l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2001 Dec 30 17:09

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Setting up an old box as a Router/Server/Firewall?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Setting up an old box as a Router/Server/Firewall?



On Thu, 6 Sep 2001, Ryan wrote:

> Ok, I've got an old 486 sitting in my
> closet that I got from my dad a while
> ago, intending to set it up as a linux
> based server/bridging firewall. It has
> 2 NICs so I was hoping to set up some
> routing software and whatnot to allow
> me to run a webserver and mail server
> on the 486 while still being able to
> use games and whatnot that need to act
> accept incoming connections on my main
> box.

You have to be a little more careful with multi-function computers also
acting as firewalls, but it is doable.  Multiple functions allow hackers
more flexibility if they get through your outer perimeter.

> My prefered setup for dealing with
> incoming connections on eth0 is to have
> a list of ports to block connections
> to and a list of ports to allow incomming
> connections to, and what IP on the
> internal network those requests should
> be directed to (or to direct it to a
> server that's running localy).

More commonly, all incoming connections are blocked, unless they meet
specific requirements.  You only end up with one list that way.

> 
> Traffic to the internet from eth1 (the
> internal network) should sent out to
> the WAN, prefreably without a proxy.

Masquerading.

> 
> Oh, and I do only have one internal IP.

Definitely on the poor side of the tracks. ;)

Actually, I think you mean one _external_ IP.

> Suggestions on what programs would be
> needed to do this stuff and hints on
> setting things up?

I use a customized Linux Router Project configuration, but that takes a
little more doing to include mailservers and webservers.  Seems like there
are a lot of variations on this base now... LEAF
(http://leaf.sourceforge.net), Coyote (http://www.coyotelinux.com) are two
that come to mind.  http://www.linuxsecurity.com has information on quite
a few Linux security issues.

There are a few configurable firewall scripts, like rcf
(http://rcf.mvlan.net/) or seawall (http://seawall.sourceforge.net/) for
ipchains.  There are some advantages to going with Linux 2.4's iptables,
but fewer people are familiar with it... you can try shorewall
(http://shorewall.sourceforge.net/).

> I currently have Storm installed on it,
> but I have A copy on Mandrake SNF and
> could get and burn any other Distro off
> the net.

I would expect that either of these could do the job, assuming you have
enough disk space and ram in this box. Use whichever you find more
familiar.  Look for Bastille Linux, a script for hardening a RedHat-based
distribution.

---------------------------------------------------------------------------
Jeff Newmiller                        The     .....       .....  Go Live...
DCN:<jdnewmil@dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
                                      Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k
---------------------------------------------------------------------------


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.