[ILUG] Firewall/Proxy/Gateway Build
david.jamison1 at ntlworld.com
Sat Oct 23 21:32:01 IST 2004
Hamilton, David (HPS) wrote:
>I am finally going to build up a nice little firewall/appliance box for
>home, and am trying to decide on the best way to put it together in a
>secure, yet functional manner.
>I am building it around a mini-itx 1GHz board with 265Mb RAM, so it'll
>be running nothing too heavy, but I would be looking for peoples
>experience/recommendations around the various functions it will be
>DNS - BIND forwarding different zones to different servers, chroot'ed.
>DHCPFWD - Forwarding DHCP requests to server in secure LAN, chroot'ed.
>Squid - Squid configured as transparent proxy, would like to integrate
>CLAM-AV, but not sure how. Can this be chroot'ed?
>Postfix - Configured to relay mails from internal server to external
>server. Can this be chroot'ed?
>Fetchmail - Configured to gather mails from external server and deliver
>to internal server. Can this be chroot'ed?
>IPTABLES - configured via shorewall. I have to say that I love this
>Webmin - Configured to only allow access from internal LAN. (Might not
>bother with this)
>OpenSSH - Configured to only allow access from internal LAN and
>secure(ish) Wireless LAN.
>Squirrelmail - To be done later...
>Has anyone managed to get a CAPI based ISDN USB modem working reliably?
>Does anyone have any recommendations on which VPN software to use? I
>need it to be easy enough to maintain with Windows and Linux clients.
>I am planning on building it around Fedora Core 2 for a variety of
>reasons, and don't feel the need to change that unless there is a bloody
>good reason. (Religious debate not required on this one)
>I have looked at most of the firewall specific builds, but none of them
>really suit my config which has 5 network interfaces, and no clear cut
>I know there's a lot of questions in there, and I know I will be able to
>find the answers to some of them via google, but I'd like to know what
>experiences other people have had with the different parts to allow me
>to avoid any known pitfalls.
Im very interested to read about what you are doing. Im in process of
doing something similar if not or such a large scale (though you never
know where these things end up!!) At the moment Im working at building a
box that will be a smoothwall box (two interface) running RULE which is
based on Red Hat 9.0 for now although they have developed into Fedora
which will hold a mail server and to which will be connected a Windoze
2000 box (purely because I cannot get a linux printer driver and a Suse
(or Mandrake box).
I would be interested to hear how your getting on and any gotchas you
have discovered along the way
David (another one!)
More information about the ILUG