Brian wrote: > I just got my cable modem up and running. My plan is to plug a linux box > into the cable modem as a router and have multiple boxen behind it. I > also want to run Apache, sendmail, IRC, SSH, and a few other services on Apache -- Port 80 sendmail -- receive POP3 = 110, send SMTP = 25 IRC -- I don't know SSH -- port 22 What others? > it. The problem is firewalling. I like to write TIGHT scripts (after > being comprimised once I'm a little over-paranoid) by opening up just the > service I need and DENYing any other packet from any source that's not on > my specific guest list. > > The problem here is that everything inside the router gets blocked. ICQ, > Napster, and a plethora of other oddball IP apps stop working because I've > firewalled them out, but I don't want people breaking into my router. Is > there a good way to run this setup? Are you talking about Napster and ICQ server apps? I didn't know ICQ had a server app. If your just talking about clients and not servers you could allow anything going out from the inside through your rouiter and be pretty secure. You could specify what your internal ip's are and allow everything out. Or allow ranges of ports that those app's use. If your talking servers than that is a completely different deamon. -- <childish giggle> My personal favorite distro for firewalls is Trustix 1.2. I even have an article for setting up a firewall that will allow common services. I think the article is gone now. Can't find it on security portals site. I would also recomend one of the floppy distros. Never used them but the idea is very good. If your firewall is ever compromised you only have to reboot to get back everything that was lost or modified. No permanent damage done. Trustix 1.2 is also very easily updated to support the 2.4 kernel and already has an rpm for 2.2.19. It is based on Redhat 6.2 ( Not 7. No compilation problems ). The only problem is that it requires at least a 586 or greater. Anything above a 486 should do. HTH, sim