[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] Which firewall software for my RaQ 550?

Subject: RE: [cobalt-developers] Which firewall software for my RaQ 550?
From: BSmith@xxxxxxxxxxx
Date: Thu Sep 26 06:06:01 2002
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

-----Original Message-----
From: SarrCom.com - Reginald 
Subject: [cobalt-developers] Which firewall software for my RaQ 550?


Hi everyone,
Can someone advise me on which firewall software is recommended for the RaQ
550?  I don't want to spend thousands of dollars!  ;-)
Something I had a look at was RaQport's Cobalt Security Package V 3.1.0 /
full Firewall :
http://www.raqport.com/store/merchant.mv?Screen=PROD&Store_Code=R&Product_Co
de=Cobalt+Security+V+3.1.0&Category_Code=Security

Does anyone have any experience with that? It seems like a good product at
an acceptable price...
Brgds,
Reginald


_______________________________________________



Reginald,

I would say use the one that comes with it.  What?!?!?!  Sun actually puts a
firewall on it you say?  Sure, it is called IPTABLES.  I use it on mine at
home.  I even setup NAT.  What?!?!?!  Routing on a Raq 550?!?!  Sure.  Works
like a charm.  I also added DHCP server (comes with it, just configure it!)
and made one interface pull a DHCP IP address.  Wow ... you can do that too?
Sure! :)

Edit /etc/cron.hourly/log_traffic 

>>>>>>> and add this lines <<<<<<<<<<<
/sbin/firewall restart

right before

cat $STATUSFILE | awk '

Create a "firewall script" in any path with mods 0700 (chmod 0700 firewall)

And then  you can add the script name to your rc.local file so it runs on
boot up!  Isn't life grand!


BTW!!!  My eth0 is local, eth1 is "internet" ... This works for me, it may
NOT work for you.  You may need to modify it as such! 


Here is my "firewall script"

#!/bin/bash
# This is my firewall script for IPTABLES
# chkconfig: 345 98 10

case "$1" in 
        start)
                echo -n 'Starting Firewall: '
                echo 1 > /proc/sys/net/ipv4/ip_forward
                iptables -t nat --flush
                iptables -t filter --flush
                iptables -F acctin
                iptables -F acctout
                iptables -X acctin
                iptables -X acctout
                /etc/rc.d/init.d/iptables start   ## Needed because Sun does
some stuff for packet accounting!
                iptables -t filter -P INPUT DROP
                iptables -t filter -A INPUT -i eth0 -j ACCEPT
                iptables -t filter -A INPUT -i lo -j ACCEPT
                iptables -t filter -A INPUT -m state --state
RELATED,ESTABLISHED -j ACCEPT
                iptables -t filter -A INPUT -p tcp -m tcp --dport 80 -j
ACCEPT
                iptables -t filter -A INPUT -p tcp -m tcp --dport 444 -j
ACCEPT
                iptables -t filter -A INPUT -p tcp -m tcp --dport 25 -j
ACCEPT
                iptables -t filter -A INPUT -p tcp -m tcp --dport 443 -j
ACCEPT
                iptables -t filter -A INPUT -p tcp -m tcp --dport 53 -j
ACCEPT
                iptables -t filter -A INPUT -p tcp -m tcp --dport 113 -j
ACCEPT
                iptables -t filter -A INPUT -p udp --dport 113 -j ACCEPT
                iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
                iptables -t filter -A INPUT -p tcp -m tcp --dport 22 -j
ACCEPT
                iptables -t filter -A INPUT -p tcp -m tcp --dport 113 -j
ACCEPT

		    
                # how to add NAT
                iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -j
MASQUERADE

		    # port forwarding!
                iptables -t nat -A PREROUTING -d x.x.x.x -p udp --dport 113
-j DNAT --to-dest y.y.y.y:113
                ;;
        stop)
                echo -n 'Stopping Firewall: '
                iptables -t filter -P INPUT ACCEPT
                iptables -t nat --flush
                iptables -t filter --flush
                iptables -F acctin
                iptables -F acctout
                iptables -X acctin
                iptables -X acctout
                /etc/rc.d/init.d/iptables start
                echo ' [OK]'
                ;;
        restart)
                $0 stop
                $0 start
                ;;
        status)
                # This shows the firewall ruleset!
                echo "********************"
                echo "* The Filter Table *"
                echo "********************"
                iptables -t filter --list -n
                echo
                echo "********************"
                echo "* The NAT Table *"
                echo "********************"
                iptables -t nat --list -n
                ;;
        *)
                echo 
                echo " Brian's Firewall v1.0 for IPTABLES"
                echo "****************************************"
                echo "Usage $0 (start, stop, restart, status)"
                echo
                echo " Start - Starts FW"
                echo " Stop - Stops FW"
                echo " Restart - Restart FW"
                echo " Status - Shows FW"
                echo
                ;;
esac

exit 0


Brian Smith 
CCNA, NCSA
Network Support Engineer
SOLUSERVE
       www.solunet.com
1571 Robert J. Conlan Blvd., Suite 110
Palm Bay, FL  32905
(888)449-5766
fax: (321)-676-1287

Follow-Ups:
- Re: [cobalt-developers] Which firewall software for my RaQ 550?
  - From: Ryan Verner

Prev by Date: Re: [cobalt-developers] Which firewall software for my RaQ 550?
Next by Date: Re: [cobalt-developers] Which firewall software for my RaQ 550?
Previous by thread: Re: [cobalt-developers] Which firewall software for my RaQ 550?
Next by thread: Re: [cobalt-developers] Which firewall software for my RaQ 550?

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index