[CentOS] CentOS 6.3 as Firewall/Router

Sat Jan 5 15:25:10 UTC 2013
Ryan Wagoner <rswagoner at gmail.com>

On Fri, Jan 4, 2013 at 12:31 PM, James A. Peltier <jpeltier at sfu.ca> wrote:

> ----- Original Message -----
> |
> | On 1/4/2013 12:21 PM, Tim Evans wrote:
> | > On 01/04/2013 12:01 PM, Tim Evans wrote:
> | >> I'm replacing an ancient Solaris 'ipf' firewall/router with a
> | >> brand new
> | >> CentOS 6.3 system.  In the olden days, I successfully used the
> | >> attached
> | >> iptables script (as /etc/rc.local) on Red Hat 5.x systems, but
> | >> this
> | >> doesn't seem to be quite working on the new system.
> | >>
> | >> Specifically, while it seems to be routing ok, you cannot connect
> | >> to
> | >> anything on the inside net (e.g., with ssh or a browser) and
> | >> cannot
> | >> connect to the system with ssh or anything else from elsewhere on
> | >> the
> | >> inside net. Yet arp shows this system active.
> | >>
> | >> Is there obsolete stuff here, and/or anything missing that would
> | >> cause
> | >> this?
> | >
> | > Nevermind...  Temporary IP address in the script was wrong;
> | > corrected
> | > and now working.  Will be glad to see comments, though.
> | >
> | >
> | Use Firewall Builder. It makes things so much easier. And it's free.
> |
> | http://www.fwbuilder.org/
> |
> | steve campbell
>
> Or don't use CentOS at all and try OpenBSD & PF.  The syntax is much
> cleaner and easier to maintain than Netfilter/IPTables and it works pretty
> darn well.  ;)


If you want to stick with linux look at Vyatta. I have 5 production
installs (3 physical and 3 VMs) and upgrades have been flawless. The config
resides in one file and the console has a Juniper style syntax.

Ryan