Ubuntu Networking :: Building A Firewall And Switch?
Apr 6, 2011
I am wanting to build myself a Linux based firewall and network switch but I am not entirely sure where to start. I would like to point out that I am aware that it would be easier and quicker to just buy a switch and use that, but this is an intellectual exercise.
What I want to do is have a NIC which has the internet coming in. The traffic is then passed through the firewall program (I think IP tables is what I should be using?).
Now my main issue is that I will have quite a few Network Interfaces to manage. The machine could easily assign IPs by DHCP and act as the DNS server but what would I need to use to share the internet connection to all the NICs? There will be at least 4 interfaces, but possibly up to 12.
I am trying to do my graduation project, it's labeled under "linux secure router", and I should build a linux based router equipped with firewall and ACL management...Some people advice me to use linux ubuntu distribution todo this I try to do that but I don't know where to start form
why do we have to define both Source/Destination AND Direction when building firewall.Isn't direction= source->destination? what would happen if source and destination were swapped?
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
Do I undersatnd correct? If you build LAN with several Linux PCs and no DHCP server, you will need to configure every computer yourself. But if you add one more PC to this LAN which is DHCP server, all you need is to configure this DHCP server and write in config files of other computers to use DHCP, network will work without configuring other computers?
I have an old tower that I've installed Ubuntu onto. It connects fine online with a mobile broadband stick. I also have an old wireless router knocking about, and I've been trying to network up my house wirelessly using the tower as a router, if that makes any sense. Long story short, this is my setup
Internet ==> Mobile Broadband ==> Tower ==> Wireless Router ==> Wireless Devices.
I know that it's complicated, but I'm sure that it can be done. I've tried playing around with bind9, and playing with dhcp and the like. I feel that I am close.... but no cigar. how to route all traffic from the router
I suspect this is an initial configuration bug. All firewall logs seem to be going to all three files. That causes a lot of clutter in the log files, and makes it difficult to see whether there are any serious problems being logged.
I'm trying to build firewall on Debian with 'Firewall Builder'. But it won't let me compile and run unless one interface is set as management. There are two interfaces on my computer: 'eth0' and 'lo'
I don't want to be able to configure firewall remotely, so could I use 'lo' as 'management interface'?
On the office we have a Firewall/VPN infrastructure. Everybody connects to internet trough an Access Point (Lynksys RWT120N), which, in turn, connects to a WatchWard/Firebox red box. I suppose this is the equipment that does the VPN stuff. Finally, the red box connects to a DSL modem from our ISP.The problem is: Everybody on the office can connect to the AP and surf the internet without any issues, excepting me when I connect with ubuntu 10.10. I have windows on the same machine and I can access the internet without problems.
What I have seen so far is that Network Manager associates with the AP, gets what I would consider all the expected information from DHCP, but internet connectivity is none.For "expected information from DHCP" i mean: IP address, gateway, and DNS.I can ping my assigned IP address, the gateway and even other machines in the same network. I cannot ping the DNS or other external IP addresses.
I successfully installed Ubuntu 10.04 on 2 laptops (both are identical in terms of hardware). In addition, I connected both of them (using RJ45 cables) to a switch (just a switch; I don't have a router). Can anybody guide me what should I do / what settings should I specify in each laptop in order to be able to SSH from one laptop to another?
I am using ubuntu 9.10. Configuring my firewall using guarddog. I have setup a rule to allow traffic OUT on port 7078 UDP, and just because i'm having problems i added an IN rule.
# Create the filter chains # Create chain to filter traffic going from 'Internet' to 'Local' ipchains -N f0to1
I have installed Ubuntu 10.04 Server on an older desktop with the intent of making it into a firewall box. What I would like to do is hook one nic into the modem, and the other nic into my router. I'm not sure if I want to setup the 2 nics as bridged.
Can the fibre channel switch in the centOS5.3 cluster edition be switched for a regular router or hub? If so how would one do this? If not why does the switch have to be fibre channel?
I have two webservers in differents machines (192.168.1.10 and 192.168.1.20) that hosts two differents domains (www.test1.com and www.test2.com).
I have a machine that acts like firewall with two NICs one to the ADSL router and another to the internal net where the two servers are.
There is a way to route to one or another machine based on the domain name? I've been reading about how to do this with iptables and DNAT but I can't find a propper solution that use domain name as destination instead ip address.
I have tried various rules, like opening port 53 for the DNS with little success. I finally figured that you need to set the source port to 53 and NOT the destination port.However, I have been unable to figure out what ports apt-get requires. The only way I get it to work is to accept everything in iptables.
I have seen tutorials on setting up a secured firewall/router/gateway using ubuntu server as the platform. However, I am wondering if anyone has had experience with using an aircard (wireless broadband card via usb) to set up a router.
Which card do you recommend? Any precautions? Any specific code already written to automatically recognize mobile broadband cards and restart the connection if it goes stale?
here's my delema, there is a server on a network protected by a overly restrictive firewall. I can't connect to the server.
I was thinking, does a program exist where the server would connect to another server outside the firewall, then wait for commands? This way there is no port forwarding required. The only program I know that does this is LogMeIn. If you check the logs it does use SSH, and thats even when I blocked the port. Since LogMeIn isn't what I was looking for (Windows Only, full screen capture instead of command line), does an alternative exist?
I have OpenVPN running on my Ubuntu Server just fine. I can connect over the Internet and access all my resources on the LAN via bridged mode perfectly. My server only has one LAN card and sits behind my router, which means it has a private IP address of 10.1.1.2....Which brings me to my question. I want to open up access to my friends via OpenVPN, but I don't want them to be able to access other machines on my LAN (e.g. 10.1.1.20). However, I do want them to be able to talk to each other and pass broadcasts (old LAN games), as well as my laptop (let's say 10.1.1.7).I've tried using iptables to block traffic to the LAN (such as .20), to no avail. I've been reading up and it seems as though iptables won't even filter the traffic, as it's passed at a lower layer. Is this true? If so, what do you recommend I do in order to prevent my buddies from accessing the rest of my LAN while siumultaneously allowing broadcasts pass for some very old Windows LAN games (we're talking Windows 9.
post the "perfect" tutorial for setting up a router and firewall for Ubuntu 10.10 Server 64-bit? I'm kind of a n00b when it comes to Linux, so I get really confused with some things, I have seen things on the ubuntu wiki about this... but it really confuses me =
I'm trying to setup my ubuntu sys as a router and firewall... Internet -> Ubuntu (Router) -> Switch (no DHCP on it) -> Computers I've already setup bind and dhcp3 and got those working perfectly... I've also setup Squid3 and Dansguardian for content filtering (blocking ads and such) and got them working too... I want to set it all up to be transparent, and allow the system itself to function as a powerful firewall router, giving absolutely NO issues to client computers connected, and no speed reduction at all.... I want to setup the firewall to allow all outgoing connections, but block everything incoming (stealth the network)... Forcing all http/s traffic to pass through dansguardian, then to squid...
But am very confused on how to pull this off... The system is running Ubuntu 10.10 Server 64-bit, with 4 GB of RAM, 320 GB SSD, and two 1Gb NIC cards... Sorry if I'm not very clear, I do speak english perfectly, but just kinda new to the "Linux world", I was using SONICWALL but that's getting a little too costly to my network and wanna do a free alternative... Something completely CUSTOM, not using some network security distro.
Please review my webmin Linux firewall. This is a squid proxy / Firewall / Router. Everything works fine until I change that last line to reject or drop all. Then the traffic behind the firewall that is trying to reach the internet gets borked. I can only assume that something is killing the connections to squid. But everything looks right to me. Here is my prerouting. (please ignore the green box) The red box is the action to be taken following the given rule. But I don't think the problem is in prerouting.
I Installed a game server on my ubuntu desktop which is on port 7777. I can join the gameserver without any problems on my local network but when I'm trying to join using my external IP address its not working.
This is what I did:I Forwarded my port inside my router but it still didn't work.
I Removed UFW from my ubuntu machine
I Tried portforwarding with an other machine (iMac) and it's working there
Is there any Security on Ubuntu Desktop that's blocking my gameserver
I Got 2 Network cards in my Ubuntu PC
1. Is A Ethernet card that I use to connect my iMac to the Ubuntu PC (Internet Sharing on my iMac) For fast file transfers.
2. Is A WLAN card that I use to connect my Ubuntu PC to our network.
I want to do is setup a gateway(or router, idk what Ubuntu refers to it as.). So my set up would be Modem>Server>Switch>Router. I know that I need to set up it up as a DHCP server as well. I would also like to setup it up as a firewall too. I already have two Gbit cards that are already configured. So how do I do this? I already tried one tutorial, but it was old and was for Debian. I also installed ebox, but I couldnt figure that out either.
