Well i'm finally going to get high speed internet in the next few months. But i have a few questions... I'd like to turn one of my old computers into a dedicated firewall, would smoothwall or the SuSE firewall be a better choice? The computer is a old piece of ... 100 Mhz pentium, 96 MB, 2 whopping 1g hardrives ... will this be sufficient?. I take it that it needs two nics, right? (Modem to firewall, firewall to router) Is Lynksys a good choice for a router? Any specific model? Is the setup modem > firewall > router > computer land ? Any faqs or how tos I should read? TIA -- Franklin Maurer Using SuSE 8.2 Pro
On Mon, 22 Sep 2003 18:00:35 -0400 Franklin Maurer <nebbish@sprynet.com> wrote:
Well i'm finally going to get high speed internet in the next few months. But i have a few questions...
You'll never regret it! :)
I'd like to turn one of my old computers into a dedicated firewall, would smoothwall or the SuSE firewall be a better choice?
I would recommend actually learning iptables from hand. On your firewall box, you will not want to install X or development tools such as gcc. I just have a bootup script that sets up a simple firewall. Block all incoming traffic except for the few ports where I actually run services (FTP, SSH, SMTP, etc).
The computer is a old piece of ... 100 Mhz pentium, 96 MB, 2 whopping 1g hardrives ... will this be sufficient?.
I have a 486 with 32 MB and 1 GB drive. It actually runs Debian though because I really like their network install. :( But it's been up most of the summer just doing it's thing. It's amazing watching the logs to see all the stuff it blocks.
I take it that it needs two nics, right? (Modem to firewall, firewall to router)
Yup, if you want to do something more fancy like a DMZ, you'll need three, but two will do it. ifconfig can help you set them up, also make sure you check your routing tables.
Is Lynksys a good choice for a router? Any specific model?
I'm a Netgear person myself, but I think Linksys is pretty much on par with Netgear.
Is the setup modem > firewall > router > computer land ?
Yeah, mine is cablemodem -> firewall nic1 -> firewall nic2 -> netgear router -> computers
Any faqs or how tos I should read?
Search google for some beginning iptables documents, even if you use smoothwall or SuSEFirewall2 you'll want to at least understand the underlying technology. (IPtables is included by default in 2.4 linux kernels). If you're looking for a good book to start with firewalls, I recommend Building Secure Servers with Linux by Matt Mauer. If you are running servers you'll also probably want to look at NAT (Network Address Translation), which is supported by IPtables. Have fun, Josh
----- Original Message ----- From: "Franklin Maurer" <nebbish@sprynet.com> To: <suse-linux-e@suse.com> Sent: Monday, September 22, 2003 5:00 PM Subject: [SLE] Cable internet questions
Well i'm finally going to get high speed internet in the next few months. But i have a few questions...
I'd like to turn one of my old computers into a dedicated firewall, would smoothwall or the SuSE firewall be a better choice?
The computer is a old piece of ... 100 Mhz pentium, 96 MB, 2 whopping 1g hardrives ... will this be sufficient?. smoothwall would probably be better, needs less memory than suse
I take it that it needs two nics, right? (Modem to firewall, firewall to router)
yes, check the HCL from smoothwall for supported NICs.
Is Lynksys a good choice for a router? Any specific model?
it's decent, see what's on sale.....netgear, linksys, dlink....all cheap routers for home use. Not the best, but suite their markets...
Is the setup modem > firewall > router > computer land ?
i thought you'd expect ....ISP modem>linux firewall>switch>computers If you get a good switch, you don't need the router (linux is taking care of router functions), unless I'm not understanding this correctly?
Any faqs or how tos I should read?
TIA
-- Franklin Maurer Using SuSE 8.2 Pro
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Monday 22 September 2003 6:54 pm, pheonix1t wrote: Thanks to phoenix1t, Josh , Tom and Bruce for their replies ... <snipped>
smoothwall would probably be better, needs less memory than suse
I take it that it needs two nics, right? (Modem to firewall, firewall to router)
yes, check the HCL from smoothwall for supported NICs.
I'll check out smoothwall and see what it can do. As Bruce mentioned (in a later post) having a linux firewall is probably overkill, so this will be more of a learning experience / toy than a necessity.
Is the setup modem > firewall > router > computer land ?
i thought you'd expect ....ISP modem>linux firewall>switch>computers If you get a good switch, you don't need the router (linux is taking care of router functions), unless I'm not understanding this correctly?
This is still in the dreaming period of planning. I have a small LAN connected through a hub, with 1 main computer, 2 old PCs, an old Mac and hopefully apple's new g5. I'd like for all of them to have cable access. I know the definitions of router and switch but haven't actually configured either. I'm also poor and I thought switches were more expensive than routers.In fact I'm only getting the internet access because it will come through my job at Comcast. If you could point out some good info for the right time to use a switch versus a router I'd appreciate it. Or how to have linux take care of the routing info. TIA -- Franklin Maurer Using SuSE 8.2 Pro
On Monday, September 22, 2003, at 09:52 PM, Franklin Maurer wrote:
On Monday 22 September 2003 6:54 pm, pheonix1t wrote:
Thanks to phoenix1t, Josh , Tom and Bruce for their replies ...
<snipped>
/snip/
I know the definitions of router and switch but haven't actually configured either. I'm also poor and I thought switches were more expensive than routers.In fact I'm only getting the internet access because it will come through my job at Comcast.
If you could point out some good info for the right time to use a switch versus a router I'd appreciate it.
Or how to have linux take care of the routing info.
TIA
Just a note on the home made router, there are lots of pre-stipped linux based router/firewall packages. Usually take between 300 and 500mb and 32meg of ram. Clarkconnect is the only one that comes to mind right now. Switch v. Router. I haven't noticed much difference in the two personally, but I understand that the more traffic you have the more you want a switch. Switches direct traffic to a specific machine and routers just route them along to all the machines. Thus increasing network traffic. Here's some links to help sort it out. http://compnetworking.about.com/cs/internetworking/ http://handsonhowto.com/lan102.html Here's some simple explainations. Good luck. You'll have lots of fun. will
On Monday 22 September 2003 18:00 pm, Franklin Maurer wrote:
Well i'm finally going to get high speed internet in the next few months. But i have a few questions...
I'd like to turn one of my old computers into a dedicated firewall, would smoothwall or the SuSE firewall be a better choice?
The computer is a old piece of ... 100 Mhz pentium, 96 MB, 2 whopping 1g hardrives ... will this be sufficient?.
I take it that it needs two nics, right? (Modem to firewall, firewall to router)
Is Lynksys a good choice for a router? Any specific model?
Some may disagree with this but I think if you get the right router (I had a Linksys) and one with a few ports on it, you won't need to use that extra computer. I found that the firewall capabilities of the Linksys router were as good or better than anything linux could provide. And it also provided port forwarding and a lot of other goodies. I started out with a dual-nic linux box, but ended up plugging everything into the router... so I've seen it done both ways.
Is the setup modem > firewall > router > computer land ?
Any faqs or how tos I should read?
TIA
-- Franklin Maurer Using SuSE 8.2 Pro
-- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 09/22/03 20:15 + +----------------------------------------------------------------------------+ "The fish that escaped is the big one."
On Mon, Sep 22, 2003 at 06:00:35PM -0400, Franklin Maurer wrote:
Well i'm finally going to get high speed internet in the next few months. But i have a few questions...
Congrats :)
I'd like to turn one of my old computers into a dedicated firewall, would smoothwall or the SuSE firewall be a better choice?
Just thought I should mention it: LEAF/Bering (Shorewall) http://leaf.sourceforge.net/mod.php?mod=userpage&menu=904&page_id=21 Boots off floppy or CD and lives in a ramdisk. Very nifty. I've never heard of any of these systems being 'rooted', but the ability to write protect the floppy (which is impossible with harddisks) gives me peace of mind. In that booting the machine *guarantees* that you get back to a known state. Lots of packages exist for LEAF, including f.x. ssh/shhd so you can access your fw securely from the net (which is my main reason to shun firewall-in-a-box solutions, since they all AFAIK use http/telnet with no possibility of encryption, which means you'll be transporting your root password in clear text... <brrr>)
The computer is a old piece of ... 100 Mhz pentium, 96 MB, 2 whopping 1g hardrives ... will this be sufficient?.
More than adequate. With LEAF you wouldn't need the disks, so you could save some power (and reduce noise) by ditching them. Alternatively (I'm building a machine like this ATM) one can use the disks as a logging 'archive', and spin them down with hdparm -Y when they're not in use. <rest snipped> Lots of goodies by other people on the rest. <goes back to lurking> HTH Jon Clausen -- Whatever rocks your boat!
participants (6)
-
Bruce Marshall
-
Franklin Maurer
-
Jon Clausen
-
Josh Trutwin
-
pheonix1t
-
will