Jump to content

PC as a firewall?

JorgeA

By JorgeA
in Hardware Hangout

 Share

Recommended Posts

JorgeA

JorgeA

Posted
Posted

A (hopefully) quick question here: is there any security or privacy benefit to using a dedicated PC, either before or after a NAT router, as a firewall for a network of other local computers?

Thanks!

--JorgeA

Link to comment
Share on other sites

puntoMX

puntoMX

Posted
Posted

I've looked into this but more at the caching and DHCP server side, but never found something useful that runs on Windows. Would be nice to see what our members have to say about it although this topic should be in the network section, but I'll leave it here for now.

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
  • Author
Posted (edited)

Thanks, puntoMX. Wherever you believe the question will be most relevant and visible.

@tain: Thank you for deleting the duplicate posting. When I went to Submit the post, my browser hung and I wasn't sure what had gone through.

--JorgeA

Edited by JorgeA
Link to comment
Share on other sites
Flasche

Flasche

Posted
Posted (edited)

A (hopefully) quick question here: is there any security or privacy benefit to using a dedicated PC, either before or after a NAT router, as a firewall for a network of other local computers?

Thanks!

--JorgeA

Is this what you want? http://www.linuxjournal.com/article/9521

EDIT: I know its a how to but it explains why you would want to, if you want to. Also If I recall someone else here uses Linux as a firewall.

Edited by Flasche
Link to comment
Share on other sites
nitroshift

nitroshift

Posted
Posted

@JorgeA

If you want to stay (almost) totally protected, you should be looking into transforming a PC into a proxy server. This is what I did at work to filter and monitor the VPN connection to the internet, using ClearOS as the operating system.

nitroshift

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
  • Author
Posted
Is this what you want? http://www.linuxjournal.com/article/9521

EDIT: I know its a how to but it explains why you would want to, if you want to. Also If I recall someone else here uses Linux as a firewall.

Thanks very much, that was definitely helpful and I'll look into it. :thumbup

I wonder if the technology (and thus the situation) has changed enough since that article came out, to affect one's decision.

--JorgeA

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
  • Author
Posted

@JorgeA

If you want to stay (almost) totally protected, you should be looking into transforming a PC into a proxy server. This is what I did at work to filter and monitor the VPN connection to the internet, using ClearOS as the operating system.

nitroshift

Huh, this idea (using a PC as a proxy server) I hadn't heard of. I will look into that, too.

Are you allowed to provide more details of your setup?

--JorgeA

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
  • Author
Posted

nitroshift,

Never mind about the setup details. I found most of what I wanted in that regard, on this page.

But I would be curious to know, for an office-at-home network, where the ClearOS machine would sit in relation to the NAT router. Or maybe it replaces it entirely?

Thanks again.

--JorgeA

Link to comment
Share on other sites
Flasche

Flasche

Posted
Posted (edited)
Is this what you want? http://www.linuxjournal.com/article/9521

EDIT: I know its a how to but it explains why you would want to, if you want to. Also If I recall someone else here uses Linux as a firewall.

Thanks very much, that was definitely helpful and I'll look into it. :thumbup

I wonder if the technology (and thus the situation) has changed enough since that article came out, to affect one's decision.

--JorgeA

A quick search on their site found me a five part tutorial that was initially started in 2010 and last produced in 2011 http://www.linuxjournal.com/article/10816 , http://www.linuxjournal.com/article/10843 , http://www.linuxjournal.com/article/10882 , http://www.linuxjournal.com/article/10899 ,and http://www.linuxjournal.com/article/10929 .

In his tutorial he stated he will be doing the following

Dear readers, I appear to have set a Paranoid Penguin record—six months spent on one article series. (It has consisted of five installments, with a one-month break between the second and third pieces.) But, we've covered a lot of ground: transparent firewall concepts and design principles; how to install OpenWrt on a Linksys WRT54GL router; how to compile a custom OpenWrt system image; how to configure networking and iptables bridging on OpenWrt; and, of course, how to replace the native OpenWrt firewall script with a customized iptables script that works in bridging mode. This month, I conclude the series by showing how to achieve the same thing using an ordinary PC running Ubuntu 10.04.

For your needs you would seem to take interest in the last article he posted so for your convenience I'll post it down here too. http://www.linuxjournal.com/article/10929

EDIT: the second and third link seem to not want to work as a hyper link :} , but they do work. Just copy and paste them instead.

Edited by Flasche
Link to comment
Share on other sites
JorgeA

JorgeA

Posted
  • Author
Posted

Thanks, jaclaz.

Believe it or not, Flasche had posted that on Tuesday, although he later modified his post to provide different information.

If I lived in a country where the government seeks to monitor Internet users' activities ;) , would it help to set up such a firewall PC in addition to a router, or not really?

--JorgeA

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
  • Author
Posted
Is this what you want? http://www.linuxjournal.com/article/9521

EDIT: I know its a how to but it explains why you would want to, if you want to. Also If I recall someone else here uses Linux as a firewall.

Thanks very much, that was definitely helpful and I'll look into it. :thumbup

I wonder if the technology (and thus the situation) has changed enough since that article came out, to affect one's decision.

--JorgeA

A quick search on their site found me a five part tutorial that was initially started in 2010 and last produced in 2011 http://www.linuxjournal.com/article/10816 , http://www.linuxjournal.com/article/10843 , http://www.linuxjournal.com/article/10882 , http://www.linuxjournal.com/article/10899 ,and http://www.linuxjournal.com/article/10929 .

In his tutorial he stated he will be doing the following

Dear readers, I appear to have set a Paranoid Penguin record—six months spent on one article series. (It has consisted of five installments, with a one-month break between the second and third pieces.) But, we've covered a lot of ground: transparent firewall concepts and design principles; how to install OpenWrt on a Linksys WRT54GL router; how to compile a custom OpenWrt system image; how to configure networking and iptables bridging on OpenWrt; and, of course, how to replace the native OpenWrt firewall script with a customized iptables script that works in bridging mode. This month, I conclude the series by showing how to achieve the same thing using an ordinary PC running Ubuntu 10.04.

For your needs you would seem to take interest in the last article he posted so for your convenience I'll post it down here too. http://www.linuxjournal.com/article/10929

EDIT: the second and third link seem to not want to work as a hyper link :} , but they do work. Just copy and paste them instead.

Thanks very much for following up on this, Flasche. You know what I'll be doing this weekend! :)

--JorgeA

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted (edited)

If I lived in a country where the government seeks to monitor Internet users' activities ;) , would it help to set up such a firewall PC in addition to a router, or not really?

You mean like in Communist Russia? ;)

http://www.msfn.org/board/topic/155290-windows-8-deeper-impressions/page-151#entry1047135

In theory yes, in practice no.

Besides the known duality :

- In theory there is no difference between theory and practice, but in practice there is. -

the point is that IF - say - Linksys (<-- put here any maker of DSL routers here) and a Government Agency planted *something* in your DSL router, it is there.

If you replace the firmware with an Open Source alternative you have *some* added chances to have it not anymore (provided that the *something* is in the firmware and not in other "lower level" parts, such as a chip, a piece of shielded cable, the RJ socket or *whatever*).

Putting a "secure" router between the PC (or PC's in the LAN) and the DSL router will add some security against malware running on the PC(s) and will also help in defending yourself from intrusions from remote, nothing regarding your exact identification, location and times of activity (all these come from the actual land line plug and "they" can have it alright).

jaclaz

P.S.: The ball containing the name "Linksys" was drawn out of my randomizer bowl by a blindfolded virgin (NOT what you think ;)) and it is a mere coincidence that this happened right after I read this:

http://www.911cd.net/forums//index.php?s=&showtopic=25304&view=findpost&p=174933

about the Moon Malware. :whistle:

Edited by jaclaz
Link to comment
Share on other sites
JorgeA

JorgeA

Posted
  • Author
Posted

Understood, jaclaz. Thank you.

I'll think about this (and also read Flasche's links) and then weigh the time and effort (or maybe even fun) of learning the relevant technology, versus the additional security that it might provide.

--JorgeA

Link to comment
Share on other sites
Flasche

Flasche

Posted
Posted (edited)

Thanks, jaclaz.

Believe it or not, Flasche had posted that on Tuesday, although he later modified his post to provide different information.

--JorgeA

Yes that is true, but I modified it since I didnt know how Jaclaz would think of that so I then stated this to try and reference it "Also If I recall someone else here uses Linux as a firewall. ".

If I lived in a country where the government seeks to monitor Internet users' activities ;) , would it help to set up such a firewall PC in addition to a router, or not really?

You mean like in Communist Russia? ;)

http://www.msfn.org/board/topic/155290-windows-8-deeper-impressions/page-151#entry1047135

In theory yes, in practice no.

Besides the known duality :

- In theory there is no difference between theory and practice, but in practice there is. -

the point is that IF - say - Linksys (&lt;-- put here any maker of DSL routers here) and a Government Agency planted *something* in your DSL router, it is there.

If you replace the firmware with an Open Source alternative you have *some* added chances to have it not anymore (provided that the *something* is in the firmware and not in other "lower level" parts, such as a chip, a piece of shielded cable, the RJ socket or *whatever*).

Putting a "secure" router between the PC (or PC's in the LAN) and the DSL router will add some security against malware running on the PC(s) and will also help in defending yourself from intrusions from remote, nothing regarding your exact identification, location and times of activity (all these come from the actual land line plug and "they" can have it alright).

jaclaz

P.S.: The ball containing the name "Linksys" was drawn out of my randomizer bowl by a blindfolded virgin (NOT what you think ;)) and it is a mere coincidence that this happened right after I read this:

http://www.911cd.net/forums//index.php?s=&amp;showtopic=25304&amp;view=findpost&amp;p=174933

about the Moon Malware. :whistle:

Understood, jaclaz. Thank you.

I'll think about this (and also read Flasche's links) and then weigh the time and effort (or maybe even fun) of learning the relevant technology, versus the additional security that it might provide.

--JorgeA

You might like this. Its the most anonymous way to search the internet that I know. https://www.torproject.org/projects/torbrowser.html.en . This browser (firefox 24.3) is the most secure way I know of browsing Edited by Flasche
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...