STDI Consulting Inc.
Mississauga Ontario, Canada
http://stdi.com
First published on September 25, 2008
Last revised on May 24, 2016
Linux Firewall
The Search for a firewall, DHCP and DNS server on the same box


We host multiple web sites that require SSL and assigned a dedicated IP address per URL. HTTP requests go to one of two Domino servers configured with multiple IP addresses. With SSL, every host name needs it's own address. This has to do with the SSL protocol - the server needs to send the certificate before the browser sends the header information (host name is in header). So the server only knows the IP address. Anyway, this part is tested and the Domino server handles the sites very well.

We started with openSUSE 11.0 back in 2008, upgraded to the 11.3 version. Just got a Core 2 Duo E8400 3GHz system and it's now time to upgrade to openSUSE 12.2 64bit.

Update April 2009: Still running the same version and not a single issue. A few weeks ago, we made some changes to the server and domain names. About every 2 months we power down all servers, routers and hubs. We make sure that important patches are applied and that's it. We also run WireShark and nmap to monitor the network and servers and all looks peaceful. Well, not counting the several thousand spam messages that hit our SMTP server every single day. The Domino spam filter settings block most of them and the few that are left are correctly discarded by spamJam from Granite Software.

Update November 2010: Downloaded SUSE 11.3 and everything went ok. Not many changes with the Text Only Server installation or the firewall.

Update May 2011: Up to today, we had no problems with the firewall. So it is time to make changes again!! I'm adding the DHCP and DNS to the firewall. Still using SUSE 11.3, even so there seems to be a problem with the DNS configuration. As always, we're doing a clean install on a new box. If we run into problems, we can always switch to the old box.
And one more update, we just downloaded openSUSE 11.4 and did a quick test install. The steps are the same from what we can tell. There may be some issues with the DHCP server on 11.3, but for our basic needs it doesn't apply. These issues may be solved in 11.4, but please consult the official documentation. For now, we have no plans to install the 11.4 version on the production box.

Update December 2012: Downloaded SUSE 12.2 64bit and setting up the system. I will run the Firewall, DNS and DHCP on this system. Not all done yet, but no problems up to this point. I will update the document when all is running fine in production.

Update July 2014: If you are wondering how accurate this document is, well, it is still running the same version on the same box. I moved one server to a host site. It is running CentOS on a virtual system. It is actually hosted at canadianwebhosting.com. After the very positive experience with Canadianwebhosting, I decided to move my email server there as well. I will eventually have an update once all the pieces are up and running.

Update May 2016: I installed SUSE 13.2 last year and not much has changed regarding the basic installation. The firewall runs for 242 days according to 'uptime'. The only interaction is with the DNS and DHCP server, had to add some entries there. As of this writing, SUSE 13.2 is still the current release. No reason to make any changes at this time.

Continue with the installation checklist on the openSUSE 11.3 installation.
Timestamp: 10/22/2017 02:11:50 AM EDT [on srv7cps]
1996 - 2017 STDI Consulting Inc.
All Rights Reserved