[TCLUG] can you recommend a firewall

Fri Sep 5 07:50:39 CDT 2003

Rick Meyerhoff wrote:

> IPCop seems to be a Linux distro used to turn a PC into a firewall. 

This is going to be true of just about anything billed as a "linux 
firewall".  They are made to turn an older box into an easy-to-maintain 
firewall appliance.  The reason for this is that everything you need to 
have a firewall on your one system is already there.  All these 
specialized distros are are front ends to iptables/ipchains.

I do have a dedicated firewall box but it is just a minimal Debian 
system using shorewall(non-gui, but easy to set up).  I know there are 
some scripts out there that will help you come up with a rules set and I 
seem to recall a web site or two that will do it as well.

For a dedicated box, I have at least tried most of the firewall distros 
out there.  IPCop is good and is based on Smoothwall(which is why they 
are very similar).  A lot of people have a problem with Smothwall in 
that the guy running the show can be kind of an ass sometimes.

For more robust needs(and a beefier box), there is Mandrake 
Multi-Network Firewall.  It allows multiple DMZs and Networks to be 
handled through the same box.  Cool stuff but a bit bloated for most 
home networks.

For a more multi-function box, there is Clark Connect, based on Red Hat. 
  It will run web, email, ftp, etc. servers as well tho a lot of 
security people frown on running such services on your firewall.

Back to your specific situation, Rick.  What is it that the Mdk firewall 
front end won't allow you to do?  I'm pretty sure to do port forwarding, 
you would need to edit files by hand, but I can't really see a need for 
you to do that with your two boxen setup unless you are running game 
servers on the windows box.  Simply sharing the connection on the linux 
box will do wonders for the security of the other OS.  I would have to 
do some checking but I think the mdk firewall keeps things pretty open 
to the internal network while closing off everything to the outside.

-- 
The Wandering Dru <dru at druswanderings.net>
http://druswanderings.net <--- Things 'n' Such

Get nifty TCLUG merchandise at the TCLUG Store!
http://www.cafeshops.com/tclug

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list