FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 12-31-2007, 04:27 AM
 
Default Firewall frustration

On Mon, 31 Dec 2007 00:13:22 -0500
Robert Moskowitz <rgm@htt-consult.com> wrote:

> Well FWbuilder is NOT easy. The documentation does not match

Take a look at FireStarter: http://www.fs-security.com/

It very easy to set and use. It's only a front-end for iptables.
But watch out, it has it's limitations in the scenarios that it
can handle.

On the other hand, you can use it to generate the iptables rules
and then just use it in text mode only.


--
Thanks
http://www.911networks.com
When the network has to work
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-31-2007, 05:27 AM
"Matt Shields"
 
Default Firewall frustration

On Dec 31, 2007 12:13 AM, Robert Moskowitz <rgm@htt-consult.com> wrote:
> Well FWbuilder is NOT easy. The documentation does not match the
> current GUI. Now the box is locked up. I will have to pull it again,
> hook it up to a kybd/VGA and reset iptables....
>
> Maybe Shoreline with webmin....
>
> Problem is I want a REAL router/firewall with little work. Both public
> and private nets have routable addresses. No NATing for me! I just
> help write the RFC And all the templates for fwbuilder want you to
> be using NATing.
>
> Perhaps I should just set up another Astaro firewall. I have been using
> Astaro since v3, so I am comfortable with it....
>

If you've ever used a Checkpoint firewall, FWBuilder is exactly like
that interface. It even comes with a module that will let you modify
Checkpoint firewalls.


--
-matt
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-31-2007, 07:08 AM
"Peter Farrell"
 
Default Firewall frustration

"Problem is I want a REAL router/firewall with little work."

Run a smoothwall installtion and replace your CentOS install.

http://www.smoothwall.org/

-Peter

On 31/12/2007, Matt Shields <mattboston@gmail.com> wrote:
> On Dec 31, 2007 12:13 AM, Robert Moskowitz <rgm@htt-consult.com> wrote:
> > Well FWbuilder is NOT easy. The documentation does not match the
> > current GUI. Now the box is locked up. I will have to pull it again,
> > hook it up to a kybd/VGA and reset iptables....
> >
> > Maybe Shoreline with webmin....
> >
> > Problem is I want a REAL router/firewall with little work. Both public
> > and private nets have routable addresses. No NATing for me! I just
> > help write the RFC And all the templates for fwbuilder want you to
> > be using NATing.
> >
> > Perhaps I should just set up another Astaro firewall. I have been using
> > Astaro since v3, so I am comfortable with it....
> >
>
> If you've ever used a Checkpoint firewall, FWBuilder is exactly like
> that interface. It even comes with a module that will let you modify
> Checkpoint firewalls.
>
>
> --
> -matt
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-31-2007, 11:58 AM
Robert Moskowitz
 
Default Firewall frustration

Matt Shields wrote:

On Dec 31, 2007 12:13 AM, Robert Moskowitz <rgm@htt-consult.com> wrote:


Well FWbuilder is NOT easy. The documentation does not match the
current GUI. Now the box is locked up. I will have to pull it again,
hook it up to a kybd/VGA and reset iptables....

Maybe Shoreline with webmin....

Problem is I want a REAL router/firewall with little work. Both public
and private nets have routable addresses. No NATing for me! I just
help write the RFC And all the templates for fwbuilder want you to
be using NATing.

Perhaps I should just set up another Astaro firewall. I have been using
Astaro since v3, so I am comfortable with it....




If you've ever used a Checkpoint firewall, FWBuilder is exactly like
that interface. It even comes with a module that will let you modify
Checkpoint firewalls.
I noticed the later, also a PIX module. No I have not personally needed
that costly of a firewall.


Full discloser time. My day job is with ICSAlabs. My area is security
protocols research (like setttin up the initial IPsec certification
criteria), but when I visit the labs there are all those firewall
products up and running.... So, yeah, I know checkpoint. I talk with the
gang over in the labs about 'simple' firewalls, but there are only
certain things the boss funds here. So then I have to go cheap.



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-31-2007, 01:33 PM
Robert Moskowitz
 
Default Firewall frustration

Peter Farrell wrote:

"Problem is I want a REAL router/firewall with little work."

Run a smoothwall installtion and replace your CentOS install.

http://www.smoothwall.org/

well first challenge is my unit's USB ethernet dongles. Centos uses the
RTL 8150 driver for them. Smoothwall only lists the RTL 8129, 8139, and
8169...


So have to see what info I can get on their website. Astaro 6 cannot
recognize the dongles either. Shorewall still looks like an option. I do
have Centos (and DSL) on these units....

-Peter

On 31/12/2007, Matt Shields <mattboston@gmail.com> wrote:


On Dec 31, 2007 12:13 AM, Robert Moskowitz <rgm@htt-consult.com> wrote:


Well FWbuilder is NOT easy. The documentation does not match the
current GUI. Now the box is locked up. I will have to pull it again,
hook it up to a kybd/VGA and reset iptables....

Maybe Shoreline with webmin....

Problem is I want a REAL router/firewall with little work. Both public
and private nets have routable addresses. No NATing for me! I just
help write the RFC And all the templates for fwbuilder want you to
be using NATing.

Perhaps I should just set up another Astaro firewall. I have been using
Astaro since v3, so I am comfortable with it....



If you've ever used a Checkpoint firewall, FWBuilder is exactly like
that interface. It even comes with a module that will let you modify
Checkpoint firewalls.


--
-matt
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-31-2007, 01:57 PM
Robert Slade
 
Default Firewall frustration

Robert Moskowitz wrote:

Peter Farrell wrote:

"Problem is I want a REAL router/firewall with little work."

Run a smoothwall installtion and replace your CentOS install.

http://www.smoothwall.org/

well first challenge is my unit's USB ethernet dongles. Centos uses
the RTL 8150 driver for them. Smoothwall only lists the RTL 8129,
8139, and 8169...


So have to see what info I can get on their website. Astaro 6 cannot
recognize the dongles either. Shorewall still looks like an option. I
do have Centos (and DSL) on these units....

-Peter

On 31/12/2007, Matt Shields <mattboston@gmail.com> wrote:


On Dec 31, 2007 12:13 AM, Robert Moskowitz <rgm@htt-consult.com> wrote:


Well FWbuilder is NOT easy. The documentation does not match the
current GUI. Now the box is locked up. I will have to pull it again,
hook it up to a kybd/VGA and reset iptables....

Maybe Shoreline with webmin....

Problem is I want a REAL router/firewall with little work. Both
public

and private nets have routable addresses. No NATing for me! I just
help write the RFC And all the templates for fwbuilder want you to
be using NATing.

Perhaps I should just set up another Astaro firewall. I have been
using

Astaro since v3, so I am comfortable with it....



If you've ever used a Checkpoint firewall, FWBuilder is exactly like
that interface. It even comes with a module that will let you modify
Checkpoint firewalls.


--
-matt
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

There is also Ipcop - http://ipcop.org/

Rob
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-31-2007, 02:09 PM
"William L. Maltby"
 
Default Firewall frustration

On Mon, 2007-12-31 at 09:33 -0500, Robert Moskowitz wrote:
> Peter Farrell wrote:
> > "Problem is I want a REAL router/firewall with little work."
> >
> > Run a smoothwall installtion and replace your CentOS install.
> >
> > http://www.smoothwall.org/
> >
> well first challenge is my unit's USB ethernet dongles. Centos uses the
> RTL 8150 driver for them. Smoothwall only lists the RTL 8129, 8139, and
> 8169...

I've used this at home for years. I don't know if it's suitable, but it
seems *very* flexible. Allows for NAT or not, has typical zones,
reporting, IPTables modification support, ...

http://www.ipcop.org/

Has run/tested successfully on various configurations here. It's another
"ditch your CentOS" solution though. But you can put it on any old junk
laying around and it'ss probably work. Using cable modem in the boonies,
486DX/66 gives about 450KB/sec, Pentium 200MHz pci gives <= 700MB/sec -
both from decent sites. Tested using both ISA and PCI bus adapters
through both twisted pair and thin coax.


> <snip>

HTH
--
Bill

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-31-2007, 03:03 PM
Tom Diehl
 
Default Firewall frustration

On Mon, 31 Dec 2007, Robert Moskowitz wrote:


Well FWbuilder is NOT easy.


I disagree but to each his own.


The documentation does not match the current GUI.


I have not looked at the docs lately, but Vadam used to be pretty good at
keeping the docs updated. There is also a mailing list you can subscribe to.
As long as you ask intelligent questions you will usually get good answers.

Now the box is locked up. I will have to pull it again, hook it up to
a kybd/VGA and reset iptables....


To prevent that in the future set the managment ip address on the firewall
object. That way fwbuilder will always allow ssh access from that machine no
matter how bad you hose the rules.

Keep in mind that any of the firewall managment systems mentioned can/will also
lock you out if misconfigured.



Maybe Shoreline with webmin....

Problem is I want a REAL router/firewall with little work. Both public and
private nets have routable addresses. No NATing for me! I just help write
the RFC And all the templates for fwbuilder want you to be using NATing.


Perhaps I should just set up another Astaro firewall. I have been using
Astaro since v3, so I am comfortable with it....


Why reinvent the wheel? Use what you are comfortable with. For me that is
fwbuilder but for you that sounds like it is Astaro.

Regards,

--
Tom Diehl tdiehl@rogueind.com Spamtrap address mtd123@rogueind.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-31-2007, 03:15 PM
"Dennis McLeod"
 
Default Firewall frustration

> -----Original Message-----
> From: centos-bounces@centos.org
> [mailto:centos-bounces@centos.org] On Behalf Of Robert Moskowitz
> Sent: Sunday, December 30, 2007 9:13 PM
> To: CentOS mailing list
> Subject: [CentOS] Firewall frustration
>
> Well FWbuilder is NOT easy. The documentation does not match
> the current GUI. Now the box is locked up. I will have to
> pull it again, hook it up to a kybd/VGA and reset iptables....
>
> Maybe Shoreline with webmin....
>
> Problem is I want a REAL router/firewall with little work.
> Both public and private nets have routable addresses. No
> NATing for me! I just help write the RFC And all the
> templates for fwbuilder want you to be using NATing.
>
> Perhaps I should just set up another Astaro firewall. I have
> been using Astaro since v3, so I am comfortable with it....
>



I just turned off my Astaro Gateway, as it pissed me off by continually
throttling my 10M/10M FIOS connection.....:^>
I liked the integration of services in the box, and I likely would have kept
it for that one item.
I'll be looking at an IPCOP/Smoothwall/Monowall replacement.
I have an IPCOP box at work for our public access DSL connection. (Customers
kept surfing p*rn in the waiting area. Squidguard on IPcop fixed that..)
Uptime on that box (Compaq P2-733) is around 250 days right now. I had to
move the box, so it would be more like 400....

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-31-2007, 03:57 PM
Robert Spangler
 
Default Firewall frustration

On Mon December 31 2007 07:58, Robert Moskowitz wrote:

> Full discloser time. My day job is with ICSAlabs. My area is security
> protocols research (like setttin up the initial IPsec certification
> criteria), but when I visit the labs there are all those firewall
> products up and running.... So, yeah, I know checkpoint. I talk with the
> gang over in the labs about 'simple' firewalls, but there are only
> certain things the boss funds here. So then I have to go cheap.

While IPTABLES might be CHEAP (price) it is a very good firewall.
Learn to set it up from the command line, it isn't that hard.
Try the following to learn it;

http://iptables.rlworkman.net/chunkyhtml/index.html

Forget those GUI interfaces.


--

Regards
Robert

Smile... it increases your face value!
Linux User #296285
http://counter.li.org
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 09:44 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org