please help set up a stand alone linux firewall

[r0l0e]

being a NOOB i have no idea about the magetude and complexity of this project so please bare with me.

i'm thinking about installing linux on my k62-500.

- is anyone familiar with MandrakeSecurity- SNF? is this a stand alone linux firewall disto?

- how about Fire Wall V3.0 by NetMax?

- can you recommend an admin friendly linux disto with an above average firewall?

i don't know whether or not i wll be running a mail server on it. i kind of like and gotten used to MDaemon. but i've always had problems running a mail server behind a fiewall. any recommendation on this aspect?

i'm sure there will be more questions to fallow.

thanks,
r0l0e

[Áedán]

Most of the Linux firewall "packages" are based around the same code. Typically this is IPChains as a firewall, Squid as a proxy, BIND as a caching DNS server and so on.

This makes most of the packages around the same level of power. Better packages will be using Netfilter rather than IPChains. Netfilter is a stateful firewall, in that it keeps track of connections rather than just acting as a basic filter.

Another alternative is something like GTA's GNATBox Lite, which you can find at http://www.gnatbox.com/Pages/gblight.html - it's a single floppy firewall with GTA's GNAT Box software, but with restrictions to make it unattractive to business users. Basically, the limited version only allows 5 IPs to communicate from behind the network, and 4connections in from outside.

AidanII

[r0l0e]

well Adian, i installed mandrake 8.2 and my rigs behind the proxy seem to be browsing really slow. does windows do a better job in sharing internet connection?

i haven't configured IPChains yet cause i had all kinds of problems with it and the internet connection thingy on my prior install. about BIND, do i really need it

i'm ready to scrap mandrake and install SNF (single network firewall 7). btw, does SNF need a host OS? i read the README.TXT and it can be installed on 95/98/ME, but will not install on xp.

does antone have any info on SNF? anything?

[Áedán]

Quote:

Originally posted by r0l0e
well Adian, i installed mandrake 8.2 and my rigs behind the proxy seem to be browsing really slow. does windows do a better job in sharing internet connection?

i haven't configured IPChains yet cause i had all kinds of problems with it and the internet connection thingy on my prior install. about BIND, do i really need it

i'm ready to scrap mandrake and install SNF (single network firewall 7). btw, does SNF need a host OS? i read the README.TXT and it can be installed on 95/98/ME, but will not install on xp.

does antone have any info on SNF? anything?

Not sure why your rigs behind the firewall are so slow, unless running the proxy is too heavy a task for the fw machine to cope with. If that's the case, run it without proxying.

From what I've seen Linux does a pretty good job of sharing a internet connection - I've seen it happily fill 4Mbit of a 4Mbit line.

IPChains is the core firewall (a packet filter). Without that configured (or netfilter), you do not have any firewall capabilities beyond network address translation.

BIND is only needed if you want to proxy DNS queries. Generally, it's not too much of a problem if you don't.

SNF7.2 uses a Mandrake linux install tailored to this application, so it comes with it's own host OS. I've yet to see a firewall doesn't require a host OS, be it Linux, Solaris, NT, IPSO or PIX.

SNF7.2 again looks like IPChains and a proxy. The advantage of one of the prepackaged setups is that you don't have to spend so long working out what needs to be installed and what doesn't. This excludes all the tuning up you'd need to do to a standard OS to bring it up to the firewall level.

AidanII