Next Previous Contents

---

Firewall and Proxy Server HOWTO

Mark Grennan, mark@grennan.com

v0.80, Feb. 26, 2000

---

This document is designed to describe the basics of firewall systems and give you some detail on setting up both a filtering and proxy firewall on a Linux based system. An HTML version of this document is available at http://www.grennan.com/Firewall-HOWTO.html

---

1. Introduction

• 1.1 Feedback
• 1.2 Disclaimer
• 1.3 Copyright
• 1.4 My Reasons for Writing this
• 1.5 Further Readings

2. Understanding Firewalls

• 2.1 Firewall Politics
• 2.2 Types of Firewalls

3. Firewall Architecture

• 3.1 Dial-up Architecture
• 3.2 Single Router Architecture
• 3.3 Firewall with Proxy Server
• 3.4 Redundent Internet Configuration

4. Setting up the Linux Filtering Firewall

• 4.1 Hardware requirements

5. Software requirements

• 5.1 Selecting a Kernel
• 5.2 Selecting a proxy server

6. Preparing the Linux system

• 6.1 Compiling the Kernel
• 6.2 Configuring two network cards
• 6.3 Configuring the Network Addresses
• 6.4 Testing your network
• 6.5 Securing the Firewall

7. IP filtering setup (IPFWADM)

8. IP filtering setup (IPCHAINS)

9. Installing a Transparent SQUID proxy

10. Installing the TIS Proxy server

• 10.1 Getting the software
• 10.2 Compiling the TIS FWTK
• 10.3 Installing the TIS FWTK
• 10.4 Configuring the TIS FWTK

11. The SOCKS Proxy Server

• 11.1 Setting up the Proxy Server
• 11.2 Configuring the Proxy Server
• 11.3 Working With a Proxy Server
• 11.4 Drawbacks with Proxy Servers

12. Advanced Configurations

• 12.1 A large network with emphasis on security

13. Making Management Easy

• 13.1 Firewall tools
• 13.2 General tools

14. Defeating a Proxy Firewall Just to spoil your day, and keep you on your toes about security, I'll describe how easy it is to defeat a proxy firewall. Now that you have done everything in this document and have a very secure server and network. You have a DMZ and no one can get into your network and you are logging every connection made to the outside world. You make all your users go through a proxy and no one can go directly to the Internet. Then one of your users, with a didacated connection of his own, finds out about

15. APPENDEX A - Example Scripts

• 15.1 RC Script useing GFCC
• 15.2 GFCC script
• 15.3 RC Script without GFCC This is the firewall rules set built my hand. It does not use GFCC.

16. APPENDEX B - An VPN RC Script for RedHat

---

Next Previous Contents