Special firewall for wannabee dmz machine

Special firewall for wannabee dmz machine

[reader]

( I've probably irritated the ipfilter list by mistakenly posting this
  there first)

I'd like to see some examples of how to do this:

I'm setting up a gentoo linux machine who's sole purpose is to get
traffic coming to a NETGEAR router upstream.  That router has one of
those options they call DMZ where you can give a lan address machine
to be sent all traffic that is blocked from the lan.

In my case it isn't a true DMZ because it will not route anything to
other parts of the lan.  It's pupose is to drop but log all the
baloney coming at the NETGEAR from the internet.

I just want to poke around in the logs of what is coming my way.

It will only need to communicate to the internet rarely if at all
and then from lynx, or over ssh.  It has no X installed, no services
like apache, samba, cups, etc etc.  Only ssh.  And I'd like that to
only be open to the lan.

I'm confused about which things need to be allowed in and how to
handle the rejected stuff, far as logging only possible nasty stuff
and not normal dns or other normal traffic.

Re: Special firewall for wannabee dmz machine

[G.W. Haywood]

Hi there,

On Tue, 25 Dec 2007 reader@newsguy.com wrote:

> I'm setting up a gentoo linux machine who's sole purpose is to get
> traffic coming to a NETGEAR router upstream [snip]

Why not install a purpose-made firewall distro, and maybe some addons?
You'll get logs, a GUI, graphs, all kinds of fun stuff.

> I just want to poke around in the logs of what is coming my way.

You must be _really_ desperate for entertainment.  :)

> It will only need to communicate to the internet rarely if at all
> and then from lynx, or over ssh.  It has no X installed, no services
> like apache, samba, cups, etc etc.  Only ssh.  And I'd like that to
> only be open to the lan.

If you don't run any services then anything you record in your logs
will be of doubtful value.  Obviously if an attacker probes your IP
and finds no services running which he can attack, then he'll go away
and look somewhere else.  Maybe you should Google for 'honeypot'.

> I'm confused about which things need to be allowed in and how to
> handle the rejected stuff, far as

There are plenty of tutorials on the Web, for example see

http://www.google.co.uk/search?hl=en&q=iptables+tutorial&btnG=Search&meta=

> logging only possible nasty stuff and not normal dns or other normal
> traffic.

What makes you think that traffic sent to your DNS server can't be nasty? :)

--

73,
Ged.

Re: Special firewall for wannabee dmz machine

[reader]

"G.W. Haywood" <ged@jubileegroup.co.uk> writes:

>> I'm setting up a gentoo linux machine who's sole purpose is to get
>> traffic coming to a NETGEAR router upstream [snip]
>
> Why not install a purpose-made firewall distro, and maybe some addons?
> You'll get logs, a GUI, graphs, all kinds of fun stuff.

I'm not sure what you are talking about there.  Do you mean something
like the `Soekris' board running openbsd?

Can you name a few of these purpose built distros?

Re: Special firewall for wannabee dmz machine

[G.W. Haywood]

Hi there,

On Tue, 25 Dec 2007 reader@newsguy.com wrote:

> "G.W. Haywood" <ged@jubileegroup.co.uk> writes:
>
> >> I'm setting up a gentoo linux machine who's sole purpose is to get
> >> traffic coming to a NETGEAR router upstream [snip]
> >
> > Why not install a purpose-made firewall distro, and maybe some addons?
> > You'll get logs, a GUI, graphs, all kinds of fun stuff.
>
> I'm not sure what you are talking about there.  Do you mean something
> like the `Soekris' board running openbsd?

No, not at all.

> Can you name a few of these purpose built distros?

ClarkConnect, Endian, Firestarter, Fli4l, Floppyfw, Gibraltar,
GuardDog, IPCop, LutelWall, m0n0wall, NuFW, pfSense, Shorewall,
SmoothWall, Turtle, Zorp...  You have heard of Google? :)

As you can see there are quite a few.  They have different design
criteria, they started from different places, and most of them made
detours along the way.  Mainly I use IPCop and SmoothWall, with a
substantial amount of fine-tuning by the addition of iptables rules,
both scripted and hand-crafted.  By the sound of it, you might want
something less 'packaged' than the distros that I use.

--

73,
Ged.

Re: Special firewall for wannabee dmz machine

[reader]

"G.W. Haywood" <ged@jubileegroup.co.uk> writes:

> ClarkConnect, Endian, Firestarter, Fli4l, Floppyfw, Gibraltar,
> GuardDog, IPCop, LutelWall, m0n0wall, NuFW, pfSense, Shorewall,
> SmoothWall, Turtle, Zorp...  You have heard of Google? :)

Thanks..

About google:  Is that related to Googolplex?  ... (sorry)