when you install SuSE, just use the built in packages of SuSE.
The Important thing also is to backup and edit the default configuration files of Squid and SuSE Firewall.
You can use yast upon installing default packages, and can be seen on software management.
You can find the configurations at /etc

Good Luck!
0
 

Author Comment

by:JatinHemant
ID: 24193638
Thanks for your comments. Let me explore it and I will soon come back.

Regards,

Hemant
0
 

Author Comment

by:JatinHemant
ID: 24212288
Well...I am back in the discussion. I am trying OpenSUSE but exploring will take some time. I won't let you wait until that time. Let me award the points.

Thanks.
0
 
LVL 14

Expert Comment

by:Roachy1979
ID: 24212767
Thanks Hemant....

If you need any further information, post your questions.....

If you're new to Linux there's a learning curve - but it's rewarding when you begin to see the possibilities :)
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month14 days, 9 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question