A couple good places to start are Red Hat's site (www.redhat.com) as well as my favorite "wads 'o' software" site, (www.freshmeat.net). That'll at least give you a good idea of what's out and what's changing. One of the drawbacks to Linux right now is the lack of a real NAT (network address translation) module. There are two efforts ongoing that have had some success, but for my money, I'd wait until the 2.4 kernel is out with stable, built-in code. As an example of a firewall supporting a moderate-size office, a box with three interfaces (inside, outside, DMZ) can work well. Ipchains supports all your rulesets and address masquerading (users inside are on RFC1918 addresses) and the DMZ gets a pool of "real" addresses. Squid provides a good access logging (and filtering, if needed) tool. I like hiding internal DNS data from the outside world, so a firewall is a good place to put a stripped-down name service that only references your web server, mail server, and name servers. Last, many organizations that are using Exchange could take advantage of a stripped-down Sendmail gateway to at least block spam relaying, and isolate the corporate mail database from actual Internet contact. Dave O'Shea Manager, Service Development - National Technical Resource Center Williams Communications Solutions 713-307-6760(v) 713-307-6046(f) dave.osheaat_private "Do I look like a spokesman?" -----Original Message----- From: Mayne, Peter [mailto:Peter.Mayneat_private] Sent: Tuesday, January 11, 2000 7:05 PM To: firewall-wizardsat_private Subject: Linux firewall options Given Linux (say RedHat 6.0 or greater) as a base, what options are available to build firewalls? Is there a "Linux firewalls" site somewhere? ipchains is an obvious place to start for basic packet filtering functionality, but I'd prefer something more substantial. I could use Apache or Squid (depending on circumstances) as a Web proxy, for instance. I don't think FWTK can be used in a commercial environment because of the license restrictions. Is there something similar out there that is otherwise usable? I realise this is a "how long is a piece of string?" type question, but there must be different packages, freeware, shareware, open source, commercial, etc suitable for different uses. PJDM ---- Peter Mayne, Compaq Computer Australia, Canberra, ACT These are my opinions, and have nothing to do with Compaq. "The wise man knows that he knows nothing." - Bill. "That's us, dude!" - Ted.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:57:38 PDT