Firewalling as an introductory Linux topic

[Tom Achtenberg]

One of the really nice things about using the e-Smith as a firewall is you
do not need to know all this to set it up.  Simply insert and boot from the
CD.  Only a few set up questions like verifying the NIC's that are found and
the rest is done automatically.  When I tested it at some of the sites that
test security it came back very secure.

Tom

----- Original Message -----
Date: Sat, 4 May 2002 01:35:42 -0700
From: "Robert A. Klahn" <robert_a_klahn@fastmail.fm>
To: plug-discuss@lists.plug.phoenix.az.us
Subject: Firewalling as an introductory Linux topic (was: Re: PLUG-discuss
digest, Vol 1 #2205 - 2 msgs)
Reply-To: plug-discuss@lists.plug.phoenix.az.us

Mike (and the list):

This is probably not the answer you really want, but I'm just going to be a
tad honest here.

Your easiest path, as a self-described newbie, is to probably go out and
just buy that Linksys router/firewall. It should work, and will probably
suit your needs just fine.

Firewalling is a somewhat advanced topic, and might not be a suitable place
to start to learn about Linux. I'm not saying that it cant be done, many
people have used Linux to do exactly what you are trying to do, but it
requires a background in both UNIX and Networking that the typical newbie to
Linux just does not have.

If you do attempt to set up the Linux box as a firewall, which I still
encourage you to do so, you will learn a LOT about Linux and Networking.
This might be useful to you, but it will not happen quickly, expect to
devote about 3-4 weeks to setting your box up to do this, between hacking
around on the box, reading HOWTOs, and waiting for replies on the list.

If you do choose to go forward with this, there are a lot of people on this
list, including myself, more than willing to give you a hand, and show the
way.

For starters:

The answer to your "How do I set up eth1?" question is in Chapter 12 of the
Red Hat Linux Reference Guide, _Network Scripts_ at
http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/ref-guide/ch-network
scripts.html. The short answer is, as root, run "redhat-config-network", but
you really should read and understand this chapter.

You should read Chapter 18 in the Red Hat Linux Reference Guide _Firewalling
with iptables_
http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/ref-guide/ch-iptable
s.html . This does not have everything you need, but to set up the firewall
you are going to need to understand most everything in this chapter. You
will need to focus on _iptables_, _ipchains_ is an older firewalling
implementation, and as someone running a 2.4 kernel, you don't really need
to know about _ipchains_ except, perhaps, as a historical reference.

The Netfilter site http://netfilter.samba.org/ has a lot of useful
information on Linux Firewalling and Networking in general. The Networking
Concepts HOWTO provides a good introduction to Networking in general, if you
understand firewalling already, you probably don't need to cover this, but
here it is anyways:
http://netfilter.samba.org/documentation/HOWTO//networking-concepts-HOWTO.ht
ml

The NAT Howto http://netfilter.samba.org/documentation/HOWTO//NAT-HOWTO.html
covers the topic of Network Address Translation, which you are going to need
to understand to get packets from your eth1 network to your eth0 network,
and vice versa.

Despite the fact that these pages live at samba.org, you are not going to
have to install Samba to get this to work. In fact, the advice that someone
else gave before, that (and Im paraphrasing here) a Firewall should be
nothing but a Firewall is very prudent advice.

Good Luck.

Bob.




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.351 / Virus Database: 197 - Release Date: 4/20/2002