Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Operating Systems

In Operating Systems:
News
Reviews
Features
How-tos
Slideshows

Top How-Tos / Advice articles

Protecting Linux servers

How to track down the right Linux firewall for your circumstances

By Ron Nutter, Network World Fusion | Network World US | Published: 01:00, 21 September 2004

You are starting to move your company to Linux as the server platform of choice. With the seemingly continual stream of alerts about the different hacks possible, you know that you should put some type of firewall in place to protect the servers. However, finding the right ones from the myriad of choices available can be tough.

Linux has firewall functionality in it by the name of iptables. While there is some documentation on the man pages on how to set this up, there are also several books on the market that go into further detail. Take a look at Linux Firewalls by Robert Ziegler. Another reference that you should have in your library is Linux IP Tables by Joe Dupnik and the folks at Mindworksuk.com. This CD, while not a cookbook or exhaustive technical reference, will help get you thinking in the manner that will make the process of going to iptables as painless as possible. A nice utility included in the package is a KDE GUI that will make the process even more streamlined to deal with and even give you some limited network monitoring ability in the process.

Depending on how many servers you have, you can implement iptables on each server as appropriate for the services running on each particular server. This means that you will need to maintain a firewall on each server that you implement iptables on. This will work well if you only have a small number of servers.

But if you have a lot of servers, it probably makes sense to go with a central firewall -- with a single central iptable configuration -- that all workstations on your network will go through to reach a particular server. With this approach, however, be sure the firewall server can handle all the traffic going through it from all the devices on your network. And make sure the server is reliable, because if it crashes, you'll either need to switch to a backup firewall server or you'll have to do some quick reconfiguring of all the servers it's protecting to answer workstation requests directly.

Another approach is to use one of the bootable firewall distros that you will find on sourceforge.net and other sites. With some of these distributions, you can save the firewall config to a floppy or USB memory key - letting you quickly set up new or replacement firewalls. Since you're new to Linux, this approach might make more sense initially, because you won't need to spend as much time getting up to speed on both Linux and iptables. Or you could just use one of the commercially available firewalls to provide this functionality until you are ready to make the move to iptables.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.