SecurityFocus: Building a Linux Bunker: Basic FirewallingMay 08, 2000, 17:40 (0 Talkback[s])
(Other stories by Rafael Coninck Teigao)
"This article presents a way to convert any spare machine you have into a useful security gateway for your network, utilizing Network Address Translation (NAT), and the firewalling features present in Linux. This article will assume you have already read and applied the techniques discussed in the Installation and Securing Linux articles in the Linux Focus Area here on SecurityFocus.com."
"Some basic issues need to be addressed. This is not an ordinary host, and should not be seen that way. This host should be exclusively used for firewalling and NAT, and nothing else. This means that you should not run other services. Also, if you are going to redirect some service to an inside machine, make sure the service is not susceptible to known vulnerabilities, and that you keep up to date with patches. Failure to do this can render your firewall useless."
"The latest versions of the Linux kernel are not necessarily the most stable and reliable versions that have been made available. If your machine does not need the latest drivers, download and install a reliable, stable, well tested kernel; kernel 2.0.38 is known to be all three. You should enable IP Forwarding, IP Masquerading, IP Firewalling, IP Transparent Proxying and IP Routing. If you are having trouble compiling this kernel, take a look at http://www.suse.de/~florian/kernel+egcs.html. This site has a patch for compiling this kernel with egcs."