Newbie firewall/masqarade/proxy confusion
Dave Chacko
dave@chacko.org
Tue, 1 Aug 2000 08:32:34 -0700
This is a multi-part message in MIME format.
------=_NextPart_000_011F_01BFFB93.0A4B3B10
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Alan,
Another easily configurable firewall/masquerade solution would be =
Pmfirewall available from ftp.pointman.org or www.pointman.org . This =
script configures ipchains for you with only a few question, and will =
run magnificently on linux. It can also be custom configured by an =
experienced user that wants a more custom firewall.
Dave Chacko
>Date: Mon, 31 Jul 2000 22:25:13 -0700
>From: Doug Winterburn <doug@winterburn.net>
>Reply-To: doug@winterburn.net
>To: plug-discuss@lists.PLUG.phoenix.az.us
>Subject: Re: Newbie firewall/masqarade/proxy confusion
>Reply-To: plug-discuss@lists.PLUG.phoenix.az.us
>
>Alan,
>
>I'm doing exactly what you want to do. My ISP is Sprint Broadband
>(formerly Speedchoice).
>
>First, you have picked the appropiate hardware - a 486 makes a great
>router/firewall/server. You will want two NICs in it. One should be a
>10MB/sec to connect to the DSL external modem, and the other will be to
>connect to your internal network and can be a 10MB, 10/100 or 100,
>depending on what you think you need internally. I have gotten by
>rather well with cheapo ($10/NIC) Dlink, Linksys, SMC, etc NICs. 10MB
>has been entirely sufficient for me and I have 8 machines on the
>internal network. I've found that the plain old NE2000 compatible NICs
>are easily supported, but you may have to manually configure if you =
only
>have an ISA bus. Also, an 8 port rj45, 1 port bnc hub can be had for
>about $40 if you for a 10MB internal network.
>
>I also run RH 6.2. your firewall will consist of a startup script
>(calling ipchains many times) to do packet filtering and masquerading,
>and possibly a tcpwrappers config file set as a second level of
>protection. I set up my firewall script from the following site:
>
>http://linux-firewall-tools.com/linux/firewall/index.html
>
>The two tcpwrapper scripts you need could look like:
>
>/etc/hosts.deny
>-------------
>
>ALL : ALL
>
>/etc/hosts.allow
>--------------
>
>ALL : 192.168.1.0/255.255.255.0 127.0.0.1
>
>Assuming your internal network is 192.168.1.x, the above two files will
>allow any connections from your internal network to inet daemons, but
>will prevent any other access to those daemons.
>
>You will also need to think about whether you want to run an internal
>DNS, web server, sendmail or some other email MTA. Also, you want to
>consider whether you want your internal clients to run pop or imap.=20
>Also, you probably want to get openssh and possibly openssl for secure
>access from the outside. Also, Samba is a must if you have windows
>machines on your internal network, and can be very helpful even if you
>don't. and don't be without Webmin: http://www.webmin.com/webmin/ for
>system administration. With webmin, I run my 486 from a browser - the
>machine has no KB, mouse or terminal.
>
>Definitely, you should apply for your own domain name.
>
>I'm sure I've forgotten many little things. It's so much fun, I can't
>get it all into one email :-)
>
>If you would like to discuss my experiences with all this, don't
>hesitate to email. I can send you sample config files, etc.
>
>-Doug Winterburn
>Date: Mon, 31 Jul 2000 13:07:58 -0700
>To: plug-discuss@lists.plug.phoenix.az.us
>From: "Alan Dayley" <ADayley@adtron.com>
>Subject: Newbie firewall/masqarade/proxy confusion
>Reply-To: plug-discuss@lists.PLUG.phoenix.az.us
>
>I confess to being a MS user for, low, many years. I am now
>coming into the Linux light! It is making computer exciting
>again.
>
>I am scheduled to get DSL with a static IP in a week or two.
>As a first Linux learning experience, I have setup an old 100MHz
>486 PC, 32MB RAM, 1.5GB hard disk space, 2 16-bit Intel network
>cards, VGA, mouse, blah, blah... with RedHat 6.2. X still does
>not work but that is not important now. My intention is to have
>this little PC be a firewall for my other computers to share the
>DSL connection.
>
>My confusion is this: I am finding in my readings that what I
>thought was a firewall maybe something more. I am still trying
>to understand the differences between the terms firewall,
>masqarading, routing and proxy server. Maybe the confusion is
>from the fact that configuring TCP/IP is still a new thing to me
>along with Linux.
>
>What I want to make is my Linux box providing a single "presence"
>to the internet while the workstations "behind" the Linux box can
>surf and do email without being "visible" to the internet. What
>combination of firewall/masqarade/proxy stuff do I need?
>
>Remember, I am a newbie, be kind.
>
>Alan
------=_NextPart_000_011F_01BFFB93.0A4B3B10
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.3103.1000" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Alan,</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Another easily configurable =
firewall/masquerade=20
solution would be Pmfirewall available from <A=20
href=3D"ftp://ftp.pointman.org">ftp.pointman.org</A> or <A=20
href=3D"http://www.pointman.org">www.pointman.org</A> . This script =
configures=20
ipchains for you with only a few question, and will run magnificently on =
linux.=20
It can also be custom configured by an experienced user that wants a =
more custom=20
firewall.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Dave Chacko</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>>Date: Mon, 31 Jul 2000 22:25:13=20
-0700<BR>>From: Doug Winterburn <<A=20
href=3D"mailto:doug@winterburn.net">doug@winterburn.net</A>><BR>>Re=
ply-To:=20
<A =
href=3D"mailto:doug@winterburn.net">doug@winterburn.net</A><BR>>To: =
<A=20
href=3D"mailto:plug-discuss@lists.PLUG.phoenix.az.us">plug-discuss@lists.=
PLUG.phoenix.az.us</A><BR>>Subject:=20
Re: Newbie firewall/masqarade/proxy confusion<BR>>Reply-To: <A=20
href=3D"mailto:plug-discuss@lists.PLUG.phoenix.az.us">plug-discuss@lists.=
PLUG.phoenix.az.us</A><BR>><BR>>Alan,<BR>><BR>>I'm=20
doing exactly what you want to do. My ISP is Sprint=20
Broadband<BR>>(formerly Speedchoice).<BR>><BR>>First, you have =
picked=20
the appropiate hardware - a 486 makes a=20
great<BR>>router/firewall/server. You will want two NICs in =
it. =20
One should be a<BR>>10MB/sec to connect to the DSL external modem, =
and the=20
other will be to<BR>>connect to your internal network and can be a =
10MB,=20
10/100 or 100,<BR>>depending on what you think you need =
internally. I=20
have gotten by<BR>>rather well with cheapo ($10/NIC) Dlink, Linksys, =
SMC, etc=20
NICs. 10MB<BR>>has been entirely sufficient for me and I have 8 =
machines on the<BR>>internal network. I've found that the plain =
old=20
NE2000 compatible NICs<BR>>are easily supported, but you may have to =
manually=20
configure if you only<BR>>have an ISA bus. Also, an 8 port =
rj45, 1 port=20
bnc hub can be had for<BR>>about $40 if you for a 10MB internal=20
network.<BR>><BR>>I also run RH 6.2. your firewall will =
consist of a=20
startup script<BR>>(calling ipchains many times) to do packet =
filtering and=20
masquerading,<BR>>and possibly a tcpwrappers config file set as a =
second=20
level of<BR>>protection. I set up my firewall script from the =
following=20
site:<BR>><BR>><A=20
href=3D"http://linux-firewall-tools.com/linux/firewall/index.html">http:/=
/linux-firewall-tools.com/linux/firewall/index.html</A><BR>><BR>>Th=
e=20
two tcpwrapper scripts you need could look=20
like:<BR>><BR>>/etc/hosts.deny<BR>>-------------<BR>><BR>>=
ALL =20
:=20
ALL<BR>><BR>>/etc/hosts.allow<BR>>--------------<BR>><BR>>=
ALL =20
: 192.168.1.0/255.255.255.0 127.0.0.1<BR>><BR>>Assuming your =
internal=20
network is 192.168.1.x, the above two files will<BR>>allow any =
connections=20
from your internal network to inet daemons, but<BR>>will prevent any =
other=20
access to those daemons.<BR>><BR>>You will also need to think =
about=20
whether you want to run an internal<BR>>DNS, web server, sendmail or =
some=20
other email MTA. Also, you want to<BR>>consider whether you =
want your=20
internal clients to run pop or imap. <BR>>Also, you probably want to =
get=20
openssh and possibly openssl for secure<BR>>access from the =
outside. =20
Also, Samba is a must if you have windows<BR>>machines on your =
internal=20
network, and can be very helpful even if you<BR>>don't. and =
don't be=20
without Webmin: <A=20
href=3D"http://www.webmin.com/webmin/">http://www.webmin.com/webmin/</A> =
for<BR>>system administration. With webmin, I run my 486 from a =
browser=20
- the<BR>>machine has no KB, mouse or =
terminal.<BR>><BR>>Definitely,=20
you should apply for your own domain name.<BR>><BR>>I'm sure I've=20
forgotten many little things. It's so much fun, I can't<BR>>get =
it all=20
into one email :-)<BR>><BR>>If you would like to discuss my =
experiences=20
with all this, don't<BR>>hesitate to email. I can send you =
sample=20
config files, etc.<BR>><BR>>-Doug Winterburn<BR>>Date: Mon, 31 =
Jul 2000=20
13:07:58 -0700<BR>>To: <A=20
href=3D"mailto:plug-discuss@lists.plug.phoenix.az.us">plug-discuss@lists.=
plug.phoenix.az.us</A><BR>>From:=20
"Alan Dayley" <<A=20
href=3D"mailto:ADayley@adtron.com">ADayley@adtron.com</A>><BR>>Subj=
ect:=20
Newbie firewall/masqarade/proxy confusion<BR>>Reply-To: <A=20
href=3D"mailto:plug-discuss@lists.PLUG.phoenix.az.us">plug-discuss@lists.=
PLUG.phoenix.az.us</A><BR>><BR>>I=20
confess to being a MS user for, low, many years. I am =
now<BR>>coming=20
into the Linux light! It is making computer=20
exciting<BR>>again.<BR>><BR>>I am scheduled to get DSL with a =
static IP=20
in a week or two.<BR>>As a first Linux learning experience, I have =
setup an=20
old 100MHz<BR>>486 PC, 32MB RAM, 1.5GB hard disk space, 2 16-bit =
Intel=20
network<BR>>cards, VGA, mouse, blah, blah... with RedHat 6.2. X =
still=20
does<BR>>not work but that is not important now. My intention =
is to=20
have<BR>>this little PC be a firewall for my other computers to share =
the<BR>>DSL connection.<BR>><BR>>My confusion is this: I =
am=20
finding in my readings that what I<BR>>thought was a firewall maybe =
something=20
more. I am still trying<BR>>to understand the differences =
between the=20
terms firewall,<BR>>masqarading, routing and proxy server. =
Maybe the=20
confusion is<BR>>from the fact that configuring TCP/IP is still a new =
thing=20
to me<BR>>along with Linux.<BR>><BR>>What I want to make is my =
Linux=20
box providing a single "presence"<BR>>to the internet while the =
workstations=20
"behind" the Linux box can<BR>>surf and do email without being =
"visible" to=20
the internet. What<BR>>combination of firewall/masqarade/proxy =
stuff do=20
I need?<BR>><BR>>Remember, I am a newbie, be=20
kind.<BR>><BR>>Alan<BR></FONT></DIV></BODY></HTML>
------=_NextPart_000_011F_01BFFB93.0A4B3B10--