[lug] Setting up a firewall...
Calvin Dodge
caldodge at fpcc.net
Fri Jul 21 10:48:41 MDT 2000
Brian Jarrett wrote:
>
> Question: Am I wrong, or wouldn't we just be better off setting up our own
> Linux system as a firewall? Since we have a Class C, I see no reason not to
> use the addresses allocated. I would think that we could use the firewall
> to restrict IP traffic to port 80 for our web servers, and so on, but still
> use our Class C which would protect all or machines, not just the
> workstations.
As Ed McMahon might say: "You are correct, SIR!"
If you have your own Class C range, then the only limitation on routing is the
arbitrary one imposed by that firewall manufacturer, since one can easily do
firewalling AND routing to Class C networks with Linux (my current employer's
network is set up in precisely this way).
That could be done with just about any old machine - we're using a Pentium 90
for that purpose, and that's overkill for our 128 Kbps connection.
> Does anyone have some other suggestions? I know a lot about TCP/IP, but I'm
> just now getting into the security side of things. I'll probably end up
> setting up whatever we decide to do.
I'd be happy to send you the info on our firewall, as well as the ipchains
script we're using to keep junk out. Frankly, I can think of real advantages
to rolling your own, especially if it's pretty much a single task machine (as
firewalls _should_ be).
Calvin
--
Calvin Dodge
Certified Linux Bigot
http://www.caldodge.fpcc.net
More information about the LUG
mailing list