RE: Home Solaris ISDN Firewall

[Chris Kimber <chris.kimber () lineone net>]

Thanks alot for the advice.

I dont really know why I want to get rid of my 
trusty old Pipeline. It's proberbly the best 
thing I have brought for my home network.

However, I would say that the main reason I wish
to 'build' a firewall / router / DOD server is so
that I can say that ive made it and so I know what
it's supposed to be letting in and out. At the 
moment the rules on the Pipeline are a bit restictive
and I can only have so many (6 i think) input/output
rules.

I also want the logging features that a software 
not hardware based router will allow.

I hope this helps a bit 
Chris



> X-Envelope-Sender: loomisg () cist saic com
> From: "Rip Loomis" <loomisg () cist saic com>
> To: "'Chris Kimber'" <chris.kimber () lineone net>
> Cc: <firewall-wizards () nfr net>
> Subject: RE: [fw-wiz] Home Solaris ISDN Firewall
> Date: Mon, 11 Sep 2000 09:04:15 -0400
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> X-Priority: 3 (Normal)
> X-MSMail-Priority: Normal
> Importance: Normal
> X-MIMEOLE: Produced By Microsoft MimeOLE V4.72.3612.1700
> X-UIDL: a4f8d5621be5b8fb7699a01ec129f75a
>
> Chris--
> Not sure what feature set was lacking in the
> Pipeline 75 that is causing you to get rid
> of it...especially since it's probably got
> better Dial-on-demand features than anything
> you can easily get running on Solaris.  To
> be honest, though, I've minimal experience
> with the ISDN pieces of this, and you might
> have better results with those questions on
> a different list.  I would try the Suns-at-home
> list, at http://www.net-kitchen.com/~sah/
> as a starting point.
>
> Now a few thoughts on the firewalling.  I'm
> assuming that you're trying to do this on the
> cheap for home, so the commercial firewalls
> aren't worth talking about in detail.
>
> IPChains is a linux-ism, which although I use
> it at home myself has significant limitations--
> specifically that is just a non-stateful
> packet filter.  It's also only for Linux, and
> you've specified Solaris 2.7.  For Solaris,
> I would strongly recommend Darren Reed's
> IPFilter ( http://coombs.anu.edu.au/~avalon/ )
> which is generally considered to be the best-
> of-breed freely available stateful packet
> filter software.  It is well supported on
> Solaris, and is integrated into the *BSD
> OSs.
>
> If you really want to run the SPARC 5 as a dedicated
> firewall box, you might look at putting OpenBSD
> on it.  OpenBSD is substantially more secure
> than Solaris in a default install, although it
> would mean some re-learning to understand the
> differences.  Assuming you're going to keep
> Solaris on the SPARC 5, take a look at the
> Titan scripts ( http://www.fish.com/titan/ ),
> which is principally by Brad Powell, Dan Farmer,
> and Matt Archibald.  Most, if not all, of the
> Titan scripts should be run on your Solaris
> installation before it's really secure enough
> to be even an el-cheapo firewall.
>
> If you're comfortable with Linux, then you could
> also run Linux on the SPARC 5--that should allow
> you to do the ISDN setup, dial-on-demand, and
> IPChains for a non-stateful packet filter...but
> I think that all you've accomplished then is
> to duplicate the capabilities of your Pipeline 75.
> As I implied above, the real question is "what
> functionality is the Pipeline 75 lacking?"  Once
> you can answer that question (and tell us the
> answer), then it becomes easier to recommend a
> solution set.
>
> Rip Loomis             Voice Number: (410) 953-6874
> --------------------------------------------------------
> Security Engineer
> Center for Information Security Technology
> Science Applications International Corporation
> http://www.cist.saic.com
>
>
>
> > -----Original Message-----
> > From: firewall-wizards-admin () nfr net
> > [mailto:firewall-wizards-admin () nfr net]On Behalf Of Chris Kimber
> > Sent: Sunday, September 10, 2000 12:05 PM
> > To: firewall-wizards () nfr net
> > Subject: [fw-wiz] Home Solaris ISDN Firewall
> >
> >
> > Hi everybody. For many years I have jused an External 
> > Pipeline 75 Router as my 
> > Firewaal/Dial on Demand Connection to the Internet. 
> >
> > I have however (im my wisdom :->) decided to get rid of my 
> > aging router and turn 
> > an old sparc5 into my firewall and DOD router. It will be 
> > running Solaris 2.7 
> > sun ISDN scsi card.
> >
> > I need some help with the actual software. Can I use ipchains 
> > like linux or is 
> > their something better? How do I set up the ISDN ppp dialup? 
> > How can I make my 
> > box dial on demand? 
> >
> > Any help would be much appreciated. 
> > Thanks in advance
> > Chris Kimber
> >
> > :wq!
> >
> >
> >
> > _______________________________________________
> > Firewall-wizards mailing list
> > Firewall-wizards () nfr net
> > http://www.nfr.net/mailman/listinfo/firewall-wizards


:wq!



_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards