dear firewall gurus,
for my testlab i'm looking for a (linux) firewall to create a dmz. i have a
few unused intel-boxes. maybe i can use them to build a dedicated
firewall-appliance. any suggestions. it's doesn't matter if its free :-))
thanx alot
tim
tim moor wrote:
> dear firewall gurus,
> for my testlab i'm looking for a (linux) firewall to create a dmz. i
> have a few unused intel-boxes. maybe i can use them to build a dedicated
> firewall-appliance. any suggestions. it's doesn't matter if its free :-))
>
> thanx alot
> tim
>
>
ipcop.org
--
Niels
On 2006-11-24, tim moor
> for my testlab i'm looking for a (linux) firewall to create a dmz. i have a
Not really linux, but maybe worth a look:
http://m0n0.ch/wall/
Uli
--
"Ich hasse *nix - es gibt immer schon eine Loesung und sie ist immer
furchtbar!"
tim moor
> for my testlab i'm looking for a (linux) firewall to create a dmz. i
> have a few unused intel-boxes. maybe i can use them to build a
> dedicated firewall-appliance. any suggestions.
What kind of DMZ do you want to build? There are two basic setups for a
DMZ:
WAN --- Firewall_1 --- DMZ --- Firewall_2 --- LAN
WAN --- Firewall --- LAN
|
DMZ
On the firewall(s) you need a packet filter. In the case of Linux you'd
use netfilter (the packet filter included into the Linux kernel). For
tutorials on netfilter see [1,2]. Basically you allow these connections
on your firewall(s):
WAN -> DMZ allow
WAN -> LAN deny
DMZ -> WAN allow
DMZ -> LAN deny
LAN -> DMZ allow
LAN -> WAN allow/deny depending on your policy
Traffic related to the above connections: allow
These very basic DMZ setups can be enhanced/modified in many different
ways, e.g. by adding layer7-filtering [3] to the firewalls, putting
proxies (e.g. Squid [4]) into the DMZ, setting up bastion hosts, etc.
However, the matter is far too complex to cover more than the very
basics in one newsgroup post. I suggest you read a good book on
firewalls (e.g. [5]) to get you started.
[1] http://www.netfilter.org/
[2] http://www.frozentux.net/
[3] http://l7-filter.sourceforge.net/index.en
[4] http://www.squid-cache.org/
[5] http://www.oreilly.com/catalog/fire2/
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
> dear firewall gurus,
> for my testlab i'm looking for a (linux) firewall to create a dmz. i have
> a few unused intel-boxes. maybe i can use them to build a dedicated
> firewall-appliance. any suggestions. it's doesn't matter if its free :-))
>
> thanx alot
> tim
http://www.zeroshell.net/eng/ is a small Linux distribution (live cd or
compactflash image). It has a SPI and packet filter image. It supports
captive portal to authenticate the users by using a web browser and radius
server too.
Hi Tim
Here is one more:
http://www.devil-linux.org/home/index.php
It is a very small secure linux (no GUI or something) and works on very old machines too. I love it.
On Fri, 24 Nov 2006 08:36:24 +0100
"tim moor"
> dear firewall gurus,
> for my testlab i'm looking for a (linux) firewall to create a dmz. i have a
> few unused intel-boxes. maybe i can use them to build a dedicated
> firewall-appliance. any suggestions. it's doesn't matter if its free :-))
>
> thanx alot
> tim
>
>
--
Andreas Baumgartner
Linux version 2.6.17-5mdv (rtp@octopus.mandriva.com) (gcc version 4.1.1 20060724 (prerelease) (4.1.1-3mdk)) #1 SMP Wed Sep 13 14:32:31 EDT 2006
http://www.unix.org/license-plate.html
tim moor wrote:
> dear firewall gurus,
> for my testlab i'm looking for a (linux) firewall to create a dmz. i
> have a few unused intel-boxes. maybe i can use them to build a dedicated
> firewall-appliance. any suggestions. it's doesn't matter if its free :-))
I thought there was only one worth considering!
;^)
http://leaf.sourceforge.net/bering-uclibc/
Fantastic support on the mailing list as well.
Jim Ford
On Fri, 24 Nov 2006 08:36:24 +0100, tim moor wrote:
> dear firewall gurus,
> for my testlab i'm looking for a (linux) firewall to create a dmz. i have a
> few unused intel-boxes. maybe i can use them to build a dedicated
> firewall-appliance. any suggestions. it's doesn't matter if its free :-))
>
> thanx alot
> tim
at the risk of getting flamed, i recommend openbsd for a litewgt firewall.
its firewall, pf, is imho easy to set up and get going. and the
documentation for it is second to none, again imho.
tim moor skrev:
> dear firewall gurus,
> for my testlab i'm looking for a (linux) firewall to create a dmz. i
> have a few unused intel-boxes. maybe i can use them to build a dedicated
> firewall-appliance. any suggestions. it's doesn't matter if its free :-))
>
> thanx alot
> tim
>
>
http://distrowatch.com/dwres.php?resource=firewalls
/Anders
On Sun, 26 Nov 2006, in the Usenet newsgroup comp.security.firewalls, in article
>tim moor wrote:
>> for my testlab i'm looking for a (linux) firewall to create a dmz. i
>> have a few unused intel-boxes. maybe i can use them to build a dedicated
>> firewall-appliance. any suggestions. it's doesn't matter if its free :-))
>
>I thought there was only one worth considering!
opinion: o-pinyun noun 1: belief 2: judgment 3: formal statement
by an individual
>http://leaf.sourceforge.net/bering-uclibc/
>
>Fantastic support on the mailing list as well.
Yeah, but it's only one of many that are available. I've tried over
twenty, and the biggest differences were the user interface. Personally,
I'm using a stripped kernel and simple script which is more versatile
though admittedly requiring more skill. Hit http://www.distrowatch.com
and see what interests you.
Old guy
If you are looking for a GOOD firewall go to this site:
www.astaro.con
Nuf said...
"Anders"
news:p1Cah.24541$E02.10077@newsb.telia.net...
> tim moor skrev:
>> dear firewall gurus,
>> for my testlab i'm looking for a (linux) firewall to create a dmz. i have
>> a few unused intel-boxes. maybe i can use them to build a dedicated
>> firewall-appliance. any suggestions. it's doesn't matter if its free :-))
>>
>> thanx alot
>> tim
>>
>>
>
> http://distrowatch.com/dwres.php?resource=firewalls
>
> /Anders
News
> "Anders"
>> tim moor skrev:
>>> dear firewall gurus,
>>> for my testlab i'm looking for a (linux) firewall to create a dmz. i
>>> have a few unused intel-boxes. maybe i can use them to build a
>>> dedicated firewall-appliance. any suggestions. it's doesn't matter
>>> if its free :-))
>>
>> http://distrowatch.com/dwres.php?resource=firewalls
>
> If you are looking for a GOOD firewall go to this site:
>
> www.astaro.con
So, why do you believe other firewalls (esp. custom-made firewalls
running Linux) are not good? What exactly makes Astaro better? Besides,
why do you believe that the products of this company come even close to
the OP's requirements ("build a linux-based firewall w/ DMZ on a few
unused Intel-boxes")?
> Nuf said...
Nope. Not even remotely.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich