Specifications
4
SuSE Live CD for Firewall
Description
The SuSE Linux Live CD for Firewall is a live file system CD from which all
the applications run directly. Theoretically, the firewall host could be oper-
ated without a hard disk. However, a hard disk for the cache and spool di-
rectories is required by proxy services, such as Squid or postfix. A hard disk
is also required if you want to save the syslogd log messages locally. To set
up the firewall system, insert the CD and the configuration disk created on
the Adminhost then boot the host.
Services on the Firewall
Application level gateways, or proxies, are located on the SuSE Live CD for
Firewall for the most common and essential Internet protocols and other ser-
vices:
DNS (Domain Name System) IP addresses can be converted into “Fully
Qualified Domain Names” and vice versa with bind8, but only in the
form of a cache-only name server, which is used as a forwarder for re-
quests from the internal network. It is not intended to be configured as
a DNS server.
SMTP postfix transports e-mail in an SMTP relay configuration.
HTTP and HTTPS — the WWW protocol Squid, httpf, tinyproxy,
mod_proxy, and Apache.
FTP For file transfers from one host to another, the program ftp-proxy from
the proxy-suite is used.
SSH Remote logins with encrypted transmission is handled by openssh.
Authentication is performed with RSA key pairs. This service simplifies
the administration of the firewall on a running system.
rinetd Generic tcp proxy rinetd.
ntp The time server xntpd synchronizes time on the firewall machine with
other computers in the internal network. This means that the time
stamps of the logs are synchronized.
ipsec As IPSec VPN software, FreeS/WAN is used.
i4l ISDN support
115SuSE Linux – Firewall on CD2