alright...i want to secure the network at my house.

i have a linksys router, a spare 450mhz machine that runs rh7.2. I have two other computers that i connected behind the router at this time. My machine runs rh7.2 and my music/video server runs XP. Right now my machine connect just to the router...i want to do something with 450 machine.

I want just to acceept certain connections or ports that come in like any firwall will. I was thinking of having my spare linux box be the filter, and let the linkysys router do all the routing of the traffic that gets through.

Do yall have any ideas on how to secure my network. I am cable...so i need to.

What do i need, and what do i need to read?
Also, is there a better way to do this....i want to secure it up pretty tight.

Hi,

I see you have herd about IPchains.
Have you heard of IPtables? Its a much more secure protocol and in my opinion much easier. There is countless HowTo's and there is a NHF for it as well. Your RH7.2 box can do both so it’s up to you.

oh yea...i heard all about them. i bought a router year or so ago so i figured i would use it. Alot of people say that it is easy to route with linux...but i cant imagine it being easier than a real router...just an opinon...but i might try.

Well a firewall is very different then a router.

Just trying to answer your question.

Don't most routers have firewalls built into them?

Then you log into their admin page and configure port forwarding.

Prolly is easier, but defainately not as fun!

;)

The router I looked at a few months ago only had a basic firewall with it. have a look what is built onto yours.

Hi m8

If you got a linksys router then you have a firewall a basic one at that. IT's called NAT Network Access translation. To find out more go 2 www.howstuffworks.com. (http://www.howstuffworks.com.) Linksys router is cool bit of kit. you can stop all your machines from accessing the internet via the filter ip i think its called.

but you should be able to forward certain ports. Because you will be using one ip address know as masquarading you can block all clients and only allow the odd port.

info wise check www.grc.com (http://www.grc.com) on linksys hardware security. also www.practicallynetworked.com (http://www.practicallynetworked.com) look in the linksys section too.

Any thing I can help you with give me a shout :) I run linksys with 3 machines and laptop all dual boot win98/mandrake,win98/redhat win98/2000

have fun :))

yea...i just wanted to do something with that extra box....i just wanted to play. I wanted to build a "bonefied" firewall.

You could try ClarkConnect or Smoothwall if you just want to setup a firewall. Most of the firewall is preconfigured, but I'm sure there's still a lot more you can configure yourself.

Originally posted by toolshed:
<STRONG>yea...i just wanted to do something with that extra box....i just wanted to play. I wanted to build a "bonefied" firewall.</STRONG>

It's fun to write your own iptables script. There are some great tutorials out there.

Let me know if you wanna take a peek at my script...

Good Luck

Okay, let's get some basic networking down first. Doggiebone mentioned it up there, but I"m going to try to... reword it?

NAT (Network Address Translation). This allows you to pull one IP address from your ISP and give computers behind your NAT IP addresses. They then access the internet through the NAT server, which tricks the servers your computers are getting data from into thinking they are sending it to the NAT. The NAT then looks at the packet that's incoming, and decides which computer it should go to. That's it.

Now, you said you have a linksys router. What it actaully is is just a NAT. All it does is give you a NAT. Now, by nature, a NAT is a kind of firewall/router. It's a router in the sence that it routes packets from one subnet (your internal subnet) to another subnet (the subnet your ISP put you in), however I don't like to refer to it as a router really.

As far as your NAT being your firewall, it's a little complicated sometimes to understand. A simple way to explain it is it won't give people from outside acess to your internal network, mainly becasue your NAT server (or linksys router in this case) won't know where to send the data that's incoming becuase it's not a connection that orginated from within.

Now, there are ways to get around this if say you wanted to setup a webserver. You would do something called port fowarding. What this does is any incoming connection is automaticly sent to whatever host on your internal network you specify. Let's say you've got a webserver running on the default port 80, and the webserver's IP address is 192.168.15.99. In order for people outside to see it is foward anything incoming on TCP port 80 to 192.168.15.99. Now, when someone opens up their browser and types in your IP address (the one your ISP assigned you, not 192.168.15.99 or whatever), it'll access your router, but your router will see it's on port 80 and send to be served to the machine 192.168.15.99.

If your wanting to learn Linux, just as I am (I'm a newbie to linux, not networking), then I'd reccomend doing something like IPMasquardeing (NAT) on a Linux box. That'll setup a server to replace your linksys router. Also, on that same machine, setup iptables (or equivlent) on that machine too so it'll be a NAT, and a highly secure firewall. So you'll have the privacy of both your NAT and a secure firewall.

Good luck, and post back what you do!

-ee99ee2

Yea, that is what i want...thanks for the long post. I would like to know how to run iptables...a sample script or something...if u would not care...i would like to take a peek at your script...i know nothing about it....so i want to learn

I got a cool app last night called firestarter...it seemed to bolt my system down with iptables, but i want to understand how to write iptables myself, instead of generating with gui.

[ 14 April 2002: Message edited by: toolshed ]

Here (http://mychl717.com/linked/iptables)

PMFirewall (http://www.pmfirewall.com) also works great and has a script that walks you through the firewall setup process. I've heard that Smoothwall is very good also but I haven't tried it.

thanks....so whatever script i would write for iptables.....is just put in the:

/etc/init.d/iptables
/etc/rc.d/rc3.d

is that all u have to do.

well thanks for all the help...this will help me on my way.