Firewall / NAT / proxy Software

Firewall / NAT / proxy Software

Post by MGS » Wed, 07 Jun 2000 04:00:00



To all:

I am looking at setting up a proxy firewall with NAT using Linux.  I plan to
use IPchains and Squid.

I would like to be able to pass some of these tasks on to a local manager,
but I would need a decent graphical or web-based front end for the system.
I have been reading about several packages (both commercial and share/free
ware) which do this.  Does anyone have any suggestions?

Please e-mail as well as post.

Thank you for your time.

 -Rich Ortt


 
 
 

Firewall / NAT / proxy Software

Post by Rick Matthe » Wed, 07 Jun 2000 04:00:00


[posted and mailed]


>I would like to be able to pass some of these tasks on to a local
>manager, but I would need a decent graphical or web-based front end
>for the system. I have been reading about several packages (both
>commercial and share/free ware) which do this.  Does anyone have any
>suggestions?

http://www.webmin.com/webmin/

Webmin does an excellent job.

 
 
 

Firewall / NAT / proxy Software

Post by Andrey Smirno » Wed, 07 Jun 2000 04:00:00


Have you tried linuxconf (it also has a web interface)?

Good luck!


> To all:

> I am looking at setting up a proxy firewall with NAT using Linux.  I plan
to
> use IPchains and Squid.

> I would like to be able to pass some of these tasks on to a local manager,
> but I would need a decent graphical or web-based front end for the system.
> I have been reading about several packages (both commercial and share/free
> ware) which do this.  Does anyone have any suggestions?

> Please e-mail as well as post.

> Thank you for your time.

>  -Rich Ortt



 
 
 

1. Do I need a software firewall in addition to a NAT router/firewall?

Hi:

I have operated Linux and Windows XP boxes behind a Linksys WRT54G NAT
router with it's firewall enabled as well as blocking anonymous internet
requests (black-hole) mode for years, and have not had any problems
(that I am aware of).  Because of the hw router, I figured I didn't need
to run firewall software on the PCs behind the router.  This includes
running the XP box totally unsecured with it's firewall turned off, and
no anti-virus software.

Now I am worrying that maybe this isn't so true.  There are several
means by which things could go wrong.  What comes to mind are (in order
starting with what I think are the most likely risks):  java and
javascript code that runs in the web browsers (see note below), Active-X
controls in M$ IE, recent exploits involving things which I would have
considered passive such as images and flash video, downloading a program
infected by a virus or trojan.  Also, this recent DNS hijacking business
is scary.

We have used administrative controls to mitigate some of these hazards,
by doing the following:

1.  Basically nothing about the java, javascript, and flash/images.
2.  For Active-X, my wife who uses XP frequently, only uses IE for
accessing trusted sites such as a bank or a merchant that cannot
function without IE (almost never).  We primarily use Firefox on XP.
She also uses XP to Skype.
3.  To avoid viruses we simply don't install programs that aren't from a
source that is trusted.  By that I mean, a vendor that we sought out and
know well, like Vmware, Skype, Mozilla, OpenOffice, etc.  We use
Seamonkey or Thunderbird on Linux for email (including my wife).  So
attachments are of little danger.  We are pretty good at spotting scams,
and my wife knows how to look at full headers, etc.  We use no M$
software except for XP itself.
4.  In case the XP is compromised, which I regard as more likely than
Linux, we don't run my Linux box at the same time as her XP, since I
have the most important family data on my Linux box.  Thus, the only way
anyone could get to important personal data is if an exploit that got on
her XP could access her ext2 partition (unlikely) and install something
into the Linux partition, or crack the router, then wait in the router
to attack either of the Linux machines when they are up.  I consider
these scenarios extremely unlikely.

So it's mainly the browser scripts and other exploits that are the main
danger.  Should I be running software firewalls on both XP and Linux
boxes, and anti-virus programs on XP, or is the router and our
administrative policies enough?

Thanks for comments.

--
_____________________
CRC

SuSE 10.3 Linux 2.6.22.17

2. unisys 5000/90

3. Proxy, firewall, NAT, iptables, what??

4. Scanning proc's memory space?

5. NAT/Firewall/Proxy question

6. Permissions problem running a website on linux

7. ftp client proxy ms proxy firewall http proxy unix

8. Unresolved symbol(s)

9. squid/proxy software and position within a NAT'ed network

10. NAT and proxy software for Solaris?

11. Is there software to do NAT on linux firewall machine?

12. Defacto standard NAT/Firewall software for Linux?

13. What's The best Firewall/Proxy Software