RE: why isn't there a newer linux fw-howto

["Paul D. Robertson" <proberts () clark net>]

On Tue, 29 Sep 1998, Andy Burns wrote:

> I have a similar setup at home, except i'm using the MS version of "Hack-Me"
> (Proxy 2.0).
> I'd love to learn linux and switch, but it scares me to death...  (the
> unknown).  My unix level skills are greatly lacking.  I can and have install
> a few different Unix based OS's, to include adding users, change rights and
> the like, but that is where my ability stops...

If you're willing to do a lot of reading, it's not difficult to get any 
*nix system reasonably secure.  There are several "how to secure Unix" 
Web sites out there, none of them difficult to find, and a lot of them 
quite useful.  For Linux, you'll probably also find the Network Admin 
Guide very useful for understanding how to configure basic networking 
services, it's available on any Linux Documentation Project site, and on 
disk with RedHat and probably other distributions.

> Is this "RedHat" version easy enough for a beginner such as myself to do
> what appears to be an advanced configuration issue? (i.e., firewall/proxy)

Which distribution you use is pretty much immaterial (though I'd stick to 
RedHat, Debian, Caldera or SuSe), the packet filtering firewall code is in the
kernel and works the same way on all of them.  Adding proxies generally 
consists of grabbing the code from somewhere (Apache, TIS, wherever), 
uncompressing it, untarring it reading a file called "INSTALL" then typing 
"make;make install" or "./configure;make;make install" (though there may be 
some editing involved).  Setting up the firewall code, at least for the 
ipfw stuff is fairly well laid out at http://www.xos.nl/linux/ipfwadm/ 
if you follow all the links.  It's been pointed out that ipchains have 
replaced ipfw in the development kernels, follow those pointers for more 
info on that.

Masquerading takes about 3 lines in a file to set up, granular packet 
filtering is a little more involved.  

> I supposed there must be a Linux for dummies out there.... I did install
> Linux once from the SAM's book, and I still have it, but I hear it's much
> better (and easier) since then (Late 1995).

RH 5.1 is an easy install other than figuring out which packages to 
select.  The Linux Security Audit team seems to be in full-swing, so 
you'll see *lots* of updated packages on RedHat's errata pages, it's best 
to grab the fixed ones for services you may use on the box.

> At any rate, any information/pointers in the right direction would be
> greatly appreciated... except the ones from those who see themselves far
> above my mental capacity and want me to take my non-Unix brain and leave the
> bless-ed list... I think we've seen plenty of that here lately...  :)

At this point, you're probably better off going to Linux newsgroups for 
further assistance, since that's why they were created.  I'm not even 
sure this is in-charter for firewall-wizards.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () clark net      which may have no basis whatsoever in fact."
                                                                     PSB#9280