Table of Contents
Firewall and Proxy Server HOWTO................................................................................................................1
1. Introduction..........................................................................................................................................1
2. Understanding Firewalls......................................................................................................................1
3. Firewall Architecture ..........................................................................................................................1
4. Setting up the Linux Filtering Firewall ...............................................................................................1
5. Software requirements.........................................................................................................................1
6. Preparing the Linux system.................................................................................................................1
7. IP filtering setup (IPFWADM)............................................................................................................2
8. IP filtering setup (IPCHAINS).............................................................................................................2
9. Installing a Transparent SQUID proxy................................................................................................2
10. Installing the TIS Proxy server..........................................................................................................2
11. The SOCKS Proxy Server.................................................................................................................2
12. Advanced Configurations..................................................................................................................2
13. Making Management Easy................................................................................................................2
14. Defeating a Proxy Firewall................................................................................................................2
15. APPENDEX A − Example Scripts....................................................................................................2
16. APPENDEX B − An VPN RC Script for RedHat.............................................................................2
1. Introduction..........................................................................................................................................3
1.1 Feedback............................................................................................................................................3
1.2 Disclaimer .........................................................................................................................................3
1.3 Copyright...........................................................................................................................................3
1.4 My Reasons for Writing this..............................................................................................................4
1.5 Further Readings................................................................................................................................4
2. Understanding Firewalls......................................................................................................................4
2.1 Firewall Politics.................................................................................................................................5
How it create a security policy...................................................................................................5
2.2 Types of Firewalls..............................................................................................................................5
Packet Filtering Firewalls...........................................................................................................6
Proxy Servers..............................................................................................................................6
Application Proxy.......................................................................................................................6
SOCKS Proxy.............................................................................................................................7
3. Firewall Architecture ..........................................................................................................................7
3.1 Dial−up Architecture.........................................................................................................................7
3.2 Single Router Architecture................................................................................................................7
3.3 Firewall with Proxy Server................................................................................................................7
3.4 Redundent Internet Configuration.....................................................................................................8
4. Setting up the Linux Filtering Firewall ...............................................................................................8
4.1 Hardware requirements......................................................................................................................9
5. Software requirements.........................................................................................................................9
5.1 Selecting a Kernel..............................................................................................................................9
5.2 Selecting a proxy server.....................................................................................................................9
6. Preparing the Linux system...............................................................................................................10
6.1 Compiling the Kernel.......................................................................................................................10
6.2 Configuring two network cards.......................................................................................................11
6.3 Configuring the Network Addresses................................................................................................11
6.4 Testing your network.......................................................................................................................13
6.5 Securing the Firewall.......................................................................................................................14
7. IP filtering setup (IPFWADM)..........................................................................................................15
8. IP filtering setup (IPCHAINS)...........................................................................................................17
9. Installing a Transparent SQUID proxy..............................................................................................19
10. Installing the TIS Proxy server........................................................................................................19
10.1 Getting the software.......................................................................................................................19
10.2 Compiling the TIS FWTK.............................................................................................................19
10.3 Installing the TIS FWTK ..............................................................................................................19
10.4 Configuring the TIS FWTK...........................................................................................................19
The netperm−table file..............................................................................................................20
The /etc/services file.................................................................................................................23
11. The SOCKS Proxy Server...............................................................................................................23
11.1 Setting up the Proxy Server...........................................................................................................23
11.2 Configuring the Proxy Server........................................................................................................23
The Access File.........................................................................................................................23
The Routing File.......................................................................................................................24
11.3 Working With a Proxy Server........................................................................................................25
Unix..........................................................................................................................................25
MS Windows with Trumpet Winsock......................................................................................25
Getting the Proxy Server to work with UDP Packets...............................................................26
11.4 Drawbacks with Proxy Servers......................................................................................................26
12. Advanced Configurations................................................................................................................26
12.1 A large network with emphasis on security...................................................................................27
The Network Setup...................................................................................................................27
The Proxy Setup........................................................................................................................28
13. Making Management Easy..............................................................................................................29
13.1 Firewall tools...........................................................................................29
.1..3...2. ..G..e..n..e..r.a..l. .t.o..o..l.s.....................................................................................30
15.1 RC Script useing GFCC.................................................................................................................30
15.2 GFCC script...................................................................................................................................31
15.3 RC Script without GFCC This is the firewall rules set built my hand. It does not use GFCC......32
16. APPENDEX B − An VPN RC Script for RedHat...........................................................................36
