How do I Configure a Linux Firewall

[tschuy]

Here's the situation, I have a DSL connection to my internet with a static IP, two #com PCI Ethernet cards, one connected to DSL Modem and the other for my "internal" network which have 3 Win2K servers for various duties. I want to setup a firewall using Linux (since MS Security products are crap) but I can't seem to get the systems on my internal network out on to the internet. The Linux system has access to the Internet with no problem using eth0. The servers and other computers can ping eth1 with no problem. But I can't seem to find any where within the reference books that I have to bridge the connection between the two Ethernet cards. The configuration of both Ethernet cards have been checked, double checked and triple checked. The routing appears to be correct too. Where my static is set on eth0 to the assigned IP, gateway and DNS from my DSL service. eth1 is set to use an static IP too. I'm using RedHat 7.2 and have tried all three firewall configurations using the LOKKIT GUI tool. Also have tried to manually configure the settings based upon information from RedHat, Linux.org, and several reference books. But I still can't get this thing to work.

Is there a real good source to where I can go, and get the necessary information. Perhaps a step by step guide which a Microsoft brain washed weenie as myself can understand.


Any help would be appreciated.

Thanks

Tim

t.schuy@attbi.com

 

[MrTom]

http://www-105.ibm.com/developerwor...A7F41AE725B03E1D86256A46005DB972?OpenDocument

you may need to register but the tutorial covers exactly what you are looking for.

 

[LarryTheCucumber]

Try firestarter firewall configurator
Download from

http://firestarter.sourceforge.net/

rpm -Uvh firestarter.rpm(full name)
It will autodetect IPCHAINS or IPTABLES
IPCHAINS is used by default
TODO: Only if you want to use IPTABLES
Run these commands
chkconfig --level 2345 ipchains off (Turns off IPCHAINS in xinetd)

/etc/rc.d/init.d/ipchains stop (Stop IPCHAINS)
rmmod ipchains (Remove IPCHAINS from memory)
chkconfig --level 2345 iptables on (Turns IPTABLES on in xinetd)

firestarter & (Run firestarter)
or create a short-cut on the desktop
It works better in Gnome that KDE. KDE works fine but produces gtk errors that are not harmful. So which ever you prefer
I used Gnome then switched back to KDE.

Also you may need to run dmesg -n1 if you receive hit messages messages in a console window.

After you install it and start it go to Firewall/Preferences/Advanced and check the Show every page in wizard. This will force the
wizard to show the Port forward in button.

The install took me about 5 minutes and a full config about another 10 minutes.

 

[tschuy]

Well I think I found my answer....Went to Mandrake Linux and found thier product Mandrake SNF (Single Network Firewall). So I downloaded the ISO image and burned my CD. Installed it on one of my test machines and man was that easy and slick. The web browser interface work nicely an was able to lock down the ports that I felt need to be locked down. Was able to get traffic to and from my internal site (including e-mail) without problem but sill have things locked down enough to where the network inside the firewall could not be identified. Thanks for the suggestions and help everyone and hope that the info here will help others.

Cheers,

Tim