install linux as firewall

[mcse_696]

hi all
we have server2003 and 25pcs we dont have firewall , i suggest to my boss isa2004 or linux ,
of course he likes linux , i know linux is great firewall , problem i never installed linux a firewall i need document just how I install firewall what services I need ect................. about firewall to work correctly

[undomiel]

Ipcop sounds like what you are looking for. IPCop.org :: The bad packets stop here!

Though wouldn't you be better off just getting a dedicated hardware firewall instead?

[mcse_696]

hardware you mean pix firewall ?

[skeet2331]

You could run smoothwall. It is a linux based firewall.

[120nm4n]

Quote:

Originally Posted by undomiel

Though wouldn't you be better off just getting a dedicated hardware firewall instead?

+1 With a software solution, there's typically a lot more work involved as far as maintenance. We have SonicWalls at my office. They're rock solid and require very little maintenance.

[shednik]

I'll be running this one I get my WRT54GL -- looks sweet to me http://www.packetprotector.org/

[Silver Bullet]

Having built and ran custom linux firewall's, I will say this... IF you decide to roll your own, make sure that you document it VERY well for when you're not there. I personally wouldn't recommend rolling your own for a business when you have little knowledge of linux and iptables plus scripting skillz.

There are some good firewall distros out there and if you decide to go that route then try to use one that offers paid support. pfsense is a good firewall distro and they do offer paid support. I say that about paid support because the inevitable will happen. You'll be out sick, on vacation or whatever and something will go wrong with the firewall. The paid support in that situation will be invaluable to the ones that are trying resolve the problem in your absence.

You will most likely be better off though just dropping an ASA in the network if you don't have any linux gurus in house.

[the_Grinch]

Funny, I took a class where we did nothing, but play with open source firewalls. Since it's a small amount of pc's and you don't know linux really well I would look at Untangle. Nice GUI interface, easy to setup and maintain, and the community forums are responsive. Showed my old boss and he was considering using it as a back up to the sonicwall we had (not that we had issues, but you never know!).

Open Source Network Gateway | Untangle

[mcse_696]

my second day working in this office as I understood from the guy working with me ,they have antena on the floor and radio modem , coming cable to our office RJ-45 plug it directly to server ,i m thinking to bring DSL router built-in firewall place it front internet , and EtherFast Cable from router to server can i solve my problem with this way ?

[Turgon]

Quote:

Originally Posted by Silver Bullet

Having built and ran custom linux firewall's, I will say this... IF you decide to roll your own, make sure that you document it VERY well for when you're not there. I personally wouldn't recommend rolling your own for a business when you have little knowledge of linux and iptables plus scripting skillz.

There are some good firewall distros out there and if you decide to go that route then try to use one that offers paid support. pfsense is a good firewall distro and they do offer paid support. I say that about paid support because the inevitable will happen. You'll be out sick, on vacation or whatever and something will go wrong with the firewall. The paid support in that situation will be invaluable to the ones that are trying resolve the problem in your absence.

You will most likely be better off though just dropping an ASA in the network if you don't have any linux gurus in house.

Very true, I worked in a shop where an OpenBSD firewall was deployed using PF. It certainly worked well enough. But only one person knew how it worked. Sure enough the firewall panicked one day before the admin arrived at work. We made sure the admin responsible for the deployment produced enough documentation to ensure we could at least basically administrate it when he wasn't around. We were ok with our checkpoint firewalls, plenty of experience there in house, but not this device. It's ok to love opensource firewalls and prefer them over vendor ones but they still need supporting.

[Mishra]

Take a look at Endian.

Endian -Firewall Appliance, UTM Appliance, Unified Threat Management, Hotspot, Antispam, Antivirus, VPN, OpenVPN, Open Source

They have free firewall software, or a whole appliance you can pay for. It is super easy and very nice firewall. I've had it running for a few years.

[Daniel333]

Dude, snag a PIX or a ASA. Easy setup, highly reliable. A lot less patching than you will have to deal with under Linux.

[mcse_696]

does smoothwall compatible with windows platform server2003 ?

[Silver Bullet]

Quote:

Originally Posted by mcse_696

does smoothwall compatible with windows platform server2003 ?

What do you mean by compatible?

If you're asking if you can install it on Windows Server 2003, then the answer is no. You'll need a dedicated PC/Server to run it on.

If you're asking if it can pass traffic generated by Windows Server 2003, then the answer is yes.

[Gomjaba]

Quote:

Originally Posted by 120nm4n

+1 With a software solution, there's typically a lot more work involved as far as maintenance. We have SonicWalls at my office. They're rock solid and require very little maintenance.

All we run are sonics too - they are great firewalls and VERY easy to work with. Setup time 5 minutes