LINUXX Guru's...I NEED your "holy" guidance

[RabeaticSquirrel]

Here's the situation. Got two machines, one PII 400, one Athlon 900. Have @home service with one static public IP. I want to run a firewall/software router function (I will most likely do this with an old machine that I'm going to trade for, its a gateway P133) on a Linux box with my public IP, and use NAT behind that. I'm assuming I can do that with something like Freesco. Behind that (using my private IP's) I want to run a dedicated Linux TFC server on my PII400 (game server), that I can connect via LAN connection with my Athlon machine, while maintaining the "internet" functionality of the game server. Is this possilbe? If so, what suggestions would you have as to what actual program to use. I don't think you can do all those functions on one box.

The distro I will be using on my PII400 machine, behind the firewall, acting as the game server, will be Red Hat. I've heard that their are alot of security holes in Red Hat, is this true? What distro are most of you using? What is the easiest and most secure. From what I understand all distro's work the same, most just install differently, etc... If this is confusing let me know and I'll try to clarify, I'm in a bit of a hurry, so forgive me if it's a cluster...

 

[RabeaticSquirrel]

*bump*

 

[BOFH]

There are security holes if you don't patch them. You will need to port forward to your server if you want to play from it across the internet. This can be a bit of a PITA, but can work.

 

[cureless]

All distros are sort of the same. Stress on the sort of. You can always manually close (and open) security holes.

Be careful when you run servers with public access, this includes game servers. Close all services that you don't need to avoid risks. Also, no matter what you install on the game server, _update_ as soon as you install and get the latest security patches for the given distro.

As for the firewall, the tools you'll be using are going to be iptables/ipchains, depending on the version of the kernel. Make sure you use the latest kernel. Either the latest 2.4 or the latest 2.2 (start avoiding 2.0, its getting too old though it still works). A few weeks back there was a security warning on the firewalling code, where if you were using a rule with the "related" flag (don't remember the exact syntax) you could allow other connexions to pass through. The bug has been fixed in the latest releases. You can also consider using FreeBSD/OpenBSD as your firewall, thats what I use and it works perfectly.

Be careful about opening ports for your game server. Game protocols are not designed (normally) with network security in mind.

So to sum it up: Install anything you like on the servers as long as you keep up with security updates. If you have a HD on the firewall install debian or slackware (the others are too bulky). If you don't have a HD on it install some of the specialized distros (you can look in Linux Weekly News distro page). I also suggest FreeBSD/OpenBSD.

Also, RTFM, there are a few HOW-TOs on the subject, search in the LDP (Linux Documentation Project).