Results 1 to 7 of 7
Hi guys! I'm a student and have a part-time work in a firm that delivers retail store solutioins. Our systems connect and use our own servers extensively - we have ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 09-11-2008 #1
- Join Date
- Sep 2008
Medium/small business wanting a firewall - Can I do it?
I'm a student and have a part-time work in a firm that delivers retail store solutioins. Our systems connect and use our own servers extensively - we have great networking demands and complex networks (that need to be available at all times).
It has recently become clear that we are in need of a new firewall. The old one is a Trustix linux distribution from a provider and they want to sell us a new dedicated box (for a lot of money). My boss, my colleagues and I are wondering if this is something that me and my buddy could do ourselves.
I'd love to hear your thoughts!
I have a good understanding of the TCP/IP networks and I feel I would be able to set up a firewall with some kind of open source firewall-distribution. But how secure are these? And there is an uptime-demand that gives me little flexibility. How long would it take to understandthe iptables syntax? I imagine this is what has to be used?
If i get this job, there's a lot of responsibility on me and my buddy. This worries me a little, but at the same time I think firewalls aren't too complex, and once configured correctly and working, what can go wrong?
Please give me some input, thank you!
- 09-11-2008 #2
IPTABLES is quite simple and you just need to create logical rules that the firewall will follow.
There are a few GUIs out there to make thinks simpler for you, but it's always good to learn to write the rules yourself anyway.
As for the security, I'm don't know how secure IPTABLES is but I would imagine it is secure; else it wouldn't be as widely adopted as it is. It would be sensible to read up on it a bit though so you know what security holes/bugs there areLinux User #453176
- 09-11-2008 #3
- Join Date
- Sep 2008
i see .... i think thats something i would be able to do, np.
but waht worries me is that there is such an amount of responsibility involved. if the firewall goes down then all customers will be complaining and i will get shot. so ... does anyone have experience setting up a firewall?
for a first-timer, is it a long and troublesome process?
- 09-11-2008 #4
I have only used firewalls briefly last year on my placement year for university. Only took a mornings reading up to create a NAT so if I can do it, I'm sure you will be able to as well.
Is this your first big paid project? You sound a little nervious. Just act like you know what your talking about. Hopefully no one will be know that you don't :PLinux User #453176
- 09-11-2008 #5
Don't do it. Use a proper firewall distro like Smoothwall on an old PC. It's loads easier to set up and you get lots of lovely control. And not a manual IPTable tweak in sight... These distros are secure, they use standard IPTables controls to work the firewall, and benefit from being set up in standard ways by guys that do this for a living.Linux user #126863 - see http://linuxcounter.net/
- 09-11-2008 #6
- Join Date
- Sep 2008
thanks for the input, guys!
this isn't my first big paid project, but i havent dont many. and yes, i would am nervous doing this! the boss' seem to be unsure of what to choose.
it all basically comes down to a risk-analysis. if i do it and there are no problems, then we're good but if there are problems, and due to the fact that im not always available, they would probably be more comfortable choosing a firm.
but i will keep smoothwall in mind for sure, and if my boss gives this a chance, i'll do my best setting it up cause from your reponses there doesn't seem to be any reason why i can't do it...
thanks you guys!
- 09-11-2008 #7
Here is my take on this.
IPTABLES is secure. This box should do nothing but firewall and host nothing. All services should be turned off except what would be needed. While Smoothwall and other GUI firewalls are nice nothing beats a CLI firewall. While these other product allow simple and sometime more complex setup the CLI firewall setup give you more control and complexity.
You have to keep in mind the amount of traffic you are looking to be controlling. If the site is heavily used then you really don't what to go with an old system for a firewall.
Memory is a factor also if there is a lot of traffic then you will wan more then a few MB of RAM. 2 GB at minimum so it could keep track of all the connections.
Depending on what you are looking to do, it really isn't that hard to configure from the CLI.
The adventure of a life time.
Linux User #296285