How make my suse 11 into a router/firewall.

[wingnut7890]

I'm new to linxu and I need a little help.
The issue that I'm having is that at work I have 12 users surfing the net and sometime they get the system infect with some type of virus or melware.

My current setup is
Linksys router connected to SBS2003 server
Pop3 connector
IIS services (share ponint/ Trendmicro SBS)
Termanl services
VPN IPsec
3 Apps that run off SQL express
Trendmicro SBS server virus scan

What I would Like
Replacing Linksys router with Suse box/Firewall Monitor where people are surfing
How to forward the ports to the SBS2003 box
and make sure all my sql apps run fine.

I know I can go with a watch guard X550 or a sonic wall firewall but I dont want to spend 2000.00 for it. If there is a link to show me how to set suse as a firewall/router that would be grate or if someone can help me thanks in advances

[lwfinger]

wingnut7890 wrote:
> I'm new to linxu and I need a little help.
> The issue that I'm having is that at work I have 12 users surfing the
> net and sometime they get the system infect with some type of virus or
> melware.
>
> MY CURRENT SETUP IS
> Linksys router connected to SBS2003 server
> Pop3 connector
> IIS services (share ponint/ Trendmicro SBS)
> Termanl services
> VPN IPsec
> 3 Apps that run off SQL express
> Trendmicro SBS server virus scan
>
> WHAT I WOULD LIKE
> Replacing Linksys router with Suse box/Firewall Monitor where people
> are surfing
> How to forward the ports to the SBS2003 box
> and make sure all my sql apps run fine.
>
> I know I can go with a watch guard X550 or a sonic wall firewall but I
> dont want to spend 2000.00 for it. If there is a link to show me how to
> set suse as a firewall/router that would be grate or if someone can help
> me thanks in advances

Although you could use openSUSE as the starting point for a firewall/router,
there are a number of distros that are optimized for this purpose, and have the
tools necessary to set them up. I suggest starting with
http://en.wikipedia.org/wiki/List_of..._distributions and go from there.

The other thing you might do is investigate whether your Linksys router can run
openWRT.

Larry

[wingnut7890]

I know that I can flash my linksys router with DD-WRT which is a lot better than open-WRT. That not what im tryiong to due.

I know I can accomplish what Im trying to due with Suse the question is how to set this up.

[erikro]

Hi,

Quote:

Originally Posted by wingnut7890

I know that I can flash my linksys router with DD-WRT which is a lot better than open-WRT. That not what im tryiong to due.

I know I can accomplish what Im trying to due with Suse the question is how to set this up.

First hit of google was:

Cool Solutions: HOW-TO: Set Up a SUSE 10 Machine As a Router

What you should do is this:

linksys router - SBS Server - Suse Router and Firewall - LAN for the users

That's what we call a demilitarized zone which means that computers in the LAN which are accessable from the internet are not directly connected to the rest of the LAN which should not be accessed from internet. Much more secure for your users.

bye

Erik

hth

Erik

[wingnut7890]

Thanks good stuff.


Current step up is:
Modem- Linsys- Switch- server and all computer/devices are connected to the Switch.
Last tech set this up that way.

New Setup
Modem- Linksys- Server- Switch- PCs/devices.

I just want to make sure that correct. thanks

[kkeane]

This thread is a bit older, but I wanted to comment on it in case somebody finds it through Google.

This setup is indeed the one that Microsoft recommends for SBS 2003.

From a security standpoint, it is not a good setup, though, and Microsoft stripped out this flawed setup from SBS 2008. It is the reason that SBS 2008 Premium no longer includes ISA Server, Microsoft's attempt at a firewall.

The reason it is not a good setup that you are using your main server, the one that everything in the business depends on, as a router that all (hacker) traffic from the Internet sees first. Instead, you would want your precious server to reside behind as many protections as you can have.

The setup that the original tech recommended is better - at least, the client traffic bypasses the server.

To use a openSuSE firewall:

Modem- Linksys (optional, you can leave it out) - SuSE Router and Firewall - Switch- server and all computer/devices are connected to the Switch.

And don't put a firewall between the server and the computers/devices. From a security standpoint, that would be great, but you are setting yourself up for some serious headaches because if you are not careful, too much essential traffic will get blocked.

Kevin, the professional paranoid.