seeking linux gateway/router/proxy/firewall advice
From: Mike (mstupak_at_comcast.net)
Date: 12/08/03
- Next message: Kadaitcha Man: "Re: Dual booting XP, Linux with Grub, on Dell"
- Previous message: Caenogenesis: "Re: PING > Don'tMatter"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 08 Dec 2003 11:55:52 -0800
im sure there are people more knowledgeble then me in this area and i
wanted to run this by them for a sanity check / advice. i was a bit
dissapointed that there wasnt a HOWTO that addressed most of these
needs. while there were a bunch of howtos that described aspects, the
integration of some of them escapes me.
im trying to set up a network for a small business. they curently have
a single DSL line that i want to use as access for thier net. they want
a firewall and they want logging and filtering on their web traffic (web
proxy).
i'd like to have a single linux box provide these services. i have a
linux box w/ rh8.0 installed and running, 2 network cards up and
functioning.
i've explored squid/squidguard as the proxy solution and it seems to be
work fine.
im planning on configuring eth0 as the external net interface. it will
use dhcp to get an ip addrs, hostname, and dns info from the DSL ISP.
if i want to run a DHCP server on the internal network (eth1) to
distribute the dns info (and local ip addrses) do i need to do anything
special (beyond kicking off the server and minor config file tweeks) or
should it mostly just work?
i think that iptables is my default firewall solution. do i need to do
special stuff to get packets flowing properly (bridging?). i've read
about a special kernel patch to get a firwall working w/ bridging - do i
need that? id really rather not do any kernal compiling if i can avoid
it. any advice on what kind of rules i'll want to keep the network
pretty secure, but still allow normal web browsing activity to continue
functioning (realaudio, flash, ftp (only for file download via web),
etc)? i've read a bit about ip masquerading. do i need to set that up?
i'd also like to set it up so that i can ssh to the box from the
external net (no need to ssh through the box though).
in summary, here are the firewall requirements - any hints on how to set
it up?
- DNS requests going out to the ISP dns servers
- web traffic gets sent through squid
- allows other apps to run that are typically seen via the web
(realaudio, flash, ftp, etc)
- allows incomming ssh to the linux box
will i also need to support arp requests to the linux server from
outside? from the inside?
any other services i'm likely to be missing? (there is no interal web
server).
i know this is a bit rambling, but thanks for any advice.
-mike
- Next message: Kadaitcha Man: "Re: Dual booting XP, Linux with Grub, on Dell"
- Previous message: Caenogenesis: "Re: PING > Don'tMatter"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
