looking for a linux based firewall

dear firewall gurus, for my testlab i'm looking for a (linux) firewall to create a dmz. i have a few unused intel-boxes. maybe i can use them to build a dedicated firewall-appliance. any suggestions. it's doesn't matter if its free :-))

thanx alot tim

Reply to
tim moor
Loading thread data ...

ipcop.org

Reply to
Niels Jespersen

Not really linux, but maybe worth a look:

formatting link
Uli

Reply to
Uli Wachowitz

What kind of DMZ do you want to build? There are two basic setups for a DMZ:

WAN --- Firewall_1 --- DMZ --- Firewall_2 --- LAN

WAN --- Firewall --- LAN | DMZ

On the firewall(s) you need a packet filter. In the case of Linux you'd use netfilter (the packet filter included into the Linux kernel). For tutorials on netfilter see [1,2]. Basically you allow these connections on your firewall(s):

WAN -> DMZ allow WAN -> LAN deny DMZ -> WAN allow DMZ -> LAN deny LAN -> DMZ allow LAN -> WAN allow/deny depending on your policy

Traffic related to the above connections: allow

These very basic DMZ setups can be enhanced/modified in many different ways, e.g. by adding layer7-filtering [3] to the firewalls, putting proxies (e.g. Squid [4]) into the DMZ, setting up bastion hosts, etc.

However, the matter is far too complex to cover more than the very basics in one newsgroup post. I suggest you read a good book on firewalls (e.g. [5]) to get you started.

[1]
formatting link
formatting link
formatting link
formatting link
formatting link
cu 59cobalt
Reply to
Ansgar -59cobalt- Wiechers

formatting link
is a small Linux distribution (live cd or compactflash image). It has a SPI and packet filter image. It supports captive portal to authenticate the users by using a web browser and radius server too.

Reply to
nuzz

Hi Tim

Here is one more:

formatting link
is a very small secure linux (no GUI or something) and works on very old machines too. I love it.

Reply to
Andreas Baumgartner

I thought there was only one worth considering! ;^)

formatting link
Fantastic support on the mailing list as well.

Jim Ford

Reply to
Jim Ford

at the risk of getting flamed, i recommend openbsd for a litewgt firewall. its firewall, pf, is imho easy to set up and get going. and the documentation for it is second to none, again imho.

Reply to
john smith

tim moor skrev:

formatting link
/Anders

Reply to
Anders

opinion: o-pinyun noun 1: belief 2: judgment 3: formal statement by an individual

Yeah, but it's only one of many that are available. I've tried over twenty, and the biggest differences were the user interface. Personally, I'm using a stripped kernel and simple script which is more versatile though admittedly requiring more skill. Hit

formatting link
see what interests you.

Old guy

Reply to
Moe Trin

If you are looking for a GOOD firewall go to this site:

www.astaro.c> tim moor skrev:

Reply to
News

So, why do you believe other firewalls (esp. custom-made firewalls running Linux) are not good? What exactly makes Astaro better? Besides, why do you believe that the products of this company come even close to the OP's requirements ("build a linux-based firewall w/ DMZ on a few unused Intel-boxes")?

Nope. Not even remotely.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.