From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1E90Xa-0003Hf-50 for garchives@archives.gentoo.org; Sat, 27 Aug 2005 13:16:10 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7RDDixl025728; Sat, 27 Aug 2005 13:13:44 GMT Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.206]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j7RDA2CI015384 for ; Sat, 27 Aug 2005 13:10:03 GMT Received: by rproxy.gmail.com with SMTP id a41so813770rng for ; Sat, 27 Aug 2005 06:11:36 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=WeZqUfVDIjRzJyRUmYTLLICiuyy5ffxE9QwNFP66UqHZ8eUmpuykBaQ9n7ZpzYGYvCRaXigaU8DcdyMlrA9JmUXwOJv2ZX/Yjiv8ouPJZ0YXv+z69bAFBdhljbsXHVcGbvoT7sU7PYiXbp/o2BntFD6IEuBcENMai20EqEdAd5o= Received: by 10.38.151.15 with SMTP id y15mr2310159rnd; Sat, 27 Aug 2005 06:11:36 -0700 (PDT) Received: by 10.38.73.54 with HTTP; Sat, 27 Aug 2005 06:11:36 -0700 (PDT) Message-ID: <642958cc050827061115947c93@mail.gmail.com> Date: Sat, 27 Aug 2005 09:11:36 -0400 From: Mark Shields To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] A Gentoo Firewall howto? In-Reply-To: <1125141178.5526.44.camel@rattus.localdomain> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Disposition: inline References: <20050827122313.18364eba.monotux@gmail.com> <1125141178.5526.44.camel@rattus.localdomain> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by robin.gentoo.org id j7RDA2CI015384 X-Archives-Salt: 64f4c564-1619-4ff1-b419-8649c224a7ff X-Archives-Hash: 5b56288325d7b132165c699ff17d16fd I know you mentioned easing the pain, but good old iptables worked for me - along with http://www.gentoo.org/doc/en/home-router-howto.xml - after using that initial setup and becoming somewhat familiar with iptables, I was able to modify a script to suit my needs, a 49-line file that gets what I need done. On 8/27/05, William Kenworthy wrote: > Or use monmotha and be up an running in a couple of minutes. I am using > 3 nics at the moment with it. I did try shorewall, but the setup time > and learning curve was so much greater I dumped it (the complexity > worried me as well - complex means it may be vulnerable to > misconfiguration). Mind you, on complex/commercial setups it probably > has an advantage, but not for SOHO/home use. > > BillK > > > On Sat, 2005-08-27 at 12:23 +0200, Oscar wrote: > > I've used both firehol and shorewall, and they're both great! > > But for a more advanced setup, I would recommend shorewall (firehol is a bit tricky at some points, like port-forwarding), it will save you a lot of time (setting up a 3 NIC firewall with shorewall takes less than 30 minutes)... > > > > Oscar > > > > On Fri, 26 Aug 2005 22:36:39 +0000 (UTC) > > James wrote: > > > > > Hello, > > > > > > I've decided to take the plunge and build my first, full featured > > > firewall on Gentoo. At first I was going to use 'gnap' but further > > > reading reveals that this sort of derived firewall is stateless, > > > and I want a statefull firewall. It's also masked. > > > (feel free to correct me if I miss something). > > > > > > The firewall will have (3) nics, Outside(static IP) > > > DMZ for several web servers, mail server and DNS secondaries > > > and a private for a DNS server, PCs(doz) and assorted Linux systems. > > > So after googling for a while, I could not find any detailed documentation > > > on building a gentoo based robust firewall (I sure thought I'd ran across > > > such a page/document, but, nothing today). > > > > > > I did find some packages to 'ease the pain' on configuring iptables > > > and completing the firewall: Recommendations here? > > > fwbuilder > > > bastille > > > kmyfirewall > > > firestarter > > > > > > I did find this gentoo document: > > > http://www.gentoo.org/doc/en/home-router-howto.xml > > > This example is for a 2 nic basic firewall. > > > I need a dmz that will have web servers, dns servers, and > > > will ensure security. > > > > > > I did find one Debian-centric security document: > > > http://www.debian.org/doc/manuals/securing-debian-howto > > > > > > Alternatively, since this machine is only going to be a firewall > > > & ethernet router so rather than securing a complete Gentoo system > > > I could just use a 'firewall cd' installation, if one exists > > > as a Gentoo derivative. > > > > > > Any other ideas or recommendations on documents or firewall install > > > config on gentoo or a gentoo derivative are most welcome? > > > > > > Note: my firewall experience is mostly with openbsd. > > > > > > > > > James > > > > > > -- > > > gentoo-user@gentoo.org mailing list > > > > -- > William Kenworthy > Home! > > -- > gentoo-user@gentoo.org mailing list > > -- - Mark Shields -- gentoo-user@gentoo.org mailing list