Re: Firewall on a debian Box.

To: Matt Kopishke <kopishke@midcoast.com>
Cc: debian-firewall@lists.debian.org
Subject: Re: Firewall on a debian Box.
From: erich@mucl.de
Date: Thu, 11 Jan 2001 14:37:48 +0100
Message-id: <[🔎] 20010111143748.C7206@linux1.mucl.de>
In-reply-to: <[🔎] Pine.LNX.4.21.0101101159220.341-100000@Costello>; from kopishke@midcoast.com on Wed, Jan 10, 2001 at 12:11:40PM -0500
References: <20010105165049.21374.qmail@murphy.debian.org> <[🔎] Pine.LNX.4.21.0101101159220.341-100000@Costello>

> Hi, I need to set up a firewall on my company's small network.  What I
> have in mind is a box that does packet filtering, shuts down unused ports,
> and such.  This machine would have to be transparent as we do web
> hosting.  So some thing that looks like this:
> 
> 	       +------+  +------------+  +------+
> The Internet --|Router|--|Firewall Box|--|Switch|-- Our Network
>                +------+  +------------+  +------+

How transparent does this box have to be? Like a bridge (i.e. like your
switch) or like a router?
like a router is easy, but you need to change settings on your existing
router (which can be hard if you do not have access to it...)

Like a bridge requires kernel patching (currently broken for 2.4.0 but works
fine with 2.2.) in order to get firewalling capabilities.

Like a bridge has one huge improvment, though: Your firewall does not need
an ip address - so you can make it pretty invisible to the internet.
It's a lot harder to setup therefore...

> If that makes any sense.  My question is where do I start?  Is there any
> good software or documentation that deals with this kind of set up?  I
> know I can start shutting down ports using ipchains, but some one else
> must already be using a set up like this.

I would recommend looking at the "ipmasq" package, which is intended for
automatically setting up firewalls on dialn boxes.
And do read the Firewall FAQs, even the iptables-FAQ if you are not running
2.4. - theres a lot of helpful information in there.

and search for "firewall" with apt-cache, there are thousands of tools ;)

Just to list some tools available as debian packages:
----
fwctl - configure ipchains firewall using higher level abstraction
ipchains-perl - Perl interface to ipchains
gfcc - GTK firewall control center
logcheck - Mails anomalies in the system logfiles to the administrator
dotfile-ipfwadm - Dotfile Generator, module for ipfwadm
ipmasq - Securely initializes IP Masquerade forwarding/firewalling
portsentry - Portscan detection daemon
mason - Interactively creates a Linux packet filtering firewall.
---

I'm using portsentry and logcheck and i love them a lot.
logcheck mails me any "suspicious" line in the log files, whereas
portsentry automatically blocks IPs from my box that do portscans etc.
do install "aide", too. This tool calculates checksums of all your files and
mails you any changes made... (at least if you are able to protect your
aide.db database, binaries and cron-job ;)

ipmasq is for dialup-boxes, but a good concept and good for learing.
i do not know mason, gfcc, fmctl and all these ipchains-frontends, i prefer
writing an own script for setting up the firewall.

Greetings,
Erich

Reply to:

Follow-Ups:
- Re: Firewall on a debian Box.
  - From: Bulent Murtezaoglu <bm@acm.org>

References:
- Firewall on a debian Box.
  - From: Matt Kopishke <kopishke@midcoast.com>

Prev by Date: Re: Firewall on a debian Box.
Next by Date: Re: Firewall on a debian Box.
Previous by thread: Re: Firewall on a debian Box.
Next by thread: Re: Firewall on a debian Box.
Index(es):
- Date
- Thread