setting up a Server with firewall

[robak]

Hi !

I want to setup a linux-server with a great firewall. does anybody know which is the best? i heard that smoothwall is very good.

and what about IPTables? can i use this instead of an standalone firewall?

[Buchan]

Smoothwall rocks ... it takes all of 15 mins for a complete install and is rock solid. Has all kinds of added features (besides the standards, port forwarding etc.)

Easy to work with and configure. I would recommend Smoothwall to anyone looking for a good Linux based FW.

I don't run any servers on it, I have a server behind my Smoothie that has the needed ports forwarded thru. Its not meant as a "server" but works VERY well as a router/firewall

[bpark]

iptables = no complaints

I think that says enough.

[Giro]

I never used smoothwall but have been using IPcop for nearly two years with no problems. I would not run a webserver on your firewall/gateway its suppopse to run as little services as possible to make it more secure. Remeber that its the layer between your network and the net so you dont want some one r00ting Apache and then your firewall.

[bpark]

That's a good point. I'd usually just run one machine dedicated to a firewall. The hardware wouldn't be anything drastic since iptables really doesn't need all that attention but I was thinking, one way to have Apache run secure is to chroot and even possibley use the immutable flags (within ext2/3 fs) to add a level of security.

[robak]

thx 4 posts

i downloaded smoothwall at www.smoothwall.org but there is only a EXPRESS verion. is this the full version?

[Dolda2000]

Apache normally runs as a seperate user, so unless you're using a vulnerable kernel, they can't do anything really bad if they crack it.

Still, it's no fun to have your box cracked at all. I myself always run apache on a seperate machine.

[Buchan]

Yes that is all you will need to get up and running. The express version is just their "free" version. The have a payed version that they support as well. I have only seen the "express" version and from what i can tell it works perfectly.

[craigap]

agree with bpark. iptables works best for me. Plus you can have as many configurations as you like and just need to do an iptables-restore to load a new configuration in a matter of seconds. Good for applications where you need to enable a certain port then disable it when you have finished. Its also very easy to understand the ruleset and easy to re-use rulesets in other areas of the firewall configuration without having any repetition. Gets the thumbs up from me!

[Giro]

Smoothwall uses iptables and so does ipcop.