Linux Firewal Solution

shednik · May 2008

Alright well I was given an older dell pc recently and I've been trying to find a good use for it...well I thought maybe build a linux firewall for fun. I've been reading and came up with a few options and was wondering if anyone had any suggestions.

I've been looking at using IPCop, NetBSD, Netule, and Freesco. If anyone has any other distros to look into let me know.

Daniel333 · May 2008

As a learning exercise you should probably stick to CentOS/Fedora/Redhat. I think you'll find more resources for help there.

But anything BSD is interesting though.

marco71 · May 2008

SuSE has a pretty nice firewall implementation (SuseFirewall); but you can use any distro and choose a front-end for iptables/netfilter (if you don't handle with), my recommendations are firehol and shorewall

Luckycharms · May 2008

There are all build off the old IPchains/Iptables so it just gets into semantics into which one you like...

Personally,
I would throw together a Smoothwall or MonoWall and carve that up to be what you want...* that is only if you are using this as a firewall only...*

Slowhand · May 2008

That's kind of a loaded question. Any distro can be turned into a firewall appliance, with the proper software installed and the rest of the daemons turned off. Take a peek over at DistroWatch to see what they've got in terms of firewall/security-specific distros and how they rate. There is usually a couple of links for each distro to websites and/or magazines that have given a review.

A good place to ask around, as well, is LinuxQuestions.org. It's a good forum for Linux-specific questions. One thing to be aware of, though, is that it's a pretty cynical group that posts over there. Unlike TechExams, where we generally try to be as patient and as helpful as possible, that forum can get ugly in a hurry if regulars deem you to be too much of a beginner or see your questions as "unresearched". The advice given is good, the members are very knowledgable, but tread carefully; it's not the same user-friendly community that most of us are used to from having been members of TechExams.

undomiel · May 2008

Slowhand wrote:

It's a good forum for Linux-specific questions. One thing to be aware of, though, is that it's a pretty cynical group that posts over there. Unlike TechExams, where we generally try to be as patient and as helpful as possible, that forum can get ugly in a hurry if regulars deem you to be too much of a beginner or see your questions as "unresearched". The advice given is good, the members are very knowledgable, but tread carefully; it's not the same user-friendly community that most of us are used to from having been members of TechExams.

This is actually why I usually restrict my questions on pretty much anything to the forums here. Sure I won't get as wide of an audience on Linux questions but there is sure to be someone here that has the answer I am looking for and it is just a matter of time and patience. If it takes a while for an answer to come then I'll have generally figured it out through many mistakes by that point anyhow.

Slowhand · May 2008

undomiel wrote:

Slowhand wrote:

It's a good forum for Linux-specific questions. One thing to be aware of, though, is that it's a pretty cynical group that posts over there. Unlike TechExams, where we generally try to be as patient and as helpful as possible, that forum can get ugly in a hurry if regulars deem you to be too much of a beginner or see your questions as "unresearched". The advice given is good, the members are very knowledgable, but tread carefully; it's not the same user-friendly community that most of us are used to from having been members of TechExams.

This is actually why I usually restrict my questions on pretty much anything to the forums here. Sure I won't get as wide of an audience on Linux questions but there is sure to be someone here that has the answer I am looking for and it is just a matter of time and patience. If it takes a while for an answer to come then I'll have generally figured it out through many mistakes by that point anyhow.

Yup, I've been there. During my Linux+ studies, I posted a ton of questions over there, and got back maybe three usable responses. It's an interesting forum to read through, but you can only sit through so many "WFT?!!!11, u dont no that? U R teh suck!! ROLFMAO" responses before you decide to read the dry, dry, DRY documentation instead.

nel · May 2008

Slowhand wrote:

A good place to ask around, as well, is LinuxQuestions.org. It's a good forum for Linux-specific questions. One thing to be aware of, though, is that it's a pretty cynical group that posts over there. Unlike TechExams, where we generally try to be as patient and as helpful as possible, that forum can get ugly in a hurry if regulars deem you to be too much of a beginner or see your questions as "unresearched". The advice given is good, the members are very knowledgable, but tread carefully; it's not the same user-friendly community that most of us are used to from having been members of TechExams.

And *nix fans wonder why people have trouble making the cross over to *nix platforms. I HATE the fact that what you've said is true for a large majority of the time when you ask *nix experts Q's when your first starting out. I know this doesnt happen all of the time but it seems to more often than not, does anyone know why? or how to cure it ?

sthomas · May 2008

Slowhand wrote:

undomiel wrote:

Slowhand wrote:

It's a good forum for Linux-specific questions. One thing to be aware of, though, is that it's a pretty cynical group that posts over there. Unlike TechExams, where we generally try to be as patient and as helpful as possible, that forum can get ugly in a hurry if regulars deem you to be too much of a beginner or see your questions as "unresearched". The advice given is good, the members are very knowledgable, but tread carefully; it's not the same user-friendly community that most of us are used to from having been members of TechExams.

This is actually why I usually restrict my questions on pretty much anything to the forums here. Sure I won't get as wide of an audience on Linux questions but there is sure to be someone here that has the answer I am looking for and it is just a matter of time and patience. If it takes a while for an answer to come then I'll have generally figured it out through many mistakes by that point anyhow.

Yup, I've been there. During my Linux+ studies, I posted a ton of questions over there, and got back maybe three usable responses. It's an interesting forum to read through, but you can only sit through so many "WFT?!!!11, u dont no that? U R teh suck!! ROLFMAO" responses before you decide to read the dry, dry, DRY documentation instead.

My favorite was always RTFM!

liven · May 2008

My picks would be:

Freebsd (ipf rocks, IMHO)

or you could use:

PFSENSE

http://www.pfsense.com/

this is pretty good stuff also. Even does VPNs.

But with that being said (I am a big freebsd/bsd fan), any of the linux distros are good stuff.

Are you familiar with any distributions? If so I would just start with that.

seuss_ssues · May 2008

liven wrote:

My picks would be:

Freebsd (ipf rocks, IMHO)

or you could use:

PFSENSE

http://www.pfsense.com/

this is pretty good stuff also. Even does VPNs.

But with that being said (I am a big freebsd/bsd fan), any of the linux distros are good stuff.

Are you familiar with any distributions? If so I would just start with that.

although i have never used it in the past a tech that i worked with highley recommended pfsense. It appears to be a dedicated distro, so it may be more suited to what your looking for. However pretty much any *nix distro can be configured to what you need. Something like pfsense is probably easier to work with.

blargoe · May 2008

Way back in the day, I would do this with the most current RedHat with iptables installed and all the other unnecessary networking services turned off, and for good measure the kernel would get recompiled to remove support for anything I didn't need. Sometimes, Frees/Wan would be installed if we wanted an IPSec tunnel between two offices. The company that I worked for at the time sold these PC/firewall boxes and when you have them set up correctly they work very well.

Today there are distros that are configured out of the box geared more toward what you need where you don't have to do all of the work, as mentioned above. However, if you're looking for a learning exercise, you might want to just take the advice of the person that said to take a RedHat or CentOS box and go to town.

Linux Firewal Solution

Comments