[CentOS] centos as a firewall help

Fri Dec 31 17:22:44 UTC 2010
Ryan Manikowski <ryan at devision.us>

On 12/31/2010 10:40 AM, Ryan Wagoner wrote:
> On Fri, Dec 31, 2010 at 10:19 AM, Roland RoLaNd<r_o_l_a_n_d at hotmail.com>  wrote:
>> Secondly, i'm trying to setup  a centos 5.4 to act as:
>>
>> 1. firewall # can you check my config below and tell me if i missed anything?
>> 2. DHCP # already configured
>> 3. transparent squid proxy #  already configured
>> 4. http (virtual hosts) # in the near future
>> 5. squirrelmail # in the near future
>>
>> - Relevant info:
>>
>> Two NICs:
>>
>> eth0 LAN: with dhcp service: 192.168.57.1(255.255.255.0) # my lan users are connected to this interface
>> eth1 WAN: static: 172.16.2.14 gw/172.16.2.13 (255.255.255.248) # My isp is connected to this interface
>>
>> I want my firewall to do the following:
>>
>> 1. get my box to be completely secure from outside access, in other words deny all access from the outside world to my box&/or my LAN
>> 2. allow my LAN users to access the internet/ box without any restrictions, through a transparent squid installation
> So you are only allowing http and https transparently through squid?
> The reason I ask is you only showed the firewall rules not the nat
> table. Otherwise you need to setup nat masquerading to allow other
> connections out.
>
> Have you though of virtualizing your firewall with a purpose built
> distribution like Vyatta or pfSense? I have taken this approach with
> my setup. I find it makes updates easy and provides better uptime. I'm
> running everything on ESXi and have a handful of virtual machines.
>
> - Vyatta Firewall
> - CentOS 5.5 Web Server and MySQL
> - CentOS 5.5 Zimbra Email
> - CentOS 5.5 DHCP and DNS
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

Smoothwall is another option, though not based on Centos. Very easy to 
configure. Vyatta is a bit more work to configure.