Advice for setting up a firewall

Hi all,

I'm looking into setting up an old PC I have sitting around as a Linux
firewall. I need advice on which distro I should use and what
software, as well as any helpful tutorials.

Oh, and tell me this: Will running a firewall have any impact on the
practical speed of my internet connection?

Thanks!

LinuxMercedes wrote:
> Hi all,
>
> I'm looking into setting up an old PC I have sitting around as a Linux
> firewall. I need advice on which distro I should use and what
> software, as well as any helpful tutorials.
>
> Oh, and tell me this: Will running a firewall have any impact on the
> practical speed of my internet connection?
>
> Thanks!

Try ipcop <http://www.ipcop.org> - an excellent distribution for making
firewalls out of old PCs.

Unless the PC is really old, it shouldn't affect your internet
connection speed.

Robert

On Sat, 31 May 2008, in the Usenet newsgroup comp.os.linux.networking, in
article <2cb694fe-004f-4265-9b49-(E-Mail Removed)>,
LinuxMercedes wrote:

NOTE: Posting from groups.google.com (or some web-forums) dramatically
reduces the chance of your post being seen. Find a real news server.

>I'm looking into setting up an old PC I have sitting around as a Linux
>firewall. I need advice on which distro I should use and what
>software, as well as any helpful tutorials.

Which distro to use - that's like asking which car to drive, which beer
to drink, or which ice-cream to eat. If one were superior, why are there
so many choices?

[compton ~]$ whatis taste
taste: nothing appropriate
[compton ~]$

85509 Aug 20 2001 Firewall-HOWTO
42743 Nov 24 2001 Firewall-Piercing
40490 Jun 22 2000 Home-Network-mini-HOWTO
708351 Nov 14 2005 IP-Masquerade-HOWTO
17605 Jul 21 2004 Masquerading-Simple-HOWTO
203891 Sep 29 2004 NET3-4-HOWTO
45604 Apr 18 2006 Networking-Overview-HOWTO
155096 Jan 23 2004 Security-HOWTO
278012 Jul 23 2002 Security-Quickstart-HOWTO
287057 Jul 23 2002 Security-Quickstart-Redhat-HOWTO
71776 Nov 28 21:45 Unix-and-Internet-Fundamentals-HOWTO

That's without using the many toy tools that are available to set up a
firewall. Common sense should suggest that the less crap you have
running on the firewall box, the less there is to exploit. My
firewall is the remains of an ancient lap-top (386-SX16, 8 Megs of
RAM, no keyboard, no display) - needless to say, it's not running
some eye-candy GUI, as no one should be logging in to it.

>Oh, and tell me this: Will running a firewall have any impact on the
>practical speed of my internet connection?

You're posting from a PPPoX link - assuming this is a personal setup
(mainly surfing, email, rather than running a business from home), and
that your firewall rules are not ridiculous, anything faster than a
Pentium 66 with PCI bus shouldn't have an impact. The exception is if
you are using some service that wants AUTH/IDENT and you are dropping
port 113 rather than rejecting it - but that's no different than setting
a personal firewall on your PC.

Old guy

On Jun 1, 4:50*pm, ibupro...@painkiller.example.tld (Moe Trin) wrote:
> On Sat, 31 May 2008, in the Usenet newsgroup comp.os.linux.networking, in
> article <2cb694fe-004f-4265-9b49-88f7324a5...@m45g2000hsb.googlegroups.com>,
>
> LinuxMercedes wrote:
>
> NOTE: Posting from groups.google.com (or some web-forums) dramatically
> reduces the chance of your post being seen. *Find a real news server.
>
> >I'm looking into setting up an old PC I have sitting around as a Linux
> >firewall. *I need advice on which distro I should use and what
> >software, as well as any helpful tutorials.
>
> Which distro to use - that's like asking which car to drive, which beer
> to drink, or which ice-cream to eat. *If one were superior, why are there
> so many choices?
>
> [compton ~]$ whatis taste
> taste: nothing appropriate
> [compton ~]$
>
> * * * *85509 Aug 20 *2001 Firewall-HOWTO
> * * * *42743 Nov 24 *2001 Firewall-Piercing
> * * * *40490 Jun 22 *2000 Home-Network-mini-HOWTO
> * * * 708351 Nov 14 *2005 IP-Masquerade-HOWTO
> * * * *17605 Jul 21 *2004 Masquerading-Simple-HOWTO
> * * * 203891 Sep 29 *2004 NET3-4-HOWTO
> * * * *45604 Apr 18 *2006 Networking-Overview-HOWTO
> * * * 155096 Jan 23 *2004 Security-HOWTO
> * * * 278012 Jul 23 *2002 Security-Quickstart-HOWTO
> * * * 287057 Jul 23 *2002 Security-Quickstart-Redhat-HOWTO
> * * * *71776 Nov 28 21:45 Unix-and-Internet-Fundamentals-HOWTO
>
> That's without using the many toy tools that are available to set up a
> firewall. *Common sense should suggest that the less crap you have
> running on the firewall box, the less there is to exploit. * My
> firewall is the remains of an ancient lap-top (386-SX16, 8 Megs of
> RAM, no keyboard, no display) - needless to say, it's not running
> some eye-candy GUI, as no one should be logging in to it.
>
> >Oh, and tell me this: Will running a firewall have any impact on the
> >practical speed of my internet connection?
>
> You're posting from a PPPoX link - assuming this is a personal setup
> (mainly surfing, email, rather than running a business from home), and
> that your firewall rules are not ridiculous, anything faster than a
> Pentium 66 with PCI bus shouldn't have an impact. The exception is if
> you are using some service that wants AUTH/IDENT and you are dropping
> port 113 rather than rejecting it - but that's no different than setting
> a personal firewall on your PC.
I actually am running a webserver on this connection; hence the need
for a better firewall
>
> * * * * Old guy

On Sun, 1 Jun 2008, in the Usenet newsgroup comp.os.linux.networking, in
article <60163249-1223-4e59-aac3-(E-Mail Removed)>,
LinuxMercedes wrote:

NOTE: Posting from groups.google.com (or some web-forums) dramatically
reduces the chance of your post being seen. Find a real news server.

>ibupro...@painkiller.example.tld (Moe Trin) wrote:

>> You're posting from a PPPoX link - assuming this is a personal setup
>> (mainly surfing, email, rather than running a business from home), and
>> that your firewall rules are not ridiculous, anything faster than a
>> Pentium 66 with PCI bus shouldn't have an impact.

>I actually am running a webserver on this connection; hence the need
>for a better firewall

This probably means you are masquerading the webserver. As such, you
have to provide a forwarding rule so that people connecting to
Your.Public.IP.Addr port 80 have their packets silently forwarded to
the web server, possibly located on 192.168.1.5. Replies from your
server are automagically routed back. But if someone tries to connect
to another port - say port 70 - those packets will be rejected/dropped
unless you have set up a rule to forward those packets somewhere else
(or you have made the mistake of running some server listening to that
port on the firewall). Thus, running a web server isn't likely to
have any significant impact on the firewall performance. Protecting
the web server is something done on the web server itself, making sure
that it's not the typical walking disaster area - one need only look at
the Bugtraq mailing list to see the problems often encountered there.
The only "protection" the firewall may provide is blocking access to
IP address ranges you may designate.

Old guy

On May 31, 11:39 pm, LinuxMercedes <LinuxMerce...@gmail.com> wrote:
> Hi all,
>
> I'm looking into setting up an old PC I have sitting around as a Linux
> firewall. I need advice on which distro I should use and what
> software, as well as any helpful tutorials.
>
> Oh, and tell me this: Will running a firewall have any impact on the
> practical speed of my internet connection?
>
> Thanks!

I've had some experience running the Squid proxy/cache on an old
FreeBSD box. It has been a rock-solid system.

http://www.freebsd.org/
http://www.squid-cache.org/