Or use monmotha and be up an running in a couple of minutes. I am using 3 nics at the moment with it. I did try shorewall, but the setup time and learning curve was so much greater I dumped it (the complexity worried me as well - complex means it may be vulnerable to misconfiguration). Mind you, on complex/commercial setups it probably has an advantage, but not for SOHO/home use.
BillK On Sat, 2005-08-27 at 12:23 +0200, Oscar wrote: > I've used both firehol and shorewall, and they're both great! > But for a more advanced setup, I would recommend shorewall (firehol is a bit > tricky at some points, like port-forwarding), it will save you a lot of time > (setting up a 3 NIC firewall with shorewall takes less than 30 minutes)... > > Oscar > > On Fri, 26 Aug 2005 22:36:39 +0000 (UTC) > James <[EMAIL PROTECTED]> wrote: > > > Hello, > > > > I've decided to take the plunge and build my first, full featured > > firewall on Gentoo. At first I was going to use 'gnap' but further > > reading reveals that this sort of derived firewall is stateless, > > and I want a statefull firewall. It's also masked. > > (feel free to correct me if I miss something). > > > > The firewall will have (3) nics, Outside(static IP) > > DMZ for several web servers, mail server and DNS secondaries > > and a private for a DNS server, PCs(doz) and assorted Linux systems. > > So after googling for a while, I could not find any detailed documentation > > on building a gentoo based robust firewall (I sure thought I'd ran across > > such a page/document, but, nothing today). > > > > I did find some packages to 'ease the pain' on configuring iptables > > and completing the firewall: Recommendations here? > > fwbuilder > > bastille > > kmyfirewall > > firestarter > > > > I did find this gentoo document: > > http://www.gentoo.org/doc/en/home-router-howto.xml > > This example is for a 2 nic basic firewall. > > I need a dmz that will have web servers, dns servers, and > > will ensure security. > > > > I did find one Debian-centric security document: > > http://www.debian.org/doc/manuals/securing-debian-howto > > > > Alternatively, since this machine is only going to be a firewall > > & ethernet router so rather than securing a complete Gentoo system > > I could just use a 'firewall cd' installation, if one exists > > as a Gentoo derivative. > > > > Any other ideas or recommendations on documents or firewall install > > config on gentoo or a gentoo derivative are most welcome? > > > > Note: my firewall experience is mostly with openbsd. > > > > > > James > > > > -- > > gentoo-user@gentoo.org mailing list > > -- William Kenworthy <[EMAIL PROTECTED]> Home! -- gentoo-user@gentoo.org mailing list
