Linux as an Internet Server
Arthur Donkers
Sidebar 1 | Sidebar 2
| Sidebar 3
Some time ago, our office conceived the idea of using Linux as our Internet server.
The choice seemed particularly appropriate, since Linux was designed by people
on the Net for the Net. This article tells you how to set Linux up to act as your
Internet server (see the sidebar "Installing Linux" for basic installation
information). The software involved is free, but you do have to invest time in
finding it, installing it, and configuring it.
Building a Proper Kernel
The kernel from the basic installation is generic and
therefore not
suited to this particular use. Building a kernel for
a system to be used
as an Internet server requires special attention to
security and to
network devices. Other aspects of the kernel can be
customized to suit
your site's needs.
Security
A basic security question is whether to disable the
IPFORWARDING in the
kernel. When this option is set, it will allow IP packets
to flow
through the server onto your internal network, posing
a significant
security threat. However, you will need to be able to
transmit data from
the local net onto the Internet and, under certain strict
conditions,
also vice versa.
Two solutions are available for this purpose. The first
one is based on
the IPFIREWALL code built into the kernel. This piece
of software lets
you define which IP packets may pass through your system.
You can
specify the acceptable packets based on the protocol
(ICMP, UDP,
TCP/IP), the sender, and the service requested. For
each "rule" you can
specify whether the packet should be blocked or forwarded.
How does this work? The kernel keeps an internal table
where all such
information is stored. Each packet that arrives at one
of the network
interfaces is checked against the contents of this table,
and
appropriate action is taken (if you're familiar with
FreeBSD, you'll
already be aware of this functionality).
|
