On Wed, Sep 13, 2000 at 09:07:22AM -0500, Matt Kopishke (kopishke@midcoast.com) wrote: > Hi, I need to implement a firewall at work. It will be for the most part > a pretty simple set up. I am going to set one of our Linux Boxes between > the Router and the Switch. The Box has 3 NICs, one for the router side, > one for the switch, and one for a backup cable connection. We have a > block of IPs, and we will need to get to machines behind the firewall from > the out side so I don't want to use ipmasq. What I plan on doing is just > using ipchains to shutoff any unused ports, and strip the box of any > questionable software (ie ssh instead of telnet). Has any one tried such a > set up? And if they have could you pass on any pointers or things to > watch out for? I also see there are a few packages out there to aid > setup, how well do they work? Though I run Debian for my workstations (and a few servers), when it came time to put up a masquerading firewall proxy server at home, I turned to OpenBSD. Wes Sonnenreich and Tom Yates have written a really good book on the topic, _Building Linux and OpenBSD Firewalls_. Highly recommended. Note that there are a coupld of version issues with the book and current software (OpenBSD is now at 2.8pre, book was written to 2.5). There's a website for more detailed and up-to-date info. OpenBSD also has an excellent FAQ and very helpful mailing list. -- Karsten M. Self <kmself@ix.netcom.com> http://www.netcom.com/~kmself Evangelist, Opensales, Inc. http://www.opensales.org What part of "Gestalt" don't you understand? Debian GNU/Linux rocks! http://gestalt-system.sourceforge.net/ K5: http://www.kuro5hin.org GPG fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0
Attachment:
pgpWKBndgPtn_.pgp
Description: PGP signature