Pensacola Linux User's Group
Welcome, Guest. Please login or register.
November 19, 2011, 02:14:02 pm

Login with username, password and session length
Search:     Advanced search
Happy New Year!
15812 Posts in 3083 Topics by 139 Members
Latest Member: speakatself
* Home Help Search Calendar Login Register
+  Pensacola Linux User's Group
|-+  Misc
| |-+  Other Misc
| | |-+  Linux Firewalls
« previous next »
Pages: [1] Print
Author Topic: Linux Firewalls  (Read 2263 times)
bhoff
Old Hand
******

Approval: 0
Posts: 848



View Profile WWW
« on: June 28, 2002, 07:06:51 pm »

I am presently using a modified Frazierwall 3.5. I have every thing but one port open which is the lastest version of ssh. that forwards to my play around machine. I was wondering what everybody else is using?
I know that we played around with firestarter for Michael Virion which I have been meaning to get back with....Sorry Michael. Linux is really nice for firewall applications. I use an old 486 with 16meg ram and no harddrive boot from floppy it has mini httpd server/dhcp server/firewall/dns all in one and if the power ever goes it just boot's right up no problems. and has a nice web interface to manage it.
Brett
Logged

Brett Hoff
Linux +, Security+, RHCT, GIAC GCFA
Senior IT Security Engineer Antler,Inc.
steve
Guest
« Reply #1 on: June 29, 2002, 06:04:28 pm »

I'm currently using IPCop at home and two of our three firewalls at work are using it. The third firewall is a Cisco Pix Firewall.

Steve
Logged
erc
Guest
« Reply #2 on: August 01, 2002, 05:10:27 pm »

Hmmm...I just installed RedHat 7.2 on a box, turned off almost everything on the box, installed passthrough code (you connect to port XXX on the firewall, you get tunnled through to somewhere else inside the firewall), and tweaked /etc/sysconfig/ipchains.  Oh, and I turned on transparent proxy for Squid and added:

-A input -s 0/0 -d 192.168.201.0/24 80 -p tcp -j ACCEPT
-A input -j REDIRECT 3128 -p tcp -s 0/0 -d 0.0.0.0/0 80

to the ipchains file. (Our local network is 192.168.201.XXX)

What this does is to accept any connections coming from the local network on port 80 that is directed to the firewall box (actually, it's a little broader, but for the purposes of this post it'll do).  If the connection is meant for anyone else, it redirects the connection to port 3128, which just happens to be where Squid is running.

This allows me to selectively block outbound connections to things like doubleclick.net, which helps with popup ads Wink  It also allows me to do this without having to mess with anyone's browser or other software taht connects out on port 80.

I'm working on an Escapade-based front-end to the ipchains and squid stuff, so that I can selectively block inbound or outbound connections, or add hosts to Squid to refuse connections to.
Logged
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.13 | SMF © 2006-2011, Simple Machines LLC Valid XHTML 1.0! Valid CSS!
Page created in 0.333 seconds with 19 queries.