- Linux Based Firewalls -
A Killer Guard Penguin for your LAN
& NATsLittle Flying Network Address Translators

Mr. Know-IT-All Says ! . Don't Hit or Click on Bill Gates !
Mr. Know-It-All says, "IGOR, Release the Penguins and get the Bill Out of Here !"


Internet use has exploded, and e-commerce has become a daily part of business and personal life. The commercial world has rushed headlong into doing business on the Web, often without integrating sound security technologies and policies into their products and methods. The security risks and the need to protect both business and personal data have never been greater.

What kinds of security threats are posed by the Internet? Some, like password attacks and the exploiting of known security holes, have been around since the early days of networking. Others, like password sniffers, IP forgery, and various types of hijacking and replay attacks, are newer. And still others, like the distributed denial of service attacks that crippled Yahoo, E-Bay, and other major e-commerce sites in early 2000, come from today's headlines.

Firewalls are a very effective way to protect your system from most Internet security threats and are a critical component of today's computer networks. Firewalls in networks keep damage on one part of the network (e.g., eavesdropping, a worm program, file damage) from spreading to the rest of the network. Without firewalls, network security problems can rage out of control, dragging more and more systems down. Worldwide Hacker penatrations per minute : are increasing !

Linux and an old 486 or Pentium-1 can make a powerfully effective and manageable Firewall. A PPP/Slip dial-up connection and a v.90 56K modem can be added as bonus dial-up for staff members working at home. NAT or network address translation can give a new range of IP numbers to a single static or even intermittent dynamic (floating ) IP connection like an BRI or cable modem.

Each ICON here can hack your PC right now, go ahead,.. try it : . . .

WebShield Solaris From McAfee, it's issues apply to all firewalls !

WebShield for Solaris is a firewall-independent scanner that can easily plug into virtually any existing network framework. WebShield achieves this superior integration by implementing a gateway virus scanner that essentially acts like a router. And this router has the advantage of containing the world's number one virus scanning technology from McAfee. Now you can scan FTP, HTTP and SMTP traffic without affecting other performance-critical systems such as the firewall and mail servers.

FTP Scanning
Uploading or downloading files by FTP protocol creates the potential for a virus infection. Only WebShield can scan both inbound and outbound FTP traffic. Other solutions leave networks vulnerable to an internal user uploading an infected file and an external client subsequently downloading that file without it ever being scanned-a huge security problem.

HTTP Scanning
HTTP or web traffic is another area of virus vulnerability. WebShield provides protection by defending against hostile Java, JavaScript and ActiveX applets.

SMTP Scanning
WebShield for Solaris scans both inbound and outbound SMTP (e-mail) traffic. It can clean, reject, or quarantine infected attachments and messages, and automatically notifies intended recipients or administrators. WebShield also protects against partial MIME messages and MIME file name attacks.

Integrated Web Security
Using Cyber Patrol functionality, WebShield boasts advanced web security features such as Anti-Spam, URL blocking, and content filtering, which go a long way to reducing corporate liability.

WebShield for Solaris allows you to perform all management functions from a Java-based user interface, for local or remote administration. You can even administer several WebShield systems at once, from one machine. For additional security, the management communication channel requires shared secret authentication before permitting administrator access.

WebShield features a customizable logging interface, and gives you the ability to seamlessly export into common databases such as Microsoft Access or Excel.


2.1.1 "Source-routed-traffic"
2.1.2 "ICMP redirects" and "redirect bombs"
2.1.3 "denial of service" – via ICMP-Packets
2.1.4 Normal "denial of service" - DOS


2.2.1 SMURF - Attacks
2.2.2 SMTP Session Hijacking
2.2.3 Exploiting Bugs in Applications
2.2.4 Spoofing

2.2.5 Masquerading

4.7. "Dial-Up-Firewall"
4.8 FTP and Masquerading
4.9 Transparenter Proxy
4.10 Log (s)
4.11 ToS -Field
4.12 Port Forwarding
4.13 Background Virus Scanning at the Router
4.13 ICMP




    Installing the Floppy Firewall :

    from: http://members1.chello.nl/~rvdoever/fwflop/

    tar –zxvf fw.tgz ( un tar ball the install file set )

    cd firewall ( change to directory ‘firewall’ )

    cp fw.config fw.back ( make a backup of the config file )

    pico fw.config ( choose network cards )

    chmod +x *.sh ( Change ‘mod’ of the shell scripts to executable )

    Next put in any good 1.44 diskette in drive FD0 ("A:"), be it Blank, Not Blank, or UnFormatted as this uses dd

    ./bootroot.sh ( this makes a Floppy FireWall ‘BOOT’ floppy )

    Next put in another good 1.44 diskettein drive FD0 ("A:"), be it Blank, Not Blank, or UnFormatted as this uses dd

    ./utildisk.sh ( this makes a Floppy FireWall ‘UTILITY’ floppy )

    These are the binary executables that can fit on the 'utildisk' floppy and supplement the internal commands of Linux ;
    cp, dd, df, e2fsck, fdisk, ftp, gzip, ifconfig, libextfs.so.2, libextfs.so.2.4, lilo, liloconfig, ln, lost+found, mkdir, mke2fs, mkfs, mkfs.etx.2, mklost+found, mkswap, mv, netsat, nslookup, plipconfig, rdev, rmdir, swapon, swapoff, top, & useradd

    Editors, either vi or pico won't fit on the first 'utildisk' floppy, but could be needed to edit any config file.

    You can use dd to make backups with, dd if=/dev/fd0 of=backup.img bs=1k (if /dev/fd0 is your 3.5" floppy).
    restore backups with, dd if=backup.img of=/dev/fd0 bs=1k (if /dev/fd0 is your 3.5" floppy).

    Linux Firewall URL Reference & BookMark List

    Linux Firewall and Security Site
    ... Linux Firewall and Security Site Featuring Firewall LAN,

    the Linux Firewall Design Tool, the Firewall itself and LAN Security FAQ

    www.linux-firewall-tools.com/linux/ - 18k - Cached - Similar pages

    Creating A Linux Firewall Using the TIS (Trusted Information Systems) Firewall
    … Linux Journal #25- May 1996 ; Creating A Linux Firewall Using the TIS...
    www2.linuxjournal.com/lj-issues/issue25/1204.html - 28k -

    Trusted Information Systems Inc. (TIS) http://www.tis.com/ )


    The Firewall Toolkit (FWTK)

    http://www.greatcircle.com/lists/firewalls Brent Champan’s Great Circle

    Debian GNU/Linux Firewall
    ... This page is dedicated to a Debian GNU/Linux based Firewall system.
    www.weikert.de/debwall/ - 31k -

    Mason - the automated Firewall builder for Linux
    ... Recommended; Mason is a Linux based Firewall, but none like...
    ...interactively builds a Firewall using Linux' ipfwadm or ipchains...
    users.dhp.com/~whisper/mason/ - 20k -

    F F W – The Floppy Firewall, a Linux Firewall
    ... Turn an old 386 or 486 into a Linux based Firewall system, sans HardDrive.
    FFW - http://members1.chello.nl/~rvdoever/fwflop/

    F R P – Floppy Router Project , Linux based TCP/IP Router without a HardDrive.
    The F R P – Floppy Router Project, TCP/IP
    FRP is closely related to the FFW Floppy Firewall.


    L R P ; the Linux Router Project w/ Firewall
    ... This page is dedicated to the Linux Router Project based Firewall system.
    http://lrp.steinkuehler.net/ Linux Router Project ( Firewall & Bonus PPP dial-in )

    ZDNet: Help & How-To: Linux Firewall On A 486: A Guard-Penguin
    ...How-To install a Linux Firewall On A 486;

    www.zdnet.com/zdhelp/stories/main/0,5594,2503199,00.html - 45k –


    386 with 4 Meg of RAM or

    486 with 8 Megs of RAM or

    Pentium-1 with 16 megs of RAM

    2 Network Cards – ISA ; preferably matching ( Pentium –1 could use PCI or ISA NICs )

    1 Floppy Drive –

    Optional – 2nd Floppy or 40 / 80 Meg HardDrive

    Keyboard is Optional if CMOS RAM can be set for "NO Keyboard "

    Monitor Card – Can be omitted & ignored in most 386’s and some 486’s

    VGA Monitor Optional – ( Headless )

    Note: Standard output can be redirected to a COM1: or COM2: , & then use an old Dumb Terminal.

    PPP Router Option – One or Two 56K v.90 Modem’s configured on COM3 & COM4 if internal or

    COM1: & COM2: when using external modems.

    And it hurts to be cracked in the face !

    HardDrive based Firewall system using Slackware 7.0 or 7.1 or Debian 2.1 or 2.2

    16 Meg of RAM and 850 Meg, 1 gig or 1.2 gig harddrive minimum.

      Partition HardDrive as follows ( re; stu & goeffrey )

      Physical 1 ( hda1 ) ; /boot ; 8-10 Megabytes

      Physical 2 ( hda2 ); / ( swap type 82 ) = 2xRAM or 32 Megabytes

      Physical 3 ( hda3 ) ; / ( root ) = 250 Megabytes

      Physical 4 ( hda4 )- contains balance of drive these extended partitions

      1. Extended 4.1 ( hda5 ) ; /var = 100 Megabytes

      2. Extended 4.2 ( hda6 ) ; /tmp = 100 Megabytes


      3. Extended 4.3 ( hda7 ) ; /usr = 200-300 Megabytes

      4. Extended 4.4 ( hda8 ) ; /home = 5-10 Megabytes


      5. Extended 4.5 ( hda9 ) ; /usr/local = 0-100 Megabytes **

      6. Extended 4.6 ( hda10 ) ; /opt = 0-350 Megabytes **

      7. **The last two, hda9 & hda10 are not needed on a firewall system

      A UPS is optional, as properly configured system could lose power and should restart from floppy.
      You must choose floppy as the 1st device in the boot order in CMOS RAM settings )
      Always REMOVE the floppy after booting the FFW, so that diskette never gets hacked.
      Installing a Firewall, part #1 A Great article from LinuxWorld

      Installing a Firewall, part #2 of article

      Installing a Firewall, part #3 of article

      & Make sure your don't get hacked by this guy at ip # 127.0.01

      Linux vs. a SUN Solaris FireWall -

      System: Sun ( Solaris ) Type: SPARC or UltraSPARC system Memory: 128 MB of memory ( more is strongly recommended ) Disk Space:

      - Root: 64 MB
      - swap 256 MB (a minimum of two times the size of the physical memory)
      - /usr 600 MB (with at least 64 MB free space)
      - /var remaining space (500 MB minimum)

      Other Hardware: Access to CD-ROM drive supported by Solaris 2.6 if you intend to install the product from a CD Other Software:

      - Solaris software packages (required for installation)
      - Standalone System (do not select OS Server or Dataless Client)
      - Developer System Support (do not select End User System Support or Core System Support)
      - Latest Solaris recommended security patches

      - FireWall tools that come with most Linux distributions -

      ipchains IPCHAINS & Linux IP Firewalling Chains - http://www.linux.org/docs/ldp/howto/IPCHAINS-HOWTO-4.html
      More on IPCHAINS IPCHAINS Vunerability. - http://linuxtoday.com/stories/8272.html
      http://howto.tucows.com/LDP/HOWTO/IPCHAINS-HOWTO-2.htmlIPCHAINS Setup
      IP Filter - http://cheops.anu.edu.au/~avalon a TCP/IP packet filter, suitable for use in a firewall environment
      ftp://ftp.rustcorp.com/ipchains/ipchains-scripts-1.1.2.tar.gz Usefull Scripts for IPCHAINS
      http://service.real.com/firewall/index.html Firewall problems for Real Audio and other Streams
      ipfwadm - http://www.xos.nl/linux/ipfwadm utility to administer IP accounting and firewall services
      masqd - http://www.els.url.es/~si03786/masq.html a management utility for a Linux Firewall
      http://hoohoo.ncsa.uiuc.edu/ - The NCSA HTTPd FREE WEB daemon & security issues of http:// services
      http://www.roxen.com/ the ROXEN Free WebServer,... what NSCA turned into.
      SOCKS - http://www.socks.nec.com free proxy server and client from NEC using the SOCKS protocol
      SQUID - http://squid.nlanr.net/Squid a linux based WWW proxy application
      Firewall Mailing List & Archives - http://lists.gnac.net/firewalls

      Phoenix Adaptive Firewall uses state inspecting firewall for network and Internet security,

      The Phoenix Adaptive Firewall is the first ICSA certified firewall on linux distributions.

      It uses adaptive, state-analysis firewall technology with a java based gui for secure remote administration.

      http://www.stonebeat.com A leader in Secured Availability for networks and Internet security

      http://www.sniffer.com Sniffer from Network Associates ( McAfee ) http://www.nai.com makers of

      NetSheild for Linux ; http://www.mcafeeb2b.com and WebSheild at the NOC’s LAN Gateway http://www.mcafeeb2b.com/products/webshield-solaris/default.asp

      OPEN Source Firewalls

      Commercial Linux Firewalls

      Linux Appliance Roundup

      http://www.dilbert.com/comics/dilbert/archive The Dilbert Cartoon Archives

      ASP NOC Architecture Block Diagram

      1. Class "C" range to
      2. Router is a Netoupia – 5400 SDSL @ 1.5 MB/s symmetrical, IP # = 1
      3. firewall.mo-fo.net = Floppy Firewall IP # = 2
      4. NS1.mo-fo.net = Slackware 7.1 IP # = 3 – 17
      5. tucows.mci.com = IP # 18
      6. NS2.mo-fo.net = IP # 20