Firewall Questions

Jeff Vian jvian10 at charter.net
Tue Apr 12 23:40:26 UTC 2005


On Tue, 2005-04-12 at 15:50 -0600, kevin.kempter at dataintellect.com
wrote:
> Hi All;
> 
> For several years now I've been using the Astaro Firewall solution for my home 
> network (http://www.astaro.com/). It requires it's own box with 2 nic cards 
> and serves up IP's for the network behind the firewall. It's been a great 
> solution however I wonder if there is an open source equivalent available. I 
> never use the Fedora firewall because I'm almost always behind the main 
> firewall on my home network or behind some corporate firewall.
> 
> I would like to find a tool capable of the following:
> 1. the ability to act as a domain firewall (maybe domain is not the correct 
> term?) with the ability to serve up IP's for the users behind the firewall 
> and provide access both to the internet and to each other within the network
> 
> 2. The ability to provide some sort of surf content filtering to keep my 
> teenagers from being exposed to crap via the web
> 

ipcop comes to mind.

> 3. th ability to setup M$ style vpn access
> 
> 4. something that's easy to administer
> 
> 5. we generally are a Linux - only network save a few dual boot boxes for the 
> sole purpose of playing multi-player games. It would be nice if I could 
> prohibit any of the M$ installs from ever visiting the web but at the same 
> time allow within-network access to each other so multi-player games would 
> still work without acquiring an M$ based virus for every 10 minutes of game 
> time.
> 
Assuming your multi-player games are all local network and not internet
server based, a very easy way to do that would be to have the M$ boxes
boot with a different network address.  Use one that would not be on the
same subnet as the linux boxen and thus would never be able to go to the
internet via your firewall.

If they are internet based then blocking other internet access seems
difficult if not impossible.

Using option 1 above would be tricky unless one OS (M$) used static IPs
and the other used DHCP.

> Thanks in advance for any suggestions...
> 




More information about the users mailing list