Ubuntu Networking :: How To Set Up A Gateway/router And Firewall On Server
Jul 20, 2011
I want to do is setup a gateway(or router, idk what Ubuntu refers to it as.). So my set up would be Modem>Server>Switch>Router. I know that I need to set up it up as a DHCP server as well. I would also like to setup it up as a firewall too. I already have two Gbit cards that are already configured. So how do I do this? I already tried one tutorial, but it was old and was for Debian. I also installed ebox, but I couldnt figure that out either.
View 2 Replies
ADVERTISEMENT
Jul 20, 2011
So what I want to do is setup a gateway(or router, idk what Ubuntu refers to it as.). So my set up would be Modem>Server>Switch>Router. I know that I need to set up it up as a DHCP server as well. I would also like to setup it up as a firewall too. I already have two Gbit cards that are already configured. So how do I do this? I already tried one tutorial, but it was old and was for Debian. I also installed ebox, but I couldnt figure that out either.
View 1 Replies
View Related
Aug 1, 2009
I got 2 servers, each on different locations (server 1 and server 2). I want all traffic on server1 included web browsing, applications etc., be always going through server2, like a gateway. I want the traffic to be encrypted (maybe use VPN?) So if I browse, or any logs pick up ip adresses from applications used by server1, I want it to display the IP address from server2 (Might be the wrong way to say it).
I always wants server2 to act as an firewall and logserver that logs all the traffic. I was thinking about using Snort for IPS/IDS solutions and OpenVPN for the traffic, but what can I use as a firewall? Most firewalls I find on google has its own OS/Distribution. Maybe Squid for logs? But squid does not support much protocols. Distribution on both servers are updated Debian/Ubuntu based.
View 3 Replies
View Related
Apr 1, 2010
story is my brother is a dindows lover (gamer) and hes been gettin attacked by virus's,etc cause he runs his Vista setup with no firewall or antivirus
He says the firewall,etc slows down the PC too much for gaming He doesnt want to use Linux as his games wont play on Linux as on dindows
He wants to know if you can install a Linux firewall/gateway or whatever into his Linksys WRT54GC router and thus protect his PC without using a firewall or av in it.
EDIT: precisely; he has a Linksys wireless-G connected to a always-on Verizon Westel 6100G modem so its a wired connection, not wireless
View 6 Replies
View Related
May 29, 2011
I have been searching google for a while now and have not found exactly what I am looking for. I would like to use my fresh install of ubuntu server 11.04 as my router/gateway for my home. I am not an expert at linux by any means but I can usually figure stuff out. I believe I need iptables, bind, and a few others probally. It eventually will also be a samba server but I have done a little with samba before. I do have 2 network cards, my router at the moment is starting to die and would love to have a more powerful router. I would also like to figure out how to do port forwarding in the router, as well as be able to see the load on the network cards. Maybe there is a program to show usage by user? As well as be able to do packet pritorization.
View 4 Replies
View Related
Jan 28, 2011
post the "perfect" tutorial for setting up a router and firewall for Ubuntu 10.10 Server 64-bit? I'm kind of a n00b when it comes to Linux, so I get really confused with some things, I have seen things on the ubuntu wiki about this... but it really confuses me =
I'm trying to setup my ubuntu sys as a router and firewall... Internet -> Ubuntu (Router) -> Switch (no DHCP on it) -> Computers I've already setup bind and dhcp3 and got those working perfectly... I've also setup Squid3 and Dansguardian for content filtering (blocking ads and such) and got them working too... I want to set it all up to be transparent, and allow the system itself to function as a powerful firewall router, giving absolutely NO issues to client computers connected, and no speed reduction at all.... I want to setup the firewall to allow all outgoing connections, but block everything incoming (stealth the network)... Forcing all http/s traffic to pass through dansguardian, then to squid...
But am very confused on how to pull this off... The system is running Ubuntu 10.10 Server 64-bit, with 4 GB of RAM, 320 GB SSD, and two 1Gb NIC cards... Sorry if I'm not very clear, I do speak english perfectly, but just kinda new to the "Linux world", I was using SONICWALL but that's getting a little too costly to my network and wanna do a free alternative... Something completely CUSTOM, not using some network security distro.
View 1 Replies
View Related
May 17, 2009
Our firewall (debian) currently has 4 public ip addresses (eth0 1.2.3.4, eth0:0 1.2.3.5, eth0:1 1.2.3.8, eth0:2 1.2.3.9) and 3 internal subnets (eth1 10.1.x.x, eth1:0 10.2.x.x, eth2 10.7.x.x). We are experiencing the following two problems which I believe have the same root cause. 1) The firewall cannot access beyond the isp gateway (1.2.3.1). 2) From externally, we can ping eth0 with no trouble, however, pinging the eth0:0, eth0:1 and eth0:2 interfaces have results similar to the following:
Code:
PING 1.2.3.8 (1.2.3.8) 56(84) bytes of data.
64 bytes from 1.2.3.8: icmp_seq=2 ttl=57 time=59.0 ms
64 bytes from 1.2.3.8: icmp_seq=2 ttl=57 time=63.0 ms (DUP!)
64 bytes from 1.2.3.8: icmp_seq=13 ttl=57 time=59.3 ms
64 bytes from 1.2.3.8: icmp_seq=13 ttl=57 time=63.0 ms (DUP!)
64 bytes from 1.2.3.8: icmp_seq=24 ttl=57 time=62.0 ms
64 bytes from 1.2.3.8: icmp_seq=24 ttl=57 time=65.6 ms (DUP!)
I get the feeling that I'm missing something obvious, especially since all traffic on the internal subnets can access externally as normal.
View 4 Replies
View Related
Mar 4, 2010
I live on a property with 3 other units and we all share a cable connection. There's a modem connected to a wireless router (I'll call it the "main" router), which until recently I connected to with an 80' or so long ethernet cable because I don't get a good signal, and all I've got is a desktop anyway. When plugged directly into the main router, I can get very fast download speeds - the fastest I've seen over bittorrent, for example, is about 2.2 Mb/s, and it's over 1 Mb/s most of the time for popular torrents or sites with good bandwidth. A friend with a laptop is staying with me for a month, so I wanted to set up a wireless router in my home, and my desktop needed to be moved to a location where running a wire is kind of awkward, so I planned on using the wireless too.
I don't have a spare proper router with an uplink port laying around, but I did have a spare DSL modem/wireless router combo (which I'll call the "secondary" router) that I used to use at a former residence, and I thought I'd try to use it here. I plugged it into my computer, configured its security settings how I wanted (64-bit WEP) and looked through for settings that seemed like they might pertain to using it in this capacity. I didn't really find any except for something that seemed to turn off its DHCP, which I did. Then I unplugged my computer and plugged in the ethernet cable that runs to the main router (which is a normal ethernet cable, not crossover). I found that this setup does "just work" for the most part - our computers see the signal and can log in and access the internet through the main router's cable connection. However:
1. I can't figure out how to access the secondary router's settings once it's been plugged into the main one, even if I unplug it from the main one. What happens is that as soon as I connect the two routers together, it's almost like the secondary ceases to exist independently until it's settings are purged via the reset button. I plug it's IP address into a browser like usual, and nothing happens (it's an Actiontec whose stock one is 192.168.0.1 and the main router is a Netgear with an IP of 192.168.1.1).
I can log into the main one like normal through a wireless connection to the secondary, though. If I look at "attached devices" in the main router's config, it lists all the client computers in the network, but there's no IP that could be for the router (I'm sure of this). Each computer connected through my secondary router gets assigned its own IP like normal, and port forwarding works without a hitch. Again, this persists until the secondary is reset - after the two routers are connected but until the secondary is reset, there doesn't to be a way into the secondary's config. The security settings are acting as they should, though (ie, you need the secondary's WEP key to log on).
2. Internet download speeds when connected to the secondary over wireless are extremely slow compared to what the connection is capable of (can't seem to top 90 Kb/s) but for some reason the max attainable internet upload speed seems to be about the same as normal (around 200 Kb/s). This is puzzling to me. Back when I was using the secondary router for it's intended purpose as a DSL gateway under XP, I downloaded at around 300 Kb/s all the time with it using the same wireless card I am now, so I know the hardware I have is capable of it. Now both of our wireless cards are getting the same mediocre speeds (seemingly bottlenecked at around 90 Kb/s), even with a full signal (ie, the computer right next to the router).
If we connect to the secondary router with a cable rather than wireless, there's no problem and downloads are really fast (note again though that the max upload speed doesn't seem affected whether wired or wireless, as determined by running internet speed tests in both configurations). Ping times over wireless are also extremely high - ie, 800ms+ even when pinging the main router at 192.168.1.1.
It almost seems like there's something inferior or bottlenecked about the wireless signal the secondary router puts out, but I don't know what that could be or how to change it. (I also don't really understand anything about the setup I created here though, other than that I plugged it in and crossed my fingers and it works for basic, non-bandwidth-intense tasks). basically I'm curious whether there's a way to have normal access to the secondary router's settings in this setup, and whether there's a way to make the bandwidth over wireless less mediocre.
View 3 Replies
View Related
Aug 16, 2010
a wireless router (box) is went stuck, I found that when it is stuck it uses strange IP local address remote address 10.112.112.112, today is also went stuck but this time the gateway was 10.112.112.112. I had to switch off, switch on teh router to function properly. I am using DSL connection normally the gateway is likie that 78.8.... and my IP (dynamic) like 78.8.240..... Is there any default meaning of 10.112.112.112 in teh net connections?
View 14 Replies
View Related
May 12, 2010
I have 17 system (sys1,sys2,sys3.....sys17) in my office, and i am willing to setup a dedicated system to act as a firewall for that i have selected sys1 with two NIC(eth0 for local network and eth1 for internet) and i have configured to access internet in my office for that i have opened a wellknown port 80.but my clients are not accessing the internet..
and please check my sample IP configuration !!!
interface : eth1 (ISP IP)just for example
IP :192.168.0.2
gateway:192.168.0.1
dns:202.56.230.5
dns:202.56.230.6
Interface : eth0 (my local lan )
192.168.1.1
255.255.255.0
IP address of xp clients ranges form 192.168.1.2 to 192.168.1.16 with default 255.255.255.0
my question is that which gateway address and dns i have to give to my clients for accessing internet ?...
View 1 Replies
View Related
Jul 6, 2010
I'm running Ubuntu 10.04 and my setup is as follows:
As you can see, I am directly connected to router 192.168.25.1, and so my ip address is 192.168.25.101. I want my ip address to be 192.168.13.101, and make router 192.168.13.1 my gateway router. Is this possible under the current physical layout (I do not want to have to connect directly into 192.168.13.1, but keep my computer where it is at)?
When I run tracepath, it shows 192.168.13.1 is one hop away.
What I've tried:
The problem is under this manual setup, I cannot ping 192.168.13.1 and running command netstat -rn returns the following:
View 2 Replies
View Related
Apr 24, 2010
Does anyone have experience with the D-LINK DIR-655 gateway OR router OR wireless access point? On the surface, I like this box, but it is giving me grief. First, it wants me to use a win-dose CD configurator application. I use the embedded web page configurator. Next, there are several configuration wizards at the embedded web page. After trying the wizards, I went to the manual screens to tinker to get something working.
So what is going on? When a LAN client connects, I want DHCP to present at least two "nameserver" values ... which then make their way into /etc/resolv.conf The DIR-655 plays some nameserver games like caching and blacklisting and other things. However, I get some ad-vert page from "dnssearch" or "yahoo" or similar when names don't resolve. I really don't want this behavior. Network-manager does not report the connection down, however streaming anything stops or "reconnects", browsing times out, LAN side traffic seems to stop as well.
View 1 Replies
View Related
Feb 9, 2010
I want to setup a router with firewall on ubuntu box that will connect windows pcs one serving as outside source and one serving as inside target.
View 2 Replies
View Related
Jul 29, 2011
I have a fedora 14 box which has a static IP and I can not contact the internet or even my gateway router.I know it has to do with my kernal IP routing table but I can not find the command to do what I need...Here is my kernal IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
My gateway is 192.168.1.1 and my static IP is 192.168.0.2.
View 3 Replies
View Related
Jan 22, 2009
Presently this client access the net through following setup
ADSL modem -> hub -> all computers
Now they want to do some kind of bandwidth control, content filtering. So I tried setting up squid with dansguardian. This is what I did
ADSL -> linux server -> all computers.
The linux server has two NIC cards. One to the ADSL router and another to the local hub. This is how my squid.conf file looks like
http_port 3128
acl ubc src 192.168.1.0/255.255.255.0 (for subnet)
http_access allow ubc
Have set the gateway server as 121.x.x.1. Which is the gateway server of the ISP. Now I can ping the local network, but cant ping the gateway or any other website. Also I am unable to access the router administration page.
View 2 Replies
View Related
Apr 23, 2010
I have seen tutorials on setting up a secured firewall/router/gateway using ubuntu server as the platform. However, I am wondering if anyone has had experience with using an aircard (wireless broadband card via usb) to set up a router.
Which card do you recommend? Any precautions? Any specific code already written to automatically recognize mobile broadband cards and restart the connection if it goes stale?
View 8 Replies
View Related
Jun 10, 2009
I am looking for a solution for our LAN traffic monitoring and would like to use some opensource linux application. I have a linux box with two NIC cards and what I thought is the following: Our setup is as follows. Internet comes in through the router and into the firewall. From the firewall it goes into our switch and distributed among the workstations.
I have no access to the router or the firewall as they are centrally configured. I would like to place a device into the loop through which I could monitor the LAN traffic.
Can I put a linux box between the firewall and the switch and have all packets going through registered and logged? I have a proxy server (non transparent) and that captures some but not all. I would like to get all packets registered without interfering with the LAN etc.
View 3 Replies
View Related
Jul 6, 2010
I am trying to do my graduation project, it's labeled under "linux secure router", and I should build a linux based router equipped with firewall and ACL management...Some people advice me to use linux ubuntu distribution todo this I try to do that but I don't know where to start form
View 3 Replies
View Related
Jan 27, 2010
I'm mentoring my local high school's IT club as they prepare to participate in a cyberdefense competition (see IT Olympics). Generally we are given four boxes and need to set up a network that provides certain services (which services change from year to year, but usually include a web server, email server, FTP server, and an application server of some sort) and support client PCs that connect from the WAN. The red team then tries to break into our network to steal "flags" from our servers and to set their own "flags" on our servers.
Generally we set up the firewall with two network interface cards (one to the WAN and one to our LAN), and connect the LAN NIC to a router, which then connects to the other three boxes. But we do have the option of installing additional NICs in the firewall and configuring it as a router. I can't shake the feeling that there is a security advantage to such a configuration, but I can't say what that advantage is. Perhaps something with configuring ipTables on the internal boxes to accept connections only from the firewall's NIC, and then only for the services we want that box to support (to prevent an intruder from connecting directly from one box to another)?
View 2 Replies
View Related
Jan 26, 2010
I am trying to make a vnc connection from pc #2 to pc #1. Pc #1 is a debian pc behind a zyxel router (P-2602HW-D1A). Pc #2 is a windows xp pc another place at the internet.I have configured the zyxel router to forward incomming trafic on port 5902 to the local ip-adress of the debian box. The debian box is running a vnc server, listening on port 5902.But i dosn?t work.I have tryed to scan the zyxel routers ipadress on port 5902 from the internet, but the scanner says that the port is closed.The vnc server on pc #1 is working fine on the local network. I can connect to the server from a pc on the same side of the zyxel router.Is it deffenitly a router problem, or could it have something to do with debians own firewall?
View 2 Replies
View Related
Jan 12, 2011
could set up a firewall on my linux machine? I have is to connect my router wired to the linux machine and then from the linux machine to my main computer, and obviously routing the internet connection through the linux box as a firewall. I use a Netgear DG834G router
View 9 Replies
View Related
Mar 13, 2011
I'm getting a timeout error from NetworkManager when attempting to connect to my router/firewall.
Excerpt from /var/log/messages attached.
View 1 Replies
View Related
Aug 14, 2010
I am thinking of moving the router behind a server and connecting the server directly to the internet via a modem. Are there any security issues related to doing this? or other things I should be aware of. Iptables are implemented on the server blocking access on unused ports.
View 2 Replies
View Related
Jul 3, 2011
I have a Bubba Two headless PC box and on it a Debian GNU/Linux Squeeze operating system.
I have upgraded my Bubba Two [URL]to Debian Squeeze from Debian Etch following these steps: Running Debian lenny or squeeze on Bubba Two [URL]
After this upgrade I have setup networking on Bubba following these steps: Setting up networking [URL]
In the case [URL] doesn't work, here are these steps:
[Code].....
View 5 Replies
View Related
May 27, 2010
On a remote system, when all you have is the ssh CLI -
How do you find out the ip addresses for:the Gateway
the DHCP server
the DNS server
Don't need to make any changes.
Which commands will display this info?
View 1 Replies
View Related
Mar 1, 2011
I've set up a Lan-to-Lan (routed) OpenVPN tunnel. For redundancy I want to set up a second VPN tunnel on a fallback gateway/firewall on the client side. Currently, both sides (server/client) know how to route packets across each others physical LAN. So no NAT is used. When the primary gateway (fw1) is connected to the VPN server all traffic runs via the fw1 tunnel. Than when the secondary gateway (fw2) connects to the VPN server and fw1 is still connected all traffic for fw1 will be delivered to fw2 and effectively destroying traffic intended for fw1. This is of course no problem if I first shutdown (fence) fw1, than set up fw2 to use the gateway IP address from fw1 and set up the VPN tunnel to the VPN server. Effectively replacing fw1 with fw2 on the client side.
However, I can't seem to find a decent howto.
I am also exploring the possibility to let both tunnels active and let OpenVPN (or another tool) decide how to route packets back and forth the different LANs. A virtual IP between two gateway's both running a VPN or something similar. This would be the preferred method of course. However, I don't know how to tackle this one but I'm pretty sure there are people out there who are happy to share their 2 cents.
View 3 Replies
View Related
Jul 11, 2011
I am trying to get a Linux (Slackware 13.37) working in a Windows networking environment. The IT support for this organisation does not extend to Linux support, so I'm limited in what help I can get for this.
I'm trying to get to the point where I can get to the internet to download what I need on this Linux machine.
The situation is this (*fictitious addresses used) -My Linux machine uses a fixed IP address (10.100.150.21)
My Windows machine uses a DHCP assigned IP address (10.100.150.213)Both Linux and Windows machine are configured to access the gateway server (10.100.150.1)So, I can ping the Linux machine from the Windows machine and vice-versa.I can ping the gateway machine from the Windows machine.I can browse Windows Shares on the network via SMB from the Linux machine.I CANNOT ping the gateway machine from the Linux machine with the Destination Host Unreachable message being the error message.
For actual internet access I need to access a proxy server but since the Linux machine can't even ping the gateway server, it fails to ping the proxy.Now, I have been told the gateway is a HW based router and for Windows machine they use some software for authentication to connect to the network. This software isn't available for Linux, so that's why I've been told to use a fixed IP address.My experience of networking is pretty basic and most of the Linux setup is done via running Slackware's setup program.
View 12 Replies
View Related
Apr 2, 2011
I just set up a linux server which is acting as an internet gateway. For specific reasons, clients first make a vpn connection trough the internet to the linux server.
CLIENT ---->Internet----->Linux VPN Server ------> Internet
On the linux server iptables is configured for NAT. The problem is that the internet speed becomes slower than expected. I used windows and RAAS and the speed was pretty good. The server has only 1 NIC(eth0) and an alias interface is added to eth0. The alias is eth:0 with ip address 192.168.0.253
iptables config is as follows:
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F
iptables -A FORWARD -d 192.168.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to MY_VALID_IP
View 1 Replies
View Related
Mar 26, 2009
I have setup an ubuntu gateway server by using four NIC cards.
eth0 :210.212.235.107 is connected to the internet
eth1 :192.168.1.222 is connected to the local network
eth2 :192.168.2.222 is connected to another network
Here 192.168.1.222 is the gateway for 192.168.1.0 network and 192.168.2.222 is the gateway for 192.168.2.0 network.These network configurations are working fine, but i want to block inter network communication ie from 192.168.1.0 network to 192.168.2.0 network,i want to block the communication for securing the local networks more.I know iptable rule is enough for this purpose .But i cant find the apt rule for this purpose.
View 1 Replies
View Related
May 11, 2010
setup 2 gateway in my email server(opensuse).
now i wan to setup 2 internet lines for my email server, which mean that either one of the line is down, i still can receive mail from another line.
Example
Internet line 1 = ISP1
Internet line 2 = ISP2
my email server got 3 nic which...
eth0 = 192.168.1.2 (255.255.255.0) (from ISP1 GW 192.168.1.1)
eth1 = 192.168.2.2 (255.255.255.0) (from ISP2 GW 192.168..2.1)
eth2 = 168.168.1.2 (255.255.0.0) (connect to local LAN)
now existing GW set on the server is 192.168.1.1, mail receive and send through ISP1. now we wish to set somethings that once the ISP1 line is down, the server will auto switch to ISP2 gateway and continue send and receive mail without manually change of settings
View 9 Replies
View Related
