Linux Based Firewall & Flood Blocking Server



  • Hello Friends,

    I want to implement Linux based (Open Source) Firewall & Network Packet Flood detector if possible. Here is the scenario.

    1. LAN segment is having approx 40 computers having IP Address 192.168.75.*/24

    2. All LAN Computers are connected with a central switch Cisco Manageable 2960 (48 Port). It is manageable,cab be used as a VLAN. But not done by anyone till date.

    3. Cisco 2960 Switch is having IP Address 192.168.75.1/24

    4. Cisco router sits on the top most location & having IP Address 192.168.75.2/24

    5. Now, I want to connect/configure a Linux Based Firewall/Flood Detector which can monitor all type of traffic "Coming from LAN segment & Going towards Router" & Same traffic from Router to LAN Segment.

    6. Also that Linux Firewall should be able to detect any flooding if found & cab be able to block it. As there is no centralized firewall, this Linux Machine can also act as a firewall. Sits between Cisco LAN Switch & Cisco Router. Is it possible?

    7. The Hardware with 2 Network Interface Card is ready.

    *** Shall I give IP Address sequence as given below.

    1. Switch (192.168.75.1)

    2. Linux Box Interface I (192.168.75.3) - Network Cable Coming from Switch

    3. Linux Box Interface II (192.168.75.4) - Network Cable Going to Router

    4. Router (192.168.75.2)

    Now, how to pass traffic from interface I to Interface II & how to monitor the traffic? Bridge concept will work here or not? Is it possible to make policies? How NAT will work in LAN segment & how to assign same range IP Address on both LinuxBox interface?

    Regards,
    Nishith N.Vyas



  • This is not linux, so if that is most important thing to comply, then this is not your product.

    1. ok
    2. ok
    3. ok
    4. ok
    5. doable
    6. with packages, doable
    7. if you want filtering bridge you need also vlans in use(3 interfaces)

    switch ip, ok
    interface1 ok
    interface2 not ok, if you change ip subnet fine, or use filtering bridge then you don't need more than management ip-address
    router, ok

    Create a test product with virtual machine, then you see how easy this is to use



  • New scenario.

    1. A PC is having 2 interfaces. I want to put this PC in between "LAN Switch & Router".

    2. Router IP is "192.168.75.2"

    3. All the LAN Computers are having internet access & their default gateway 192.168.75.2(Router)

    4. So, I would like to know how to make "pfsense" firewall in bridge mode so that it will be responsible to just divert the traffic with the applied policies. Like facebook is block for everyone. Is it possible?

    Advanced Thanks,
    Nishith Vyas



    1. with filtering bridge you should use 3 interfaces for management. filtering bridge is transparent in network means, so it has no ip-address to show to clients
    2. ok
    3. as usual
    4. using search helps a lot and ofcourse documentation wiki helps with how-to's and tutorials. you can block websites with transparent squid+squidguard

Locked