RE: Firewall on a debian Box.

To: debian-firewall@lists.debian.org
Subject: RE: Firewall on a debian Box.
From: Jason Mogavero <jmogavero@inflow.com>
Date: Wed, 10 Jan 2001 10:52:34 -0700
Message-id: <[🔎] 33367934AB40D41190D10008C7C9CE00E8ACD7@columbus.admin.corp.inflow.com>

Rather than indivudually shutting down ports, you're much better off from a
security standpoint figuring out what services you need to allow (http,
https, smtp, pop3, ssh, ftp, are all likely candidates for a hosting ISP)
and implicitly denying all services, then setting rules to allow those.  

There are graphical front-ends to ipchains, most of which can be found on
freshmeat (http://www.freshmeat.net) that make constructing your rule-base
much easier.  GFCC is my personal choice, but there may be others that have
been developed since I started using it.  The ipchains HOW-TO will give you
a pretty good idea of how it all fits in and how to get ipchains configured
and running.  

Make sure you harden the OS, too.  There's nothing more embarassing than
having your firewall get owned.  Blocking traceroute and icmp at the border
router will help conceal the firewall's existance, as well having ipchains
deny all connections to the firewall that don't originate from your
intranet.

I know this is a Debian discussion, but might I suggest checking out
Netscreen firewall devices as well.  They're not very expensive, perform
well, are highly configurable, and can operate in a true transparent mode.
We've been evaluating them here where I work and I'm using one at home on my
DSL connection....I've turned my Linux firewall into a counter-strike server
now that it's firewall services are no longer needed.  I'll probably never
go back.  </shameless-plug>


Jason
-----Original Message-----
From: Matt Kopishke [mailto:kopishke@midcoast.com]
Sent: Wednesday, January 10, 2001 10:12 AM
To: debian-firewall@lists.debian.org
Subject: Firewall on a debian Box.


Hi, I need to set up a firewall on my company's small network.  What I
have in mind is a box that does packet filtering, shuts down unused ports,
and such.  This machine would have to be transparent as we do web
hosting.  So some thing that looks like this:

	       +------+  +------------+  +------+
The Internet --|Router|--|Firewall Box|--|Switch|-- Our Network
               +------+  +------------+  +------+
		
If that makes any sense.  My question is where do I start?  Is there any
good software or documentation that deals with this kind of set up?  I
know I can start shutting down ports using ipchains, but some one else
must already be using a set up like this.

Thanks,

		-Matt-

+-----------------------------------------------------+
 Matt Kopishke			kopishke@midcoast.com |
 Blue Note Technology         http://bluenotetech.com |
 Waldo Theatre		  http://www.waldotheatre.org |
+------------------------+----------------------------+




--  
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

Prev by Date: Firewall on a debian Box.
Next by Date: RE: Firewall on a debian Box.
Previous by thread: Re: Firewall on a debian Box.
Next by thread: RE: Firewall on a debian Box.
Index(es):
- Date
- Thread