CCL Home Page
Up Directory CCL lan_and_dmz

Installing and configuring Linux Firewall

Protect your servers in the Demilitarized Zone, and run intranet too.

For home, office and pleasure

by Jan K. Labanowski, jkl@ccl.net


Location: http://www.ccl.net/cca/software/UNIX/netfilter/home_lan

When I decided to get DSL and get static IP addresses to my basement, I had to protect my babies behind the firewall against the hackers. I bought the computer which I use for the firewall in the surplus store of OSU for $25. It has a 2 Gig drive, and a 133 MHz non-MMX pentium. And I never saw an average load on it above 0.05. The 486 would probably do, but you probably cannot get them anymore. When you install Linux, note that you do not want to install a lot on the firewall, but you want to install kernel and firewall (iptables). You need networking support, but this is it. No compilers, no develpment, no graphics, publishing, etc., etc., Just have a barebone Linux, networking, and firewall.

The script has a lot of comments. The script itself is short, but comments are 10 times the actual commands. I hope you will learn something out of them. When you save files, rename them by skipping ".txt" extension.

  • startfw -- this is an overcommented script with all the details you ever wanted to know. Copy this script to /usr/sbin/startfw since this is were other scripts expect it.
  • network -- this is an example of script which starts your ethernet cards on boot up. Save the original /etc/rc.d/init/network script as network.orig or something and copy this script over it. Remember to change the IP addresses to those which you got from your ISP. Remember to assign the right modules in the /etc/modules.conf to your ethernet interfaces.
  • iptables -- this is a init script which replaces your /etc/rc.d/init.d/iptables script. Save the original script which came with Linux to something like: iptables.orig and copy this scrip over it. Remember to disable original ipchains and iptables as described in the startfs script comments (yes... sorry... you have to read it all).
  • flushfw -- this script flushes the tables of the firewall, i.e., in other words, it just switches the firewall off. You need to run startfw to get firewall back in action after you ran the flashfw script. Copy it to /usr/sbin/flushfw since other scripts expect it there.
  • iplisting -- this script lists the rules which are currently set in iptables. Just run it to check what is really set inside your iptables.
Please help me fix the bugs and problmes which you see with these files, so they are useful. Just send me e-mail to jkl@ccl.net

Thanks
Jan Labanowski, jkl@ccl.net
Modified: Sun Feb 3 20:47:11 2002 GMT
Page accessed 55039 times since Tue Dec 11 03:01:24 2001 GMT