Advice for setting up a firewall - Networking

This is a discussion on Advice for setting up a firewall - Networking ; Hi all, I'm looking into setting up an old PC I have sitting around as a Linux firewall. I need advice on which distro I should use and what software, as well as any helpful tutorials. Oh, and tell me ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Advice for setting up a firewall

  1. Advice for setting up a firewall

    Hi all,

    I'm looking into setting up an old PC I have sitting around as a Linux
    firewall. I need advice on which distro I should use and what
    software, as well as any helpful tutorials.

    Oh, and tell me this: Will running a firewall have any impact on the
    practical speed of my internet connection?

    Thanks!

  2. Re: Advice for setting up a firewall

    LinuxMercedes wrote:
    > Hi all,
    >
    > I'm looking into setting up an old PC I have sitting around as a Linux
    > firewall. I need advice on which distro I should use and what
    > software, as well as any helpful tutorials.
    >
    > Oh, and tell me this: Will running a firewall have any impact on the
    > practical speed of my internet connection?
    >
    > Thanks!


    Try ipcop - an excellent distribution for making
    firewalls out of old PCs.

    Unless the PC is really old, it shouldn't affect your internet
    connection speed.

    Robert

  3. Re: Advice for setting up a firewall

    On Sat, 31 May 2008, in the Usenet newsgroup comp.os.linux.networking, in
    article <2cb694fe-004f-4265-9b49-88f7324a574a@m45g2000hsb.googlegroups.com>,
    LinuxMercedes wrote:

    NOTE: Posting from groups.google.com (or some web-forums) dramatically
    reduces the chance of your post being seen. Find a real news server.

    >I'm looking into setting up an old PC I have sitting around as a Linux
    >firewall. I need advice on which distro I should use and what
    >software, as well as any helpful tutorials.


    Which distro to use - that's like asking which car to drive, which beer
    to drink, or which ice-cream to eat. If one were superior, why are there
    so many choices?

    [compton ~]$ whatis taste
    taste: nothing appropriate
    [compton ~]$

    85509 Aug 20 2001 Firewall-HOWTO
    42743 Nov 24 2001 Firewall-Piercing
    40490 Jun 22 2000 Home-Network-mini-HOWTO
    708351 Nov 14 2005 IP-Masquerade-HOWTO
    17605 Jul 21 2004 Masquerading-Simple-HOWTO
    203891 Sep 29 2004 NET3-4-HOWTO
    45604 Apr 18 2006 Networking-Overview-HOWTO
    155096 Jan 23 2004 Security-HOWTO
    278012 Jul 23 2002 Security-Quickstart-HOWTO
    287057 Jul 23 2002 Security-Quickstart-Redhat-HOWTO
    71776 Nov 28 21:45 Unix-and-Internet-Fundamentals-HOWTO

    That's without using the many toy tools that are available to set up a
    firewall. Common sense should suggest that the less crap you have
    running on the firewall box, the less there is to exploit. My
    firewall is the remains of an ancient lap-top (386-SX16, 8 Megs of
    RAM, no keyboard, no display) - needless to say, it's not running
    some eye-candy GUI, as no one should be logging in to it.

    >Oh, and tell me this: Will running a firewall have any impact on the
    >practical speed of my internet connection?


    You're posting from a PPPoX link - assuming this is a personal setup
    (mainly surfing, email, rather than running a business from home), and
    that your firewall rules are not ridiculous, anything faster than a
    Pentium 66 with PCI bus shouldn't have an impact. The exception is if
    you are using some service that wants AUTH/IDENT and you are dropping
    port 113 rather than rejecting it - but that's no different than setting
    a personal firewall on your PC.

    Old guy

  4. Re: Advice for setting up a firewall

    On Jun 1, 4:50*pm, ibupro...@painkiller.example.tld (Moe Trin) wrote:
    > On Sat, 31 May 2008, in the Usenet newsgroup comp.os.linux.networking, in
    > article <2cb694fe-004f-4265-9b49-88f7324a5...@m45g2000hsb.googlegroups.com>,
    >
    > LinuxMercedes wrote:
    >
    > NOTE: Posting from groups.google.com (or some web-forums) dramatically
    > reduces the chance of your post being seen. *Find a real news server.
    >
    > >I'm looking into setting up an old PC I have sitting around as a Linux
    > >firewall. *I need advice on which distro I should use and what
    > >software, as well as any helpful tutorials.

    >
    > Which distro to use - that's like asking which car to drive, which beer
    > to drink, or which ice-cream to eat. *If one were superior, why are there
    > so many choices?
    >
    > [compton ~]$ whatis taste
    > taste: nothing appropriate
    > [compton ~]$
    >
    > * * * *85509 Aug 20 *2001 Firewall-HOWTO
    > * * * *42743 Nov 24 *2001 Firewall-Piercing
    > * * * *40490 Jun 22 *2000 Home-Network-mini-HOWTO
    > * * * 708351 Nov 14 *2005 IP-Masquerade-HOWTO
    > * * * *17605 Jul 21 *2004 Masquerading-Simple-HOWTO
    > * * * 203891 Sep 29 *2004 NET3-4-HOWTO
    > * * * *45604 Apr 18 *2006 Networking-Overview-HOWTO
    > * * * 155096 Jan 23 *2004 Security-HOWTO
    > * * * 278012 Jul 23 *2002 Security-Quickstart-HOWTO
    > * * * 287057 Jul 23 *2002 Security-Quickstart-Redhat-HOWTO
    > * * * *71776 Nov 28 21:45 Unix-and-Internet-Fundamentals-HOWTO
    >
    > That's without using the many toy tools that are available to set up a
    > firewall. *Common sense should suggest that the less crap you have
    > running on the firewall box, the less there is to exploit. * My
    > firewall is the remains of an ancient lap-top (386-SX16, 8 Megs of
    > RAM, no keyboard, no display) - needless to say, it's not running
    > some eye-candy GUI, as no one should be logging in to it.
    >
    > >Oh, and tell me this: Will running a firewall have any impact on the
    > >practical speed of my internet connection?

    >
    > You're posting from a PPPoX link - assuming this is a personal setup
    > (mainly surfing, email, rather than running a business from home), and
    > that your firewall rules are not ridiculous, anything faster than a
    > Pentium 66 with PCI bus shouldn't have an impact. The exception is if
    > you are using some service that wants AUTH/IDENT and you are dropping
    > port 113 rather than rejecting it - but that's no different than setting
    > a personal firewall on your PC.

    I actually am running a webserver on this connection; hence the need
    for a better firewall
    >
    > * * * * Old guy



  5. Re: Advice for setting up a firewall

    On Sun, 1 Jun 2008, in the Usenet newsgroup comp.os.linux.networking, in
    article <60163249-1223-4e59-aac3-c71dabe1c16b@8g2000hse.googlegroups.com>,
    LinuxMercedes wrote:

    NOTE: Posting from groups.google.com (or some web-forums) dramatically
    reduces the chance of your post being seen. Find a real news server.

    >ibupro...@painkiller.example.tld (Moe Trin) wrote:


    >> You're posting from a PPPoX link - assuming this is a personal setup
    >> (mainly surfing, email, rather than running a business from home), and
    >> that your firewall rules are not ridiculous, anything faster than a
    >> Pentium 66 with PCI bus shouldn't have an impact.


    >I actually am running a webserver on this connection; hence the need
    >for a better firewall


    This probably means you are masquerading the webserver. As such, you
    have to provide a forwarding rule so that people connecting to
    Your.Public.IP.Addr port 80 have their packets silently forwarded to
    the web server, possibly located on 192.168.1.5. Replies from your
    server are automagically routed back. But if someone tries to connect
    to another port - say port 70 - those packets will be rejected/dropped
    unless you have set up a rule to forward those packets somewhere else
    (or you have made the mistake of running some server listening to that
    port on the firewall). Thus, running a web server isn't likely to
    have any significant impact on the firewall performance. Protecting
    the web server is something done on the web server itself, making sure
    that it's not the typical walking disaster area - one need only look at
    the Bugtraq mailing list to see the problems often encountered there.
    The only "protection" the firewall may provide is blocking access to
    IP address ranges you may designate.

    Old guy

  6. Re: Advice for setting up a firewall

    On May 31, 11:39 pm, LinuxMercedes wrote:
    > Hi all,
    >
    > I'm looking into setting up an old PC I have sitting around as a Linux
    > firewall. I need advice on which distro I should use and what
    > software, as well as any helpful tutorials.
    >
    > Oh, and tell me this: Will running a firewall have any impact on the
    > practical speed of my internet connection?
    >
    > Thanks!


    I've had some experience running the Squid proxy/cache on an old
    FreeBSD box. It has been a rock-solid system.

    http://www.freebsd.org/
    http://www.squid-cache.org/

+ Reply to Thread