Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 13
hi guys, I wanted to set up a firewall server. one that will run on crap parts. I was talking to a guy in england who said open bsd was ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! mattig89ch's Avatar
    Join Date
    Sep 2007
    Location
    NYC
    Posts
    44

    Want to Set up a Firewall server


    hi guys, I wanted to set up a firewall server. one that will run on crap parts.

    I was talking to a guy in england who said open bsd was the best way to do it. but i'm thinking a simple linux distro might do the job better.

    This is for my home, if that makes any difference.

    mind you, my linux skills aren't exactly the best (I don't use it often, and when I do, its normally not for more then surfing the web).

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    I run a system at home here for a firewall. It is a PIII with 768 Ram. It isn't that hard and it is cheaper, cost wise, to use a linksys router as they use a lot less electricity.

    How many interfaces are going to be on this box?
    You you looking for a simple firewall or complex? (Mine is complex with 4 networks)

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined! mattig89ch's Avatar
    Join Date
    Sep 2007
    Location
    NYC
    Posts
    44
    well this was going to be simple at first. then get more complex as i understand it better. basically, I hope to replace all my antivirus software with this thing.

    I was thinking of 2 interfaces. its not going to be asigning Ip addresses or anything, just stopping viruses from coming through.

    I'm also well aware that this could slow down performance of the whole network. so I have to achieve a balance.

    edit: its been a while since i've been here. when did all the ads come in?

  4. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Simple is easy and good.

    eth0 = Internet connection
    eth1 = LAN

    Code:
    iptables -F
    iptables -X
    iptables -Z
    #
    iptables -P INPUT DROP
    iptables -P OUTPUT DROP
    iptables -P FORWARD DROP
    #
    iptables -A INPUT  -i lo -j ACCEPT
    iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -i eth1 -m state --state NEW -j ACCEPT
    iptbales -A INPUT -j DROP
    #
    iptables -A OUTPUT -o lo -j ACCEPT
    iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A OUTPUT -m state --state NEW -j ACCEPT
    #
    iptables -A FORWARD -i eth0 -j WAN
    iptables -A FORWARD -i eth1 -j LAN
    #
    iptables -N LAN
    iptables -A LAN -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A LAN -i eth1 -m state --state NEW -j ACCEPT
    iptables -A LAN -j DROP
    #
    iptables -N WAN
    iptables -A WAN -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A WAN -i eth0 -j DROP
    Do not forget to turn on forwarding on the firewall system. Since you are going to be using this all the time to forward I would recommend editing /etc/sysctl.conf and look for the following line;

    Code:
    # Controls IP packet forwarding
    net.ipv4.ip_forward = 1
    and ensure that the number at the end of forward is 1 to turn on forwarding as above.
    After this is done a simple
    Code:
    sysctl -p
    will re-read the file and turn on forwarding for you.

    After you setup the firewall make sure you save it so that every time the system reboots the firewall is setup properly. Check for how to turn on the firewall at boot.

    The above will allow all connections from the LAN to the internet and only allow established connection back in.

    If you are looking to learn about iptables then take a look at this TUTORIAL.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  5. #5
    Just Joined! mattig89ch's Avatar
    Join Date
    Sep 2007
    Location
    NYC
    Posts
    44
    that you!

    praytell, what os is that for?

    oh and were to I enter those values?


    like I said, used linux for websurfing and just about nothing else, aside from an apache server like 2 years ago (still running the libraries website btw).

  6. #6
    Linux User zenwalker's Avatar
    Join Date
    Feb 2010
    Location
    Inland Empire
    Posts
    292
    Untangle or Vyatta -- both Debian-based -- as a suggestion for us firewall dummies!

  7. #7
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by mattig89ch View Post
    that you!

    praytell, what os is that for?
    Should work on any linux based iptables firewall.

    oh and were to I enter those values?
    Setup a script to build the firewall from the above then run it. Afterwards save the firewall rules and ensure the firewall is configured to start at boot.

    like I said, used linux for websurfing and just about nothing else, aside from an apache server like 2 years ago (still running the libraries website btw).
    Well if you need web server access from the outside then you are going to have to open those ports. See the Tutorial I posted on how to do this. Once you know what rules you need to add you should add them to the WAN side of the rules using the same formate I have above.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  8. #8
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by zenwalker View Post
    Untangle or Vyatta -- both Debian-based -- as a suggestion for us firewall dummies!
    Take a look at lokkit. It is a CLI basic firewall builder. I configure my firewalls by hand on the CLI. If you are looking for a GUI based firewall tool then search GOOGLE for one. I cannot tell you which one is best as I don't use them.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  9. #9
    Just Joined! mattig89ch's Avatar
    Join Date
    Sep 2007
    Location
    NYC
    Posts
    44
    cool, thanks guys. i'll take a look at those.

    oh, do both of those os's run on antique parts? because thats what i'm going to use.

  10. #10
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    How antique are we talking? If it is too only you might not be able to load the latest distro onto them. I used to have 4 pentium machines here that would not run anything new then CentOS 4. As long as the distro loads the firewall rules should work.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •