Setting up an Internet Gateway Computer in Linux

Long before the Gnome and KDE desktop interfaces were introduced, GNU/Linux, or Linux for short, most routing policies and even the creation of a gateway was done by specifying sets of coded firewall instructions using IP Masquerading commands and configurations. In my personal opinion, the procedures were hard to follow. It also involved kernel manipulation and compiling since IP masquerading was an option not a default feature of Linux back then. With several trial and error methods, it was a remarkable feeling when Internet sharing was working for the first time using IP masquerading, but time was of the essence. This practice was not very suitable because it was very hard to maintain.

This made me switch to using the Squid Proxy and Caching System. For several years I used this system for making a gateway in for web browsing for private networks because public IP addresses were so expensive and hard to obtain. But it was only for web proxy. Other protocols were not allowed to pass through this service. It was a breakthrough when Red Hat Linux introduced the GUI desktop and made a way for a simple but useful GUI for firewalls, and that is FireStarter.

Even though years have passed since then, FireStarter is still running on our servers and is preferred by many system administrators to this day. This third party software can be downloaded for free at www.fs-security.com. With several Linux distributions supported by FireStarter, my recommendation would be choosing the .rpm package for RedHat, Fedora Core and CentOS.

It is so easy to install and maintain. From the command prompt and in superuser mode, you can just issue the following command:

rpm -ivv firestarter-1.0.3-19.fc10.i386.rpm

(for Fedora Core 10 distribution only). Or others may want to use Gnome Desktop and right-click the package after it has been downloaded. RedHat Package Manager will then extract the program for proper installation. Users must understand that FireStarter is just a GUI interface to manipulate and maintain the firewall structures and capabilities of the Linux kernel.

Once the FireStarter has been installed successfully, run the GUI interface of Linux by typing startx at the command prompt (if not already in graphical mode). As you browse through the Gnome Desktop interface, just click Applications from the main menu and select System Tools, and you will find the FireStarter executable program. FireStarter will initialize a setup wizard for Internet sharing.

It is assumed that your hardware includes two LAN (local area network) cards or NICs (network interface cards). One is for the direct connection to the Internet and the other is for the local private network.

Normally I specify the device for direct Internet connection as eth0 and for the private one as eth1. So by that convention, assign the following network cards as stated and complete it by clicking the Finish button. That’s all- that will make FireStarter work- without a series of configuration scripts and hard to understand procedures. As soon as the FireStarter is running, private network hosts will be able to access the Internet, and the now easily defined Linux firewall will be blocking malicious threats and vulnerable ports.

.

click to enlarge

Please refer the image above, once the tool bar Stop Firewall is enable and the status is active, these indicate that Firestarter is running.

click to enlarge

FireStarter can display the Internet protocols that are not allowed to pass through the private network by default. This makes it very easy to detect malicious activities and readily suppress it before it can harm the local area network.

click to enlarge

Users can take advantage of the easy-to-use policies customization that FireStarter provides. Define several access lists for the private network hosts to use for daily computing operations.

In a complicated virtual world of the Internet, administrators must be paranoid enough to secure and maintain networks that are being served. FireStarter is an excellent tool for helping the I.T. (information technology) department to get that into perspective. It is very easy to use and even without technical knowledge of defining firewall policies in Linux, anyone can do it once that the information being provided here is well comprehended. So start installing FireStarter on Linux machines is a great way to have a very versatile and stable gateway.