Setting up a Firewall

Sometime back we have covered the basic installation of a Wireless Router for networking a few computers. This time we will explore the actual setting up of a simple but effective Firewall and Internet Connection Sharing for a number of computers.
Linux Firewall

Windows Internet Connection Sharing (ICS) :
If you want to connect one computer which has access to the Internet to other computers in a local network, sharing the internet connection, you need an extra Network Interface Card (NIC) and you need to enable ICS in your primary computer. This would automatically set the local network card IP address to 192.168.0.1 and allow you to share the internet connection for all machines in the range 192.168.0.2 to 192.168.0.255 .

If your network address is not compatible with this range, or if you have Virtual Private Networking (VPN) then this option is not suitable. You will be better off with a dedicated Hardware Router or what we propose here: – Linux Firewall and Router. In fact you will find hundreds if not in thousands of pages of content about Linux firewalls and software routers running from a modestly equipped box.

Most hardware firewalls and routers come equipped with standard protection against Denial of Service (DoS) attacks and offer network reliability through Stateful Packet Inspection (SPI). Still a well designed software firewall adds the extra feature of scalability and flexibility unmatched by the hardware equivalents.

Besides extended logging allows one to enhanced monitoring for attacks. Intrusion detection is easier with this.

It must be said in bold that a firewall is the first step in your Network security. It is not a complete solution to your Network security. It does not work in isolation. You must have a complete comprehensive security policy involving effective monitoring and intrusion detection.

Simply put, a firewall examines the incoming packets and outgoing packets on specific open ports, and applies a set of pre-defined rules to determine whether an individual packet should be permitted. These rules can be based on allowable originating and destination hosts, ports, packet header information, or any combination of these factors.

Linux, as always comes with many security features in-built including a Firewall. Ipchains with a set of configuration files in Iptables is standard for most distros of Linux. Netfilter offers a set of loadable kernel modules that extends the firewalling capabilities of Linux to allow session-based packet examination.
Linux Kernel with the added features of firewalling through Netfilter has made network security easy to manage.

We will start with Firestarter – a GUI tool to control Netfilter from GNOME. It is simplicity itself. It says in its cute help page : “An all-in-one Linux firewall utility for GNOME”.

Get Firestarter from here: http://www.fs-security.com/

Its features include:

We will come back with the installation and setting up in the second part.

Exit mobile version