I don't have a box to dedicate as a firewall and I need to avoid 
spending money right now. Maybe I'm being "penny wise and pound 
foolish". I actually would like to set up such a box for better 
security, learning and of course, the "cool" factor.

The Mandrake firewall gui says:
"Which services would you like to allow the Internet to connect to?"
_ Everything (no firewall)
_ Web Server
_ DNS
_ SSH
etc...

I read the (very minimal) doc on this firewall and it says that all you 
have to do is have none of the checkboxes checked and none of these 
services will be able to access the net. I don't intend to run any of 
these services so that's cool. The doc also says that the firewall will 
NOT block Internet access by *clients*, this is not the case. The only 
thing I can do is check "Everything (no firewall)" so that I can access 
the net.

The only other thing to consider is that I use VNC to access my W2k box 
so if and when I get a firewall set up I would have to let that traffic 
pass through it.

Thanks for your help.

The Wandering Dru wrote:
> Rick Meyerhoff wrote:
> 
>> IPCop seems to be a Linux distro used to turn a PC into a firewall. 
> 
> 
> This is going to be true of just about anything billed as a "linux 
> firewall".  They are made to turn an older box into an easy-to-maintain 
> firewall appliance.  The reason for this is that everything you need to 
> have a firewall on your one system is already there.  All these 
> specialized distros are are front ends to iptables/ipchains.
> 
> I do have a dedicated firewall box but it is just a minimal Debian 
> system using shorewall(non-gui, but easy to set up).  I know there are 
> some scripts out there that will help you come up with a rules set and I 
> seem to recall a web site or two that will do it as well.
> 
> For a dedicated box, I have at least tried most of the firewall distros 
> out there.  IPCop is good and is based on Smoothwall(which is why they 
> are very similar).  A lot of people have a problem with Smothwall in 
> that the guy running the show can be kind of an ass sometimes.
> 
> For more robust needs(and a beefier box), there is Mandrake 
> Multi-Network Firewall.  It allows multiple DMZs and Networks to be 
> handled through the same box.  Cool stuff but a bit bloated for most 
> home networks.
> 
> For a more multi-function box, there is Clark Connect, based on Red Hat. 
>  It will run web, email, ftp, etc. servers as well tho a lot of security 
> people frown on running such services on your firewall.
> 
> 
> Back to your specific situation, Rick.  What is it that the Mdk firewall 
> front end won't allow you to do?  I'm pretty sure to do port forwarding, 
> you would need to edit files by hand, but I can't really see a need for 
> you to do that with your two boxen setup unless you are running game 
> servers on the windows box.  Simply sharing the connection on the linux 
> box will do wonders for the security of the other OS.  I would have to 
> do some checking but I think the mdk firewall keeps things pretty open 
> to the internal network while closing off everything to the outside.
> 

-- 
Eric (Rick) Meyerhoff



_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list