Using another computer networked as a Firewall

Archived from groups: comp.security.firewalls (More info?)

I am trying to figure out a way of using another machine as a firewall
then networking it to the machine i actually want to use. What is the
most sucure way of doing this?
27 answers Last reply
More about using computer networked firewall
  1. Archived from groups: comp.security.firewalls (More info?)

    "SteadyEddie" <edd_edwards@yahoo.com> wrote in message
    news:c6lf0g$n20$1@hercules.btinternet.com...
    > I am trying to figure out a way of using another machine as a firewall
    > then networking it to the machine i actually want to use. What is the
    > most sucure way of doing this?

    Spend the > $100 on Linksys product and be done with it.
  2. Archived from groups: comp.security.firewalls (More info?)

    > I am trying to figure out a way of using another machine as a firewall
    > then networking it to the machine i actually want to use. What is the
    > most sucure way of doing this?

    http://www.ipcop.org details also on http://ipcop.hopto.org
  3. Archived from groups: comp.security.firewalls (More info?)

    That looks good but im using a windows based system. I dont have linux.

    >>I am trying to figure out a way of using another machine as a firewall
    >>then networking it to the machine i actually want to use. What is the
    >>most sucure way of doing this?
    >
    >
    > http://www.ipcop.org details also on http://ipcop.hopto.org
    >
    >
    >
  4. Archived from groups: comp.security.firewalls (More info?)

    SteadyEddie <edd_edwards@yahoo.com> wrote in message news:<c6lf0g$n20$1@hercules.btinternet.com>...
    > I am trying to figure out a way of using another machine as a firewall
    > then networking it to the machine i actually want to use. What is the
    > most sucure way of doing this?

    As ObiWan suggested, IPCop is one choice. Another is Smoothwall
    (www.smoothwall.com). Neither of these will work on a Windows-based
    machine, but that shouldn't be an issue. Both firewalls install from
    a bootable CD, and they will take care of installing the necessary
    bits on your target machine, wiping away anything currently on the
    hard drive. You don't need to know Linux or Unix to install these.
    And once installed you don't need a keyboard, mouse, or monitor
    because all the remaining configuring and maintenance is done remotely
    via web interface.

    What hasn't been mentioned; that may be overlooked; you will need to
    install a second NIC into your firewall machine regardless of which
    solution you choose.
  5. Archived from groups: comp.security.firewalls (More info?)

    "SteadyEddie" <edd_edwards@yahoo.com> wrote in message
    news:c6lf0g$n20$1@hercules.btinternet.com...
    > I am trying to figure out a way of using another machine as a firewall
    > then networking it to the machine i actually want to use. What is the

    Define what you mean by "networking".
    A firewall that is not connected to the network it is protecting is about as
    useful as a chocolate teapot.
  6. Archived from groups: comp.security.firewalls (More info?)

    we have a small business network. and im trying to put a computer in
    between the network and the internet to act as the firewall. but all the
    web has to offer is sollutions for Linux and I dont have linux


    Mike wrote:

    > Define what you mean by "networking".
    > A firewall that is not connected to the network it is protecting is about as
    > useful as a chocolate teapot.
  7. Archived from groups: comp.security.firewalls (More info?)

    On Tue, 27 Apr 2004 14:00:59 +0000 (UTC), SteadyEddie spoketh

    >we have a small business network. and im trying to put a computer in
    >between the network and the internet to act as the firewall. but all the
    > web has to offer is sollutions for Linux and I dont have linux
    >

    Symantec Enterprise firewall
    Checkpoint Firewall 1
    Microsoft ISA server

    Or, simply get a firewall appliance like a Sonicwall or Watchguard ...


    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  8. Archived from groups: comp.security.firewalls (More info?)

    > >>I am trying to figure out a way of using another machine as a firewall
    > >>then networking it to the machine i actually want to use. What is the
    > >>most sucure way of doing this?
    > >
    > > http://www.ipcop.org details also on http://ipcop.hopto.org

    > That looks good but im using a windows based system. I dont have linux.

    Well ... you were asking for a "separate machine" (see above)
    so there shouldn't be problems in installing linux on the machine
    which acts like a firewall/nat/router, also, a windows machine
    sitting behind such a firewall won't have problems using it to surf
    the net; btw, if you want a windows based solution you may as
    well have a look at http://www.idrci.net just pick the packet filter
    along with the NAT and you'll be up and running in minutes


    --

    * ObiWan

    DNS "fail-safe" for Windows 2000 and 9X clients.
    http://ntcanuck.com

    Support and discussions forum
    http://ntcanuck.com/net/board

    408 XP/2000 tweaks and tips
    http://ntcanuck.com/tq/Tip_Quarry.htm
  9. Archived from groups: comp.security.firewalls (More info?)

    On 27 Apr 2004 13:34:22 -0700, google@n1pop.cjb.net (N1POP) wrote:

    >SteadyEddie <edd_edwards@yahoo.com> wrote in message news:<c6lf0g$n20$1@hercules.btinternet.com>...
    >> I am trying to figure out a way of using another machine as a firewall
    >> then networking it to the machine i actually want to use. What is the
    >> most sucure way of doing this?
    >
    >As ObiWan suggested, IPCop is one choice. Another is Smoothwall
    >(www.smoothwall.com).

    I think that should be http://www.smoothwall.org. :)
  10. Archived from groups: comp.security.firewalls (More info?)

    In article <c6lp2o$7j6$1@sparta.btinternet.com>, edd_edwards@yahoo.com
    says...
    > we have a small business network. and im trying to put a computer in
    > between the network and the internet to act as the firewall. but all the
    > web has to offer is sollutions for Linux and I dont have linux

    If you don't already know of a PC based solution I suspect that you will
    be better off using an appliance based solution - there are many
    Firewall Appliances under $1000 for small businesses.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  11. Archived from groups: comp.security.firewalls (More info?)

    http://www.zelow.no/floppyfw/

    Use Floppyfw...Take an old PC with 2 NIC's ,a floppydrive and 12MB RAM, no
    need for a harddisk because your booting from that floppy.

    Floppyfw is a complete linux distribution finetuned for firewall/router that
    fits on a single floppy 1.44Mb.

    I'm using this now for a while and it is great. Saw some messages on the
    FoppyFW forum from pepole using this piece of software for networks with
    +400 conputers connected


    "SteadyEddie" <edd_edwards@yahoo.com> wrote in message
    news:c6lf0g$n20$1@hercules.btinternet.com...
    > I am trying to figure out a way of using another machine as a firewall
    > then networking it to the machine i actually want to use. What is the
    > most sucure way of doing this?
    >
    >
  12. Archived from groups: comp.security.firewalls (More info?)

    "SteadyEddie" <edd_edwards@yahoo.com> wrote in message
    news:c6lp2o$7j6$1@sparta.btinternet.com...
    > we have a small business network. and im trying to put a computer in
    > between the network and the internet to act as the firewall. but all the
    > web has to offer is sollutions for Linux and I dont have linux

    Most firewalls operate on the data packets that are passing through them so
    don't give a toss about wether the network pcs are windows, Linux or Mickey
    Mouse OS v2.331

    For example, I have an IPCOP box as a firewall which happens to run Linux.
    The network it protects has a mixture of Windows 9x, NT4, 2000,XP and Linux
    (Three flavours) and the occasional Mac

    Please don't take this the wrong way, but having gauged your level of
    expertise from your postings I would recommend that you choose something
    from the Watchguard range like a SOHO and buy it from a company that can
    install it properly for you. You see, a badly installed firewall is almost
    as bad as no firewall and you don't strike me as being knowledgable enough
    to do it properly. Sorry :-)
  13. Archived from groups: comp.security.firewalls (More info?)

    SteadyEddie wrote:
    > That looks good but im using a windows based system. I dont have linux.
    >
    >>> I am trying to figure out a way of using another machine as a firewall
    >>> then networking it to the machine i actually want to use. What is the
    >>> most sucure way of doing this?
    >>
    >>
    >>
    >> http://www.ipcop.org details also on http://ipcop.hopto.org
    >>
    >>
    >>
    >

    You don't need Linux. IPCop is a complete installation, it just happens to
    be based on Linux.

    If you mean that you want to keep Windows on that system, what on earth for?
    Also, in your original post you said "What is the most sucure way of doing
    this?", and keeping Windows on it most certainly isn't.

    --
    Nigel Wade, System Administrator, Space Plasma Physics Group,
    University of Leicester, Leicester, LE1 7RH, UK
    E-mail : nmw@ion.le.ac.uk
    Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
  14. Archived from groups: comp.security.firewalls (More info?)

    Mike wrote:
    > "SteadyEddie" <edd_edwards@yahoo.com> wrote in message
    > news:c6lp2o$7j6$1@sparta.btinternet.com...
    >
    >>we have a small business network. and im trying to put a computer in
    >>between the network and the internet to act as the firewall. but all the
    >> web has to offer is sollutions for Linux and I dont have linux
    >
    >
    > Most firewalls operate on the data packets that are passing through them so
    > don't give a toss about wether the network pcs are windows, Linux or Mickey
    > Mouse OS v2.331
    >
    > For example, I have an IPCOP box as a firewall which happens to run Linux.
    > The network it protects has a mixture of Windows 9x, NT4, 2000,XP and Linux
    > (Three flavours) and the occasional Mac
    >
    > Please don't take this the wrong way, but having gauged your level of
    > expertise from your postings I would recommend that you choose something
    > from the Watchguard range like a SOHO and buy it from a company that can
    > install it properly for you. You see, a badly installed firewall is almost
    > as bad as no firewall and you don't strike me as being knowledgable enough
    > to do it properly. Sorry :-)
    >
    >

    Actually, I'd say that a badly installed firewall is actually *worse* than
    no firewall.

    At least with no firewall you know you are not protected and should be much
    more careful with every machine. With a faulty firewall you think you are
    protected, when in fact you are not, and may well be more lax in protecting
    machines behind the "firewall".

    --
    Nigel Wade, System Administrator, Space Plasma Physics Group,
    University of Leicester, Leicester, LE1 7RH, UK
    E-mail : nmw@ion.le.ac.uk
    Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
  15. Archived from groups: comp.security.firewalls (More info?)

    > If you mean that you want to keep Windows
    > on that system, what on earth for?

    Well ... if windows is the way he wants to go...
    well, he can go for windows as well, no prob

    just download the CHX-I packet filter and NAT
    from www.idrci.net install and configure it and
    let it go .. btw in either case (Linux or Windows)
    the machine MUST be used as a DEDICATED
    firewall, otherwise you can say goodbye to any
    security you want to achieve

    Regards
  16. Archived from groups: comp.security.firewalls (More info?)

    The Great Cornholio <cornholio@cluelessweasels.com> wrote in
    news:bu2u805ilac6vkbbmlp2ae9ko84138jo3i@4ax.com:

    >>As ObiWan suggested, IPCop is one choice. Another is Smoothwall
    >>(www.smoothwall.com).
    >
    > I think that should be http://www.smoothwall.org. :)

    Well, for the free one, yes. I should have been more clear.
  17. Archived from groups: comp.security.firewalls (More info?)

    On 29 Apr 2004 02:05:40 GMT, N1POP <google@n1pop.cjb.net> wrote:

    >The Great Cornholio <cornholio@cluelessweasels.com> wrote in
    >news:bu2u805ilac6vkbbmlp2ae9ko84138jo3i@4ax.com:
    >
    >>>As ObiWan suggested, IPCop is one choice. Another is Smoothwall
    >>>(www.smoothwall.com).
    >>
    >> I think that should be http://www.smoothwall.org. :)
    >
    >Well, for the free one, yes. I should have been more clear.

    And http://www.smooothwall.net for the commercial version I believe.
    The .com site has some very insteresting information on partition
    walls, sheetrock and plastering! :)
  18. Archived from groups: comp.security.firewalls (More info?)

    ObiWan wrote:
    >>If you mean that you want to keep Windows
    >>on that system, what on earth for?
    >
    >
    > Well ... if windows is the way he wants to go...
    > well, he can go for windows as well, no prob

    Except it doesn't meet his "most secure" criteria...

    The other problem is closing down all those ports which MS like to open for
    you without asking first. Unless the OP is experienced at hardening Windows,
    the Linux IPCop route should be much more secure out-the-box.

    > just download the CHX-I packet filter and NAT
    > from www.idrci.net install and configure it and
    > let it go .. btw in either case (Linux or Windows)
    > the machine MUST be used as a DEDICATED
    > firewall, otherwise you can say goodbye to any
    > security you want to achieve

    But that would cost him, IPCop is free. CHX-I is only free for personal use,
    and securing a "small business network" is most definitely not personal use.

    --
    Nigel Wade, System Administrator, Space Plasma Physics Group,
    University of Leicester, Leicester, LE1 7RH, UK
    E-mail : nmw@ion.le.ac.uk
    Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
  19. Archived from groups: comp.security.firewalls (More info?)

    On Thu, 29 Apr 2004 14:30:33 +0100, Nigel Wade spoketh

    >ObiWan wrote:
    >>>If you mean that you want to keep Windows
    >>>on that system, what on earth for?
    >>
    >>
    >> Well ... if windows is the way he wants to go...
    >> well, he can go for windows as well, no prob
    >
    >Except it doesn't meet his "most secure" criteria...
    >
    >The other problem is closing down all those ports which MS like to open for
    >you without asking first. Unless the OP is experienced at hardening Windows,
    >the Linux IPCop route should be much more secure out-the-box.
    >

    Any professional grade firewall installed on a Windows platform are as
    secure as any other firewall installed on any other platform. And, with
    regards to the "ports MS likes to open for you", they are closed by the
    firewall by default, and you'll have to create specific rules to allow
    access to them.

    Lars M. Hansen
    www.hansenonline.net
    Remove "bad" from my e-mail address to contact me.
    "If you try to fail, and succeed, which have you done?"
  20. Archived from groups: comp.security.firewalls (More info?)

    Lars M. Hansen wrote:
    > On Thu, 29 Apr 2004 14:30:33 +0100, Nigel Wade spoketh
    >
    >
    >>ObiWan wrote:
    >>
    >>>>If you mean that you want to keep Windows
    >>>>on that system, what on earth for?
    >>>
    >>>
    >>>Well ... if windows is the way he wants to go...
    >>>well, he can go for windows as well, no prob
    >>
    >>Except it doesn't meet his "most secure" criteria...
    >>
    >>The other problem is closing down all those ports which MS like to open for
    >>you without asking first. Unless the OP is experienced at hardening Windows,
    >>the Linux IPCop route should be much more secure out-the-box.
    >>
    >
    >
    > Any professional grade firewall installed on a Windows platform are as
    > secure as any other firewall installed on any other platform. And, with
    > regards to the "ports MS likes to open for you", they are closed by the
    > firewall by default, and you'll have to create specific rules to allow
    > access to them.
    >

    It's just my natural cynisism showing through. I don't trust Windows, and I
    most certainly don't trust Windows to run a boundary firewall.

    I don't know enough about how a firewall operates in Windows to know what
    it's failure modes are and what the implications for the security of that
    machine and any others it is protecting are. Is it just a "user land"
    application? If so, what happens if it crashes, does it crash "safe" with
    all ports left protected, or does it crash and leave the system in the same
    state as it would be if the firewall hadn't started?

    In Linux, iptables is in the kernel. If the kernel crashes the machine goes
    down and the system isn't vulnerable. It most definitely fails safe
    (although I've never yet come across an example of iptables failing). If
    it's a router/bridge everything behind it is safe.

    --
    Nigel Wade, System Administrator, Space Plasma Physics Group,
    University of Leicester, Leicester, LE1 7RH, UK
    E-mail : nmw@ion.le.ac.uk
    Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
  21. Archived from groups: comp.security.firewalls (More info?)

    In article <c6te4i$s57$1@south.jnrs.ja.net>, nmw@ion.le.ac.uk says...
    > It's just my natural cynisism showing through. I don't trust Windows, and I
    > most certainly don't trust Windows to run a boundary firewall.

    Nigel, While I can understand your mistrust of Windows platforms, the
    Unix platforms have gaping holes in their basic security structure too.
    It's simply a matter of knowing what holes for what platforms and how to
    fix them.

    I've seen Unix boxes compromised as easily as Windows boxes, I've seen
    firewalls compromised (non-appliance onces more than appliance) and I've
    also seen IIS servers dating back to IIS 4 that are still running and
    never been compromised (and run corporate sites).

    I like the firewall appliance approach myself, I don't trust any OS or
    PC to run as well as an appliance designed for a single purpose.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  22. Archived from groups: comp.security.firewalls (More info?)

    On Fri, 30 Apr 2004 12:43:14 +0100, Nigel Wade spoketh

    >
    >It's just my natural cynisism showing through. I don't trust Windows, and I
    >most certainly don't trust Windows to run a boundary firewall.
    >
    >I don't know enough about how a firewall operates in Windows to know what
    >it's failure modes are and what the implications for the security of that
    >machine and any others it is protecting are. Is it just a "user land"
    >application? If so, what happens if it crashes, does it crash "safe" with
    >all ports left protected, or does it crash and leave the system in the same
    >state as it would be if the firewall hadn't started?
    >
    >In Linux, iptables is in the kernel. If the kernel crashes the machine goes
    >down and the system isn't vulnerable. It most definitely fails safe
    >(although I've never yet come across an example of iptables failing). If
    >it's a router/bridge everything behind it is safe.

    I can't speak for all firewalls, but at least the Symantec Enterprise
    Firewall (formerly Axent Raptor) uses a "wedge" to insert itself into
    the IP stack. Without the firewall software running, nothing will ever
    happen on the IP stack. So, when the computer is booting, the IP stack
    will be dead until the firewall daemons are started. In the event that
    the firewall software suffers a full crash, the IP stack goes back to
    being fully disabled. Since the firewall consists of a number of daemons
    (ie httpd, smtpd, dnsd), the failure of one does not affect the state of
    the others (unless the daemon that failed are the main process).

    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  23. Archived from groups: comp.security.firewalls (More info?)

    <huge snippage>
    > In Linux, iptables is in the kernel. If the kernel crashes the machine
    goes
    > down and the system isn't vulnerable. It most definitely fails safe
    > (although I've never yet come across an example of iptables failing). If
    > it's a router/bridge everything behind it is safe.

    No intention to start or aliment a flame here, but; first of all,
    when I proposed IPCop the original poster wrote that he'd
    like to use Windows, so; Ok, let's go for windows, and the
    CHX NAT+PF I proposed works (imvho) very well; now,
    about the "linux kernel" ... maybe you didn't know this but
    Windows 2000 and up (XP, 2003) has a builtin firewall and
    packet filter API which resides _in_the_kernel_ so there's
    no point in the statement you made above (notice also that
    those APIs were _already_ there in NT4 too although they
    were undocumented and some functions didn't exist)

    Here's the Microsoft reference

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/rras/rras/packet_filtering_reference.asp

    and here's an interesting diagram

    http://www.ndis.com/papers/winpktfilter.htm

    All the best
  24. Archived from groups: comp.security.firewalls (More info?)

    > > Well ... if windows is the way he wants to go...
    > > well, he can go for windows as well, no prob
    >
    > Except it doesn't meet his "most secure" criteria...

    Uh .. where's the "unsecure" in a _dedicated_
    machine running a packet-filter and a NAT
    and properly locked down ?!?

    Btw it someone here thinks to use a firewall
    to run some application then we may just
    give up since at that point we won't be talking
    about security anymore :-)

    > The other problem is closing down all those ports

    The CHX pf will do that (and more) w/o problems

    > But that would cost him, IPCop is free.

    Well .. the OP never asked for a "free" solution, also,
    my first idea was to use IPCop, but since the OP did
    ask for a windows solution I tried to give him the one
    with the best quality/price ratio (the CHX won't cost
    him an arm and a leg)

    Regards
  25. Archived from groups: comp.security.firewalls (More info?)

    > A firewall that is not connected to the network
    > it is protecting is about as useful as a chocolate
    > teapot.

    Well .. but a chocolate teapot *IS* useful !!

    You can always eat it :-) !!!
  26. Archived from groups: comp.security.firewalls (More info?)

    "Nigel Wade" <nmw@ion.le.ac.uk> wrote in message
    news:c6te4i$s57$1@south.jnrs.ja.net...
    > Lars M. Hansen wrote:
    > > On Thu, 29 Apr 2004 14:30:33 +0100, Nigel Wade spoketh
    > >
    > >
    > >>ObiWan wrote:

    > In Linux, iptables is in the kernel. If the kernel crashes the machine
    goes
    > down and the system isn't vulnerable. It most definitely fails safe
    > (although I've never yet come across an example of iptables failing). If
    > it's a router/bridge everything behind it is safe.

    Personally I would have thought a kernel crash in *any* operating system
    would be enough to make it secure :-)
  27. Archived from groups: comp.security.firewalls (More info?)

    Leythos wrote:
    > In article <c6te4i$s57$1@south.jnrs.ja.net>, nmw@ion.le.ac.uk says...
    >
    >>It's just my natural cynisism showing through. I don't trust Windows, and I
    >>most certainly don't trust Windows to run a boundary firewall.
    >
    >
    > Nigel, While I can understand your mistrust of Windows platforms, the
    > Unix platforms have gaping holes in their basic security structure too.
    > It's simply a matter of knowing what holes for what platforms and how to
    > fix them.

    I know. It's just that I know about the UNIX/Linux ones, and how to fix
    them. Also, I trust the UNIX vendors, and Linux as Open Source, to publise
    and fix the holes, more than I trust Microsoft. Microsoft still seem to be
    firmly in the "security by obscurity" camp.

    >
    > I've seen Unix boxes compromised as easily as Windows boxes, I've seen
    > firewalls compromised (non-appliance onces more than appliance) and I've
    > also seen IIS servers dating back to IIS 4 that are still running and
    > never been compromised (and run corporate sites).
    >
    > I like the firewall appliance approach myself, I don't trust any OS or
    > PC to run as well as an appliance designed for a single purpose.
    >

    An appliance would be preferable, but on fixed budget you get more with a
    Linux firewall than with either Windows or an appliance. What you get with
    Linux is purely hardware limited, whereas Windows and appliance firewalls
    are generally software/firmware limited.

    When I was looking around a couple of years ago the entry level appliances
    were around twice what a PC base unit cost. IIRC that didn't even support
    VPN and limited the number of stateful connections to around 100 or so, and
    suggested a network throughput of ~20MB/s. To get the support we required
    the price would have started around £1500-£2000. The £300 base unit we have
    running Linux has no limit on VPN, bandwidth or stateful inspection, and
    occasionaly reaches 2-3% CPU utilization when someone is doing an FTP
    transfer at 100% of the 100MB link.

    --
    Nigel Wade, System Administrator, Space Plasma Physics Group,
    University of Leicester, Leicester, LE1 7RH, UK
    E-mail : nmw@ion.le.ac.uk
    Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
Ask a new question

Read More

Firewalls Computers Security Networking Product