[ILUG] Firewall/Proxy/Gateway Build

[David]

Hamilton, David (HPS) wrote:

>I am finally going to build up a nice little firewall/appliance box for
>home, and am trying to decide on the best way to put it together in a
>secure, yet functional manner.
>I am building it around a mini-itx 1GHz board with 265Mb RAM, so it'll
>be running nothing too heavy, but I would be looking for peoples
>experience/recommendations around the various functions it will be
>performing.
>
>DNS - BIND forwarding different zones to different servers, chroot'ed.
>DHCPFWD - Forwarding DHCP requests to server in secure LAN, chroot'ed.
>Squid - Squid configured as transparent proxy, would like to integrate
>CLAM-AV, but not sure how. Can this be chroot'ed?
>Postfix - Configured to relay mails from internal server to external
>server. Can this be chroot'ed?
>Fetchmail - Configured to gather mails from external server and deliver
>to internal server. Can this be chroot'ed?
>IPTABLES - configured via shorewall. I have to say that I love this
>package!
>Webmin - Configured to only allow access from internal LAN. (Might not
>bother with this)
>OpenSSH - Configured to only allow access from internal LAN and
>secure(ish) Wireless LAN.
>Squirrelmail - To be done later...
>
>Has anyone managed to get a CAPI based ISDN USB modem working reliably?
>
>Does anyone have any recommendations on which VPN software to use?  I
>need it to be easy enough to maintain with Windows and Linux clients.
>I am planning on building it around Fedora Core 2 for a variety of
>reasons, and don't feel the need to change that unless there is a bloody
>good reason. (Religious debate not required on this one)
>
>I have looked at most of the firewall specific builds, but none of them
>really suit my config which has 5 network interfaces, and no clear cut
>green/orange/red zones.
>
>I know there's a lot of questions in there, and I know I will be able to
>find the answers to some of them via google, but I'd like to know what
>experiences other people have had with the different parts to allow me
>to avoid any known pitfalls.
>
>Thanks,
>	David.
>  
>
David

Im very interested to read about what you are doing.  Im in process of 
doing something similar if not or such a large scale (though you never 
know where these things end up!!) At the moment Im working at building a 
box that will be a smoothwall  box (two interface) running RULE which is 
based on Red Hat 9.0 for now although they have developed into Fedora 
which will hold a mail server and to which will be connected a Windoze 
2000 box (purely because I cannot get a linux printer driver and a Suse 
(or Mandrake box).
I would be interested to hear how your getting on and any gotchas you 
have discovered along the way
ATB

David (another one!)