From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
by nuthatch.gentoo.org with esmtp (Exim 4.43)
id 1E8nAJ-00021S-V2
for garchives@archives.gentoo.org; Fri, 26 Aug 2005 22:59:16 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7QMtqgu023371;
Fri, 26 Aug 2005 22:55:52 GMT
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.195])
by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j7QMp3On004663
for <gentoo-user@lists.gentoo.org>; Fri, 26 Aug 2005 22:51:04 GMT
Received: by wproxy.gmail.com with SMTP id i23so64232wra
for <gentoo-user@lists.gentoo.org>; Fri, 26 Aug 2005 15:52:31 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=beta; d=gmail.com;
h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:references;
b=B9Ez6W3ozoyJkBr+1iftlPGjDxzr9mRQAsktImw6AtZjaFgmmrIja4YWLrvbstgtb0Rn94PJkgrF7EdHjv0TSebXu2eS3DRyrWPSmA5rWNtQRo9Xpru0zrl+I7ru60AzDTW7AAWy8+/bEWK18RpFaI4LLeHwXYO0kYLa39AxtJ8=
Received: by 10.54.35.36 with SMTP id i36mr1478wri;
Fri, 26 Aug 2005 15:52:31 -0700 (PDT)
Received: by 10.54.83.12 with HTTP; Fri, 26 Aug 2005 15:52:31 -0700 (PDT)
Message-ID: <c8253c870508261552bd8744a@mail.gmail.com>
Date: Fri, 26 Aug 2005 17:52:31 -0500
From: "Pablo A. Salgado" <pabloasalgado@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] A Gentoo Firewall howto?
In-Reply-To: <loom.20050827T000534-251@post.gmane.org>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_12871_28823846.1125096751533"
References: <loom.20050827T000534-251@post.gmane.org>
X-Archives-Salt: 1c3843e9-f15b-4cbf-8e17-829aa62629c7
X-Archives-Hash: 1d31695ce09f93e774ff3f5a3300907d
------=_Part_12871_28823846.1125096751533
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
James,
I recently installed a firewall on Gentoo with 3 nics I used Firehol to=20
configure it but I you want something kind of visual: Guardog is my second=
=20
choice.
On 8/26/05, James <wireless@tampabay.rr.com> wrote:
>=20
> Hello,
>=20
> I've decided to take the plunge and build my first, full featured
> firewall on Gentoo. At first I was going to use 'gnap' but further
> reading reveals that this sort of derived firewall is stateless,
> and I want a statefull firewall. It's also masked.
> (feel free to correct me if I miss something).
>=20
> The firewall will have (3) nics, Outside(static IP)
> DMZ for several web servers, mail server and DNS secondaries
> and a private for a DNS server, PCs(doz) and assorted Linux systems.
> So after googling for a while, I could not find any detailed documentatio=
n
> on building a gentoo based robust firewall (I sure thought I'd ran across
> such a page/document, but, nothing today).
>=20
> I did find some packages to 'ease the pain' on configuring iptables
> and completing the firewall: Recommendations here?
> fwbuilder
> bastille
> kmyfirewall
> firestarter
>=20
> I did find this gentoo document:
> http://www.gentoo.org/doc/en/home-router-howto.xml
> This example is for a 2 nic basic firewall.
> I need a dmz that will have web servers, dns servers, and
> will ensure security.
>=20
> I did find one Debian-centric security document:
> http://www.debian.org/doc/manuals/securing-debian-howto
>=20
> Alternatively, since this machine is only going to be a firewall
> & ethernet router so rather than securing a complete Gentoo system
> I could just use a 'firewall cd' installation, if one exists
> as a Gentoo derivative.
>=20
> Any other ideas or recommendations on documents or firewall install
> config on gentoo or a gentoo derivative are most welcome?
>=20
> Note: my firewall experience is mostly with openbsd.
>=20
>=20
> James
>=20
> --
> gentoo-user@gentoo.org mailing list
>=20
>
------=_Part_12871_28823846.1125096751533
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
James,<br>
<br>
I recently installed a firewall on Gentoo with 3 nics I used Firehol to
configure it but I you want something kind of visual: Guardog is my
second choice.<br><br><div><span class=3D"gmail_quote">On 8/26/05, <b class=
=3D"gmail_sendername">James</b> <<a href=3D"mailto:wireless@tampabay.rr.=
com">wireless@tampabay.rr.com</a>> wrote:</span><blockquote class=3D"gma=
il_quote" style=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0=
pt 0pt 0.8ex; padding-left: 1ex;">
Hello,<br><br>I've decided to take the plunge and build my first, full feat=
ured<br>firewall on Gentoo. At first I was going to use 'gnap' but further<=
br>reading reveals that this sort of derived firewall is stateless,<br>
and I want a statefull firewall. It's also masked.<br>(feel free to correct=
me if I miss something).<br><br>The firewall will have (3) nics, Outside(s=
tatic IP)<br>DMZ for several web servers, mail server and DNS se=
condaries
<br>and a private for a DNS server, PCs(doz) and assorted Linux systems.<br=
>So after googling for a while, I could not find any detailed documentation=
<br>on building a gentoo based robust firewall (I sure thought I'd ran acro=
ss
<br>such a page/document, but, nothing today).<br><br>I did find some packa=
ges to 'ease the pain' on configuring iptables<br>and completing the firewa=
ll: Recommendations here?<br>fwbuilder<br>bastille<br>kmyfirewall<br>firest=
arter
<br><br>I did find this gentoo document:<br><a href=3D"http://www.gentoo.or=
g/doc/en/home-router-howto.xml">http://www.gentoo.org/doc/en/home-router-ho=
wto.xml</a><br>This example is for a 2 nic basic firewall.<br>I need a dmz =
that will have web servers, dns servers, and
<br>will ensure security.<br><br>I did find one Debian-centric security doc=
ument:<br><a href=3D"http://www.debian.org/doc/manuals/securing-debian-howt=
o">http://www.debian.org/doc/manuals/securing-debian-howto</a><br><br>Alter=
natively, since this machine is only going to be a firewall
<br>& ethernet router so rather than securing a complete Gentoo system<=
br>I could just use a 'firewall cd' installation, if one exists<br>as a Gen=
too derivative.<br><br>Any other ideas or recommendations on documents or f=
irewall install
<br>config on gentoo or a gentoo derivative are most welcome?<br=
><br>Note: my firewall experience is mostly with openbsd.<br><br><br>James<=
br><br>--<br><a href=3D"mailto:gentoo-user@gentoo.org">gentoo-user@gentoo.o=
rg</a> mailing list
<br><br></blockquote></div><br>
------=_Part_12871_28823846.1125096751533--
--
gentoo-user@gentoo.org mailing list