Mark wrote:
> G J wrote:
> 
>>I have a Linksys WRT54G wireless router/switch coming off of my satellite 
>>modem, which goes into 2-3 machines. I have an older PII 350 MHz that I 
>>would like to turn into a hardware firewall. Can I put it between the modem 
>>and the Linksys on the "internet" side of the Linksys, or do I have to put 
>>it between the Linksys and the rest of my machines? I would like to keep the 
>>Linksys in the loop since it of course has extra firewall capabilities in it 
>>already.
> 
> You could put it anywhere you want.  Just remember, the linksys is a NAT
> device / router and not a firewall.  That said it serves the same
> function and would make putting them both inline before you network is a
> bit paranoid and redundant.  It all really depends what you want to be
> doing what.  If you just want a file server then it can be a peer to
> your other boxes behind the linksys.  If you want to be clever, put it
> behind the linksys and use it as the DMZ (too bad you can't put it on
> it's own subnet without modding the linksys). You need to ask just what
> you are trying to accomplish with a setup like that.
> 
>>   Second question is what do you guys recommend I use as a firewall, I have 
>>RH Fedora Core 4 but it seems there are other "hardened" SELINUX versions 
>>out there, any input is appreciated.
> 
> SELINUX plugs into just about any distro.  All those linux firewall
> packages are just front ends to IPTABLES.  I'd say learn IPTABLES first,
>  then get lazy/clever and worry about a front end.  The Webmin front end
> is a small step up from the command line.  Use whatever distro you are
> comfortable with, or Debian. It is quick enough to pick up once you get
> through the initial install. With a bonus of those people being rather
> paranoid.
> 
I have to disagree with the statement "learn IPTABLES first, then get 
lazy/clever and worry about a front end". I would highly recommend using 
a Smoothwall firewall first, and then while the Smoothwall is protecting 
your home network, you can play with IPTABLES on another machine. The 
last thing you would want to do is make a mistake and open up your 
entire network to the Internet.

My $0.02 on the subject of what to do.....Either #1 or #2 below.
#1 - Create a Smoothwall (use v2.0 with all 8 updates, v3 is still beta) 
with three (3) NICs. GREEN (LAN), RED (Internet), ORANGE (DMZ). And then 
put your Linksys out on the Orange interface as your wireless access 
point. That way if someone were to hack your wireless, all they would 
have access to is your Internet connection. Not necessarily good, but 
better than them having access to your internal network.

#2 - Create a Smoothwall with two (2) NICs, GREEN & RED. Plug the 
Linksys in on the LAN side and turn off DHCP (use the Smoothwall as your 
DHCP server) and basically just turn it into a simple WiFi access point 
and wired switch. If you have WPA encryption turned on with a strong 
password and you are not broadcasting your SSID, there is a very slim 
chance that someone will even bother to try to hack your WiFi (there are 
a lot of unsecured access points out there for them to play with).

You might even consider just using the Linksys as is (or with the 
"aftermarket" Linux upgrade) as your firewall/switch and using the PII 
machine as a "test" or "play" machine. That way you can play with 
different distributions and not have to worry about hosing your primary 
computer.
-- 
Todd Young