Content

Firewall and Proxy Server HOWTO.........................................................

Mark Grennan. mark@grennan.com................................................

l.Introduction...................................................................................

2. Understanding Firewalls................................................................

3. Firewall Architecture....................................................................

4.Setting up the Linux Filtering Firewall.........................................

5.Software requirements..........................................................................................................................2

6.Preparing the Linux system..................................................................................................................2

7.IP filtering setup (IPFWADM).............................................................................................................2

8.IP filtering setup (IPCHAINS).............................................................................................................2

9.Installing a Transparent SQUID proxy.................................................................................................2

lO.Installing the TIS Proxy server...........................................................................................................2

11. The SOCKS Proxy Server..................................................................................................................2

12. Advanced Configurations...................................................................................................................3

13. Making Management Easy.................................................................................................................3

14. Defeating a Proxy Firewall.................................................................................................................3

15. APPENDEX A - Example Scripts.....................................................................................................3

16. APPENDEX B - An VPN RC Script for RedHat.............................................................................3

1.Introduction..........................................................................................................................................3

1.1 Feedback............................................................................................................................................3

1.2 Disclaimer.........................................................................................................................................4

1.3 Copyright...........................................................................................................................................4

1.4 My Reasons for Writing this.............................................................................................................4

1.5 Further Readings...............................................................................................................................5

2. Understanding Firewalls.......................................................................................................................5

2.1 Firewall Politics.................................................................................................................................6

How it create a security policy...................................................................................................6

2.2 Types of Firewalls.............................................................................................................................7

Packet Filtering Firewalls...........................................................................................................7

Proxy Servers..............................................................................................................................7

Application Proxy.......................................................................................................................8

SOCKS Proxy.............................................................................................................................8

3. Firewall Architecture...........................................................................................................................8

3.1 Dial-up Architecture.........................................................................................................................8

3.2 Single Router Architecture................................................................................................................9

3.3 Firewall with Proxy Server................................................................................................................9

3.4 Redundent Internet Configuration...................................................................................................10

4.Setting up the Linux Filtering Firewall..............................................................................................10

4.1 Hardware requirements....................................................................................................................10

5.Software requirements........................................................................................................................11

5.1 Selecting a Kernel............................................................................................................................11

5.2 Selecting a proxy server..................................................................................................................11

6.Preparing the Linux system................................................................................................................12

6.1 Compiling the Kernel......................................................................................................................12

6.2 Configuring two network cards.......................................................................................................13

6.3 Configuring the Network Addresses...............................................................................................13

6.4 Testing your network.......................................................................................................................15

6.5 Securing the Firewall.......................................................................................................................17

7.IP filtering setup (IPFWADM)...........................................................................................................17

8.IP filtering setup (IPCHAINS)...........................................................................................................19

9.Installing a Transparent SQUID proxy...............................................................................................21

10.Installing the TIS Proxy server.........................................................................................................21

10.1 Getting the software.......................................................................................................................21

10.2 Compiling the TIS FWTK............................................................................................................22

10.3 Installing the TIS FWTK..............................................................................................................22

10.4 Configuring the TIS FWTK...........................................................................................................22

The netperm-table file.............................................................................................................23

The /etc/services file.................................................................................................................26

11. The SOCKS Proxy Server................................................................................................................26

11.1 Setting up the Proxy Server...........................................................................................................26

11.2 Configuring the Proxy Server........................................................................................................27

The Access File........................................................................................................................27

The Routing File.......................................................................................................................28

11.3 Working With a Proxy Server.......................................................................................................29

Unix..........................................................................................................................................29

MS Windows with Trumpet Winsock......................................................................................29

Getting the Proxy Server to work with UDP Packets..............................................................29

11.4 Drawbacks with Proxy Servers.....................................................................................................29

12. Advanced Configurations.................................................................................................................30

12.1 A large network with emphasis on security...................................................................................30

The Network Setup...................................................................................................................31

The Proxy Setup.......................................................................................................................31

13. Making Management Easy...............................................................................................................33

13.1 Firewall tools.................................................................................................................................33

13.2.General .tools..................................................................................................................................34

15. APPENDEX A - Example Scripts...................................................................................................34

15.1 RC Script useing GFCC................................................................................................................34

15.2 GFCC script...................................................................................................................................36

15.3 RC Script without GFCC This is the firewall rules set built my hand. It does not use GFCC.....37

16. APPENDEX B - An VPN RC Script for RedHat...........................................................................41

This document is designed to describe the basics of firewall systems and give you some detail on setting up both a filtering and proxy firewall on a Linux based system. An HTML version of this document is available at http://www.grennan.com/Firewall-HOWTO.html

1.Introduction

1.1 Feedback

1.2 Disclaimer

1.3 Copyright

1.4 My Reasons for Writing this

1.5 Further Readings

2.Understanding Firewalls

2.1 Firewall Politics

2.2 Types of Firewalls

3.Firewall Architecture

3.1 Dial-up Architecture

3.2 Single Router Architecture

3.3 Firewall with Proxy Server

3.4 Redundent Internet Configuration

4.Setting up the Linux Filtering Firewall

4.1 Hardware requirements

5.Software requirements

5.1 Selecting a Kernel

5.2 Selecting a proxy server

6.Preparing the Linux system

6.1 Compiling the Kernel

6.2 Configuring two network cards

6.3 Configuring the Network Addresses

6.4 Testing your network

6.5 Securing the Firewall

7.IP filtering setup (IPFWADM)

8.IP filtering setup (IPCHAINS)

9.Installing a Transparent SQUID proxy

10.Installing the TIS Proxy server

10.1 Getting the software

10.2 Compiling the TIS FWTK

10.3 Installing the TIS FWTK

10.4 Configuring the TIS FWTK

11.The SOCKS Proxy Server

11.1 Setting up the Proxy Server

11.2 Configuring the Proxy Server

11.3 Working With a Proxy Server

11.4 Drawbacks with Proxy Servers

12.Advanced Configurations

12.1 A large network with emphasis on security

13.Making Management Easy

13.1 Firewall tools

13.2 General tools

14.Defeating a Proxy Firewall

15.APPENDEX A - Example Scripts

15.1 RC Script useing GFCC

15.2 GFCC script

15.3 RC Script without GFCC

16.APPENDEX B - An VPN RC Script for RedHat