Re: [K12OSN] distro for firewall/proxy ?

On Thu, 25 Jul 2002, Steve Wright wrote:

Hi Folks
What distro are you using for your firewall/proxy connection to the
Internet ?
> snipped  ...

I have set up several proxy server/firewall machines using Slackware 8.0,
ipchains, and squid.  The proxy for the school computer lab also uses
DG for filtering.

I liked Slackware because it was easy to install a minimal machine with
only the packages needed.  Most of the configuration including the
firewall rules was done manually.  I also recompiled the kernel for just
the features and drivers needed.  Most configuration was done by editing
the startup scripts and conf files for Squid and DG.  All unneeded services
had to be commented out of the inetd.conf and startup scripts. Some
late-breaking patches had to be installed, but these are in the
Slackware current now and are easily applied.

Squid and DG were installed from the source tarballs.

We are not offering any external services, so external connections to all
privileged ports are denied and all syn packets are denied.
User access is controlled by squid by both ip and identd.

Some machines are on ADSL and one is on cable.  Connection attempts are
regularly denied to various ports on the external interface, usually from
from the worm/exploit of the day.

This setup has worked pretty well.

