General discussion

Locked

Setting up a firewall

By evan ·
I recently got a T-1 connection in our office. Our server is running on NT Server. I want to set up a Linux box as a firewall. How would I go about doing so??? Would I have to run my NT Box into the Linux Box?

This conversation is currently closed to new comments.

24 total posts (Page 1 of 3)   01 | 02 | 03   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Setting up a firewall

by compaqer In reply to Setting up a firewall

T1 -----|Linux|-------|NT

Yes, you should run your NT box into the Linux box, i.e. they are both on a local LAN and using the same subnet IP mask. The NT box is configured to use the Linux IP address for its default gateway.

The Linux box will have have 2 cards:
1 NIC for the local LAN connection with NT; a second card for the T1 connection.

Regards,
Jerry

Collapse -

Setting up a firewall

by evan In reply to Setting up a firewall
Collapse -

Setting up a firewall

by rixmail In reply to Setting up a firewall

There is an article posted on WebMonkey:
Have a Ball with IP Masquerade
by Todd Troutman 22 Jul 1999. Take a look at it, I started at a ZDTV site. Do a search there and get links to a couple of sites with a howto. Good Luck, I plan to try thismyself this year.
RJ

Collapse -

Setting up a firewall

by evan In reply to Setting up a firewall
Collapse -

Setting up a firewall

by tpike In reply to Setting up a firewall

As Jerry mentioned above, definitely run your Linux box in front of the NT Server. Using the Linux box as your firewall has several advantages. If you use the NAT firewall program included with most recent Linux releases, you can -ipchains the addresses which can acces the T1 line for internet access. If the IP address is not listed in the -ipchains list, your user will not be able to access the internet (good for controlling access :-) Plus, it limits who comes in on the T1 line from the outside by the same procedure. You are safe from incoming and controlled as far as outgoing. We used this during testing for our new network and it worked very well. Itis also an inexpensive solution to a very real security problem with networks. You cost will be the cost of a Linux box (even a 386 will work if your office is small), two ethernet cards, and a copy of Linux (I recommend Redhat 6.x) Good Luck!

Tom

Collapse -

Setting up a firewall

by evan In reply to Setting up a firewall
Collapse -

Setting up a firewall

by philip.smith In reply to Setting up a firewall

You don't say about the resto of your network topology, just your server.

Depending on how it is configured, and what you actually run on the server, you might also think about putting another firewall / ip masquerading to hide your clients from the internet but still give them access.

Take a look at the Linux IP Masquerade HOWTO, this explains it being used in conjunction with ipchains for a firewall scenario.

Phil Smith

Collapse -

Setting up a firewall

by evan In reply to Setting up a firewall
Collapse -

Setting up a firewall

by joserivera98 In reply to Setting up a firewall

While it is possible to run the NT box into the Linux Box, I would cautious using it to protect your internal subnet. Linux is an open source environment with many backdoors still lurking about. There are plenty of good Solaris and NT based firewalls that have been put to the test with great success. It is possible to do what you want, but do you really want to? That's the real question. Placing two nics is the start where one is configured to listen for untrusted traffic and the other for trusted traffic. See Reference - http://home.earthlink.net/~michaelburns/fire.html

Collapse -

Setting up a firewall

by evan In reply to Setting up a firewall
Back to Security Forum
24 total posts (Page 1 of 3)   01 | 02 | 03   Next

Security Forums