linux ip box/router/firewall

Discussion in 'OT Technology' started by Nefarious1, Oct 5, 2004.

  1. Nefarious1

    Nefarious1 Guest

    How does this sound for a good firewall

    linux
    samba - to allow communication between windows, linux, mac etc.
    ipcop - gui just for graphical ease of iptables
     
  2. Penguin Man

    Penguin Man Protect Your Digital Liberties

    Joined:
    Apr 27, 2002
    Messages:
    21,696
    Likes Received:
    0
    Location:
    Edmonton, AB
    Sounds good. I ran a Linux router/firewall in front of my home network for years. Very secure and makes things very convenient. Don't really need to run Samba on the firewall unless you want to be able to connect to it from Windows/Mac machines, as Linux and Mac OS can both samba to an Windows computer without going through a server. Just make sure you secure the Linux box really well (no ports open to the outside, good root password just in case, etc).
     
  3. SL1200MK4

    SL1200MK4 New Member

    Joined:
    Sep 27, 2003
    Messages:
    1,552
    Likes Received:
    0
    Well firewall shouldn't have Samba.

    IPCop is one of the best free software linux firewall out there. It was forked project from Smoothwall. It was a long story. But you will probably meet nicer people at ipcops.net than smoothwall.org

    The new 1.4 seems pretty good, I havn't get to try it out yet. Been pretty busy lately.

    If you have problem with ipcop/smoothwall, just let me know and I will try my best to help.

    Keep in mind while it is linux, it doesn't mean that it is secure. There are other factors that goes into secure your netowrk. What's the spec of the pc that you gonna use to run ipcop?
     
  4. Nefarious1

    Nefarious1 Guest

    the only reason I have an interest in samba is because I use all windows boxes except for the firewall, but I also want to setup a domain and allow linux to log everything from all boxes.
     
  5. SL1200MK4

    SL1200MK4 New Member

    Joined:
    Sep 27, 2003
    Messages:
    1,552
    Likes Received:
    0
    Well for the purpose of logging, why not use TCPdump? (okay, the log can be really ugly, I can understand)

    Any how there are a few things that you need to taken care of here.

    1. IPCop does not come with Samba. So, you will have to install Samba on your own, I am not aware of any documents or step by step guide on that.

    2. Samba have both Server/Client portion. But all of those are for sharing the resources on the box with another box. The clients can access resource (e.g. file/printer), and the server shares. So, if you have windows box A and B. When A accesses a shared file on machine B, the Samba on IPCop won't know if that had happened. So, I don't see how you can actually use the IPCop box to log those things. Unless I am really missing something here... Then :slap: myself...
     
  6. Penguin Man

    Penguin Man Protect Your Digital Liberties

    Joined:
    Apr 27, 2002
    Messages:
    21,696
    Likes Received:
    0
    Location:
    Edmonton, AB
    You're correct on 2 (AFAIK), but wildly incorrect on 1. There's an excellent document on installing and configuring Samba/SMB at http://tldp.org/HOWTO/SMB-HOWTO.html.
     
  7. DemisE

    DemisE Active Member

    Joined:
    Oct 17, 2003
    Messages:
    6,337
    Likes Received:
    0
    Location:
    Memphass
    This is what I use for my home network/firewall. Free for home use

    http://www.astaro.com/

    Has been flawless so far
     
  8. SL1200MK4

    SL1200MK4 New Member

    Joined:
    Sep 27, 2003
    Messages:
    1,552
    Likes Received:
    0
    Yes, I know that... But do you know what kinda distro IPCop is?

    It's not a designed to have some other packages installed later on. So, it's not as easy as install with a rpm commmand, and you can't even compile on IPCop, since it's got no GCC... It's a totally strip down linux distro.

    I am not saying that it is impossible, but it will take a lot more effort, of which probably won't be much good after all...
     
  9. col_panic

    col_panic calm like a bomb Moderator

    Joined:
    Sep 19, 2003
    Messages:
    188,160
    Likes Received:
    0
    Location:
    winter haven, fl
    firewalls should not have samba or any other unnecessary server apps, development tools, etc. on them. the more you run, the more things can be exploited and the point of a firewall is to secure your network.
     
  10. SL1200MK4

    SL1200MK4 New Member

    Joined:
    Sep 27, 2003
    Messages:
    1,552
    Likes Received:
    0
    :werd:

    Strip out all clients and not used library, too.
     
  11. Penguin Man

    Penguin Man Protect Your Digital Liberties

    Joined:
    Apr 27, 2002
    Messages:
    21,696
    Likes Received:
    0
    Location:
    Edmonton, AB
    Ah, I didn't know IPCop was a distro, I assumed it was some firewall software.
     

Share This Page