Mandrake 8.2 w/DSL

[Guest sonar732]

Hello,

 

A friend of mine gave me his Mandrake 8.2 and I was wondering what would be the best way to set it up as a firewall for 3 Windows machines thru verizon's dsl service. They provide an external modem if you are wondering.

 

modem->

Mandrake 8.2 firewall->

Belkin 4-port switch->WXP applications box-WXP Gaming box->W98SE Dos gaming box

 

Most of the post currently here are for up to date versions of Mandrake and that's why I posted this.

 

Thanks!

Edited August 27, 2004 by sonar732

[Crashdamage]

As it is probably the most stable version of Mandrake (or almost any other distro) ever, 8.2 should work very well for firewalling. The posts you've seen for later versions basically apply the same to 8.2, but 8.2 has the big advantage of including the most excellent Bastille firewall/security appliction. For some reason Bastille was not included with Mandrake after 8.2, although it is still under active developement. 8.2 came with Bastille 1.2, which is fine, but 2.0 (2.1?) is the current release. It can be installed on later versions of MDK with a minor hack. For a firewall though, 8.2 and Bastille 1.2 is just fine.

 

In a nutshell...

 

1. Install 2 nic cards in the 8.2 box. Make the one connected to the 'Net eth0, the other eth1.

 

2. Install the Bastille package from the 8.2 CDs. As root, run "Interactive Bastille" from a terminal (without the quotes, but with the caps). Read the simple directions and answer the questions using #3 below for a guide. Bastille will not only configure iptables, IP masqurading and NAT for firewalling, but also let you easily configure many other Linux system permissions and security features and really lock up things tight. Be careful not to make it TOO tight...

 

3. Configure eth0 normally as required by your ISP. Plug the Belkin switch into eth1. Give the Windoze machines static IPs (such as 192.168.0.1, 192.168.0.2, etc.) A subnet mask of 255.255.255.0 is fine. Aim the Windows boxes at eth1 for their 'Net connection. You now have the tender asses of your M$ boxes well-protected.

 

I would also highly recommend installing and configuring the Portsentry package. With Bastille and Portsentry both running and properly configured you have very effective security without having to sacrifice any useablity.

[Guest sonar732]

I would also highly recommend installing and configuring the Portsentry package.  With Bastille and Portsentry both running and properly configured you have very effective security without having to sacrifice any useablity.

<{POST_SNAPBACK}>

 

How do I configure Portsentry?

[Guest sonar732]

I started to configure the internet connection and found out thru the manager that my Netgear PCI NIC card wasn't recognized. Figures.

[Crashdamage]

Configuration of Portsentry can get a little more complicated than easy-as-pie Bastille. Worth it though, Portsentry is very good. Best thing I can tell you here is, after you install Portsentry go to /usr/share/doc/portsentry-1.1 and do a little reading there, particularly to the /README.install file. No doubt www.google/linux will find more help for you if you need more explanation.

 

As for your Netgear nic card, well, we could get into a long discussion troubleshooting installation. But screw all that - simplify your life and just trash the friggin' thing or stick it in a Winshaft box. For Linux, get a 3Com 3C905B or 3C905C card ($12-15) or a Realtek 8139-based card ($5-10). Most off-brand cards are based on the Realtek 8139 chipset. I bought half a dozen D-Link 8139-based cards for $5 each a while back. 3Com 905 or Realtek 8139-based cards are always properly recognized and configured by almost any Linux (or Windoze) machine. The 3Com cards usually have better thoughput speed so it's the best choice for a LAN where speed is a serious consideration. But the Realtek is plenty fast enough for most oridinary use or any WAN connection (i.e. cable, DSL).