Red Hat 9 as a PRoxy Server

ok..so i have set up a linux proxy server...any suggestions on how can i make it secure or better how can i make it act like a firewall at the same time a proxy server? hope you could advice me on this one. thanks so much!

I do not recommend giving the firewalling tasks to the proxy server.. you can do it using iptables in the same box you just built but its not a good idea. If you want a GUI for iptables you can get GTK-iptables, Shorewall, Firestarter etc.

I would recommend you setup a separate box for firewalling. Check out Smoothwall www.smoothwall.org , or ipcop... they are great dedicated firewall installs based on linux.

As for locking down your proxy server, theres a lot you'll have to do. First and foremost make sure your system is patched.. if its RH9, use the RH9 network or whatever.

THen you'll have to start disabling services.. such as SSH, Apache, Sendmail etc... you might even want to put in an iptables rule that only allows access to your proxy server port (if its squid it should be 3128).

Cheers,

hi sahirh,

i used debian as my proxy server. you said that i should patch my system, please point me to where i can find patches for a debian system..and also with regards to the firewall...would that mean that i should have a separate box to act as the firewall?...i've researched on this and found out that using iptables as you've said helps alot in controlling the task of the firewall..do you have resources where i could find tutorials on iptables?..also i'm just new to the linux world and haven't had some experiences in setting up such systems.. hope you could share some light on this...thank you very much...

have a nice day

Hi Jhun, updating debian is really really easy.. use apt-get
apt-get is the most awesome package management tool ever. If I want a package.. lets say nmap.. ill just say apt-get install nmap, it will download the package, with all its dependencies, and install it.

www.nl.debian.org/security/
for more information, or man apt-get

There should be a comprehensive iptables tutorial up here soon, til lthen check out www.netfilter.org

Cheers,

Hi Sahirh,

Been looking at your responses. By apt-get....., do you mean the linux will actually go out to the internet itself and download the packages. Also if it does is their a particular place it goes to download these packages and do you have to a standardised name for these packages

You can customize apt-get to access any site via ftp or http, though you may have to maintain the directory structure and the filename scheme of the official debian packages -I don't know if this behaviour is controlled via text configuration files as I don't use debian, but it is very possible-.

Swaret does more or less the same for slackware and is just written in bash (that's both good and bad, but overally I prefer it).