Linux as Proxy/Firewall how easy to setup?

Linux as Proxy/Firewall how easy to setup?

Post by Hans Lindber » Fri, 11 Jul 1997 04:00:00



Hi!
I'm looking into ways of giving a small LAN access to the Internet. To
start with, it'll probably be a modem. Right now it's hooked up to an NT
4.0 WS. It seems using the NT box will set us back a bundle as it seems
I'll need NT Server and some more on it. As we have an old 386 or 486
lurking in a corner, I though I'd make use of it instead. What I need is
a box that'll give internet access to anyone on the LAN (ethernet),
which means both Win95, WinNT and various UNIX flavours. The modem will
probably soon be upgraded to 2x64k ISDN. At present everyone have their
own modem and dial up hour ISP for mail and stuff. I'd like to be able
to do that through the Firewall/Proxy for now. Ftp http and streaming
what-have-you is also nice. The first two is a must.
 I haven't fiddled with Linux, or UNIX system setup and administration
at all.Well not linux anyway. I know some about ppp, networking etc.
 How easy will this be? Will it take minutes? hours? days? weeks? Will
there be loads of looking through and hacking scripts? Which Linux kit
should I go for?
 Other suggestions than Linux?

Thank in advance,
/Hans

 
 
 

Linux as Proxy/Firewall how easy to setup?

Post by Zebee Johnsto » Fri, 11 Jul 1997 04:00:00



>Hi!
>lurking in a corner, I though I'd make use of it instead. What I need is
>a box that'll give internet access to anyone on the LAN (ethernet),
>which means both Win95, WinNT and various UNIX flavours. The modem will
>probably soon be upgraded to 2x64k ISDN. At present everyone have their
>own modem and dial up hour ISP for mail and stuff. I'd like to be able
>to do that through the Firewall/Proxy for now. Ftp http and streaming
>what-have-you is also nice. The first two is a must.
> I haven't fiddled with Linux, or UNIX system setup and administration
>at all.Well not linux anyway. I know some about ppp, networking etc.
> How easy will this be? Will it take minutes? hours? days? weeks? Will
>there be loads of looking through and hacking scripts? Which Linux kit
>should I go for?

Well.. I set up a Linux box as a proxying firewall usig TIS
Firewall Toolkit in about half a day.  But I am unix experienced.

The Toolkit itself was straightforward - had to be compiled and
installed (pretty easy) and the permissions configured (a bit
harder).  

If you have never used Unix before, the learning curve is steep,
even with a good commercial distribution.  YOu have to have some
clue about basic commands, using an editor, etc.

But if you are good at picking up new things, have access to
a good starter book on unix, or some help you can hire,
it may be possible.

Grab your old 486, get the latest RedHat or Debian distribution
(RedHat is probably a bit better for beginners, buy the "official"
version and register it to get support) and install Linux.  See
how you go.  If that is too much, then bite the bullet and pay
for a commercial NT or Windows one.  If you manage it, then
get the toolkit and the toolkit FAQs
(http://www.tis.com/docs/products/fwtk/index.html) and see how you
go.  Maybe check dejanews for announcements of a Swedish Linux
user group onn comp.os.linux.announce

Zebee
 - who may consider offering as a consultant for a reasonable fee.

 
 
 

Linux as Proxy/Firewall how easy to setup?

Post by Peter van der Land » Sat, 12 Jul 1997 04:00:00


On Thu, 10 Jul 1997 12:31:18 +0200, Hans Lindberg


>I'm looking into ways of giving a small LAN access to the Internet. To
>start with, it'll probably be a modem. Right now it's hooked up to an NT
>4.0 WS. It seems using the NT box will set us back a bundle as it seems
>I'll need NT Server and some more on it. As we have an old 386 or 486
>lurking in a corner, I though I'd make use of it instead. What I need is
>a box that'll give internet access to anyone on the LAN (ethernet),
>which means both Win95, WinNT and various UNIX flavours. The modem will
>probably soon be upgraded to 2x64k ISDN. At present everyone have their
>own modem and dial up hour ISP for mail and stuff. I'd like to be able
>to do that through the Firewall/Proxy for now. Ftp http and streaming
>what-have-you is also nice. The first two is a must.

Linux is perfect for that kind of stuff, you may want to use fetchmail
to pull mail from your mailserver(s) periodically and store it on the
Linux box which can be a POP/SMTP server locally.

Quote:> I haven't fiddled with Linux, or UNIX system setup and administration
>at all.Well not linux anyway. I know some about ppp, networking etc.
> How easy will this be? Will it take minutes? hours? days? weeks? Will
>there be loads of looking through and hacking scripts? Which Linux kit
>should I go for?
> Other suggestions than Linux?

That answer is very hard to answer because the biggest unknown
variable is you. I could do a PPP dial on demand setup with IP
masquerading (which is what you need) in about an hour, set up a store
and forward mailserver in another hour, starting with a basic Linux
setup. It could take you from a day to months to do the same.

You would learn a lot, tho...

Just get a recent Red Hat, Debian or Slackware distribution to start
with. There are lots of howto's on the various subjects available
(check out www.linuxhq.com). The keywords are: pppd, chat, diald,
ipfwadm (IP firewalling & masquerading, the latter is a generic proxy
system that forwards most udp.tcp connections like http, ftp, telnet
and a lot more).

An alternative would be to try Wingate, which I won't be going into
very deeply since this is, after all, a Linux group.

Regards,

Peter van der Landen

-----------------------------------------------------------------------------
       Law Faculty, L4-45, Erasmus University, Rotterdam, Holland
          Tel +31-10-4082237 (home 2800956) Fax +31-10-2800957