*NIX Firewall

Rick Stevens rstevens at vitalstream.com
Tue May 17 17:31:30 UTC 2005 

Vincent Jordan wrote:
> I have been given the task of configuring / installing a firewall for my 
> company. It has been a while since I’ve played in this realm so i hope 
> to get a little info about this.
> 
>  
> 
> Generally its for to provide a firewall, allow VPN connection to our win 
> server, accept ftp files scan file for virus and push to another system 
> on local lan, get mail process spam and check for viruses, act as a 
> gateway to internet with configurable rule sets as to which users can 
> access the internet and what sites they can view.
> 
>  
> 
> I was thinking this may get me started, of course any input would be 
> greatly appreciated, If I left anything out or there is a better 
> solution please let me know.
> 
>  
> 
> Firewall                         / Ipchains-iptables

Unless you're running an ancient 2.2 kernel, it will be "iptables".
There are a number of GUI tools to help you configure it.  My favorite
is "firestarter" (http://www.fs-security.com) but your preference may be
something else.

> Intrusion Detection         / snort, portsentry?(where did portsentry go)

Both are good.  PortSentry is at

	http://sourceforge.net/projects/sentrytools

but that's an older version.  Check the freshmeat repositories for later
versions (I think there's an updated version for FC3 there).  You can
also configure iptables to log break in attempts, but it will rapidly
grow your logs to a ridiculous extent.

> VPN                             / pppd, pptp, ipsec

Yup.  There are others.  Google is your friend!  :-)

> MTA                             / postfix, fetchmail

Don't forget sendmail and qmail.  By the way, fetchmail is NOT an MTA as
it doesn't speak SMTP.  It is, rather, an MUA (speaks POP, IMAP, etc.).

> FTP                              / vsftp

vsftpd comes with most newer Linuxen.  There's also ProFTP.

> Anti-spam                     / spam assassin

Also spaminator, bogofilter, lots more.  Don't forget virus filtering,
too.  Try ClamAV for that.

> Internet Proxy                / squid

Ah, yes, the default standard for proxies.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-         "The Schizophrenic: An Unauthorized Autobiography"         -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list