"bryon3245@netzero.com" wrote:
What firewall under linux would you suggest, what would the best way to set up a firewall-router box with two nic's?
I suspect this depends upon the distro. I recently upgraded my gateway box from SuSE 6.3 to SuSE 7.2 and found that the default "Personal Firewall" was exactly what I wanted. (I just use the web for browsing and email so all my connections are started by me and so can easily be "masqueraded" --- hidden from the web). It seems to give you essentially the same thing as that Linksys box Steven Daukas (is that a real name?) suggested --- basically masquerading stuff coming from within and blocking anything unrelated from outside. Again, setting up the nic's is the same with all distros if you approach at the under the hood level but will differ if you use their administrative tools since the latter again are distro dependent. In the SuSE case, their Network Manual, pp 149 guides you through reasonably painlessly while still providing some idea of what is going on. Now, all bets are off if you want to provide some service like a web site or ftp server because then you have to do more than just masquerading and that does require you to become more familiar with how a firewall works. As to the two nics, basically you will set up one, say eth0, which is connected to your cable/dsl modem as a dhcp client which will get its ip address from the isp (I assume that, since you are asking a basic question, you did not spring for a fixed ip address which is more expensive; I also assume that you have a broadband connection since you specify two nics). The other nic, say eth1, you set up with a fixed IP address on your local net, for example, 192.168.1.1. If, at this point, your head is swimming, you can either look at the slides from an old WLUG presentation on networking (go to WLUG site, find "Past meeting information" and go to the March 2001, stuff. Slides 47 and 48 give a back to basics summary of the difference between a hub and a switch incidentally) or look into the manual(s) that come with your distro and see if they are as useful as those for SuSE or, get back to me (I suggest directly so we do not clutter the WLUG mail list more than I have been doing lately :-) ) and I am quite willing to try to walk you through the process on a slower one-on-one step-by-step process. The hazards here are that (1) I can easily get in over my head (but, I believe, am willing at least to let you know when that happens) and (2) you may end up wishing as in the Tom Lehrer song "You should never have let me begin ... " :-) doug