I am finally going to build up a nice little firewall/appliance box for
home, and am trying to decide on the best way to put it together in a
secure, yet functional manner.
I am building it around a mini-itx 1GHz board with 265Mb RAM, so it'll
be running nothing too heavy, but I would be looking for peoples
experience/recommendations around the various functions it will be
DNS - BIND forwarding different zones to different servers, chroot'ed.
DHCPFWD - Forwarding DHCP requests to server in secure LAN, chroot'ed.
Squid - Squid configured as transparent proxy, would like to integrate
CLAM-AV, but not sure how. Can this be chroot'ed?
Postfix - Configured to relay mails from internal server to external
server. Can this be chroot'ed?
Fetchmail - Configured to gather mails from external server and deliver
to internal server. Can this be chroot'ed?
IPTABLES - configured via shorewall. I have to say that I love this
Webmin - Configured to only allow access from internal LAN. (Might not
bother with this)
OpenSSH - Configured to only allow access from internal LAN and
secure(ish) Wireless LAN.
Squirrelmail - To be done later...
Has anyone managed to get a CAPI based ISDN USB modem working reliably?
Does anyone have any recommendations on which VPN software to use? I
need it to be easy enough to maintain with Windows and Linux clients.
I am planning on building it around Fedora Core 2 for a variety of
reasons, and don't feel the need to change that unless there is a bloody
good reason. (Religious debate not required on this one)
I have looked at most of the firewall specific builds, but none of them
really suit my config which has 5 network interfaces, and no clear cut
I know there's a lot of questions in there, and I know I will be able to
find the answers to some of them via google, but I'd like to know what
experiences other people have had with the different parts to allow me
to avoid any known pitfalls.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!