On Mon, 22 Sep 2003 18:00:35 -0400 Franklin Maurer <nebbish@sprynet.com> wrote:
Well i'm finally going to get high speed internet in the next few months. But i have a few questions...
You'll never regret it! :)
I'd like to turn one of my old computers into a dedicated firewall, would smoothwall or the SuSE firewall be a better choice?
I would recommend actually learning iptables from hand. On your firewall box, you will not want to install X or development tools such as gcc. I just have a bootup script that sets up a simple firewall. Block all incoming traffic except for the few ports where I actually run services (FTP, SSH, SMTP, etc).
The computer is a old piece of ... 100 Mhz pentium, 96 MB, 2 whopping 1g hardrives ... will this be sufficient?.
I have a 486 with 32 MB and 1 GB drive. It actually runs Debian though because I really like their network install. :( But it's been up most of the summer just doing it's thing. It's amazing watching the logs to see all the stuff it blocks.
I take it that it needs two nics, right? (Modem to firewall, firewall to router)
Yup, if you want to do something more fancy like a DMZ, you'll need three, but two will do it. ifconfig can help you set them up, also make sure you check your routing tables.
Is Lynksys a good choice for a router? Any specific model?
I'm a Netgear person myself, but I think Linksys is pretty much on par with Netgear.
Is the setup modem > firewall > router > computer land ?
Yeah, mine is cablemodem -> firewall nic1 -> firewall nic2 -> netgear router -> computers
Any faqs or how tos I should read?
Search google for some beginning iptables documents, even if you use smoothwall or SuSEFirewall2 you'll want to at least understand the underlying technology. (IPtables is included by default in 2.4 linux kernels). If you're looking for a good book to start with firewalls, I recommend Building Secure Servers with Linux by Matt Mauer. If you are running servers you'll also probably want to look at NAT (Network Address Translation), which is supported by IPtables. Have fun, Josh