As a network management, in order to protect your Internet, you can spend tens of thousands of of dollars to control the inflow and outflow of information, but also can not spend a dime to achieve the same goal. Does it sound like it's not possible? Let's have a try now! How do you know if you don't try? The advantages of a 24-hour online broadband internet connection are obvious, fast, inexpensive, and convenient. The potential danger, however, is relatively less noticeable. In fact, without proper protection, this uninterrupted connection will put your company's servers and data at risk at all times. A router with a firewall capability can effectively eliminate these risks. You can spend a lot of money to buy a router, or you can save money, fully use the Linux built-in Routing and firewall functions to achieve the goal. In many cases, you can even use your Linux server as a router. However, if your Web site information flow is very large, it is best to use a PC to complete this task alone.
To enable information to come out
Sometimes, you may want to restrict your routers to specific PCs in your intranet so that they cannot be accessed from the Internet, but more often, you will have your Linux router block some unwanted visitors. When you use a DSL or cable connection, you typically use a hub to connect one of the ports to the Internet. In this case, as long as you can connect to the hub of the people, you can use some very easy to get the software, the data flow through your site to monitor, and even direct access to your network resources.
To do this, we can turn off Telnet and FTP services that are easily overheard by malicious people. This clearly ensures that the network is protected from intrusion, but in general, companies can use these services. In other words, the company's business generally requires the router to have security, but also allow information to flow smoothly into the outflow. So what you should do is to selectively restrict access to these services, rather than shutting them down completely. Once you have the right configuration script in place, the Linux router/firewall will do the work for you.
Services, ports, and protocols
Generally speaking, e-mail or Web and other Linux servers, must be able to access the external network. For this type of communication, standard ports for some industries are often used to help define these services. For example, a Web server typically uses port 80, and SMTP (for e-mail services) typically uses 25 ports and so on. The services running in the server and the ports they use can be found in the/etc/services file.
(This is the content of my services file on a Linux machine)
Also, you need to know what protocol the router should use. There are many protocols for Ethernet, but the most commonly used are TCP and UDP protocols. (The protocol used by the machine can be found in the/etc/protocols).
Commands to use
For a Linux router, we're actually using only the IP address forwarding and firewall parts of the kernel. So you don't need any extra software, you just need some command scripts to set rules for how the router responds to the packets it receives. This includes a series of rules for input, output, and forwarding.