Re: Proxy and Firewall Recommendations?
On Mon, Dec 15, 2003 at 01:09:08AM -0800, Scarletdown wrote:
> I'm about to embark on my next project, getting a Debian system set up as
> a proxy and firewall. This is going to be the system that my roommate
> will be connecting to as his gateway to the Internet.
> He is running Windows-98SE, and the system that he is currently
> connecting through (the same one that I will be putting Linux on) is also
> running 98SE with ICS.
> So, what I need to know is, what would be a suitable set of packages to
> download and install for routing and firewall services for him? Since I
> want to have this system operational pretty fast, I need something that
> is fairly simple to configure. It should also be able to block outgoing
> stuff from his system that he doesn't want phoning home (that would
> include Windows Media Player, RealPlayer, and any spyware, for example.)
> I also need to make sure that the MMORPG that he has become addicted to
> can be played through the firewall. The game is Horizons, and it is
> played through Internet Excreter exclusively, unfortunately due to its
> use of ActiveX.
> Any suggestions for this project?
Don't have any experience with proxys I'm afraid. Note that you have
you have several kinds of proxy servers.
There is the standard http/ftp server that program are aware of and
connect explicitly to. With some work on the firewall you can also make
it transparent using port forwarding.
There is also socks v4 and v5 which is for other programs iirc.
For firewall you should use iptables in the kernel. To save time you
can use an external program to set it up.
I used firestarter before which is a graphical front end and currently
shorewall which has a web interface if you use webmin which is quite
easy to use or you can play with the setup files yourself (you will
probably need to be aware of some firewall issues like nat, ip
masquerading etc. though to get a network gateway firewall to
do its job).
I'm not sure if its possible to lock programs explicitly on a gateway
firewall (as opposed to a firewall located on the local computer). You
can block or allow specific ports.
> To UNSUBSCRIBE, email to email@example.com
> with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org