Applications Used
This section describes each application used in the creation of the final EigerStein firewall throughout this document. This is not by any means an exhaustive list, but rather the applications which I use, or have used, and hence have documented. EigerStein contains a number of smaller applications, known as packages. These are listed, as well.
EigerStein2BETA
This is the actual firewall system. It contains the core Linux operating system, the file system, the Busybox Linux applications, and all of the script files necessary to get a firewall up and running. EigerStein boots entirely off of a floppy disk. It contains a number of packages to extend the functionality of the firewall. The following are a list of the packages included with EigerStein:
dhcpd
Dynamic Host Configuration Protocol daemon. This package is used if the users on the protected network get their IP addresses from another computer, and that computer is supposed to be the firewall.
dhclient
This package is used if the firewall gets its external IP address from another system (a DHCP server) on the Internet.
dnscache
This package provides Eiger with an ability to cache DNS search results directly on the firewall. This means that each time a user (or more accurately, the users web browser) performs a DNS lookup, the result is stored on the firewall. If client PCs are set up to look to the firewall for DNS information, they can perform many DNS searches against the firewall instead of going out to the Internet to perform the search. The result is a faster search, and the Internet circuit experiences less load.
weblet
This package, created by Charles Steinkuehler, is a mini web server that runs on the firewall with a router status web page. That is, specified users can access firewall status information, configuration information, and log file contents from a web browser.
Other Packages Seattle Firewall (seawall)
There are a number of other packages included in EigerStein, however they are typically required (not added to increase functionality of the firewall).
This was added for essentially one reason, to masquerade IP traffic from other networks. The default installation of EigerStein allows you to route and masquerade traffic from a single network through the firewall, however little effort was placed into making EigerStein capable of handling multiple networks behind a firewall (or rather, multiple physical locations). Seattle Firewall does not allow you to set up the routes to route traffic from other networks through the firewall (this is done in the network.conf file), however it does provide the masquerading capabilities.
Sshd (Secure Shell)
This package allows you to create a secure terminal session (or shell, as it is called in Linux) from a host on the network to the EigerStein box. This means that you don't always have to be sitting at the firewall computer to manage, configure, or reboot it. Using sshd also means that the session is encrypted.
lrpStat
Linux Router Project Status application. This is not actually a package, but rather a JAVA applet designed to operate with the weblet package. When set up and configured, it will provide the administrator with real-time traffic statistics on the network ports (internal and external).
Putty
Putty is a terminal session application written for Microsoft Windows 9x/NT/2000. It is the client-side application which communicates with sshd to create the secure session. Note that this application should only be used to connect to the firewall, and, due to the potential liability for using stong encryption technologies for data communications, should not be used to connect to any host computer across the Internet.
Contents
Introduction
Anatomy of an EigerStein Firewall