Sign in with
Sign up | Sign in
Your question

looking for free linux-based firewall

Last response: in Networking
Share
Anonymous
a b 8 Security
September 22, 2005 10:31:42 PM

Archived from groups: alt.comp.networking.firewalls,comp.security.firewalls (More info?)

Hi

We have PCs and servers on our network each with
genuine (visible) IPs.

smoothwall (free version) and ipcop support only NAT.

Is there a product that supports genuine IPs with rules like
"allow IP-Range port-range" ,
"Block IP-Range port-range" ,
etc?

Monitoring and volume-stats would be great too.

I'm happy to pay a reasonable amount but IMO smoothwall's prices
are way out of reach of normal users.

Currently using a Cisco 837 but would prefer to use a linux box.

DK
melbourne.au

NOTE this message was posted to
alt.comp.networking firewalls, comp.security.firewalls
Anonymous
a b 8 Security
September 22, 2005 10:31:43 PM

Archived from groups: alt.comp.networking.firewalls,comp.security.firewalls (More info?)

David TY wrote:

> Hi
>
> We have PCs and servers on our network each with
> genuine (visible) IPs.
>
> smoothwall (free version) and ipcop support only NAT.
>
> Is there a product that supports genuine IPs with rules like
> "allow IP-Range port-range" ,
> "Block IP-Range port-range" ,
> etc?
>
> Monitoring and volume-stats would be great too.
>
> I'm happy to pay a reasonable amount but IMO smoothwall's prices
> are way out of reach of normal users.
>
> Currently using a Cisco 837 but would prefer to use a linux box.
>
> DK
> melbourne.au
>
> NOTE this message was posted to
> alt.comp.networking firewalls, comp.security.firewalls

What you are asking for is a bridging firewall. It is possible to do this in
Linux; I do it for out network. But it's not straightforward, and I don't
know of any off-the-shelf free solution (or I'd be using it).

The basic steps are that you first need to enable bridging support in the
kernel - this is normally already done these days. Then you create a bridge
interface and add network interfaces to it. Then you setup the iptables
rules for the network and the firewall itself.

I use custom scripts to startup the bridge, and fwbuilder to create the
iptables rules. I also use fwbuilder to create the "personal" firewall
rules for each server behind the firewall. It's quite a nice tool, but it
does have a few foibles to watch out for. It supports both address and port
ranges.

Monitoring can be done by any available Linux tool.

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
Anonymous
a b 8 Security
September 22, 2005 10:31:43 PM

Archived from groups: alt.comp.networking.firewalls,comp.security.firewalls (More info?)

David TY wrote:

> Hi
>
> We have PCs and servers on our network each with
> genuine (visible) IPs.
>
> smoothwall (free version) and ipcop support only NAT.

Both use netfilter/iptables.

> Is there a product that supports genuine IPs with rules like
> "allow IP-Range port-range" ,
> "Block IP-Range port-range" ,
> etc?

Any Linux box can make a fine packet-filter.

man iptables.
http://www.netfilter.org/documentation/index.html

Wolfgang
Related resources
Anonymous
a b 8 Security
September 22, 2005 10:31:43 PM

Archived from groups: comp.security.firewalls (More info?)

David TY <no@thank.you> wrote:
> We have PCs and servers on our network each with
> genuine (visible) IPs.

Please explain, what do you mean with "genuine (visible) IPs".

> Is there a product that supports genuine IPs with rules like
> "allow IP-Range port-range" ,
> "Block IP-Range port-range" ,
> etc?

Most of the packet filters do that.

> Currently using a Cisco 837 but would prefer to use a linux box.

It's possible with the Cisco, it's possible with a Linux box, too.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
September 23, 2005 6:16:27 AM

Archived from groups: alt.comp.networking.firewalls,comp.security.firewalls (More info?)

David TY wrote:
> Hi
>
> We have PCs and servers on our network each with
> genuine (visible) IPs.
>
> smoothwall (free version) and ipcop support only NAT.

Did you check the Homebrew Customisations / Modifications forum on
smoothwall.org

<http://community.smoothwall.org/forum/viewforum.php?f=1...;

>
> Is there a product that supports genuine IPs with rules like
> "allow IP-Range port-range" ,
> "Block IP-Range port-range" ,
> etc?
>
> Monitoring and volume-stats would be great too.
>
> I'm happy to pay a reasonable amount but IMO smoothwall's prices
> are way out of reach of normal users.
>
> Currently using a Cisco 837 but would prefer to use a linux box.
>
> DK
> melbourne.au
>


I found the following book useful in understanding Linux based firewalls

Troubleshooting Linux® Firewalls
<http://www.awprofessional.com/bookstore/product.asp?isb...;


John
Anonymous
a b 8 Security
September 24, 2005 4:43:27 PM

Archived from groups: alt.comp.networking.firewalls,comp.security.firewalls (More info?)

David TY wrote:
> Hi
>
> We have PCs and servers on our network each with
> genuine (visible) IPs.
>
> smoothwall (free version) and ipcop support only NAT.
>
> Is there a product that supports genuine IPs with rules like
> "allow IP-Range port-range" ,
> "Block IP-Range port-range" ,
> etc?
>
> Monitoring and volume-stats would be great too.
>
> I'm happy to pay a reasonable amount but IMO smoothwall's prices
> are way out of reach of normal users.
>
> Currently using a Cisco 837 but would prefer to use a linux box.
>
> DK
> melbourne.au
>
> NOTE this message was posted to
> alt.comp.networking firewalls, comp.security.firewalls

I don't know unix based OSs. but I have some links noted down

The first link looks to me to possibly be what you're looking for.

i'm sure you can get many great firewalls for linux, with packet
filtering.

http://www.freesco.org/ (linux firewall. cisco style)

http://www.soekris.com
http://www.m0n0.ch
Anonymous
a b 8 Security
September 25, 2005 12:37:10 PM

Archived from groups: alt.comp.networking.firewalls,comp.security.firewalls (More info?)

jameshanley39@yahoo.co.uk wrote:
> David TY wrote:
> > Hi
> >
> > We have PCs and servers on our network each with
> > genuine (visible) IPs.
> >
> > smoothwall (free version) and ipcop support only NAT.
> >
> > Is there a product that supports genuine IPs with rules like
> > "allow IP-Range port-range" ,
> > "Block IP-Range port-range" ,
> > etc?
> >
> > Monitoring and volume-stats would be great too.
> >
> > I'm happy to pay a reasonable amount but IMO smoothwall's prices
> > are way out of reach of normal users.
> >
> > Currently using a Cisco 837 but would prefer to use a linux box.
> >
> > DK
> > melbourne.au
> >
> > NOTE this message was posted to
> > alt.comp.networking firewalls, comp.security.firewalls
>
> I don't know unix based OSs. but I have some links noted down
>
> The first link looks to me to possibly be what you're looking for.
>
> i'm sure you can get many great firewalls for linux, with packet
> filtering.
>
> http://www.freesco.org/ (linux firewall. cisco style)
>
> http://www.soekris.com
> http://www.m0n0.ch

i'll add 'iptables' to that list
Googling tells me "Iptables is the basic program for implementing a
Linux firewall" "iptables is a packet filtering firewall." It's
powerful but might be more technical than what you're looking for.
November 20, 2005 4:56:56 PM

m0n0wall is amazing - but you should really check out Astaro Security Linux - You can get a free home user license to test it.

Building a small itx based box myself for use with Astaro V6.
December 14, 2005 6:57:13 PM

Correct me if I'm wrong but I believe ClarkConnect can do all of the things you need and more (even on the free home version) from the web based config.
January 4, 2006 12:17:36 AM

CRAP.....this is almost the exact answer to my thread here:
http://forumz.tomshardware.com/network/Trouble-communic...

I've been looking for a way to make a free linux based firewall spilt up a network and let me cross through that router to access the PCs behind it similar to a Cisco router. I knew about FreeSCO and m0n0wall (got the latest version of it the other day) but haven't tried them as of yet (just Coyote, BrazilFW, IPCop, and FloppyFW).
January 4, 2006 5:56:41 PM

Quote:
David TY wrote:
> Hi
>
> We have PCs and servers on our network each with
> genuine (visible) IPs.
>
> smoothwall (free version) and ipcop support only NAT.
>
> Is there a product that supports genuine IPs with rules like
> "allow IP-Range port-range" ,
> "Block IP-Range port-range" ,
> etc?
>
> Monitoring and volume-stats would be great too.
>
> I'm happy to pay a reasonable amount but IMO smoothwall's prices
> are way out of reach of normal users.
>
> Currently using a Cisco 837 but would prefer to use a linux box.
>
> DK
> melbourne.au
>
> NOTE this message was posted to
> alt.comp.networking firewalls, comp.security.firewalls

I don't know unix based OSs. but I have some links noted down

The first link looks to me to possibly be what you're looking for.

i'm sure you can get many great firewalls for linux, with packet
filtering.

http://www.freesco.org/ (linux firewall. cisco style)

http://www.soekris.com
http://www.m0n0.ch


i heard that people that are familiar with Cisco Router Configuration are familiar with Freesco too (i never got that in my head, same commands or what), cisco IOS is based on Unix, so there might be a connection

about m0n0, its the best choice, its so easy to configure, so powerfull, and hell yeah free/open
February 10, 2006 7:38:55 PM

Build your own linux iptables/netfilter firewall box. Minimize the kernel and start out with fresh clean iptables/netfilter rules. It'll do everything you want and more.
June 16, 2006 8:05:12 PM

BTW, I believe that LEAF Bering-uClibc might have the features you're looking for, especially bridging, although I think bridging is 1 of the many official addons.
!