Firewall and Proxy Server HOWTO Firewall and Proxy Server HOWTO Table of Contents Firewall and Proxy Server HOWTO................................................................................................................1 Mark Grennan, mark@grennan.com.......................................................................................................1 1. Introduction..........................................................................................................................................1 2. Understanding Firewalls......................................................................................................................1 3. Firewall Architecture ..........................................................................................................................1 4. Setting up the Linux Filtering Firewall ...............................................................................................1 5. Software requirements.........................................................................................................................1 6. Preparing the Linux system.................................................................................................................1 7. IP filtering setup (IPFWADM)............................................................................................................2 8. IP filtering setup (IPCHAINS).............................................................................................................2 9. Installing a Transparent SQUID proxy................................................................................................2 10. Installing the TIS Proxy server..........................................................................................................2 11. The SOCKS Proxy Server.................................................................................................................2 12. Advanced Configurations..................................................................................................................2 13. Making Management Easy................................................................................................................2 14. Defeating a Proxy Firewall................................................................................................................2 15. APPENDEX A − Example Scripts....................................................................................................2 16. APPENDEX B − An VPN RC Script for RedHat.............................................................................2 1. Introduction..........................................................................................................................................3 1.1 Feedback............................................................................................................................................3 1.2 Disclaimer .........................................................................................................................................3 1.3 Copyright...........................................................................................................................................3 1.4 My Reasons for Writing this..............................................................................................................4 1.5 Further Readings................................................................................................................................4 2. Understanding Firewalls......................................................................................................................4 2.1 Firewall Politics.................................................................................................................................5 How it create a security policy...................................................................................................5 2.2 Types of Firewalls..............................................................................................................................5 Packet Filtering Firewalls...........................................................................................................6 Proxy Servers..............................................................................................................................6 Application Proxy.......................................................................................................................6 SOCKS Proxy.............................................................................................................................7 3. Firewall Architecture ..........................................................................................................................7 3.1 Dial−up Architecture.........................................................................................................................7 3.2 Single Router Architecture................................................................................................................7 3.3 Firewall with Proxy Server................................................................................................................7 3.4 Redundent Internet Configuration.....................................................................................................8 4. Setting up the Linux Filtering Firewall ...............................................................................................8 4.1 Hardware requirements......................................................................................................................9 5. Software requirements.........................................................................................................................9 5.1 Selecting a Kernel..............................................................................................................................9 5.2 Selecting a proxy server.....................................................................................................................9 6. Preparing the Linux system...............................................................................................................10 6.1 Compiling the Kernel.......................................................................................................................10 6.2 Configuring two network cards.......................................................................................................11 6.3 Configuring the Network Addresses................................................................................................11 6.4 Testing your network.......................................................................................................................13 6.5 Securing the Firewall.......................................................................................................................14 i Firewall and Proxy Server HOWTO Table of Contents 7. IP filtering setup (IPFWADM)..........................................................................................................15 8. IP filtering setup (IPCHAINS)...........................................................................................................17 9. Installing a Transparent SQUID proxy..............................................................................................19 10. Installing the TIS Proxy server........................................................................................................19 10.1 Getting the software.......................................................................................................................19 10.2 Compiling the TIS FWTK.............................................................................................................19 10.3 Installing the TIS FWTK ..............................................................................................................19 10.4 Configuring the TIS FWTK...........................................................................................................19 The netperm−table file..............................................................................................................20 The /etc/services file.................................................................................................................23 11. The SOCKS Proxy Server...............................................................................................................23 11.1 Setting up the Proxy Server...........................................................................................................23 11.2 Configuring the Proxy Server........................................................................................................23 The Access File.........................................................................................................................23 The Routing File.......................................................................................................................24 11.3 Working With a Proxy Server........................................................................................................25 Unix..........................................................................................................................................25 MS Windows with Trumpet Winsock......................................................................................25 Getting the Proxy Server to work with UDP Packets...............................................................26