Firewall Wizards mailing list archives
RE: Linux firewall options
From: "O'Shea, Dave" <dave.oshea () wilcom com>
Date: Fri, 14 Jan 2000 09:27:57 -0600
A couple good places to start are Red Hat's site (www.redhat.com) as well as my favorite "wads 'o' software" site, (www.freshmeat.net). That'll at least give you a good idea of what's out and what's changing. One of the drawbacks to Linux right now is the lack of a real NAT (network address translation) module. There are two efforts ongoing that have had some success, but for my money, I'd wait until the 2.4 kernel is out with stable, built-in code. As an example of a firewall supporting a moderate-size office, a box with three interfaces (inside, outside, DMZ) can work well. Ipchains supports all your rulesets and address masquerading (users inside are on RFC1918 addresses) and the DMZ gets a pool of "real" addresses. Squid provides a good access logging (and filtering, if needed) tool. I like hiding internal DNS data from the outside world, so a firewall is a good place to put a stripped-down name service that only references your web server, mail server, and name servers. Last, many organizations that are using Exchange could take advantage of a stripped-down Sendmail gateway to at least block spam relaying, and isolate the corporate mail database from actual Internet contact. Dave O'Shea Manager, Service Development - National Technical Resource Center Williams Communications Solutions 713-307-6760(v) 713-307-6046(f) dave.oshea () wilcom com "Do I look like a spokesman?" -----Original Message----- From: Mayne, Peter [mailto:Peter.Mayne () compaq com] Sent: Tuesday, January 11, 2000 7:05 PM To: firewall-wizards () nfr net Subject: Linux firewall options Given Linux (say RedHat 6.0 or greater) as a base, what options are available to build firewalls? Is there a "Linux firewalls" site somewhere? ipchains is an obvious place to start for basic packet filtering functionality, but I'd prefer something more substantial. I could use Apache or Squid (depending on circumstances) as a Web proxy, for instance. I don't think FWTK can be used in a commercial environment because of the license restrictions. Is there something similar out there that is otherwise usable? I realise this is a "how long is a piece of string?" type question, but there must be different packages, freeware, shareware, open source, commercial, etc suitable for different uses. PJDM ---- Peter Mayne, Compaq Computer Australia, Canberra, ACT These are my opinions, and have nothing to do with Compaq. "The wise man knows that he knows nothing." - Bill. "That's us, dude!" - Ted.
Current thread:
- Linux firewall options Mayne, Peter (Jan 13)
- Re: Linux firewall options Carric Dooley (Jan 16)
- Re: Linux firewall options Joseph S D Yao (Jan 24)
- Re: Linux firewall options Mark Holloway (Jan 26)
- RE: Linux firewall options Kurt Buff (Jan 27)
- <Possible follow-ups>
- RE: Linux firewall options jussi . jaakonaho (Jan 15)
- RE: Linux firewall options O'Shea, Dave (Jan 15)
- Re: Linux firewall options Doug Fajardo (Jan 17)
- RE: Linux firewall options Moore, James (Jan 16)
- RE: Linux firewall options Neal Human (Jan 26)