• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

Importance of Firewall in Linux

 
Ranch Hand
Posts: 15304
6
Mac OS X IntelliJ IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok, this might be a bit lengthly, so bare with me. There is some setup to this.
I am in the process of hosting my own Web Server, Mail Server, FTP Server, and whatever else I can think of from my home. I plan on running Linux everything for obvious reasons.
I have a LINKSYS router. I have disabled remote administration and PING on my router. So to the outside world, it is pretty invisible. Priliminary testing, I have setup a web server and an FTP server, both on standard ports 80 and 21. I setup port forwarding on my router so that incoming requests on those ports get forwarded to the appropriate internal address. All works beautifully.
So now I am concerning myself with security. My web site I have hosted at IMHosted does not get a lot of traffic. It's more for me and my friend to document things, but we still want it available. Anyway, I know how to handle IPTables in Linux but I am wondering if I REALLY need to do this?
Here is my thought: Linux is pretty darn secure in the sense that I don't have to worry a lot about worms and viruses. My biggest concern on my Web Server is DoS attacks. Now I know that if I am getting a DoS attack and can determine the IP range I could use IPTables to block that IP range until the attack was over. This is something I can't do with my router alone without just turning of port 80 forwarding.
But I am not sure if I want to deal with a firewall for the simple little things I am doing.
In a nutshell, how important is having a firewall in front of a LINUX backend for a home environment like I am setting up? Just looking for opinions and suggestions here.
Thanks.
[ August 29, 2003: Message edited by: Gregg Bolinger ]
 
Sheriff
Posts: 7001
6
Eclipse IDE Python C++ Debian Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am in the process of hosting my own Web Server, Mail Server, FTP Server, and whatever else I can think of from my home. I plan on running Linux everything for obvious reasons.
I do something similar, although the web server is not really "public", as my cable provider is not as tolerant as your DSL supplier seems to be. I access the system to read my home email via a web front end while I'm on a client site behind a firewall, and so on.
Anyway. I use a specialised Linux distribution which incorporates a firewall for just this sort of application. So far it's been *much* more robust and intruder-proof than a stock RedHat system I ran at a colocation facility for a while (sad story on request).
I find that this distribution offers everything I need in a web/mail/FTP/file server without all the bloat installed by a typical "desktop" Linux distribution. I have been running e-smith happily for several years (and several versions).
Check out http://www.e-smith.org/ for the software I use. There are also some others, but I haven't tried them seriously.
 
Gregg Bolinger
Ranch Hand
Posts: 15304
6
Mac OS X IntelliJ IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Frank. I will look into that.
 
Saloon Keeper
Posts: 28399
210
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I firewall in the router, in each of the front-end LAN Linux machines AND on the NAT pass-through to the back-end LAN Windows Machines. Firewalls have been known to have bugs, but the odds of all 3 firewalls succumbing to the same bug (especially when different software is involved) are fairly low. As is the likelihood that I would have missed an exploit in all 3 sets of rules.
I suppose there's a performance penalty, but I consider cheap insurance.
 
author and jackaroo
Posts: 12200
280
Mac IntelliJ IDE Firefox Browser Oracle C++ Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I also have a router which has an inbuilt firewall and my Linux box which serves up both my girlfriends and my web pages.
I still run the firewall on my Linux box as well as having the router's firewall. IPTables is fairly easy to setup when basically denying everything (or nearly everything) and it gives me an extra line of defence if ever the router's firewall failed.
Regards, Andrew
 
Ranch Hand
Posts: 148
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You might also want to check out ClarkConnect.
Awesome distro that provides many features you
are looking for. It's based on Red Hat 9.0 by the way if
that means anything. The installation is soo simple
and provides a very friendly web-based UI for administration.
http://www.clarkconnect.org
[ September 02, 2003: Message edited by: Hung Tang ]
 
Politics n. Poly "many" + ticks "blood sucking insects". Tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic