Mike Petersen

Network Admin, Technical Writer, Programmer, GNU/Linux Fan, etc.

• Home Page
• Documents
  • Deploying Suse Linux Enterprise Server
  • Samba Server Information & Guides
  • GNU/Linux Guides
  • Networking Related Guides
  • Misc Articles I wrote
• Downloads
  • Custom Built GNU/Linux Packages
  • NIMA Virtual Machine
  • Windows SPE Templates for Samba
  • Various Network Utilities I created
  • Misc Code
• Misc / FAQS
  • Contact Information
  • GNU/Linux FAQs
  • Network Admin FAQs
  • My Resume

Mandrake 10.1 as a Firewall

Download this article as a PDF

• Introduction and Overview
• Installation
• Configuration Using the Web Interface
• Basic Web Services
• Testing and Enhancing Your Firewall

Testing and Enhancing your Firewall

Testing your Firewall

One of the final things you should do before implementing a firewall solution is to ensure you fully test it to make sure it does what it is supposed to. You should run these tests on both sides of the firewall, the Internet side, as well as the LAN side. In order to properly test your firewall, there are a few applications available. The first application you should use would be a port scanner to ensure your firewall rules are in place. The most popular port scanner, NMAP is available for nearly any Operating System at http://insecure.org/nmap.

Another other tool that you should run on your firewall would be a vulnerability scanner. These tools will scan your server for known vulnerabilities, such as ones "script kiddies" would take advantage of. You can get a good vulnerabilitiy scanner called Nessus for Linux/Unix based machines from http://www.nessus.org.

Enhancing your Firewall

One of the great things about utilizing Mandrake Linux 10.1 for your firewall is the fact that there are so many packages available for it. It is very simple to add additional tools that would be beneficial for you run. A few of them would be:

ntop- Network traffic probe - this package is accessed through a web interface. Once installed you must ensure that the "/usr/share/ntop" directory has correct permissions, then add the following to /etc/sysconfig/ntop - extra_args="-i eth0,eth1 -M" to allow ntop to monitor both network interfaces. Then simply open http://ipaddress:3000 in your browser to utilize the program.

mrtg- Multi Router Traffic Grapher will monitor the traffic load on your firewall, also available through a web interface.

netwatch- terminal based network watching program. Simply type in "netwatch -e eth1" at a prompt to watch all the traffic going through your LAN interface.

All of these packages can be easily installed by running a "urpmi packagename", then after they are configured you will be able to take advantage of the software. There are hundreds other packages you could take advantage of, such as squid-log analyzers, packet sniffers, etc., all of these are only an urpmi away.

Note: It is extremely easy to add additional services to your firewall, such as a Mail, FTP or a Web Server, however, it is strongly discouraged to run anything but the "bare minimum" services on a firewall computer.

Conclusion

A firewall is one of the first things that you must consider when securing a network. There are many products available to handle this job, ranging from "Linux on a floppy" firewalls and low-cost "home firewall" devices, all the way to highly expensive Cisco Pix firewalls. However, if you want full functionality, Mandrake offers an easy to use web interface coupled with all the features you could want in a firewall (including VPN services), plus the expandability that comes with a complete commercial Linux distribution. All for a price that will not break your budget.

article by Mike Petersen
(mpetersen71@gmail.com)