From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.43)
	id 1E90Xa-0003Hf-50
	for garchives@archives.gentoo.org; Sat, 27 Aug 2005 13:16:10 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7RDDixl025728;
	Sat, 27 Aug 2005 13:13:44 GMT
Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.206])
	by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j7RDA2CI015384
	for <gentoo-user@lists.gentoo.org>; Sat, 27 Aug 2005 13:10:03 GMT
Received: by rproxy.gmail.com with SMTP id a41so813770rng
        for <gentoo-user@lists.gentoo.org>; Sat, 27 Aug 2005 06:11:36 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=WeZqUfVDIjRzJyRUmYTLLICiuyy5ffxE9QwNFP66UqHZ8eUmpuykBaQ9n7ZpzYGYvCRaXigaU8DcdyMlrA9JmUXwOJv2ZX/Yjiv8ouPJZ0YXv+z69bAFBdhljbsXHVcGbvoT7sU7PYiXbp/o2BntFD6IEuBcENMai20EqEdAd5o=
Received: by 10.38.151.15 with SMTP id y15mr2310159rnd;
        Sat, 27 Aug 2005 06:11:36 -0700 (PDT)
Received: by 10.38.73.54 with HTTP; Sat, 27 Aug 2005 06:11:36 -0700 (PDT)
Message-ID: <642958cc050827061115947c93@mail.gmail.com>
Date: Sat, 27 Aug 2005 09:11:36 -0400
From: Mark Shields <laebshade@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] A Gentoo Firewall howto?
In-Reply-To: <1125141178.5526.44.camel@rattus.localdomain>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
References: <loom.20050827T000534-251@post.gmane.org>
	 <20050827122313.18364eba.monotux@gmail.com>
	 <1125141178.5526.44.camel@rattus.localdomain>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by robin.gentoo.org id j7RDA2CI015384
X-Archives-Salt: 64f4c564-1619-4ff1-b419-8649c224a7ff
X-Archives-Hash: 5b56288325d7b132165c699ff17d16fd

I know you mentioned easing the pain, but good old iptables worked for
me - along with http://www.gentoo.org/doc/en/home-router-howto.xml -
after using that initial setup and becoming somewhat familiar with
iptables, I was able to modify a script to suit my needs, a 49-line
file that gets what I need done.


On 8/27/05, William Kenworthy <billk@iinet.net.au> wrote:
> Or use monmotha and be up an running in a couple of minutes.  I am using
> 3 nics at the moment with it.  I did try shorewall, but the setup time
> and learning curve was so much greater I dumped it (the complexity
> worried me as well - complex means it may be vulnerable to
> misconfiguration).  Mind you, on complex/commercial setups it probably
> has an advantage, but not for SOHO/home use.
> 
> BillK
> 
> 
> On Sat, 2005-08-27 at 12:23 +0200, Oscar wrote:
> > I've used both firehol and shorewall, and they're both great!
> > But for a more advanced setup, I would recommend shorewall (firehol is a bit tricky at some points, like port-forwarding), it will save you a lot of time (setting up a 3 NIC firewall with shorewall takes less than 30 minutes)...
> >
> > Oscar
> >
> > On Fri, 26 Aug 2005 22:36:39 +0000 (UTC)
> > James <wireless@tampabay.rr.com> wrote:
> >
> > > Hello,
> > >
> > > I've decided to take the plunge and build my first, full featured
> > > firewall on Gentoo. At first I was going to use 'gnap' but further
> > > reading reveals that this sort of derived firewall is stateless,
> > > and I want a statefull firewall. It's also masked.
> > > (feel free to correct me if I miss something).
> > >
> > > The firewall will have (3) nics, Outside(static IP)
> > > DMZ for several  web servers, mail server and DNS secondaries
> > > and a private for a DNS server, PCs(doz) and assorted Linux systems.
> > > So after googling for a while, I could not find any detailed documentation
> > > on building a gentoo based robust firewall (I sure thought I'd ran across
> > > such a page/document, but, nothing today).
> > >
> > > I did find some packages to 'ease the pain' on configuring iptables
> > > and completing the firewall: Recommendations here?
> > > fwbuilder
> > > bastille
> > > kmyfirewall
> > > firestarter
> > >
> > > I did find this gentoo document:
> > > http://www.gentoo.org/doc/en/home-router-howto.xml
> > > This example is for a 2 nic basic firewall.
> > > I need a dmz that will have web servers, dns servers, and
> > > will ensure security.
> > >
> > > I did find one Debian-centric security document:
> > > http://www.debian.org/doc/manuals/securing-debian-howto
> > >
> > > Alternatively, since this machine is only going to be a firewall
> > > & ethernet router so rather than securing a complete Gentoo system
> > > I could just use a 'firewall cd' installation, if one exists
> > > as a Gentoo derivative.
> > >
> > > Any other ideas or recommendations on documents or firewall install
> > > config  on gentoo or a gentoo derivative are most welcome?
> > >
> > > Note: my firewall experience is mostly with openbsd.
> > >
> > >
> > > James
> > >
> > > --
> > > gentoo-user@gentoo.org mailing list
> > >
> --
> William Kenworthy <billk@iinet.net.au>
> Home!
> 
> --
> gentoo-user@gentoo.org mailing list
> 
> 


-- 
- Mark Shields

-- 
gentoo-user@gentoo.org mailing list