[Ham-Linux] firewall/router

Bob McConnell rmcconne at lightlink.com
Sun Nov 13 08:18:57 EST 2005 

Jonathan Thawley, KC8CPW wrote:
>  
> I'm trying to setup my linux box to be my firewall and router...  I do have
> 2 NICs installed....  
>  
> specifically which programs do I need to use to bridge those 2 NIC cards
> together so that I can access the internet
>  
> I believe that I also need the DHCP server or something like that running...
> what is the correct service name for that tool??
>  
> also, I need to know how to open up specific ports, such as those for
> EchoLink, etc, etc...
>  
> I also have SeLinux installed (I think that's what it's called) not sure
> what to do with it...
>  
> I'm using TAO LINUX.... www.taolinux.org  it's based off of red hat....
>  
> and ideas or suggestions are appreciated.
>  
>  
> Jonathan/KC8CPW
> 

Jonothan,

There is a firewall HOWTO that lists all of the details.

Look up Shorewall and M0n0wall for packages that are already optimized 
for that purpose. I am preparing to switch my old Slackware based 
firewall over to M0n0wall in the very near future.

In short form, you need dhcpcd on the external NIC to get address info 
from the ISP. Then dnsmasq or equivalent on the inside to propagate that 
info and provide DHCP services for your computers. The kernel has to be 
compiled with firewall options turned on, and iptables or ipchains are 
the current management options.

If you want to connect from the external side for updates and 
maintenance you need SSH, and I strongly recommend using the public key 
authentication and disable passwords. To do that, you need to generate a 
key pair, put the public half on the server and copy the private half 
onto the computer you will be connecting from. Or just keep a copy on a 
USB flash disk so you can read it into any machine with an SSH client. 
Just don't leave that lying around, and make sure you remove the key 
file from any computer you copy it into. In this case, you will also 
want to regenerate key pairs periodically, just as you would change your 
password every few months on any other system.

The SELinux (Security Enhance) patches are the product of NSA. They 
reconfigure the kernel for maximum security as the base, and then you 
need to open whichever doors you want for your needs.

I'm purely a Slackware user, and have been for 12 years, so I don't know 
how the other packages differ from that.

HTH,

Bob McConnell
N2SPP

More information about the Ham-Linux mailing list