Router + firewall + NIDS questions
Warren Togami
warren at togami.com
Sat Aug 25 23:02:52 PDT 2001
Router + firewall + NIDS questionsFor the software setup, it sounds that you
want IP masquerading with a more powerful ruleset, logging and monitoring
tools than a single floppy can do alone. Using Linux kernel 2.4
Netfilter/iptables and Snort should be all you need. Optionally you could
use ntop or Netsaint, but that may create too much overhead on your
firewall.
This guide that I wrote a while back is almost exactly what you need in the
Netfilter configuration. The latest version of MonMotha's script has some
serious improvements and features like TCP/UDP range forwarding.
http://www.mplug.org/phpwiki/index.php?BasicFirewallRouter
Unfortunately, it is currently not possible to secure 802.11b wireless
networking with built-in WEP alone. It is now fairly trivial for anyone to
find an 802.11 network, and passively listen to packets for a few hours in
order to derive the WEP master key with which they have full access to your
network. They can then sniff all your traffic, hijack TCP/IP connections,
spoof packets or use your Internet connection with ease. The only way to
secure a wireless network is to use some sort of VPN encrypted &
authenticated connections between the client and server. I'm working on
free ways of doing this for many types of clients (Windows, Linux, MacOS9
and X) for Mid-Pac, writing a paper on the subject and perhaps a toolkit,
but it may take me a month or two.
----- Original Message -----
From: beesond001 at hawaii.rr.com
To: Linux & Unix Advocates & Users
Sent: Saturday, August 25, 2001 7:17 PM
Subject: [luau] Router + firewall + NIDS questions
Aloha all,
I would like some advice on how to do something. I would like to build a
router + firewall + NIDS from scratch to use for my home LAN. I was thinking
of building a box to act as a router and firewall for 1 Sparc, 1 VALinux
box, one Mac, and one Windoze box. I envision a Linux box for this that
should boot headless. I also want this router + firewall box to share one
internet connection with all the others. BTW, the Mac and Windoze boxes will
need a wireless connection (wireless 802.11???). I was also thinking of
running Snort on the internal side of the router + firewall to monitor what
gets past the firewall. Because of all this, I don't think that the linux
router project will work, but the idea is mostly the same.
What I would like to know is what does the community of experts think is:
Thanks in advance for your help,
Ben
More information about the LUAU
mailing list