# n00b router builder.

## MooktaKiNG

I've decied to turn my old PC into a router. At the moment i have a hardware router, but i'm gonna replace that with a USB ADSL modem (which is a lot cooler).

I got the modem working and stuff.

Now i need to install a firewall.

I know of two, IPtables and Shorewall firewall.

I want to use webmin to configure it all.

I was wondering. Which is the easiest to use? Shorewall i think is the easiest, i think i remember Mandrake using it.

Any help will be apreciated.

All i want is to be able to open up some ports and foreward them.

This PC is also a FTP, Webmail, IMAP, webserver.

I also was wondering is there a farely easy to use email virus scanner. For postfix, or courier-imap or for squirrell.

----------

## xedx

shorewall is easier to use

than working on an iptables script.

but making your own script is like having

your own lawyer

btw i dont like webmin

----------

## iceux

I personaly used

http://iptables.1go.dk/index1.php

as a base for my script. Its fast, easy, and will output somthing basic for you to learn how to edit quickly. Is there a flaw in this simplicity?

----------

## xedx

 *iceux wrote:*   

> I personaly used
> 
> http://iptables.1go.dk/index1.php
> 
> as a base for my script. Its fast, easy, and will output somthing basic for you to learn how to edit quickly. Is there a flaw in this simplicity?

 

that's neat  :Smile: 

----------

## metalac

you might also want to look into the www.smoothwall.org .  It's a distro by itself but it's very decent.  I've been using it for over 2 years now and no problems so far.

----------

## foshdawg

you can also try out turtle firewall (there's also a webmin module for it somewhere).  shorewall is is a good firewall but it essentially is just a front-end to iptables.  if you're really looking to have a decent firewall/router box, use a distro specially made to do that ie. IPcop or smoothwall.  distrowatch.com has a section dedicated to firewall distros.

----------

## MooktaKiNG

No prefer gentoo, becuase i know gentoo and most of the things don't rely on GUI. 

I don't undertstand how iptables work yet, so its gonna take some time.

All i want to do right now is a way of opening ports and forewarding them. And also having a log of what happens, intrusions etc etc

very simple really. just so that i get used to it etc.

----------

## gigel

it's always a good thing to RTFM

 :Razz: 

----------

## H0bb3z

For a small network, Astaro (http://www.astaro.com) is great.  It has a great webmin interface and has some great capabilities like IPSEC VPN, built in HTTP, SMTP and DNS proxies, portscan detection and notification, etc.

It takes about 15 minutes to image your box and another 15 to configure (unless you don't have a good grasp of TCP/IP, then it may take you 60 minutes)...  :Smile: 

----------

## MooktaKiNG

 *mortix wrote:*   

> it's always a good thing to RTFM
> 
> 

 

Actually i've already 'RTFM'  :Very Happy:  :Very Happy:  :Very Happy:  :Very Happy: 

that one is just TOO advanced for a home network of 2-3 computers  :Very Happy:  :Very Happy:  :Very Happy: 

Actually i'm the only person who uses my email server  :Very Happy:  :Very Happy: 

but its great i have 3 different email accounts, hotmail, pop3 and another pop3. I've combined all of them together with procmail filtering and spammassasin and got a nice thing going here.

all i need now is to make the PC into a permanent server, with firewall and email virus scanner. that should be it  :Very Happy:  :Very Happy: 

Is astaro a distro?

or a program?

i'll read on....

----------

## H0bb3z

Astaro is a linux-based firewall distro, but it requires its own box with 2 or more NICs.  The install essentially repartitions the disk, so it may not be that well suited for your purposes if you plan on serving other content on the same box.

There is a live demo at the Astaro site if you are still interested.  It is free for personal use with fewer than 10 IP addresses...

----------

## MooktaKiNG

seems alright, but its not what i'm looking for.

I like gentoo, and especially portage  :Very Happy:  :Very Happy: 

----------

## uzik

I did what you're doing with this 

http://www.freesco.org

I have a gentoo box too, but for just a NAT internet sharing

box freesco was fine.

----------

## gigel

 *MooktaKiNG wrote:*   

>  *mortix wrote:*   it's always a good thing to RTFM
> 
>  
> 
> Actually i've already 'RTFM' 
> ...

 

 :Very Happy: 

i dont think it too advanced,in fact we are in the same situation...i aslo have a workstation who makes server things(web server and nat server..so my roommate can surf the web too...but dont tell this to my lan admin   :Rolling Eyes:  )

and i use a firewall script based on that one....and im really proud of it..cause my lan admin didn't noticed that i give net to another box....

//edit

and u can make a port forward like this

```
iptables -t nat -A PREROUTING -i ethX -p tcp --dport XXX -j DNAT --to a.b.c.d:YYY
```

----------

