Firewall Wizards mailing list archives

RE: Linux firewall options

From: "O'Shea, Dave" <dave.oshea () wilcom com>
Date: Fri, 14 Jan 2000 09:27:57 -0600

A couple good places to start are Red Hat's site (www.redhat.com) as well as
my favorite "wads 'o' software" site, (www.freshmeat.net). That'll at least
give you a good idea of what's out and what's changing.

One of the drawbacks to Linux right now is the lack of a real NAT (network
address translation) module. There are two efforts ongoing that have had
some success, but for my money, I'd wait until the 2.4 kernel is out with
stable, built-in code. 

As an example of a firewall supporting a moderate-size office, a box with
three interfaces (inside, outside, DMZ) can work well. Ipchains supports all
your rulesets and address masquerading (users inside are on RFC1918
addresses) and the DMZ gets a pool of "real" addresses. Squid provides a
good access logging (and filtering, if needed) tool. 

I like hiding internal DNS data from the outside world, so a firewall is a
good place to put a stripped-down name service that only references your web
server, mail server, and name servers. 

Last, many organizations that are using Exchange could take advantage of a
stripped-down Sendmail gateway to at least block spam relaying, and isolate
the corporate mail database from actual Internet contact.



Dave O'Shea
Manager, Service Development - National Technical Resource Center
Williams Communications Solutions
713-307-6760(v) 713-307-6046(f) dave.oshea () wilcom com
"Do I look like a spokesman?"

 -----Original Message-----
From:   Mayne, Peter [mailto:Peter.Mayne () compaq com] 
Sent:   Tuesday, January 11, 2000 7:05 PM
To:     firewall-wizards () nfr net
Subject:        Linux firewall options

Given Linux (say RedHat 6.0 or greater) as a base, what options are
available to build firewalls? Is there a "Linux firewalls" site somewhere?

ipchains is an obvious place to start for basic packet filtering
functionality, but I'd prefer something more substantial. I could use Apache
or Squid (depending on circumstances) as a Web proxy, for instance.

I don't think FWTK can be used in a commercial environment because of the
license restrictions. Is there something similar out there that is otherwise
usable?

I realise this is a "how long is a piece of string?" type question, but
there must be different packages, freeware, shareware, open source,
commercial, etc suitable for different uses.

PJDM
----
Peter Mayne, Compaq Computer Australia, Canberra, ACT
These are my opinions, and have nothing to do with Compaq.
"The wise man knows that he knows nothing." - Bill. "That's us, dude!" -
Ted.

Current thread:

Linux firewall options Mayne, Peter (Jan 13)
- Re: Linux firewall options Carric Dooley (Jan 16)
- Re: Linux firewall options Joseph S D Yao (Jan 24)
  - Re: Linux firewall options Mark Holloway (Jan 26)
  - RE: Linux firewall options Kurt Buff (Jan 27)
- <Possible follow-ups>
- RE: Linux firewall options jussi . jaakonaho (Jan 15)
- RE: Linux firewall options O'Shea, Dave (Jan 15)
  - Re: Linux firewall options Doug Fajardo (Jan 17)
- RE: Linux firewall options Moore, James (Jan 16)
- RE: Linux firewall options Neal Human (Jan 26)