On 12/31/2010 10:40 AM, Ryan Wagoner wrote: > On Fri, Dec 31, 2010 at 10:19 AM, Roland RoLaNd<r_o_l_a_n_d at hotmail.com> wrote: >> Secondly, i'm trying to setup a centos 5.4 to act as: >> >> 1. firewall # can you check my config below and tell me if i missed anything? >> 2. DHCP # already configured >> 3. transparent squid proxy # already configured >> 4. http (virtual hosts) # in the near future >> 5. squirrelmail # in the near future >> >> - Relevant info: >> >> Two NICs: >> >> eth0 LAN: with dhcp service: 192.168.57.1(255.255.255.0) # my lan users are connected to this interface >> eth1 WAN: static: 172.16.2.14 gw/172.16.2.13 (255.255.255.248) # My isp is connected to this interface >> >> I want my firewall to do the following: >> >> 1. get my box to be completely secure from outside access, in other words deny all access from the outside world to my box&/or my LAN >> 2. allow my LAN users to access the internet/ box without any restrictions, through a transparent squid installation > So you are only allowing http and https transparently through squid? > The reason I ask is you only showed the firewall rules not the nat > table. Otherwise you need to setup nat masquerading to allow other > connections out. > > Have you though of virtualizing your firewall with a purpose built > distribution like Vyatta or pfSense? I have taken this approach with > my setup. I find it makes updates easy and provides better uptime. I'm > running everything on ESXi and have a handful of virtual machines. > > - Vyatta Firewall > - CentOS 5.5 Web Server and MySQL > - CentOS 5.5 Zimbra Email > - CentOS 5.5 DHCP and DNS > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos Smoothwall is another option, though not based on Centos. Very easy to configure. Vyatta is a bit more work to configure.