[suse-security] Making an iptables firewall?
I have a pc I am setting up as a firewall for my LAN at work. I have installed two NIC's & suse8.1 on it I read in a HOWTO that for me to "netfilter" with iptables, making my firewall I hade to compile this file I downloaded "bridge-nf-0.0.7-against-2.4.19.diff." The howto was very generic, & not suse specific. Is this true? Or can I use Yast to get the same results? Thanks, -Trey
Hi! On Sun, 13 Apr 2003, Trey wrote:
What do you want to do? The bridge-nf-patch is for building a transparent (non-routing) firewall, which you probably won't need. It is more common to configure a Linux box as router (the "default gateway" for your work LAN's computers), running iptables on it. There are quite a few firewall scripts, some are provided by SuSE, but I'm not familiar with these. It sounds like you don't know yet what you really need, and it's difficult to be of any help in that respect, as it requires intimate knowledge of your networking situation. There are some excellent docs out there, which you could use to get an overview: http://www.netfilter.org see the documentation section, maybe first c few tutorials, the networking howto and then the packet filtering howto. http://www.tldp.org/HOWTO/Firewall-HOWTO.html is a bit outdated (doesn't know about iptables), but it gets you started with Firewall concepts. The Linux kernel is the most fexible, capable and amazing tool for all things concerning IP networking, but this also means that you need to know exactly what you want in the first place ;-) Ciao, Roland +---------------------------+-------------------------+ | TU Muenchen | | | Physik-Department E18 | Raum 3558 | | James-Franck-Str. | Telefon 089/289-12592 | | 85747 Garching | | +---------------------------+-------------------------+ "If you think NT is the answer, you didn't understand the question." - Paul Stephens
Actully, I know I need a bridge, I'm just not sure how to make thw kernel do it. See, this is my problem. At work, we have a large LAN, with many macitosh & windows pc's. Many of the computers, we do not have access to, such as our servers & salesmans notebooks. Yet they need to be secure, but I can't configure them. Bad situation, but thats the way it is. I was going to wait till I learned this, & take my time. Some jerk has hacked our NT rips twice this week, dropping trojans, virus's etc. Really a mess, so now I'm working against time. So I figure a bridge w/iptables is the answer to my problems. I can place my little p1-200mhz in & were golden. I just need to know exactly how to get my suse 8.1install kernel to bridge. I can set the iprables up from there. Thanks, -Trey
Hi! I think you should use your own compiled kernel. You know the machine you are going to install, so take a piece of paper and write down all information about your system. Than compile the kernel sources, but use the settings needed for bridging and netfilter / iptables (see the Howto) - and disable module support. http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html/ Ethernet-Bridge-netfilter-HOWTO-html.tar.gz Good luck, CU Lars. -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
Hi! On Sun, 13 Apr 2003, Trey wrote:
What do you want to do? The bridge-nf-patch is for building a transparent (non-routing) firewall, which you probably won't need. It is more common to configure a Linux box as router (the "default gateway" for your work LAN's computers), running iptables on it. There are quite a few firewall scripts, some are provided by SuSE, but I'm not familiar with these. It sounds like you don't know yet what you really need, and it's difficult to be of any help in that respect, as it requires intimate knowledge of your networking situation. There are some excellent docs out there, which you could use to get an overview: http://www.netfilter.org see the documentation section, maybe first c few tutorials, the networking howto and then the packet filtering howto. http://www.tldp.org/HOWTO/Firewall-HOWTO.html is a bit outdated (doesn't know about iptables), but it gets you started with Firewall concepts. The Linux kernel is the most fexible, capable and amazing tool for all things concerning IP networking, but this also means that you need to know exactly what you want in the first place ;-) Ciao, Roland +---------------------------+-------------------------+ | TU Muenchen | | | Physik-Department E18 | Raum 3558 | | James-Franck-Str. | Telefon 089/289-12592 | | 85747 Garching | | +---------------------------+-------------------------+ "If you think NT is the answer, you didn't understand the question." - Paul Stephens
Actully, I know I need a bridge, I'm just not sure how to make thw kernel do it. See, this is my problem. At work, we have a large LAN, with many macitosh & windows pc's. Many of the computers, we do not have access to, such as our servers & salesmans notebooks. Yet they need to be secure, but I can't configure them. Bad situation, but thats the way it is. I was going to wait till I learned this, & take my time. Some jerk has hacked our NT rips twice this week, dropping trojans, virus's etc. Really a mess, so now I'm working against time. So I figure a bridge w/iptables is the answer to my problems. I can place my little p1-200mhz in & were golden. I just need to know exactly how to get my suse 8.1install kernel to bridge. I can set the iprables up from there. Thanks, -Trey
Hi! I think you should use your own compiled kernel. You know the machine you are going to install, so take a piece of paper and write down all information about your system. Than compile the kernel sources, but use the settings needed for bridging and netfilter / iptables (see the Howto) - and disable module support. http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html/ Ethernet-Bridge-netfilter-HOWTO-html.tar.gz Good luck, CU Lars. -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
participants (4)
-
Lars Grobe -
Richard -
Roland Kuhn -
Trey