Impossible tri-bar

Digital Phenomena - Your first stop for internet consultancy 
Setting Up a Linux Firewall on Your Network

Page 3 — LAN of the Lost

First, if you want to share one connection among several machines, follow Todd's brilliant instructions to set up IP masquerading. As long as traffic is relatively low, it doesn't have to be particularly powerful.

So exhume that old Pentium 150 from the closet, evict the dust bunnies, stick in US$20 worth of RAM to bring it up to 128 MB, and install a nice new copy of Linux. You will also need two network interface cards — one to talk to the outside world via the broadband line, and one to talk to the rest of the machines in the house. You split your connection amongst the machines in your house with an Ethernet hub, either the shmancy wireless laptop-on-the-roof kind or the traditional kind that you can trip over.

An IP masquerading setup means that, as far as the Internet at large is concerned, there's only one computer here in your house. It has one IP address. When packets come from the outside world, they are sent to that IP address. Our firewall and masquerading box figures out which of the computers inside the house (each of which has its own internal IP address known only to its LAN-mates) should get that packet.

Now you want to configure your firewall. There are two major versions of the Linux kernel that are in widespread use — version 2.2, which is older but more tried-and-true, and version 2.4, which is newer, with more and better features, but less proven. Typically a Linux distribution that you buy today will offer a choice between the two when installing. Somewhat inconveniently for us, the firewalling code has changed significantly between these two versions.

The Linux Firewall HOWTO and the Firewall FAQ are indispensable as well.

The first step, though, is to make sure your Linux box is reasonably secure in and of itself. The Linux Security HOWTO is an excellent guide. Basically you want to download any security updates that may exist for the version of Linux that you're running, turn off any services you're not using (which should mean most services), and generally lock everything down. A firewall that gets broken into is no good at all.

next page»

|Home|About Us|Services|Search|
W3C validatedW3C validated CSSCompatible with all browsers