i'm going to have a small network at home. I'll be using a dsl line to connect to the internet. My question is: What do i need for security so i'm not hacked to death.

Now do i just use ipchains and portsentry on a box that i can use as a firewall, or should i just go get a firewall program and run that. I have a spare box that i can use solely as a firewall. I am going to be using a pc that dual boots win98 and linux and a pc that runs redhat 6.2 and then a pc for the firewall. Ive been reading about ipchains, portsentry and firewalls like PMfirewall and gaurddog. Do i even need a seperate pc for a firewall cant i just share the internet connection with the linux box and use that as the firewall. Am i making any sence??? i dont want to be an easy target!

You are on the right track. Most linux workstations should be able to handle doing double duty as both a firewall/router and workstation. Setting up some IP chain rules is good. The other thing is to turn off services you do not need. If you are not attempting to run a web server or something, turn off all thos services. There is no need to be running telnet and apache and ftp just because the typical RH install leaves them on.

The other option to consider for your Home network is a DSL/Cable Router box. Linksys and several other companies make relatively inexpensive devices that function as both Hub/Switch and Firewall. The only one that I have had first hand reports of is the Linksys. It was very easy to setup and even supported PPPoE. Almost all seem to have gotten good reviews so go to any hardware review site to check on them or check out www.dslreports.com (http://www.dslreports.com)


------------------
Just a Tuna in the Sea of Life

my original setup was:

*linux server with internet connection, squid, internet junkbuster, dns, apache, firewall, portsentry* (basically an all-in-one)

then that was connected to the hub, and masqing all the other computers..

now i'm going for this type of setup:
(excuse the poor format, but you'll get the point..

(comp#1)p133 firewall/portsentry computer w/ internet access
|
|
---(comp#2)linux squid/internet_junkbuster proxy / (comp#3)linux apache
|
|
---all other computers

then everything else behind it..





[This message has been edited by Fandelem (edited 05 December 2000).]

ARg! why use squid? I have my redhat 6.2 box serving as a firewall. All the windowz machines use the internal NIC's IP of the redhat box as the gateway. Plain and simple. Cause my household just doesn't web surf...they play games, etc. *i'm sure you plan on that*

Squid is used for something where you need a cache solution like I do need here at work..Where all I WANT them to do is browse http://www.linuxnewbie.org/ubb/smile.gif



------------------
---=== SYSTEM RULES ===--
1. Do not post crap
2. Obey rule #1
3. Only post stuff that rule #2 allows

ok let me get this straight.

I'm going to have my linux box connected to the internet via static ip with ipchains and portsentry. On that box i'm going to need 2 nic cards one that goes to the dsl modem and one that goes to the hub that the rest of my computers will be one.

My win98 box will use the internal ip address of the linux box (not the static ip) as the gateway and then enable DNS and put in the ip address from my isp?

About the nic cards in the linux box, i am unsure about how to set the ip address on them. The card that is attached to the hub gets an address that goes along with my windows box and the card that goes to the dsl modem gets the address my isp gave me, right?

i've been doing alot of research and this is the way i see it, am i right ?

You got it Stanley.

------------------
Just a Tuna in the Sea of Life