TechSpot

Need some advice on setting up a dedicated firewall computer

By Jay Jay
May 27, 2005
Topic Status:
Not open for further replies.
  1. Sorry in advance for the long post I re-edited it several times to make it as short as possible..

    AOL has sent me a broadband pack to upgrade from my dial up account but I'm concerned about security issues. I have repeatedly read that the best way to secure yourself over the internet with a broadband account is to put a computer between the outside world of traffic and your main PC.

    So this is what I've done so far: I got a copy of Firewalls For Dummies and that was useful for explaining the terminology but it wasn't much good for what I'm trying to achieve as it only looked at firewalls being used on a main computer. I have also heeded the warnings about never running a Win2000/XP machine online under Administrator too..

    After having a look at the posts on here I realised that I will have to configure ICS on the PC that I want to surf the net with so it can access the broadband account that will be placed on the firewall server. I also did a search on google and yahoo and found this site which was very informative and spelled out exactly what I'm aiming for.. *see example 2*

    http://www.jpevolution.co.uk/hottopics.htm

    This is my networked ethernet setup...

    Computer A is a Pentium II 233mhz with 195 mb running Win200pro
    Computer B is a Pentium II 350mhz with 320 mb running Win98SE
    Computer C is a Pentium IV 3.06ghz with 512 mb running Win98SE

    Comp. A is the machine that I want to use as the dedicated firewall by placing the AOL broadband program on it and the security software. Then through Internet Connection Sharing, Comp. B would access the broadband account.

    Comp. B is a dedicated browsing and downloading workstation and has spybot, spywareblaster zonealarm & AVG installed. File sharing of it's drives by the other PC's is enabled.

    Comp. C is not connected to the net and is used for digital editing.

    Can anyone advise me or give me guidance/suggestions on how to configure my network so that if Comp A is attacked and breached the chances of the hacker getting access to my other two PC's is reduced or minimised?

    Cheers and sorry again for the long post, I hope it has all made sense! :blush: :blush:

    Jay Jay
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    I think you are going a bit overboard there.
    A good hardware router with built-in firewall (e.g. SMC Barricade), combined with AV (e.g. AVG) and a software-firewall (e.g. Agnitum/Kerio/Sygate/ZoneLabs) on each PC will protect you just as good, and makes life a lot easier.
    Internet->AOL-BB->Router->PCs
    No ICS.
    Have a look at the attachment here:
    Basics-networking
  3. Jay Jay

    Jay Jay TS Rookie Topic Starter Posts: 38

    Ok, thanks again RBS.. Will I need a router in order to share my existing AOL BB account with the other computer, so that I can access the net from my other PC or will these guidelines do the trick?

    http://www.wown.com/j_helmig/w2kicshi.htm
  4. Nodsu

    Nodsu TS Rookie Posts: 9,431

    First of all. If you set up a dedicated router box then it will not be breached. That is if you don't go putting in silly passwords or putting any other programs on the router computer. Firewall software is built to be tough and any attacker will go looking for a way around that fortress instead of taking it.

    Any breaching will be done directly to your browsing computer because of a user stupidity a la opening a file from a "friend" containing the latest fashionable trojan or checking some warez sites for a keygen for your favourite pirated application.

    The el cheapo solution for you would be two network interfaces into the router computer and Coyote Linux as the firewall/router software. It is extremely easy to set up especially since you are familiar with routing terminology :p You will need to get an ethernet hub or a switch to share the internet to the other two PCs. You can get a 10Mbit hub for free or for a symbolic fee from your local computer junk collector guy :p

    Don't even think about using Windows for the router computer.

    The foolproof mainstream solution would be to get a broadband router as RBS said. No extra cofiguration or hardware needed.
  5. Jay Jay

    Jay Jay TS Rookie Topic Starter Posts: 38

    Thought I'd do an update as to how I got on and to conclude the troubleshooting properly :)

    I checked out Coyote Linux but it doesn't work with USB Modems, but being never one to give up easily I had a look at the alternatives and I found Smoothwall, another Linux based firewall solution that comes with great documentation and is readily compatible with my ISP (AOL)

    Thanks for great advice Nodsu & RBS, much appreciated...

    Jay Jay
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.