Firewall Wizards mailing list archives
RE: Home Solaris ISDN Firewall
From: Chris Kimber <chris.kimber () lineone net>
Date: Mon, 11 Sep 2000 16:13:56 +0100 (BST)
Thanks alot for the advice. I dont really know why I want to get rid of my trusty old Pipeline. It's proberbly the best thing I have brought for my home network. However, I would say that the main reason I wish to 'build' a firewall / router / DOD server is so that I can say that ive made it and so I know what it's supposed to be letting in and out. At the moment the rules on the Pipeline are a bit restictive and I can only have so many (6 i think) input/output rules. I also want the logging features that a software not hardware based router will allow. I hope this helps a bit Chris
X-Envelope-Sender: loomisg () cist saic com From: "Rip Loomis" <loomisg () cist saic com> To: "'Chris Kimber'" <chris.kimber () lineone net> Cc: <firewall-wizards () nfr net> Subject: RE: [fw-wiz] Home Solaris ISDN Firewall Date: Mon, 11 Sep 2000 09:04:15 -0400 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal Importance: Normal X-MIMEOLE: Produced By Microsoft MimeOLE V4.72.3612.1700 X-UIDL: a4f8d5621be5b8fb7699a01ec129f75a Chris-- Not sure what feature set was lacking in the Pipeline 75 that is causing you to get rid of it...especially since it's probably got better Dial-on-demand features than anything you can easily get running on Solaris. To be honest, though, I've minimal experience with the ISDN pieces of this, and you might have better results with those questions on a different list. I would try the Suns-at-home list, at http://www.net-kitchen.com/~sah/ as a starting point. Now a few thoughts on the firewalling. I'm assuming that you're trying to do this on the cheap for home, so the commercial firewalls aren't worth talking about in detail. IPChains is a linux-ism, which although I use it at home myself has significant limitations-- specifically that is just a non-stateful packet filter. It's also only for Linux, and you've specified Solaris 2.7. For Solaris, I would strongly recommend Darren Reed's IPFilter ( http://coombs.anu.edu.au/~avalon/ ) which is generally considered to be the best- of-breed freely available stateful packet filter software. It is well supported on Solaris, and is integrated into the *BSD OSs. If you really want to run the SPARC 5 as a dedicated firewall box, you might look at putting OpenBSD on it. OpenBSD is substantially more secure than Solaris in a default install, although it would mean some re-learning to understand the differences. Assuming you're going to keep Solaris on the SPARC 5, take a look at the Titan scripts ( http://www.fish.com/titan/ ), which is principally by Brad Powell, Dan Farmer, and Matt Archibald. Most, if not all, of the Titan scripts should be run on your Solaris installation before it's really secure enough to be even an el-cheapo firewall. If you're comfortable with Linux, then you could also run Linux on the SPARC 5--that should allow you to do the ISDN setup, dial-on-demand, and IPChains for a non-stateful packet filter...but I think that all you've accomplished then is to duplicate the capabilities of your Pipeline 75. As I implied above, the real question is "what functionality is the Pipeline 75 lacking?" Once you can answer that question (and tell us the answer), then it becomes easier to recommend a solution set. Rip Loomis Voice Number: (410) 953-6874 -------------------------------------------------------- Security Engineer Center for Information Security Technology Science Applications International Corporation http://www.cist.saic.com-----Original Message----- From: firewall-wizards-admin () nfr net [mailto:firewall-wizards-admin () nfr net]On Behalf Of Chris Kimber Sent: Sunday, September 10, 2000 12:05 PM To: firewall-wizards () nfr net Subject: [fw-wiz] Home Solaris ISDN Firewall Hi everybody. For many years I have jused an External Pipeline 75 Router as my Firewaal/Dial on Demand Connection to the Internet. I have however (im my wisdom :->) decided to get rid of my aging router and turn an old sparc5 into my firewall and DOD router. It will be running Solaris 2.7 sun ISDN scsi card. I need some help with the actual software. Can I use ipchains like linux or is their something better? How do I set up the ISDN ppp dialup? How can I make my box dial on demand? Any help would be much appreciated. Thanks in advance Chris Kimber :wq! _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
:wq! _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Home Solaris ISDN Firewall Chris Kimber (Sep 12)
- RE: Home Solaris ISDN Firewall Rip Loomis (Sep 12)
- <Possible follow-ups>
- RE: Home Solaris ISDN Firewall Chris Kimber (Sep 12)
- RE: Home Solaris ISDN Firewall Mills, Craig (Sep 12)