Setting up a Firewall

[Techwhore]

Hey, I have a PoS machine that doesn't really have a function... I'm thinking of maybe using it as a dedicated firewall, but don't know how to set that up.

Here's what my home setup is like:

1 windows 2000 professional workstation
1 windows 98 workstation
1 Netgear 5 port 10/100 switch that connects all my machines with Road Runner
and then my PoS machine.

If I were to use this machine as a firewall, would i need to obtain any additional hardware (i.e. another NIC, hub, or switch)? Also, what OS would be suitable? I've run Red Hat 7.1 on it before and currently run 98SE on it. I'm pretty open to any OS, but if it's linux i'm gonna need a lot of help.

The machine is a Pentium 133 with 16 MB or RAM, so it really can't do much... Thanks for your help in advance

 

[BadThad]

Why don't you just install ZoneAlarm on the systems and be done with it?

 

[WileCoyote]

I just got a p133 16 megs edo ram from work two days ago and I'm still trying to figure out what to do with it (and it's 1.2 gig hd). I would have turned it into a proxy server but I already have a linksys home router for connecting our 3 computers.

the operating system isn't the most important thing if you want to set up a proxy- you could install win95 and run wingate or symantec's firewall software. the proxy software is going to most likely be the most important thing.

it sounds like you have all the hardware you need. you will need two NIC/ethernet cards for the proxy server- one for the cable modem to plug into and one to output to the 5 port switch.

I have a 1.2 gig with the box, and old 1.6, 3.2, and 8 gig hds. I'm probably going to use the box to learn linux- set up some partitions for redhat, mandrake, and slackware and figure out which one i like best. once i settle on the os i'm probably going to run a dinky little ftp site off of it.

 

[n0cmonkey]

<< Hey, I have a PoS machine that doesn't really have a function... I'm thinking of maybe using it as a dedicated firewall, but don't know how to set that up.

Here's what my home setup is like:

1 windows 2000 professional workstation
1 windows 98 workstation
1 Netgear 5 port 10/100 switch that connects all my machines with Road Runner
and then my PoS machine.

If I were to use this machine as a firewall, would i need to obtain any additional hardware (i.e. another NIC, hub, or switch)? Also, what OS would be suitable? I've run Red Hat 7.1 on it before and currently run 98SE on it. I'm pretty open to any OS, but if it's linux i'm gonna need a lot of help.

The machine is a Pentium 133 with 16 MB or RAM, so it really can't do much... Thanks for your help in advance >>



OpenBSD 2.9 -stable. I had OpenBSD 2.8 -stable running on a P133 32MB ram and a 240MB hard drive just fine as a firewall. There is a book out there called (something like) Building linux and Openbsd firewalls. That book is the best. You would need 2 nics. One nic would attatch to the cable modem and the other to the uplink port in your switch. The firewall does not even need an ip address, but can also work with dhcp and either nat the other boxes or allow them to get dhcp or use static ips.

**edit: also zone alarm on your other machines for layered security

 

[Poontos]

OpenBSD ain`t too easy to install.

I have heard a lot of success with Freesco -> Link (I think this is it)

 

[n0cmonkey]

<< OpenBSD ain`t too easy to install.

I have heard a lot of success with Freesco -> Link (I think this is it) >>



Where is the difficulty? You format and partition your hdd, answer a couple of VERY easy questions, enter your root pass, reboot, add a real user, patch the system, write your firewall rules, customize startup, reboot, sit back and have a smoke. Not too tough

 

[Poontos]

[q Where is the difficulty? You format and partition your hdd, answer a couple of VERY easy questions, enter your root pass, reboot, add a real user, patch the system, write your firewall rules, customize startup, reboot, sit back and have a smoke. Not too tough [/i] >>


Sure, should only take a few minutes. Especially the firewall rules, make your own up and have some fun, it's easy. OpenBSD, think of Windows, but think of DOS and Unix, but mainly think of a command prompt and throw in some positive thoughts about how easy it is to setup, as nocmonkey states.

 

[Techwhore]

Thanks for your help guys, just have a few questions still:

WileCoyote: You said, &quot;the operating system isn't the most important thing if you want to set up a proxy- you could install win95 and run wingate or symantec's firewall software. the proxy software is going to most likely be the most important thing.&quot;

Q: Why can't I run that on 98? Am I missing something?

n0cmonkey &amp; Poontos: I'm fine with running any distribution of linux, I've made it through the Red Hat and Mandrake installs (though sometimes I had some difficulty). The only reason I'd like not to do it in linux is cuz i'm not sure if my NIC(s) are supported... right now i've gotta take that card out and check it's manufacturer and ID cuz i don't have drivers and windows &quot;Plug and Pray&quot; didn't get it... Plus, I don't know anything about linux, even so much as installing drivers is a challenge... I'm willing to learn with a lot of help though.

 

[n0cmonkey]

<< [q Where is the difficulty? You format and partition your hdd, answer a couple of VERY easy questions, enter your root pass, reboot, add a real user, patch the system, write your firewall rules, customize startup, reboot, sit back and have a smoke. Not too tough >>


Sure, should only take a few minutes. Especially the firewall rules, make your own up and have some fun, it's easy. OpenBSD, think of Windows, but think of DOS and Unix, but mainly think of a command prompt and throw in some positive thoughts about how easy it is to setup, as nocmonkey states. [/i] >>



exactly. Have you ever SEEN the install? Faster and easier than any linux or windows install I have ever seen. I have seen reports of a 7min ftp install (massive bandwidth), and on decent boxes my installs take around 20min (cdrom). The questions are straight forward, the documentation is simple, and the software is worth the effort. The firewall rules are very straight forward and I can hook you up with a basic list. The book I mentioned takes the reader through ,step by step, setting up, installing, and understanding the rules. And the authors are the best I have ever read in a technical book.

 

[n0cmonkey]

<< Thanks for your help guys, just have a few questions still:

WileCoyote: You said, &quot;the operating system isn't the most important thing if you want to set up a proxy- you could install win95 and run wingate or symantec's firewall software. the proxy software is going to most likely be the most important thing.&quot;

Q: Why can't I run that on 98? Am I missing something?

<<

WileCoyote is mistaken. The OS is one of the most important parts. If you have an unstable, insecure OS trying to protect your other systems you have wasted a lot of time and effort. Proxy firewalls are not necessarily the most secure options. You want stateful packet inspection. IPTables/Netfilter and IPF can both do this. Proxying firewalls do not protect against a lot of attacks and can be limited in the services it can support.

n0cmonkey &amp; Poontos: I'm fine with running any distribution of linux, I've made it through the Red Hat and Mandrake installs (though sometimes I had some difficulty). The only reason I'd like not to do it in linux is cuz i'm not sure if my NIC(s) are supported... right now i've gotta take that card out and check it's manufacturer and ID cuz i don't have drivers and windows &quot;Plug and Pray&quot; didn't get it... Plus, I don't know anything about linux, even so much as installing drivers is a challenge... I'm willing to learn with a lot of help though. >>



If you want to set up a linux firewall, use one that does not need X. Slack or Debian are your best choices.

 

[Techwhore]

I guess i'll give OpenBSD a try. Can anyone linkify this for me so i can get an ISO or something? Thanks

BTW, anyone know if VNC will run on OpenBSD? If it won't it's not that big of a deal, but it'd be great if it did.

 

[n0cmonkey]

<< I guess i'll give OpenBSD a try. Can anyone linkify this for me so i can get an ISO or something? Thanks

BTW, anyone know if VNC will run on OpenBSD? If it won't it's not that big of a deal, but it'd be great if it did. >>



Dont do ISO's, the cd image is copyrighted by Theo DeRaadt. Do a network install. Its all FTP and pretty simple. Or support OpenBSD and buy the cds. OpenBSD . Why would you want VNC? Will it work for command line only? I thought you had to have a gui to use it?

 

[ghostman]

why not with linux? You seem to have some experience with it already and newer versions of RH and Mandrake (v7+) can detect almost any network card (it has for all my cards). I think you can install it without the GUI, but if you want VNC, then I assume you want the GUI anyway.

I haven't tried one of the BSD's yet, but I've been trying to get my hands on a free copy (I'm on dial-up). Does BSD use ipchains and iptables, or is that just a linux thing?

 

[Techwhore]

I want VNC because that machine won't have a monitor and if for some reason I need to change something after the initial setup, it'd be easier to connect to it via VNC than it would be to give it a monitor... it's no big deal if i can't use it, i just thouht i might be able to.

ghostman: Don't let me fool you, I really don't have any experience with linux, I have experience installing and uninstalling. I haven't done much, if anything with any of my installed copies. If i were to use linux, I have Red Hat 7.1 or Mandrake 7.1 (might be 8, not sure) what additional software would i need to run the firewall? Thanks

 

[ghostman]

Mandrake 7.1 used ipchains (2.2.* kernel). Mandrake 8 uses iptables (2.4 kernel). That's the only thing I use, but it can be a bit confusing. My firewall scripts are probably very lame and I'm certainly no expert at it, but it's something you read up and pick up on.

If you're not running X, you don't need VNC. Most servers don't need X, but I use my machines as workstations as well. You can just set up an ssh or telnet server if you don't mind command line everything.

 

[Techwhore]

ok, so i checked out the ftp install, but i'm very unclear as to how I install via ftp?

 

[n0cmonkey]

<< I want VNC because that machine won't have a monitor and if for some reason I need to change something after the initial setup, it'd be easier to connect to it via VNC than it would be to give it a monitor... it's no big deal if i can't use it, i just thouht i might be able to.

ghostman: Don't let me fool you, I really don't have any experience with linux, I have experience installing and uninstalling. I haven't done much, if anything with any of my installed copies. If i were to use linux, I have Red Hat 7.1 or Mandrake 7.1 (might be 8, not sure) what additional software would i need to run the firewall? Thanks >>



If you are using VNC I will assume you are local (in the same building) and using your own machine. SSH would be perfect for this.

 

[n0cmonkey]

<< why not with linux? You seem to have some experience with it already and newer versions of RH and Mandrake (v7+) can detect almost any network card (it has for all my cards). I think you can install it without the GUI, but if you want VNC, then I assume you want the GUI anyway.

I haven't tried one of the BSD's yet, but I've been trying to get my hands on a free copy (I'm on dial-up). Does BSD use ipchains and iptables, or is that just a linux thing? >>



IPChains and IPTables/netfilter are just linux thangs. IPFilter is a big BSD firewall as is IPFW (and soon to be Packet Filter). GUI on a firewall is ridiculous and a waste of memory/processing power, not to mention a security risk.

 

[n0cmonkey]

<< ok, so i checked out the ftp install, but i'm very unclear as to how I install via ftp? >>



You make an install disk, insert it, answer the questions partition your disk, answer a couple more questions, choose ftp as install method, pick a server, have a beer.

The general installation info is the most important thing to read. It will be the same except for method of install. I would watch out too, I am not sure if the ftp install uses -current or -stable, but -current does not have ipf, it may have pf (the new firewall) though.

 

[Techwhore]

ok, so how do i make that install disk? (remember i'm a linux newbie) Also, will that install disk have drivers for my network card? I would probably need that to do an ftp install

 

[n0cmonkey]

<< ok, so how do i make that install disk? (remember i'm a linux newbie) Also, will that install disk have drivers for my network card? I would probably need that to do an ftp install >>



I take it you havent visited the OpenBSD site?

OpenBSD installation

Basically it is similar to making a boot disk for linux

dd of=/path/to/image if=/path/to/floppy I think. Check out the page, if you have windows you can use rawrite.