Bits & Pieces for Linux firewall?

Setup an ebox system:
http://ebox-platform.com/

Then use the mail server it comes with as your local mail server.. you can tie it into your normal mail server by setting up a fetchmail script to pull the mail to the local server.

It also acts as a gateway, content filtering, firewall, windows file shares, jabber server, etc.

Its pretty easy to setup.
 
AirWolf, you either got zapped by lightning or Telkom worked on your exchange :D Sounds like you have a dead NIC or modem
 
The_Librarian said:
@ wiz - there's always a new linux distro out... thanks for the linky :)


*toddles off to have a shufty at ebox*
Click to expand...

Its just a collection of packages with a great web 2 management system. If you wanna see a live example I can show you what it does.

Mine runs on ubuntu, have them in a couple of places and they dont give me hassles.
 
What diagnostics did you run on the Smoothwall box? I would also venture a guess and put my money on a dead nic or modem.
 
The_Librarian said:
@ Airwolf - sounds like a flaky NIC you've got there... have you swapped out your network cards?
Click to expand...

That did come to mind. I'm using the network port on the motherboard and a pci network card.

When I opened up the machine to swop the pci card into another slot, I noticed how dirty the heat sink and cpu fan were, so I stripped it.

The cpu was actually stuck on to the heat sink. Will get some thermal paste today, and will put the machine back together again on Monday.
 
3GHz P4 is overkill for a proxy server! Even a P166 works, provided you give it a nice chunk of RAM.

What I don't like about Smoothwall is that it is not very extendible.

Kasyx said:
eugh. Smoothwall.

Build it yourself:

Hardened Gentoo + iptables.

As for mail, use postfix (sendmail is outdated and crappy), and possibly fetchmail to have the server automatically collect all external mail as well.
Click to expand...

I've set up a few Gentoo servers as firewall/proxy/mail/dns/file servers and it is not that hard.

I've only used qmail for serving email. Here is a nice howto which includes support for IMAP (Courier-IMAP), webmail (Horde) and virus scanning (ClamAV).

Squid could be used as a caching proxy server, to speed up (or slow down if you want to - DelayPools) internet access. You could use AdZapper to remove some advertising. If you are worried about people accessing websites they shouldn't, you could install Dansguardian. It has different types of blocking that you could enable/disable to for instance allow p0rn but block sites of a violent nature.

I usually use the arno-iptables-firewall package for the firewall, dnsmasq for DHCP/DNS and Samba for windows file sharing.

If you don't want to install this on the PC, you could always install it inside VirtualBox and then dd (copy) to a physical partition later on, should you decide to keep it.

Even though I've done this many times, it would probably take me a weekend to get a system like this up. If you don't have the time, don't bother. There are a few Gentoo users on this forum and the Gentoo community is always helpful.
 
w1z4rd said:
Setup an ebox system:
http://ebox-platform.com/

Then use the mail server it comes with as your local mail server.. you can tie it into your normal mail server by setting up a fetchmail script to pull the mail to the local server.

It also acts as a gateway, content filtering, firewall, windows file shares, jabber server, etc.

Its pretty easy to setup.
Click to expand...

I checked the website now - looks very interesting w1z4rd - thanks for the link:).
 
Smoothwall back up after swopping network card into different slot.

I so wanted to try out the e-box on Ubuntu Hardy, but the Smoothwall machine is the only free machine to do it on - decisions, decision:D.
 
carudden said:
Hugs my problem-free ClarkConnect box. Everything works out the box!

Mail
Caching
VPN
Printing
File Shares
Usage Reports

need I say more!
Click to expand...

Okay, cause it was mentioned a couple of times here, I have downloaded and installed clarkconnect.

FYI, Its running fine on a P2 400mhz with 128mb of RAM.

Im really liking it, but one thing is a little confusing for me. Where do you set the domain for the mail? Or is that tied into your hostname?
 
Ok, I installed Hardy and eBox.
Set the hostname to 192.168.0.1
I've got the one network card connected to the ADSL router and internet is working.
The second card is connected to a switch.
I've got one other pc on the switch for now (the balance of the network is still connected directly to the ADSL router).

I'm trying to log into the eBox from the 2nd pc using:
https://192.168.0.1/eBox
but I don't seem to be getting in.

Am I supposed to manually assign the ip to the second network card in the ebox?
 
w1z4rd said:
Okay, cause it was mentioned a couple of times here, I have downloaded and installed clarkconnect.

FYI, Its running fine on a P2 400mhz with 128mb of RAM.

Im really liking it, but one thing is a little confusing for me. Where do you set the domain for the mail? Or is that tied into your hostname?
Click to expand...

Okay, clarkconnect is gay if you have more than 10 users. Their pricing is stupid: https://secure.clarkconnect.com/webapp/store.jsp

R150 a year for 5 mailboxes liscences?
 
I managed to get into the eBox CP, but haven't yet got all the settings right --> internal pc receives ip from eBox, but can't connect to internet. Also the hard drive is starting to make a strange spinning noise:(.
 
Last edited:
AirWolf said:
I managed to get into the eBox CP, but haven't yet got all the setings right --> internal pc receives ip from eBox, but can't connect to internet. Also the hard drive is starting to make a strange spinning noise:(.
Click to expand...

What are you using ebox for? If its as a firewall I think it needs two network cards (has on all of mine).

The way I setup an ebox is something like this:


ADSL Router---> WAN NIC--->Ebox--->LAN NIC

My ADSL router hands out IP and dns settings to the WAN facing network card which is set to accept DHCP settings from the router.

Ebox then filters the connection with its firewall.

On the LAN side I set a static IP, which hands our DHCP settings to the clients on the network.

Do you have two network cards? not sure how to do it with one network card. I remember when I setup my Ebox, it let me choose which card was facing WAN side, and which card was facing LAN side.
 
w1z4rd said:
What are you using ebox for? If its as a firewall I think it needs two network cards (has on all of mine).

The way I setup an ebox is something like this:


ADSL Router---> WAN NIC--->Ebox--->LAN NIC

My ADSL router hands out IP and dns settings to the WAN facing network card which is set to accept DHCP settings from the router.

Ebox then filters the connection with its firewall.

On the LAN side I set a static IP, which hands our DHCP settings to the clients on the network.

Do you have two network cards? not sure how to do it with one network card. I remember when I setup my Ebox, it let me choose which card was facing WAN side, and which card was facing LAN side.
Click to expand...

Yes it does have 2 NIC - one pci and the other standard on MB. Will tinker a bit tomorrow again.
 
w1z4rd said:
What are you using ebox for? If its as a firewall I think it needs two network cards (has on all of mine).

The way I setup an ebox is something like this:


ADSL Router---> WAN NIC--->Ebox--->LAN NIC

My ADSL router hands out IP and dns settings to the WAN facing network card which is set to accept DHCP settings from the router.

Ebox then filters the connection with its firewall.

On the LAN side I set a static IP, which hands our DHCP settings to the clients on the network.

Do you have two network cards? not sure how to do it with one network card. I remember when I setup my Ebox, it let me choose which card was facing WAN side, and which card was facing LAN side.
Click to expand...

I had it set up as above, but couldn't come right:(

I'm back to a Smoothwall:).

Two problems that have come up on Smoothwall:
1. The goes back two hours every time I reboot it.
2. The webproxy list doesn't show the ip of the machine accessing a particular site, but just the green ip of the Smoothwall itself.

The log for DHCP server shows:

Code: 
06:12:54 dhcpd Internet Systems Consortium DHCP Server V3.0.5
06:12:54 dhcpd Copyright 2004-2006 Internet Systems Consortium.
06:12:54 dhcpd All rights reserved.
06:12:54 dhcpd For info, please visit http://www.isc.org/sw/dhcp/
06:12:54 dhcpd Wrote 8 leases to leases file.
06:12:54 dhcpd Listening on LPF/eth0/00:0c:76:b2:ac:28/192.168.0/24
06:12:54 dhcpd Sending on LPF/eth0/00:0c:76:b2:ac:28/192.168.0/24
06:12:54 dhcpd Sending on Socket/fallback/fallback-net
06:12:54 dhcpd DHCPINFORM from 192.168.0.96 via eth0: not authoritative for subnet 192.168.0.0
06:12:54 dhcpd If this DHCP server is authoritative for that subnet,
06:12:54 dhcpd please write an `authoritative;' directive either in the
06:12:54 dhcpd subnet declaration or in some scope that encloses the
06:12:54 dhcpd subnet declaration - for example, write it at the top
06:12:54 dhcpd of the dhcpd.conf file.
06:12:59 dhcpd DHCPINFORM from 192.168.0.96 via eth0: not authoritative for subnet 192.168.0.0
06:19:35 dhcpd Internet Systems Consortium DHCP Server V3.0.5
06:19:35 dhcpd Copyright 2004-2006 Internet Systems Consortium.
06:19:35 dhcpd All rights reserved.
06:19:35 dhcpd For info, please visit http://www.isc.org/sw/dhcp/
06:19:35 dhcpd Wrote 8 leases to leases file.
06:19:35 dhcpd Listening on LPF/eth0/00:0c:76:b2:ac:28/192.168.0/24
06:19:35 dhcpd Sending on LPF/eth0/00:0c:76:b2:ac:28/192.168.0/24
06:19:35 dhcpd Sending on Socket/fallback/fallback-net
06:47:21 dhcpd Internet Systems Consortium DHCP Server V3.0.5
06:47:21 dhcpd Copyright 2004-2006 Internet Systems Consortium.
06:47:21 dhcpd All rights reserved.
06:47:21 dhcpd For info, please visit http://www.isc.org/sw/dhcp/
06:47:21 dhcpd Wrote 8 leases to leases file.
06:47:21 dhcpd Listening on LPF/eth0/00:0c:76:b2:ac:28/192.168.0/24
06:47:21 dhcpd Sending on LPF/eth0/00:0c:76:b2:ac:28/192.168.0/24
06:47:21 dhcpd Sending on Socket/fallback/fallback-net

I have the following mods installed:
Dansguardian
URLfilter
Advanced Proxy
Smoothinfo
Clamav-0.94
 
Sorted:)

1. Changed time in bios instead of Smoothwall browser interface.
2. Seemed to be a problem with URLfilter being "locked" up. Might have been a conflict between URLfilter and DansGuardian. DansGuardian stopped working, and problem solved.
 
Last edited:
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X