install linux as firewall

mcse_696mcse_696 Senior MemberMember Posts: 151
hi all
we have server2003 and 25pcs we dont have firewall , i suggest to my boss isa2004 or linux ,
of course he likes linux , i know linux is great firewall , problem i never installed linux a firewall icon_sad.gif i need document just how I install firewall what services I need ect................. about firewall to work correctly

Comments

  • undomielundomiel Virtual Member Member Posts: 2,818
    Ipcop sounds like what you are looking for. IPCop.org :: The bad packets stop here!

    Though wouldn't you be better off just getting a dedicated hardware firewall instead?
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • mcse_696mcse_696 Senior Member Member Posts: 151
    hardware you mean pix firewall ?
  • skeet2331skeet2331 Member Member Posts: 87 ■■□□□□□□□□
    You could run smoothwall. It is a linux based firewall.
  • 120nm4n120nm4n Senior Member Member Posts: 116
    undomiel wrote: »
    Though wouldn't you be better off just getting a dedicated hardware firewall instead?

    +1 With a software solution, there's typically a lot more work involved as far as maintenance. We have SonicWalls at my office. They're rock solid and require very little maintenance.
    WIP: MCITP: EA
    70-620 - Done
    70-647 - In Progress
    70-649 - Soon.
  • shednikshednik sporadic member Member Posts: 2,005
    I'll be running this one I get my WRT54GL -- looks sweet to me http://www.packetprotector.org/
  • Silver BulletSilver Bullet Infrequent Poster Member Posts: 676
    Having built and ran custom linux firewall's, I will say this... IF you decide to roll your own, make sure that you document it VERY well for when you're not there. I personally wouldn't recommend rolling your own for a business when you have little knowledge of linux and iptables plus scripting skillz.

    There are some good firewall distros out there and if you decide to go that route then try to use one that offers paid support. pfsense is a good firewall distro and they do offer paid support. I say that about paid support because the inevitable will happen. You'll be out sick, on vacation or whatever and something will go wrong with the firewall. The paid support in that situation will be invaluable to the ones that are trying resolve the problem in your absence.

    You will most likely be better off though just dropping an ASA in the network if you don't have any linux gurus in house.
  • the_Grinchthe_Grinch Stayed at a Holiday Inn.. Member Posts: 4,165 ■■■■■■■■■■
    Funny, I took a class where we did nothing, but play with open source firewalls. Since it's a small amount of pc's and you don't know linux really well I would look at Untangle. Nice GUI interface, easy to setup and maintain, and the community forums are responsive. Showed my old boss and he was considering using it as a back up to the sonicwall we had (not that we had issues, but you never know!).

    Open Source Network Gateway | Untangle
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • mcse_696mcse_696 Senior Member Member Posts: 151
    my second day working in this office :) as I understood from the guy working with me ,they have antena on the floor and radio modem , coming cable to our office RJ-45 plug it directly to server ,i m thinking to bring DSL router built-in firewall place it front internet , and EtherFast Cable from router to server can i solve my problem with this way ?
  • TurgonTurgon Senior Member Banned Posts: 6,308 ■■■■■■■■■□
    Having built and ran custom linux firewall's, I will say this... IF you decide to roll your own, make sure that you document it VERY well for when you're not there. I personally wouldn't recommend rolling your own for a business when you have little knowledge of linux and iptables plus scripting skillz.

    There are some good firewall distros out there and if you decide to go that route then try to use one that offers paid support. pfsense is a good firewall distro and they do offer paid support. I say that about paid support because the inevitable will happen. You'll be out sick, on vacation or whatever and something will go wrong with the firewall. The paid support in that situation will be invaluable to the ones that are trying resolve the problem in your absence.

    You will most likely be better off though just dropping an ASA in the network if you don't have any linux gurus in house.

    Very true, I worked in a shop where an OpenBSD firewall was deployed using PF. It certainly worked well enough. But only one person knew how it worked. Sure enough the firewall panicked one day before the admin arrived at work. We made sure the admin responsible for the deployment produced enough documentation to ensure we could at least basically administrate it when he wasn't around. We were ok with our checkpoint firewalls, plenty of experience there in house, but not this device. It's ok to love opensource firewalls and prefer them over vendor ones but they still need supporting.
  • MishraMishra MIPS processor please Member Posts: 2,468 ■■■■□□□□□□
    Take a look at Endian.

    Endian -Firewall Appliance, UTM Appliance, Unified Threat Management, Hotspot, Antispam, Antivirus, VPN, OpenVPN, Open Source

    They have free firewall software, or a whole appliance you can pay for. It is super easy and very nice firewall. I've had it running for a few years.
    My blog http://www.calegp.com

    You may learn something!
  • Daniel333Daniel333 Senior Member Member Posts: 2,077 ■■■■■■□□□□
    Dude, snag a PIX or a ASA. Easy setup, highly reliable. A lot less patching than you will have to deal with under Linux.
    -Daniel
  • mcse_696mcse_696 Senior Member Member Posts: 151
    does smoothwall compatible with windows platform server2003 ?
  • Silver BulletSilver Bullet Infrequent Poster Member Posts: 676
    mcse_696 wrote: »
    does smoothwall compatible with windows platform server2003 ?
    What do you mean by compatible?

    If you're asking if you can install it on Windows Server 2003, then the answer is no. You'll need a dedicated PC/Server to run it on.

    If you're asking if it can pass traffic generated by Windows Server 2003, then the answer is yes.
  • jibbajabbajibbajabba Google Ninja Member Posts: 4,317 ■■■■■■■■□□
    120nm4n wrote: »
    +1 With a software solution, there's typically a lot more work involved as far as maintenance. We have SonicWalls at my office. They're rock solid and require very little maintenance.

    All we run are sonics too - they are great firewalls and VERY easy to work with. Setup time 5 minutes :)
    My own knowledge base made public: http://open902.com :p
Sign In or Register to comment.