Linux Firewal Solution

shednikshednik Member Posts: 2,005
Alright well I was given an older dell pc recently and I've been trying to find a good use for it...well I thought maybe build a linux firewall for fun. I've been reading and came up with a few options and was wondering if anyone had any suggestions.

I've been looking at using IPCop, NetBSD, Netule, and Freesco. If anyone has any other distros to look into let me know. :D

Comments

  • Daniel333Daniel333 Member Posts: 2,077 ■■■■■■□□□□
    As a learning exercise you should probably stick to CentOS/Fedora/Redhat. I think you'll find more resources for help there.

    But anything BSD is interesting though.
    -Daniel
  • marco71marco71 Member Posts: 152 ■■■□□□□□□□
    SuSE has a pretty nice firewall implementation (SuseFirewall); but you can use any distro and choose a front-end for iptables/netfilter (if you don't handle with), my recommendations are firehol and shorewall
  • LuckycharmsLuckycharms Member Posts: 267
    There are all build off the old IPchains/Iptables so it just gets into semantics into which one you like...

    Personally,
    I would throw together a Smoothwall or MonoWall and carve that up to be what you want...* that is only if you are using this as a firewall only...*
    The quality of a book is never equated to the number of words it contains. -- And neither should be a man by the number of certifications or degree's he has earned.
  • SlowhandSlowhand Mod Posts: 5,161 Mod
    That's kind of a loaded question. Any distro can be turned into a firewall appliance, with the proper software installed and the rest of the daemons turned off. Take a peek over at DistroWatch to see what they've got in terms of firewall/security-specific distros and how they rate. There is usually a couple of links for each distro to websites and/or magazines that have given a review.

    A good place to ask around, as well, is LinuxQuestions.org. It's a good forum for Linux-specific questions. One thing to be aware of, though, is that it's a pretty cynical group that posts over there. Unlike TechExams, where we generally try to be as patient and as helpful as possible, that forum can get ugly in a hurry if regulars deem you to be too much of a beginner or see your questions as "unresearched". The advice given is good, the members are very knowledgable, but tread carefully; it's not the same user-friendly community that most of us are used to from having been members of TechExams.

    Free Microsoft Training: Microsoft Learn
    Free PowerShell Resources: Top PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
  • undomielundomiel Member Posts: 2,818
    Slowhand wrote:
    It's a good forum for Linux-specific questions. One thing to be aware of, though, is that it's a pretty cynical group that posts over there. Unlike TechExams, where we generally try to be as patient and as helpful as possible, that forum can get ugly in a hurry if regulars deem you to be too much of a beginner or see your questions as "unresearched". The advice given is good, the members are very knowledgable, but tread carefully; it's not the same user-friendly community that most of us are used to from having been members of TechExams.

    This is actually why I usually restrict my questions on pretty much anything to the forums here. Sure I won't get as wide of an audience on Linux questions but there is sure to be someone here that has the answer I am looking for and it is just a matter of time and patience. If it takes a while for an answer to come then I'll have generally figured it out through many mistakes by that point anyhow. :)
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • SlowhandSlowhand Mod Posts: 5,161 Mod
    undomiel wrote:
    Slowhand wrote:
    It's a good forum for Linux-specific questions. One thing to be aware of, though, is that it's a pretty cynical group that posts over there. Unlike TechExams, where we generally try to be as patient and as helpful as possible, that forum can get ugly in a hurry if regulars deem you to be too much of a beginner or see your questions as "unresearched". The advice given is good, the members are very knowledgable, but tread carefully; it's not the same user-friendly community that most of us are used to from having been members of TechExams.

    This is actually why I usually restrict my questions on pretty much anything to the forums here. Sure I won't get as wide of an audience on Linux questions but there is sure to be someone here that has the answer I am looking for and it is just a matter of time and patience. If it takes a while for an answer to come then I'll have generally figured it out through many mistakes by that point anyhow. :)
    Yup, I've been there. During my Linux+ studies, I posted a ton of questions over there, and got back maybe three usable responses. It's an interesting forum to read through, but you can only sit through so many "WFT?!!!11, u dont no that? U R teh suck!! ROLFMAO" responses before you decide to read the dry, dry, DRY documentation instead. icon_lol.gif

    Free Microsoft Training: Microsoft Learn
    Free PowerShell Resources: Top PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
  • nelnel Member Posts: 2,859 ■□□□□□□□□□
    Slowhand wrote:
    A good place to ask around, as well, is LinuxQuestions.org. It's a good forum for Linux-specific questions. One thing to be aware of, though, is that it's a pretty cynical group that posts over there. Unlike TechExams, where we generally try to be as patient and as helpful as possible, that forum can get ugly in a hurry if regulars deem you to be too much of a beginner or see your questions as "unresearched". The advice given is good, the members are very knowledgable, but tread carefully; it's not the same user-friendly community that most of us are used to from having been members of TechExams.

    And *nix fans wonder why people have trouble making the cross over to *nix platforms. I HATE the fact that what you've said is true for a large majority of the time when you ask *nix experts Q's when your first starting out. I know this doesnt happen all of the time but it seems to more often than not, does anyone know why? or how to cure it ? icon_lol.gif
    Xbox Live: Bring It On

    Bsc (hons) Network Computing - 1st Class
    WIP: Msc advanced networking
  • sthomassthomas Member Posts: 1,240 ■■■□□□□□□□
    Slowhand wrote:
    undomiel wrote:
    Slowhand wrote:
    It's a good forum for Linux-specific questions. One thing to be aware of, though, is that it's a pretty cynical group that posts over there. Unlike TechExams, where we generally try to be as patient and as helpful as possible, that forum can get ugly in a hurry if regulars deem you to be too much of a beginner or see your questions as "unresearched". The advice given is good, the members are very knowledgable, but tread carefully; it's not the same user-friendly community that most of us are used to from having been members of TechExams.

    This is actually why I usually restrict my questions on pretty much anything to the forums here. Sure I won't get as wide of an audience on Linux questions but there is sure to be someone here that has the answer I am looking for and it is just a matter of time and patience. If it takes a while for an answer to come then I'll have generally figured it out through many mistakes by that point anyhow. :)
    Yup, I've been there. During my Linux+ studies, I posted a ton of questions over there, and got back maybe three usable responses. It's an interesting forum to read through, but you can only sit through so many "WFT?!!!11, u dont no that? U R teh suck!! ROLFMAO" responses before you decide to read the dry, dry, DRY documentation instead. icon_lol.gif

    My favorite was always RTFM!
    Working on: MCSA 2012 R2
  • livenliven Member Posts: 918
    My picks would be:

    Freebsd (ipf rocks, IMHO)

    or you could use:

    PFSENSE

    http://www.pfsense.com/

    this is pretty good stuff also. Even does VPNs.

    But with that being said (I am a big freebsd/bsd fan), any of the linux distros are good stuff.

    Are you familiar with any distributions? If so I would just start with that.
    encrypt the encryption, never mind my brain hurts.
  • seuss_ssuesseuss_ssues Member Posts: 629
    liven wrote:
    My picks would be:

    Freebsd (ipf rocks, IMHO)

    or you could use:

    PFSENSE

    http://www.pfsense.com/

    this is pretty good stuff also. Even does VPNs.

    But with that being said (I am a big freebsd/bsd fan), any of the linux distros are good stuff.

    Are you familiar with any distributions? If so I would just start with that.

    although i have never used it in the past a tech that i worked with highley recommended pfsense. It appears to be a dedicated distro, so it may be more suited to what your looking for. However pretty much any *nix distro can be configured to what you need. Something like pfsense is probably easier to work with.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Way back in the day, I would do this with the most current RedHat with iptables installed and all the other unnecessary networking services turned off, and for good measure the kernel would get recompiled to remove support for anything I didn't need. Sometimes, Frees/Wan would be installed if we wanted an IPSec tunnel between two offices. The company that I worked for at the time sold these PC/firewall boxes and when you have them set up correctly they work very well.

    Today there are distros that are configured out of the box geared more toward what you need where you don't have to do all of the work, as mentioned above. However, if you're looking for a learning exercise, you might want to just take the advice of the person that said to take a RedHat or CentOS box and go to town.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
Sign In or Register to comment.