[Cyberbob]

I am attemping to create a Computer/Firewall for my home netwrok and I need some advice. I will make this question as detailed as possible to make it easier on you kind folk who have a comment.

*THE SITUATION* :unsure:

I have a wireless network consisting of two Windows XP Home editions, and possibly a XP Pro soon. Network works fine(peer to peer) and I have one with Internet Connection Sharing which is directly connected to the net while the other accesses the net through the network. I have advanced file sharing enabled through a XP Home tweak.

*THE QUESTION* :huh:

What I would like to do is put a linux box between the net and my network, acting as a firewall. I have an old computer with no O.S on it (specs don't matter because I will gladly buy a needed part or upgrade) and a couple of linux distro's. The distro's include Red Hat 7.3, Mandrake 8.2, Suse Enterprise Server 9, Suse Linux Professional 8.2, and Suse Linux Professional 9.1. My first question is which Linux distro would best suit my needs as a firewall for my network. The latter three are the newest, but I thought I'd throw the others in. I would also like advice or comments on how to set this up for I am new at this and have little experience with linux.

You do not have to answer all the questions, any comments or advice relevant to the subject would be greatly appretiated.

[Head_Hunter]

Personally, I like Smoothwall. You can check it out at www.smoothwall.org
You can even mod it up and add VPN w/IPSEC and some others that might work for ya.

[Cyberbob]

Head_Hunter, on Jul 9 2005, 09:44 AM, said:

Personally, I like Smoothwall. You can check it out at www.smoothwall.org
You can even mod it up and add VPN w/IPSEC and some others that might work for ya.

<{POST_SNAPBACK}>

I've never heard of smoothwall, but by reading the site it sounds exactly what i'm looking for. Although I don't know how to work it, im sure i could find some documentation on the net.

Anymore suggestions on this subject still taken.

[Jeremy]

If u are looking to make it merely a firewall, Smoothwall or Clark Connect are your best options. They run right out of the box and use old crappy hardware.. no upgrades needed.
If u are looking for more control or if u want to be able to use that firewall as a linux exploration system, i would reccommend a couple days of hardword, learning, and a full install of a real *nix OS. It seems you pretty much just want to use the RPM-based ones, so it doesnt really matter what you use, they are all the same. /me prepares to be attacked my RPM-based linux users

[Partizaan]

1 to 2 years ago i istalled an ipcop firewall.
Yust an old pc wiht 2 nic's. Very easy

http://www.ipcop.org/

# Provide a stable Linux Firewall Distribution.
# Provide a secure Linux Firewall Distribution.
# Provide an opensourced Linux Firewall Distribution.
# Provide a highly configurable Linux Firewall Distribution.
# Provide an easily maintained Linux Firewall Distribution.
# Provide an easily configured Linux Firewall Distribution.
# Provide reliable Support to the IPCop Linux user base.
# Provide an enjoyable environment for the Public to discuss and request assistance.
# Provide stable, secure, and easy to implement upgrades/patches for IPCop Linux.
# Develop an appreciation for both the Linux and Opensource movements in our user base.
# Develop a long lasting relationship with our userbase.
# Strive to adapt IPCop to meet the needs of the Internet of Tomorrow.
# Further develop the Linux Knowledge base of all Project Members and Users.

[dieter]

You can also have a look at m0n0wall - it's not a linux based fw but bsd based
Runs on the very tiny soekris boxes (consumes much less power than a full pc :-))))

http://www.m0n0.ch/wall/
http://www.soekris.com/products.htm

[skydance]

take a look at redwall, it runs from cd, no harddisk needed (but u can mount a hard for /var and /tmp).
http://redwall-firewall.com/

[buzzons]

how about openBSD and iptables?

[TheSmokingMan]

buzzons, on Jul 10 2005, 08:02 PM, said:

how about openBSD and iptables?

<{POST_SNAPBACK}>

openbsd is as good a choice as any, but it uses pf not iptables

[castor00]

I run debian + iptables and it works fine. There is a good iptable script if you don't wanna make your own script : http://rocky.eld.leidenuniv.nl/

[mr-rodgers]

im currently using ipcop. i found it to be very good, however i cannot figure out how to add rules to filter outgoing traffic (for example block all outbound traffic on port 80, etc).

does anybody know how to do this?

[JustAsFire]

Last year I used iptables on a gateway which had about 300 clients and didn't have any problems.

[Ahmeket]

JustAsFire, on Aug 29 2005, 07:27 AM, said:

Last year I used iptables on a gateway which had about 300 clients and didn't have any problems.

<{POST_SNAPBACK}>

Exactly how did you manage iptables? It's not very handy if you were to sit there and block IPs by hand.

[JustAsFire]

Ahmeket, on Aug 31 2005, 08:19 AM, said:

Exactly how did you manage iptables? It's not very handy if you were to sit there and block IPs by hand.

<{POST_SNAPBACK}>

Well I used iptables to let computers connect to the internet validating them by their mac address(and yes I know macs can be spoofed :) ) and I had some ports blocked to prevent worms.
As for using iptables to protect the gateway I had INPUT policy set to drop and only accepted established and related packets. Also the gateway was accepting ssh connections based on ip.