473,406 Members | 2,377 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,406 software developers and data experts.

Configuring Linux as a Firewall

Configuring Linux as a Firewall
* Making installation choices
* Introducing iptables
* Using iptables commands
* Simplifying things with firewall GUIs
* Adding proxy functionality

As Linux gains increasing acceptance in corporate datacenters and
other places, more and more people are discovering something that
Linux enthusiasts have known for a long time: Linux has built-in
firewall features that allow an administrator to build a firewall.
Recent versions of Linux generally ship with at least basic firewall
capabilities, and several Linux versions include even more advanced
features. Because Linux is open source software, and because it has
only minimal hardware requirements, you can build a Linux-based
firewall relatively inexpensively. Be forewarned, though -- doing so
does require some knowledge of Linux and how it fits into the
networking scheme of things.
Making Installation Choices

To use the firewall built into Linux, you should make sure that the
operating system you install includes iptables functionality. Iptables
is the most popular Linux firewall, and this chapter covers it in
detail. Fortunately, most Linux distributions do this by default, so
you probably don't have to worry about this.

Before you install Linux, make sure that all your network cards and
any modem that you may use are installed in your computer. Generally,
it's much easier to have all your hardware in place before installing
your Linux software than it is to install Linux first and then try to
get Linux to recognize all the hardware stuff after the fact.

Red Hat Linux, in its ongoing effort to be top dog in the Linux field,
goes one step further along the customer satisfaction road by giving
you a choice of configuring the firewall during installation. One of
the screens that you see during the installation procedure is shown in
Figure 1. The choices you see on this screen are good starting points,
whether you are just setting up a personal computer, or whether you
are planning to configure a corporate firewall. Of course, when you
are indeed configuring a dedicated firewall, you will have to perform
some additional configuration after the installation is complete.

If you are using another distribution, just skip this section and go
on to the section on iptables. The process of configuring the firewall
after installation is virtually identical in all Linux distributions.
Let's look at each of the available choices:

_ Off: This option does just what its name implies: It configures
Linux to allow all network traffic to enter or leave the computer.
Obviously, this is not an appropriate setting for a firewall unless
you want to do all your configuring at some later point. (No, deciding
just to skip this whole firewall business is not an option. Need to
reread Chapter 1?)

_ Medium: This is an appropriate choice if you want to use Linux as a
personal firewall or if you are installing a server that performs
limited functions, such as a Web server. When you select this option,
Linux configures iptables to allow certain types of traffic into your
computer. You can specify which types of traffic are allowed; for
example, you can disable HTTP traffic or allow SMTP traffic. One of
the limitations of the Red Hat setup program is that it can only
perform very simple firewall configuration tasks for you. Keep in mind
that you can add or remove rules later, but if you already know which
traffic you want to allow and which traffic you want to block, you can
easily configure this during setup.

_ High: When you select this option, you enable and configure the
iptables firewall to block all traffic. This is the configuration that
you should choose when you install a dedicated firewall. Best
practices dictate that you configure your firewall to drop all network
traffic unless you specifically allow it. Choosing this option gives
you this starting configuration; you get to do all the other
configuration steps after the operating system installation is
complete.

Read the complate article at http://www.network.79br.com
Mar 1 '08 #1
0 1108

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Tom Jones | last post by:
I need to access databases on both win2k and Linux systems but I have to set up the DSNs under program control ... no uses using GUIs ... Has anyone done this? if so can we discuss it either in...
28
by: Matt Saunders | last post by:
Hi all, In a couple of weeks I get my big break. I joined my present employer (an ISP) in a real bottom-rung-of-the-ladder customer support job several months ago, without even getting an...
383
by: John Bailo | last post by:
The war of the OSes was won a long time ago. Unix has always been, and will continue to be, the Server OS in the form of Linux. Microsoft struggled mightily to win that battle -- creating a...
1
by: Brice | last post by:
Hello, Hope this doesn't sound like an odd question: I'd like to learn some more DB2, and would like any suggestions others might have in configuring a laptop for this. I plan to load either...
5
by: VMI | last post by:
How can I configure IIS so that I can run my ASP.Net pages? I've been looking on the net but haven't found anything. Thanks.
0
kaarthikeyapreyan
by: kaarthikeyapreyan | last post by:
I have a small problem while configuring the vpn in my SUSE10 linux i dealt with some of the following errors (a)cannot find configuration script for ppd (b)no pad0 packets revievied (c)remote...
1
by: getafixx | last post by:
Hello everyone, We have a linux server (Fedora core 7, default install, firewall turned off) and a bunch of windows XP machines on network/domain. All machines are visible and I can get to both...
1
by: rada.lambretha | last post by:
Configuring Linux as a Firewall * Making installation choices * Introducing iptables * Using iptables commands * Simplifying things with firewall GUIs * Adding proxy functionality As...
6
by: The D0ct0r | last post by:
Hi People, I am working on a tcp client/server, using this tutorial: http://tldp.org/ LDP/LG/issue74/tougher.html Everything works fine, as long as I connect to my own machine (localhost) When...
1
Nepomuk
by: Nepomuk | last post by:
You might have heard about Linux, but you don't know what it is? Or you know a few things about it, but they terrify you? Well, then this article is for you. Don't be afraid - Everyone can use Linux!...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
0
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
0
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
0
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
0
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.