If you've got Netfilter enabled in the kernel (should be by default). Then you would most likely be using iptables to set up the firewall.. I'm badgering Chris to write something on iptables as I want to read a decent paper as well.. but till then this should hold you :
If you just want a computer running as a firewall and nothing else a very good choice is
... runs on a floppy too! It is a firewall and nothing more. It allows you to remote SSH to it which you will need to use Putty on a Windows workstation to be able to do this.
The default firewall configuration is suitable for most home users as it does not allow any new connections. One sweep on the grc ShieldsUP website finds that your computer will be stealthed and pass the test. The only thing that you will need to change is making sure SSH cannot be accessed from the outside world, the default configuration allows SSH open on the Internet however I am not sure if they have changed this or not.
The only con I can see with this type of software is that if you don’t know which drivers your network card(s) use in Linux or the proper driver name for them, it is a pain to find them.
Well I'm facing a dilemma as well right now. I'm doing a small network setup and I have to choose a gateway firewall.. Because the network is small and they want to save money, CheckPoint or something similar would be overkill..
So I've suggested an iptables based firewall, or something like Asataro Linux firewall... however they want to use a Windows solution as they have no technical person who can handle Linux there (the other option is that I keep getting called in whenever they need to make a change which is not acceptable).
Any ideas on what I could use ?
At present they're using some ridiculous proxy program called analogX and a personal firewall on the gateway this has to be redesigned as the proxy breaks just bout every app, especially FTP.
Heres the general topology
[10 Windows boxes] [3-4 Linux boxes]
> [W2k Server running crappy proxy system and sygate PF]
Thanks for the input Neon. Although I dont plan on going that way with my project.
The reason I am setting this firewall up is so I can understand how to do it. I guarantee this will not be the safest firewall in the world but at least I will learn something from it.
Anyways, I have installed my linux9.0 (kernel 2.4.20-8). I installed the necessary packages (me thinks).
What I need to do know is get my dial up modem to recieve internet from the firewall and then allow any accepted packets to transmit to the eth0. I don't even know where to begin and/or search for. Any pointers?