Router + firewall + NIDS questions

Sun Aug 26 00:26:14 PDT 2001

Warren,

	Thanks for the point out to your guide.  

	What you mention below is pretty much what I am interested in doing.  
So, is this a two NIC + hub project, or can I run this as say a four NIC 
project, one for cable modem, one for VALinux, one for the Sparc, and one 
for the two wireless clients?  The reason I ask this is that I think it 
may be easier to limit access by routing/firewall rules if I need to do 
that.  For instance, I could easily firewall anything to and from eth3 
from 10pm until 5pm the following day if I need to.  This would leave 
that connection open only when the kids would be at home and doing 
homework etc.  

	You may also have some comments about what I wrote to Joe Paleafei via 
separate reply.  If so, I would be interested to hear what they are.  

	As I mentioned to Joe, this is a learn as I go project, so any pointers 
you or anyone else offer will be greatly appreciated.

Thanks in advance for all your help,

Ben 

>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<

On 8/25/01, 8:02:52 PM, "Warren Togami" <warren at togami.com> wrote regarding 
[luau] Re: Router + firewall + NIDS questions:

> Router + firewall + NIDS questionsFor the software setup, it sounds that 
you
> want IP masquerading with a more powerful ruleset, logging and monitoring
> tools than a single floppy can do alone.  Using Linux kernel 2.4
> Netfilter/iptables and Snort should be all you need.  Optionally you 
could
> use ntop or Netsaint, but that may create too much overhead on your
> firewall.

> This guide that I wrote a while back is almost exactly what you need in 
the
> Netfilter configuration.  The latest version of MonMotha's script has 
some
> serious improvements and features like TCP/UDP range forwarding.
> http://www.mplug.org/phpwiki/index.php?BasicFirewallRouter

> Unfortunately, it is currently not possible to secure 802.11b wireless
> networking with built-in WEP alone.  It is now fairly trivial for anyone 
to
> find an 802.11 network, and passively listen to packets for a few hours 
in
> order to derive the WEP master key with which they have full access to 
your
> network.  They can then sniff all your traffic, hijack TCP/IP 
connections,
> spoof packets or use your Internet connection with ease.  The only way to
> secure a wireless network is to use some sort of VPN encrypted &
> authenticated connections between the client and server.  I'm working on
> free ways of doing this for many types of clients (Windows, Linux, MacOS9
> and X) for Mid-Pac, writing a paper on the subject and perhaps a toolkit,
> but it may take me a month or two.

> ----- Original Message -----
> From: beesond001 at hawaii.rr.com
> To: Linux & Unix Advocates & Users
> Sent: Saturday, August 25, 2001 7:17 PM
> Subject: [luau] Router + firewall + NIDS questions

> Aloha all,
> I would like some advice on how to do something. I would like to build a
> router + firewall + NIDS from scratch to use for my home LAN. I was 
thinking
> of building a box to act as a router and firewall for 1 Sparc, 1 VALinux
> box, one Mac, and one Windoze box. I envision a Linux box for this that
> should boot headless. I also want this router + firewall box to share one
> internet connection with all the others. BTW, the Mac and Windoze boxes 
will
> need a wireless connection (wireless 802.11???). I was also thinking of
> running Snort on the internal side of the router + firewall to monitor 
what
> gets past the firewall. Because of all this, I don't think that the linux
> router project will work, but the idea is mostly the same.
> What I would like to know is what does the community of experts think is:

> Thanks in advance for your help,
> Ben

> ---
> You are currently subscribed to luau as: beesond001 at hawaii.rr.com
> To unsubscribe send a blank email to $subst('Email.Unsub')