Firewall/Router

The open source operating system Linux is a stable server operating system, that is deployed successfully in many different companies for years now. Linux functions can easily be expanded to other working environments, for example as firewall, router or for creating a virtual private network. As usual in the open source world, free additional programs like Netfilter/IPTables are utilized.

Netfilter/IPTables are enhancements of the Linux kernel and advanced versions of the IPChains and IPFwadm programs. With this program it is possible to monitor the network traffic which flows through the server, to log it and, if necessary, to implement various actions on behalf of the configuration.

Netfilter allows defining functions for specific network protocols, which are activated by the arrival of packets on the monitored network. IPTables, on the other hand, is a configuration table which helps the program to recognize packets and then assigns them to a certain log. IPTables checks the packets for the desired conditions and passes them on to their destination or to a function for manipulation. The following basic functions are possible:

  • status independent packet filter for IPv4 and IPv6
  • status dependent packet filter for IPv4
  • all kinds of network addresses- and port translations (NAT and NAPT)
  • multi-layer

Those basically quite open functions of the program allow creation of complex configurations and protectors for IP-networks. In firewall applications IPTables thus has to be configured to let certain packets pass only on certain ports. For router applications, Netfilter inserts a visible IP-address on the packet from the intranet and distributes incoming packets appropriately to the internal address.

Netfilter and IPTables have been in use for a number of years and therefore already provide easy configuration tools. Furthermore the individual enhancement through programs from third parties or one's own developments are easy due to the modular construction and implementation of an API-interface.

The combination of Linux and Netfilter/IPTables is a cost-efficient alternative solution for common network hardware like Cisco Pix firewall or router. The additional application of a FTP-, HTTP- or file server based on Linux is possible on the same computer and provides further cost efficiency and reduction of necessary IT-infrastructure. Merely in the area of extreme bandwidth, specialized hardware should be preferred, as higher performance is necessary.

top  Top