Very Computer

by iD » Mon, 13 Mar 2000 04:00:00

I am getting a cable modem in less than a week. I have 3 computers that I
use, and a Pentium 166 that I want to setup as a linux firewall and DHCP
server. My friend has thiat setup and it works well. Problem is he can't
help me because he is a beginner like me, a friend of his set his up for
him. So I figure this would be a good chance for me to learn more about
linux. I just want the linux box to be a good firewall and a DHCP server.
I had the chance to talk to the guy that setup my friend firewall. He gave
me a 3 files and said thats all I would need to set it up. (router.up,
router.down, and dhcpd.conf) He said I might need to install a few packages
in redhat, but I forgot which ones he mentioned. One thing I want to do, I
recently downloaded "ZoneAlarm" for windows. Its a nice software firewall.
I noticed that it allows internet access to programs, and at the same time
keeps ALL ports in stealth mode. With my friends linux firewall, you have
to open the ports you want to use. Would it be possible to setup a linux
firewall that keeps ALL ports stealth, but still allows internet access to
computers on the network? (the way I tested the ports is at www.grc.com
click on "shields up") If anybody could help me out with any of this PLEASE
let me know. If ya could, please send me an email, my ISPs newsgroups a
really flaky.

Thank you for ANY help..
John

by **Bit Twist** » Mon, 13 Mar 2000 04:00:00

This built me a tight ipchain firewall rule set
http://linux-firewall-tools.com/linux/firewall/index.html
I used DENY, hardcoded external addresses, logged everything.

As part of the instruction and if you read the script, it will
give several suggestions as to where you install the firewall.

>I am getting a cable modem in less than a week. I have 3 computers that I
>use, and a Pentium 166 that I want to setup as a linux firewall and DHCP
>server. My friend has thiat setup and it works well. Problem is he can't
>help me because he is a beginner like me, a friend of his set his up for
>him. So I figure this would be a good chance for me to learn more about
>linux. I just want the linux box to be a good firewall and a DHCP server.
>I had the chance to talk to the guy that setup my friend firewall. He gave
>me a 3 files and said thats all I would need to set it up. (router.up,
>router.down, and dhcpd.conf) He said I might need to install a few packages
>in redhat, but I forgot which ones he mentioned. One thing I want to do, I
>recently downloaded "ZoneAlarm" for windows. Its a nice software firewall.
>I noticed that it allows internet access to programs, and at the same time
>keeps ALL ports in stealth mode. With my friends linux firewall, you have
>to open the ports you want to use. Would it be possible to setup a linux
>firewall that keeps ALL ports stealth, but still allows internet access to
>computers on the network? (the way I tested the ports is at www.grc.com
>click on "shields up") If anybody could help me out with any of this PLEASE
>let me know. If ya could, please send me an email, my ISPs newsgroups a
>really flaky.

--
The warrenty and liability expired as you read the message.
If the above breaks your system, it's yours and you keep both pieces.
Practice safe computing. Backup the file before you change it.
Do a, man every_command_here, before doing anything or running a script.

by **Ron Parke** » Mon, 13 Mar 2000 04:00:00

I'm a beginner just like you, so I'll give you my opinion on the fastest way to
get the firewall going (I don't know about DHCP server).

1. Read Security-HowTo and Firewall-HowTo.
2. If you are using Linux RH 6.1, its already got the basic firewall components
installed out the box. This is my recommendation rather than trying to compile
stuff.
3. Put in your two network cards and make sure your system sees them and
configures them as eth0 and eth1.
4. Once your firewall is physically set up and tested (follow testing
instructions in Sec. 6.4 of Firewall-HowTo), you are ready to configure
filters. Now you need to read IPCHAINS-Howto.
5. Don't know anything about stealth ports, but I use portsentry to monitor port
scans. This is linux software available at: www.psionic.com. I also use
LogCheck (also from psionic) to send me e-mails of suspicious log activities.
6. Its going to take a while to get used to what the ipchains logs are going to
be telling you. I'd suggest printing out your /etc/services and /etc/protocols
files and keeping them handy. There is also a web site somewhere which has a
comprehensive list (130+ pages) of tcp/udp port/service numbers and what they
mean.

That's my little newbie two cents. You'll find this newsgroup chock full of
very knowledgeable and helpful folks if you run into trouble.

-ron

> I am getting a cable modem in less than a week. I have 3 computers that I
> use, and a Pentium 166 that I want to setup as a linux firewall and DHCP
> server. My friend has thiat setup and it works well. Problem is he can't
> help me because he is a beginner like me, a friend of his set his up for
> him. So I figure this would be a good chance for me to learn more about
> linux. I just want the linux box to be a good firewall and a DHCP server.
> I had the chance to talk to the guy that setup my friend firewall. He gave
> me a 3 files and said thats all I would need to set it up. (router.up,
> router.down, and dhcpd.conf) He said I might need to install a few packages
> in redhat, but I forgot which ones he mentioned. One thing I want to do, I
> recently downloaded "ZoneAlarm" for windows. Its a nice software firewall.
> I noticed that it allows internet access to programs, and at the same time
> keeps ALL ports in stealth mode. With my friends linux firewall, you have
> to open the ports you want to use. Would it be possible to setup a linux
> firewall that keeps ALL ports stealth, but still allows internet access to
> computers on the network? (the way I tested the ports is at www.grc.com
> click on "shields up") If anybody could help me out with any of this PLEASE
> let me know. If ya could, please send me an email, my ISPs newsgroups a
> really flaky.

> Thank you for ANY help..
> John

by **Luke** » Tue, 14 Mar 2000 04:00:00

hehe this seems to have become your mantra :)

Quote:> This built me a tight ipchain firewall rule set
> http://linux-firewall-tools.com/linux/firewall/index.html
> I used DENY, hardcoded external addresses, logged everything.

> As part of the instruction and if you read the script, it will
> give several suggestions as to where you install the firewall.

by **Damon Registe** » Tue, 14 Mar 2000 04:00:00

>I'm a beginner just like you, so I'll give you my opinion on the fastest way to

I guess there are a lot of us beginners?

Quote:>2. If you are using Linux RH 6.1, its already got the basic firewall components

I am using Red Hat6.1 but I don't remember seeing the firewall
mentioned in the book. Where is the RH firewall? I just copied the
masquerading with strong ruleset out of the Masquerading HOWTO.
It would have been easier if I had known of the one that came with RH

Quote:>5. Don't know anything about stealth ports, but I use portsentry to monitor port
>scans. This is linux software available at: www.psionic.com. I also use

You mean this detects someone trying to scan the ports? Thanks for
the info

Damon Register

Very Computer

Need help setting up Redhat 6.1 as a firewall and DHCP server..

Need help setting up Redhat 6.1 as a firewall and DHCP server..

Need help setting up Redhat 6.1 as a firewall and DHCP server..

Need help setting up Redhat 6.1 as a firewall and DHCP server..

Need help setting up Redhat 6.1 as a firewall and DHCP server..

Need help setting up Redhat 6.1 as a firewall and DHCP server..