Hello in one of the emails I sent earlier ; mark (m.roth@5-cent.us) mentioned:
install linux on a computer with two ethernet cards. connect eth0 to your internet connection, and eth1 to your local network. configure iptables firewall rules in the linux system. or install pfsense on that same computer.
Please if any one can help with more details and example for the configuration that would be awesome.
Thanks
On 02/23/2012 05:31 PM, Wuxi Ixuw wrote:
Hello in one of the emails I sent earlier ; mark (m.roth@5-cent.us) mentioned:
install linux on a computer with two ethernet cards. connect eth0 to your internet connection, and eth1 to your local network. configure iptables firewall rules in the linux system. or install pfsense on that same computer.Please if any one can help with more details and example for the configuration that would be awesome.
On 02/23/2012 11:31 PM, Wuxi Ixuw wrote:
Hello in one of the emails I sent earlier ; mark (m.roth@5-cent.us) mentioned:
install linux on a computer with two ethernet cards. connect eth0 to your internet connection, and eth1 to your local network. configure iptables firewall rules in the linux system. or install pfsense on that same computer.Please if any one can help with more details and example for the configuration that would be awesome.
Thanks _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I would use Shorewall instead of regular firewall. And there is Webmin module for Shorewall. If you protect Webmin properly (like only localhost access) it can help you greatly with simple configuration.
Shorewall even supports "tc", bandwidth shaping.
Why does it have to be CentOS? If you want a wonderful router/firewall that you can have up and running in a few minutes, you should look at this:
www.pfsense.org
I quote from their website:
"pfSense is a free, open source customized distribution of FreeBSD http://www.freebsd.org tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution."
If you insist in using Linux instead, you could look at this:
www.ipcop.org
Once again, a distro specialized on the function it performs.
Why have a generic and bloated system that you then have to customize from scratch when such wonderful specialized projects already exist?
I use Linux servers and a pfsense firewall to protect the network. Works like a charm, with amazing stability and reliability.
I think your words makes more sense and counting. For a newbie one like me ... which option you would advise me to go for? I do not have any special preferences but I do care for the one that is more stable and provide really more security. Thanks
On 24/02/2012 01:02 AM, Miguel Medalha wrote:
Why does it have to be CentOS? If you want a wonderful router/firewall that you can have up and running in a few minutes, you should look at this:
www.pfsense.org
I quote from their website:
"pfSense is a free, open source customized distribution of FreeBSD http://www.freebsd.org tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution."
If you insist in using Linux instead, you could look at this:
www.ipcop.org
Once again, a distro specialized on the function it performs.
Why have a generic and bloated system that you then have to customize from scratch when such wonderful specialized projects already exist?
I use Linux servers and a pfsense firewall to protect the network. Works like a charm, with amazing stability and reliability.
For a newbie one like me ... which option you would advise me to go for? I do not have any special preferences but I do care for the one that is more stable and provide really more security.
It seems to me that the last line of my previous post already contained my answer to your question :-)
"I use Linux servers and a pfsense firewall to protect the network. Works like a charm, with amazing stability and reliability."
On Thursday, February 23, 2012 07:37:08 PM Miguel Medalha wrote:
"I use Linux servers and a pfsense firewall to protect the network. Works like a charm, with amazing stability and reliability."
pfsense for a newbie?
A CentOS-like firewall would be ClearOS (formerly Clarkconnect) and again would reduce the number of simultaneously-learned layers to wade through. While it works very well, it is yet another layer and difference to learn, and when learning is is really good to not overload the number of layers to learn at once. IMHO, YMMV, etc.
Since I have done cisco IOS stuff for a decade and a half, now, I'd recommend Vyatta over pfsense, but, there again, it is yet another, different, layer to learn that *will* overwhelm a newbie.
pfsense for a newbie?
Yup! Based on the simple requirements that the OP expressed, i.e. "a firewall for the whole network in my place", I would again recommend pfsense. It may seem paradoxical but it's not. It just *works* after a very simple and quick installation. The user only has to answer a couple of simple questions. A WAN interface and a LAN interface are ready and working together and that's it.
It can be installed on anything, from a Compact Flash card to a USB sticker, it doesn't even need a hard disk.
On 02/24/2012 09:13 PM, Miguel Medalha wrote:
pfsense for a newbie?
Yup! Based on the simple requirements that the OP expressed, i.e. "a firewall for the whole network in my place", I would again recommend pfsense. It may seem paradoxical but it's not. It just *works* after a very simple and quick installation. The user only has to answer a couple of simple questions. A WAN interface and a LAN interface are ready and working together and that's it.
It can be installed on anything, from a Compact Flash card to a USB sticker, it doesn't even need a hard disk.
I used ClarkConnect for several years, it was my first hands-on contact with Linux, and I have learned much from it. Installation is also quick and painless, it is based on CentOS so extra packages/repositories from CentOS are possible, and can be used as Proxy/Mail/Web server also.
pfsense for a newbie?
A CentOS-like firewall would be ClearOS (formerly Clarkconnect) and again would reduce the number of simultaneously-learned layers to wade through. While it works very well, it is yet another layer and difference to learn, and when learning is is really good to not overload the number of layers to learn at once. IMHO, YMMV, etc.
Since I have done cisco IOS stuff for a decade and a half, now, I'd recommend Vyatta over pfsense, but, there again, it is yet another, different, layer to learn that *will* overwhelm a newbie.
Isn't Vyatta a comercial product? I suppose that it wouldn't fit a newbie either...
On Fri, Feb 24, 2012 at 3:19 PM, Miguel Medalha miguelmedalha@sapo.ptwrote:
pfsense for a newbie?
A CentOS-like firewall would be ClearOS (formerly Clarkconnect) and
again would reduce the number of simultaneously-learned layers to wade through. While it works very well, it is yet another layer and difference to learn, and when learning is is really good to not overload the number of layers to learn at once. IMHO, YMMV, etc.
Since I have done cisco IOS stuff for a decade and a half, now, I'd
recommend Vyatta over pfsense, but, there again, it is yet another, different, layer to learn that *will* overwhelm a newbie.
Isn't Vyatta a comercial product? I suppose that it wouldn't fit a newbie either...
Vyatta has an open source version as well. The feature list is huge and they provide nice PDF documents with configuration examples. I am using Vyatta at five locations.
Ryan
-
Lamar Owen -
Ljubomir Ljubojevic -
Miguel Medalha -
Ryan Wagoner -
Tim Evans -
Wuxi Ixuw