Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Gentoo Firewall planning
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Ard Righ
Guru
Guru


Joined: 24 Jun 2002
Posts: 337
Location: Wellington, NZ

PostPosted: Sat Dec 14, 2002 12:39 am    Post subject: Gentoo Firewall planning Reply with quote

I have a P75 and P133 here, both have 32MB RAM. I am hoping that will be enough just to run a firewall, though it will take forever to compile.

I am thinking of doing the install by putting the HDD into my P4 machine, then putting it back into the P133 once it's all running. I have to check on how to do that.

I am just curious, besides doing the basic install, compiling the new kernel for iptables etc, and installing SSH to get in from the outside world, is there any checklist of things I need to check before I put this into use ?

Are there any good Firewall HOWTOs for Gentoo ?
Back to top
View user's profile Send private message
WarMachine
Apprentice
Apprentice


Joined: 15 Jul 2002
Posts: 181

PostPosted: Sat Dec 14, 2002 3:41 am    Post subject: Reply with quote

I'd MUCH suggest putting the drive in the p4 to install. Just compile with settings for the little box. It would take forever on either of those pentium 1's. Also I do not think the install CD will be able to boot up on 32 mb of RAM. I remember having trouble and having to borrow another stick for my gateway box. Last time I installed was 1.1a though, may have changed and of course if you can do the install on the p4 you could get around this, too.

There is plenty of good firewall information here on the forums and links to more good information. Is it for NAT, how many machines behind it, any other services running, specify a little more.

Stuff to install, well there's no reason to install X or a WM if it's just a firewall. Just get the firewall up and your internet connections right, emerge whatever you need from there.
Back to top
View user's profile Send private message
rizzo
Retired Dev
Retired Dev


Joined: 30 Apr 2002
Posts: 1067
Location: Manitowoc, WI, USA

PostPosted: Mon Dec 16, 2002 5:43 pm    Post subject: Reply with quote

Well you'll need to install iptables for sure, and make sure it's enabled in the kernel config (I don't think it is by default. You'll need to config and recompile kernel).

If you use DSL then chances are you'll need rp-pppoe.

Then just find yourself a suitable iptables script (there are many out there) and make your customizations.
Back to top
View user's profile Send private message
Qubax
Guru
Guru


Joined: 19 Jul 2002
Posts: 451
Location: Tirol, Austria

PostPosted: Tue Dec 17, 2002 10:50 am    Post subject: Reply with quote

examples for firewall-iptablersscripts:
[url]projectfiles.com/firewall[/url]
[url]firegate.lunarfox.com[/url]
Back to top
View user's profile Send private message
rtn
Guru
Guru


Joined: 15 Nov 2002
Posts: 427

PostPosted: Tue Dec 17, 2002 4:27 pm    Post subject: Re: Gentoo Firewall planning Reply with quote

Ard Righ wrote:
Are there any good Firewall HOWTOs for Gentoo ?


Like other people have mentioned, there's a myriad of information
available on the web. Here are a couple of my suggestions:

Scan though the Security-Quickstart-HOWTO which includes some
basic iptables scripts and fundamentals, as well IT security discipline.
If you're just interested in the iptables information, you can just skip
ahead to the firewall chapter.

You'll need to compile iptables into the kernel - I'd really recommend
building in as opposed to making it a module. Depending on what options
you'll want to use with iptables, you'll have to enable additional portions
of iptables. There are a whole lot of them, (45 according to `grep
IP_NF /usr/src/linux/.config`) so you might need some trial
and error to figure out which ones you do and don't need.

I'm currently using these CONFIG_IP_NF settings, YMMV:

Code:
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_IPLIMIT=y
CONFIG_IP_NF_MATCH_CONNTRACK=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y


Good luck.

--rtn
Back to top
View user's profile Send private message
vibidoo
Guru
Guru


Joined: 27 Nov 2002
Posts: 409

PostPosted: Thu Dec 19, 2002 12:19 pm    Post subject: Reply with quote

I use a Epia M 5000 mainboard with 32 Mo sdram , it's work very well as a firewall + DHCP . But At home I have only 3 pc to monitor .

For compilling the kernel it takes around 1h30 mn .

:wink:
Back to top
View user's profile Send private message
smart
Guru
Guru


Joined: 19 Nov 2002
Posts: 455

PostPosted: Fri Dec 20, 2002 7:32 am    Post subject: Reply with quote

For a headstart, have a look at the contents of your portage tree. There you will find a build called "shorewall".
Have a look ;)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum