• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Linux firewall

M

Manimal29

Limp Gawd
Joined
Feb 11, 2006
Messages
181
I am hoping that someone can answer a question for me. I would like to know if it is possible to use a linux machine to both act as node on the network AND pull double duty as a firewall appliance for the ENTIRE network? If so, please provide me with the specifics to accomplish this request. Any and all help is GREATLY appreciated!
 
Yes, it's possible. You use 'iptables' software for the firewalling. To make things easier you may want to look into pre-built firewall distros. I'd personally recommend BSD-based firewall-in-a-box packages like m0n0wall or pfsense. You can replace your router with a machine like this. I'm not really sure what you mean "act as a node" because what you're asking seems entirely straightforward by definition.
 
What I mean by "node" is I want the machine to serve a dual function. I want it to be my linux workstation AND be my network firewall.
 
To act as a proper firewall for the network you will have it placed between your switch/router and Internet connection. Using it as a "node" is questionable at best. You should use a dedicated distro like Smoothwall . There is documentation there that can help you with the setup.
 
The node will be in-properly located on the LAN. I suggest just a distro based Firewall as noted above.
 
you can make the box a software firewall with iptables; you can also purchase some hardware firewalls as well.
 
By virtue of the fact that your firewall would need to have an IP address on your internal network (barring any fancy setups), it is entirely possible to use a normal Linux distro (one that includes iptables and can be setup in a NAT'd bastille config) as a both a firewall and a normal PC.

As others have said, however, there are some small risks involved in not using both a hardened kernel and base apps, as well as allowing regular software apps to run on any border device.

I do see where you are going with this project though. Good going in thinking about reducing the amount of hardware needed to accomplish the same goals! :)
 
You must log in or register to reply here.
Back
Top