| | We host multiple web sites that require SSL and therefore we need a dedicated IP address per URL. All HTTP requests go to one single Domino server configured with multiple IP addresses. With SSL, every host name needs it's own address. This has to do with the SSL protocol - the server needs to send the certificate before the browser sends the header information (host name is in header). So the server only knows the IP address. Anyway, this part is tested and the Domino server handles the sites very well.
So, my quest for the Linux Firewall starts with www.google.com and Linux Firewall in the search box.
So many choices ...
First result is a document on linux.com, 'A Linux firewall primer'. Since I'm looking for the most basic features, the article points to Smoothwall. Second link I check out is Wikipedia. After reading the 'List of Linux router or firewall distributions' it was clear to me that I don't have the time to dig any deeper into this topic.
Smoothwall is my first pick and my overall impression very positive. Smoothwall would likely be my firewall, but the Open Source version I tested did not handle multiple external IP addresses. I also searched for known problems with the software, but couldn't find anything of concern (September 2008). Unfortunately it doesn't do what I need and I have no other choice then moving on in my quest.
And SUSE to the rescue, openSUSE 11.0 to be exact. According to the features, the firewall does multiple external IP addresses. Now I'm in heaven. I already use the server version SLES 10 and OpenSuSE 10.2.
Here we go, download the iso image, burn the DVD and ...
But this is for another day to document. See the links on the top left for some of my thoughts and issues under the 'Firewall' heading.
The initial impressions are mixed. Not much official documentation when it comes to multiple IP addresses on the external network. The configuration file has lots of comments, this helped a lot. After some reconfigurations, I think I figured it out. Still testing and getting ready to setup a second PC to document the installation and setup.
Update April 2009: Still running the same version and not a single issue. A few weeks ago, I made some changes to the server and domain names. About every 2 months I power down all servers, routers and hubs. I make sure that important patches are applied and that's it. I also run WireShark and nmap to monitor the network and servers and all looks peaceful. Well, not counting the several thousand spam messages that hit my SMTP server every single day. The Domino spam filter settings block most of them and the few that are left are correctly discarded by spamJam from Granite Software.
Update September 2009: No change in the configuration or version yet, but I downloaded the openSUSE 11.1 version. The installation is practically the same and testing the new version is not on top of my priority list yet. After all, openSUSE 11.0 runs without any problems. I did the openSUSE 11.1 installation but haven't put it in production.
Continue with openSUSE 11.0 installation, my checklist for the setup.
First published on September 25, 2008
Last revised on September 08, 2009 |