Firewall + VPN + Samba

[Jeff7181]

Looking to setup a Linux box with a Firewall, VPN, and Samba. Any suggestions on which Firewall and VPN to use?

*EDIT* To be a little more specific, I'm in a Linux System Administration class and we have a project to do where we have to demonstrate something running that we've set up and administered properly. So I'm thinking, I'll set up a Linux box at home with a Firewall, VPN, and Samba running on it.

For my presentation I'll demonstrate how I've set the firewall up to block access to a share (via Samba) within the intranet from the Internet, then log into the VPN with a Windows machine and demonstrate that Samba is working.

 

[Nothinman]

The firewall will be netfilter no matter what, you just need to pick a front end if you don't want to use straight iptables commands to set it up. No clue about the VPN, I've never setup the server side on Linux before.

 

[Jeff7181]

Command line is fine with me... I just didn't know if there was a popular Firewall/VPN package.

 

[skyking]

complete systems:
clarkconnect community edition
astaro
IPsec: frees/WAN
KAME

 

[Goosemaster]

Originally posted by: skyking
complete systems:
clarkconnect community edition
astaro
IPsec: frees/WAN
KAME

clarkconnet, smoothwall, or ipcop if you wnat to experience what these systems can do - very god all in ones..limitations but most home users will never reach them and you get a shell anyways

I would stay away from astaro. that thing is a beast and it requires a beat to run it...

<--really liked ipcop. CC was okay. as for smoothwall, I only tried it in its infancy and I've noticed that it has added quite a few features...

personally I am going to mess around with astaro cause I like playing with fire

 

[Goosemaster]

as for your class, setup a centos/ubuntu box and do it on your own

<--been through that many times and just got lazy

 

[Jeff7181]

I was going to use Fedora 5 since that's what we're using in class for labs...

*EDIT* I was looking at IP Cop seems to have good documentation so I think I'll try that one. Thanks.

 

[Goosemaster]

Originally posted by: Jeff7181
I was going to use Fedora 5 since that's what we're using in class for labs...

*EDIT* I was looking at IP Cop seems to have good documentation so I think I'll try that one. Thanks.

IPcop is VERY VERY segmented in that there are a bunch of addons at weird sites in germany etc

That said, some of those addons are fantastic*

*=the windows update one is badass (lets you save on bandwidth by locally mirroring them )

 

[Jeff7181]

Originally posted by: Goosemaster

Originally posted by: Jeff7181
I was going to use Fedora 5 since that's what we're using in class for labs...

*EDIT* I was looking at IP Cop seems to have good documentation so I think I'll try that one. Thanks.

IPcop is VERY VERY segmented in that there are a bunch of addons at weird sites in germany etc

That said, some of those addons are fantastic*

*=the windows update one is badass (lets you save on bandwidth by locally mirroring them )

So it's like a SUS server... but running on Linux?

 

[DaiShan]

I've performed this setup for MANY clients. iptables and OpenVPN on the gateway and Samba on an internal box. Iptables is very powerful and can be used for NAT, port filtering etc. You could use a rule to block access to samba on the external interface and allow the traffic on the virtual tap/tun adapter for openvpn. It can be easily set up in an afternoon with no prior knowledge (although I encourage you to read up on iptables, as the old addage states: with great power comes great responsibility. If you don't know what you are doing with iptables, you could be under the false impression that you are protected, but a slight misconfiguration will leave you vulnerable)