Using a 2nd comp as a firewall.

  [DELETED] 09:36 17 Nov 2003

Does anyone know how u configue a low spec 2nd computer to use as a firewall against ur main system.

Some have said a old 386 comp will do the job.

I have seen various articles comments ect, using this method but never any hard info on how to set one up.

Does it require seperate or special hard/soft ware of any type.

Any help much appreciated.

  [DELETED] 10:54 17 Nov 2003

You're possibly biting off a bit more than you can chew, unless you already have some networking knowledge and experience. While it isn't rocket science, keeping things locked down can be a bit of a headache.

Assuming you want to use an old PC as a router and firewall to share a broadband connection to multiple computers, Linux is your best bet since it's free for downloading and works like a charm for this kind of application. One of the server versions of Windows will also work nicely, but will require far more in the way of hardware and is expensive to actually buy to install.

click here

click here

click here

click here

click here

Some people swear by one or another distribution of Linux so it is not my intention to get into that kind of argument here. What I will say is that I'd suggest you stay with one of the big names. Red Hat is possibly one of the least secure in its default install, but it is pretty easy to configure thanks to its graphical wizards.

SuSE is me personal favourite for reasons that aren't relevant to this discussion. Both SuSE and Red Hat, as well as some of the others like Mandrake, come on several CD's or as multiple CD image free downloads. For that and other reasons, you may want to consider something like Slackware that is a single CD image download. Slackware Linux is not for the faint hearted, but it is unbelievably fast even on old hardware, it is reliable, has more security features than you can shake a stick at but it can be a pain to configure compared to Red Hat and SuSE. You'll have to get your head around Network Address Translation and IP tables.

Take a look at the links I've provided and ask any questions you want to. It is not massively difficult, but neither is it very simple. Frankly though, for under £100 you can get a dedicated 4 port router/firewall and all you do is plug it in, switch it on and you're off. I know which alternative I'd recommend...



  [DELETED] 11:13 17 Nov 2003

Thanks for ur comprehensive answer Taran, but 2 questions.

1..Do u sugest using Linux just on the "Firewall comp" or, as a main op/sys rather than windows.

2..I do have a reasonable knowledge of networking
I.P. adddress ect, It was more of a question of H/Ware configeration. Wondered if was as simple as installing a network card in the Firewall comp, and linking it with a through cable to the main computers.

The project is not so much to to with money as with the concept of being able to do it.
As a work mate asked why bother as u said, just use a good router as sugested. My reply was because its there, and I don't know the answer, but I was sure someone would.

  [DELETED] 14:39 17 Nov 2003

1. I amm suggesting that you use Linux on the firewall/router computer. Linux can network to Windows or any other Unix based OS (install Samba on the Linux box for file sharing from Windows FAT, NTFS and linux partitions/systems) and, as I mentioned above, it's free to download. If you want to buy a good distribution you can get SuSE for under £50 with a useful manual and a free support period to ease you through your teething problems.

2. Normally you'd need two network cards in the Linux box. The first connects to your broadband modem (assuming it's a LAN DSL modem) and the second leads out either to a hub or the computer first in line to the served on a peer to peer basis.

If you are using a USB DSL modem I suggest you may want to rethink the whole idea since many USB modems are a real pain to configure under Linux. In fact some USB DSL modems will not work at all on Linux.

Basically the Linux box becomes a server to the systems hooked into it. Your broadband feed goes into the Linux box and it supplies all systems connected to it with the IP addresses to connect to and share/access the broadband connection.

If you only want to use Linux as a network server without using it to share a broadband connection you can get away with one network card. This connects to a four or more port hub and your computers all connect to the hub for their network feed. The Linux box assigns the IP addresses and acts as a DHCP server and you can use Samba (as mentioned above) for file sharing between different Windows platforms and other Unix systems.

A series of documents I suggest you read are click here

The Linux distributions detailed in the articles are older than the most recent versions, but the information holds true in most cases and they represent a good starting point for you to base yourself from.

But to recap, you are still going to need a multiport hub to get the best from a Linux network server since a simple peer to peer relies on all systems being connected for any one of them to share properly. You will also need a recognised ADSL modem to give the Linux box a feed it can share to whatever is connected to it.

It's also worth keeping in mind that an old PC as a router/firewall pulls far more current than most domestic routers, not to mention taking up more room so the arguments for and against have to carefully measured.

Yes, it's possible. In fact some schools and colleges and smaller businesses filter down older systems for small scale web or network server use within their network. It's not a question of "Can I ?" but more a question of "Should I ?" or "Do I really need/want to ?".


  [DELETED] 14:45 17 Nov 2003

Despite rumours to the contrary, a Linux server (like a Windows server) is a security nightmare unless it is locked down by someone who knows what they are doing.

A simple router/firewall setup using an old PC can be a useful way to reuse or extend the life of otherwise defunct hardware, but without the knowledge to correctly implement things you could find yourself and everything connected to the network wide open to those who know how to get in.

Anything connected to broadband for any reasonable length of time offers an increased risk as far as being a security target goes. I am not trying to open a debate on the likelihood of being hacked, but judging by some of my server logs its safe to say that the longer you have a router connected for networked broadband sharing the greater the probability of a port sniffer/scanner trying to pick its way into your setup.


  [DELETED] 14:51 17 Nov 2003

The Linux box, being so efficient by comparison to alternatives, can also act as a dedicated email server and all kinds of other pleasant things, as well as performing as your router/firewall.

Again though, you need the knowledge to implement it and it is not a project I'd suggest for anyone not already fully familar with installing, configuing and managing Linux.

Please don't think of this as a project for any network that requires reliable and secure broadband sharing until you've spent a lot of time and effort in your research and planning. Setting up a DHSP server and locking it down with a firewall and IP table logging is not the kind of thing you just go and do.

Good luck with it whatever you decide.


  Belatucadrus 15:43 17 Nov 2003

Or you could take a look at NetBoz click here

  [DELETED] 16:12 17 Nov 2003

IS that a linux based firewall?

  [DELETED] 16:21 17 Nov 2003

This is an interesting thread. I too have a predicament but can't quite get my head around the best possible solution. It's that complicated I'm not sure if I could even put it into written word.

It does involve ADSL, Server/s and an annoying and resource consuming CCTV setup. May'be I should start a thread!!!!

  [DELETED] 17:47 17 Nov 2003

Unless you are on a large network there is no chance of getting hacked. Why not save all the hassle and get a free firewall? It would be a much simpler solution without the overkill.


  [DELETED] 07:43 18 Nov 2003

Sorry I Couldn't get back before with a reply (Work....Yuk).

Your Reply Taran is very good and makes a great deal of sense.

Yes I have 600k B/Band (cable) to my system.
I currently have 2 network cards in my Master Comp and 1 in the other, using a x/over cable for connection. I then use Analogx Proxy server to run the link.

My master comp sits behind a good firewall and "Shields Up" shows me as being invisible on the net.

In view of the possible complexety of maintaining and setting up a seperate system as u sugest, probably not worth the headache, and what I know about Linux would not fit on a matchhead with plenty of space.

Thank u everyone for ur valuable contributions and as is sugested, will give the matter further thought.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Microsoft Surface Book 2 15in review

Illustrator Amy Grimes on how setting up her own eco-brand led to success with clients too

MacBook Pro keyboard issues and other problems

Test : l’enceinte connectée HomePod d’Apple