---

Home Security

GBdirect: Firewalling with Linux

By

“Using a configuration like this it is simple to set up and
control web access for staff inside the firewall – they simply
point their browsers at the proxy on the inner firewall machine.
This setup also provides an excellent email service if wanted. …
Some organisations also choose to run the Samba software so that
the inner system can provide file and print sharing services for
Windows PCs.”

“The external connection to the Internet can be via ISDN
dial-up, using either a slot-in card on the outer proxy host or a
separate external router. If the usage grows to the point where a
permanent connection is required, there is no need to go to the
extra expense of purchasing a leased-line router; an X.21 card can
be plugged into the host instead.”

“The system is based on two machines running Linux from Red
Hat (Release 5.1). Each machine contains two Ethernet cards, and
runs both sendmail and Squid. The inner of the two machines will
accept only telnet, FTP, mail and web requests (via Squid). It
will only accept such connections from the machines on the internal
network or (optionally) from the outer machine. Telnet and FTP
requests are handled by the standard Linux telnet and FTP daemons.
Web requests are only accepted if they are directed to the squid
proxy on the inner machine. … Since the outer firewall machine is
not visible to any of the machines on the internal network web
requests are forced to go through the squid on the inner machine.
… The outer of the two machines will accept only mail delivery
requests from the outside world, thus providing protection against
unwanted connections. It will accept FTP and telnet connections
from the inner firewall machine, allowing remote maintenance of the
machine. It will also handle web requests via its own copy of
squid, thus providing web access. Mail is handled in a similar
waterfall fashion. The proxy (sendmail) on the outer machine
accepts mail for the relevant domains, but simply forwards it to
the proxy running on the inner firewall machine. In turn, this
sends the mail on to the machine(s) on the internal network that
actually handle the mail.”

Complete
Story

Complete Story
Previous article
Next article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.