Shorewall users - Mar 2003 - New Firewall setup recommendations?

Hello all.

I''m about to set up a new firewall on an old 400 MHz K6-2 machine. What
is the recommended, or most common way to go about it?

I was thinking of doing a MINIMUM install of RedHat 8 (the option where 
they actually say "used for setting up things like firewalls") and
then
installing shorewall on top of that. Would this leave me with anything 
crucial missing in my installation?

Also, when installing RedHat, it has a step where it offers to setup a 
basic firewall for you (it just uses Lokkit to setup a starter iptables 
script.) Since I''ll be installing Shorewall on this system, can I 
assume it would be right to choose the "No Firewall" option in the 
RedHat installer?

If this isn''t a good way to go about setting up a new firewall, could 
you all let me know how most of you usually go about doing it?

Cheers
--Dan

--On Tuesday, March 04, 2003 11:51:52 AM -0500 Dan Delaney 
<dionysos@mail.dionysia.org> wrote:
> Hello all.
>
> I''m about to set up a new firewall on an old 400 MHz K6-2 machine.
What
> is the recommended, or most common way to go about it?
>
> I was thinking of doing a MINIMUM install of RedHat 8 (the option where
> they actually say "used for setting up things like firewalls")
and then
> installing shorewall on top of that. Would this leave me with anything
> crucial missing in my installation?
Be sure that iproute is installed -- that''s the only thing that might
be
missing.
>
> Also, when installing RedHat, it has a step where it offers to setup a
> basic firewall for you (it just uses Lokkit to setup a starter iptables
> script.) Since I''ll be installing Shorewall on this system, can I
assume
> it would be right to choose the "No Firewall" option in the
RedHat
> installer?
Correct.
>
> If this isn''t a good way to go about setting up a new firewall,
could you
> all let me know how most of you usually go about doing it?
>
I take basically that same approach.

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net

Your best bet in my opinion would be to check out 
leaf.sourceforge.net.  These are pretty good firewall setup packages.  They 
contain pretty much everything you may need.

At 11:51 AM 3/4/2003 -0500, you wrote:
>Hello all.
>
>I''m about to set up a new firewall on an old 400 MHz K6-2 machine.
What is
>the recommended, or most common way to go about it?
>
>I was thinking of doing a MINIMUM install of RedHat 8 (the option where 
>they actually say "used for setting up things like firewalls") and
then
>installing shorewall on top of that. Would this leave me with anything 
>crucial missing in my installation?
>
>Also, when installing RedHat, it has a step where it offers to setup a 
>basic firewall for you (it just uses Lokkit to setup a starter iptables 
>script.) Since I''ll be installing Shorewall on this system, can I
assume
>it would be right to choose the "No Firewall" option in the RedHat
installer?
>
>If this isn''t a good way to go about setting up a new firewall,
could you
>all let me know how most of you usually go about doing it?
>
>Cheers
>--Dan
>
>_______________________________________________
>Shorewall-users mailing list
>Post: Shorewall-users@lists.shorewall.net
>Subscribe/Unsubscribe: 
>http://lists.shorewall.net/mailman/listinfo/shorewall-users
>Support: http://www.shorewall.net/support.htm
>FAQ: http://www.shorewall.net/FAQ.htm
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum 
immane mittam.

--On Tuesday, March 04, 2003 11:01:07 AM -0600 Charles Holbrook 
<lamdamu@jump.net> wrote:
> Your best bet in my opinion would be to check out leaf.sourceforge.net.
> These are pretty good firewall setup packages.  They contain pretty much
> everything you may need.
>
Provided that you like living with the limitations of embedded systems...

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net

On Tuesday, March 4, 2003, at 12:18 PM, Tom Eastep
wrote:
> --On Tuesday, March 04, 2003 11:01:07 AM -0600 Charles Holbrook 
> <lamdamu@jump.net> wrote:
> Provided that you like living with the limitations of embedded 
> systems...
Yeah. See, I''d like to be able to put a bunch of intrusion detection 
software on this as well (snort, et. al.). And this box might also have 
to act as the DNS server for the organization.

Thanks for you responses.
--Dan

Dan Delaney (dionysos@mail.dionysia.org) had this to say on 03/04/03 at 12:23:
> On Tuesday, March 4, 2003, at 12:18 PM, Tom Eastep wrote:
> >--On Tuesday, March 04, 2003 11:01:07 AM -0600 Charles Holbrook 
> ><lamdamu@jump.net> wrote:
> >Provided that you like living with the limitations of embedded 
> >systems...
> 
> Yeah. See, I''d like to be able to put a bunch of intrusion
detection
> software on this as well (snort, et. al.). And this box might also have 
> to act as the DNS server for the organization.
LEAF can do that, especially when booting from CD.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030304/046d6182/attachment.bin

> > I''m about to set up a new firewall on an old 400 MHz K6-2
machine. What
> > is the recommended, or most common way to go about it?
> >
> > I was thinking of doing a MINIMUM install of RedHat 8 (the option
where
> > they actually say "used for setting up things like
firewalls") and then
> > installing shorewall on top of that. Would this leave me with anything
> > crucial missing in my installation?
Where is the minimum option in RedHat 8?

I don''t see it doing an NFS install in text mode?

> > > I''m about to set up a new firewall on an old 400 MHz
K6-2 machine.
What
> > > is the recommended, or most common way to go about it?
> > >
> > > I was thinking of doing a MINIMUM install of RedHat 8 (the option
where
> > > they actually say "used for setting up things like
firewalls") and
then
> > > installing shorewall on top of that. Would this leave me with
anything
> > > crucial missing in my installation?
>
> Where is the minimum option in RedHat 8?
>
> I don''t see it doing an NFS install in text mode?
Found it in the GUI. For those who don''t know, choose Custom, then look
near
the bottom of the list for there Minimal check box.

Dunno if there is an option in text mode but I will look and report back
here.