Need info about FreeBSD hardening for firewall/squid box

[Abzstrak]

ORIGINAL TITLE --> need recommendations on proxy serving

hey guys, I need some recommendations on proxy/caching servers for a client. There will be about 40 users (win2k/98/95), and one exchange server(NT4) needing outside access.

The hardware it needs to run on is an old dell poweredge, P2-300, 128MB, and two 9.1 GB SCSI's (will use software mirroring)

I don't want to deal with MS solutions, and this needs to be cheap, so I was thinking about linux running squid. I've never used squid, and would like to know if I can incorporate it into standard firewalling stuff like ip tables/chains. Also I would like to know from anyone whos run it how they consider its stability.

Anyone have any suggestions or recommend changes? or recommend a whole other solution?


PS, I dont want any OS flaming going on, so dont post anything about microsoft solutions please.

TIA

 

[Garion]

Squid is a very good choice and will do a pretty good job. Apache also has a proxy server and would do a nice job, for you too. Your Dell will probaboly handle about 5Mb/s, so you should be OK for most small office connections.

When you say "cheap", how much are you wanting to spend?

Lastly.. I'd look at getting a separate firewall - Trying to do it all on one box isn't going to be very effective. A little Cisco PIX 501 can be had for under $750, and does a far better job at firewalling than any kind of linux-based system.

- G

 

[Abzstrak]

by cheap, I mean as cheap as possible... these people are more than willing to pay for service, but not for hardware (annoying to say the least).

I'f I were to suggest anything over a couple hundred bucks they'd say no... the cisco router has the firewall IOS running though, and is configured pretty well... I pretty much just wanted to add some firewalling to the proxy server for a second layer of defense.

Also, forgot to mention the connection is a 128k isdn...

 

[Garion]

OK, then that's pretty much a no brainer. Go for a nicely-hardened FreeBSD box w/ Squid. you'll have NO problems.

- G

 

[Abzstrak]

Yea, I was thinking the same thing.... just never used freebsd before, so I guess this will be my first attempt at it then ;-) might be posting a question or two when I get around to doing this.

Actually, got any links for freebsd hardening? I'm I correct in assuming it'll be similar to linux? hey n0c U around? suggestions?

Thanx

 

[Mucman]

I am no n0c but here is an awesome link on the bible of ipf linky

 

[n0cmonkey]

Found this link on forums.freebsdforums.org in the security section. I havent read it but it should be pretty easy. FreeBSD is great as long as you keep up with the patches... And if you need a reason to use IPF as a firewal... Well I use it

 

[RagManX]

If you are putting in a squid box, might as well configure the router to deny outbound web traffic except for from the squid box. This gives you a touch extra security, and improves your squid box' chances of getting a cache hit.

RagManX