Ubuntu Networking :: Setting Up A Router And Firewall For 10.10 Server 64-bit?
Jan 28, 2011
post the "perfect" tutorial for setting up a router and firewall for Ubuntu 10.10 Server 64-bit? I'm kind of a n00b when it comes to Linux, so I get really confused with some things, I have seen things on the ubuntu wiki about this... but it really confuses me =
I'm trying to setup my ubuntu sys as a router and firewall... Internet -> Ubuntu (Router) -> Switch (no DHCP on it) -> Computers I've already setup bind and dhcp3 and got those working perfectly... I've also setup Squid3 and Dansguardian for content filtering (blocking ads and such) and got them working too... I want to set it all up to be transparent, and allow the system itself to function as a powerful firewall router, giving absolutely NO issues to client computers connected, and no speed reduction at all.... I want to setup the firewall to allow all outgoing connections, but block everything incoming (stealth the network)... Forcing all http/s traffic to pass through dansguardian, then to squid...
But am very confused on how to pull this off... The system is running Ubuntu 10.10 Server 64-bit, with 4 GB of RAM, 320 GB SSD, and two 1Gb NIC cards... Sorry if I'm not very clear, I do speak english perfectly, but just kinda new to the "Linux world", I was using SONICWALL but that's getting a little too costly to my network and wanna do a free alternative... Something completely CUSTOM, not using some network security distro.
could set up a firewall on my linux machine? I have is to connect my router wired to the linux machine and then from the linux machine to my main computer, and obviously routing the internet connection through the linux box as a firewall. I use a Netgear DG834G router
I want to do is setup a gateway(or router, idk what Ubuntu refers to it as.). So my set up would be Modem>Server>Switch>Router. I know that I need to set up it up as a DHCP server as well. I would also like to setup it up as a firewall too. I already have two Gbit cards that are already configured. So how do I do this? I already tried one tutorial, but it was old and was for Debian. I also installed ebox, but I couldnt figure that out either.
So what I want to do is setup a gateway(or router, idk what Ubuntu refers to it as.). So my set up would be Modem>Server>Switch>Router. I know that I need to set up it up as a DHCP server as well. I would also like to setup it up as a firewall too. I already have two Gbit cards that are already configured. So how do I do this? I already tried one tutorial, but it was old and was for Debian. I also installed ebox, but I couldnt figure that out either.
I want to set up a Linux box as a wireless router to replace our existing Netgear WNR1000 router, as I believe the Netgear does not support the coming IPv6 protocol. Unfortunately, it is not flashable with OpenWRT or DD-WRT presently.
As we have Comcast, our cable modem acts as a dumb modem according to the customer support guy I talked to, and our router is the one that asks for the IP address from DHCP. Thus, when Comcast switches over to IPv6, I don't believe my existing router would work, correct?
My idea is to take a Linux box and put two NICs and a wireless adapter in it, using IPCop or Smoothwall to set up a router. I could then enable IPv6 support for when we have IPv6 with Comcast. Is that possible? Would there be a way to get BIND to hand out private IP addresses in the same subnet on the both the LAN NIC and the wireless card?
I have seen tutorials on setting up a secured firewall/router/gateway using ubuntu server as the platform. However, I am wondering if anyone has had experience with using an aircard (wireless broadband card via usb) to set up a router.
Which card do you recommend? Any precautions? Any specific code already written to automatically recognize mobile broadband cards and restart the connection if it goes stale?
I am looking for a solution for our LAN traffic monitoring and would like to use some opensource linux application. I have a linux box with two NIC cards and what I thought is the following: Our setup is as follows. Internet comes in through the router and into the firewall. From the firewall it goes into our switch and distributed among the workstations. I have no access to the router or the firewall as they are centrally configured. I would like to place a device into the loop through which I could monitor the LAN traffic.
Can I put a linux box between the firewall and the switch and have all packets going through registered and logged? I have a proxy server (non transparent) and that captures some but not all. I would like to get all packets registered without interfering with the LAN etc.
I am trying to do my graduation project, it's labeled under "linux secure router", and I should build a linux based router equipped with firewall and ACL management...Some people advice me to use linux ubuntu distribution todo this I try to do that but I don't know where to start form
I'm mentoring my local high school's IT club as they prepare to participate in a cyberdefense competition (see IT Olympics). Generally we are given four boxes and need to set up a network that provides certain services (which services change from year to year, but usually include a web server, email server, FTP server, and an application server of some sort) and support client PCs that connect from the WAN. The red team then tries to break into our network to steal "flags" from our servers and to set their own "flags" on our servers.
Generally we set up the firewall with two network interface cards (one to the WAN and one to our LAN), and connect the LAN NIC to a router, which then connects to the other three boxes. But we do have the option of installing additional NICs in the firewall and configuring it as a router. I can't shake the feeling that there is a security advantage to such a configuration, but I can't say what that advantage is. Perhaps something with configuring ipTables on the internal boxes to accept connections only from the firewall's NIC, and then only for the services we want that box to support (to prevent an intruder from connecting directly from one box to another)?
I am trying to make a vnc connection from pc #2 to pc #1. Pc #1 is a debian pc behind a zyxel router (P-2602HW-D1A). Pc #2 is a windows xp pc another place at the internet.I have configured the zyxel router to forward incomming trafic on port 5902 to the local ip-adress of the debian box. The debian box is running a vnc server, listening on port 5902.But i dosn?t work.I have tryed to scan the zyxel routers ipadress on port 5902 from the internet, but the scanner says that the port is closed.The vnc server on pc #1 is working fine on the local network. I can connect to the server from a pc on the same side of the zyxel router.Is it deffenitly a router problem, or could it have something to do with debians own firewall?
I have installed Ubuntu 10.04 Server on an older desktop with the intent of making it into a firewall box. What I would like to do is hook one nic into the modem, and the other nic into my router. I'm not sure if I want to setup the 2 nics as bridged.
I want to lock down my server to allow only certain ip addresses and ports in. I was thinking of doing this through the iptables but someone sugguested I used the hosts.allow and deny files to allow who can access the system. What do people suggest? If I"m trying to ensure no ip's can access my system except the ones I want, how would I do this with just the allow and deny files?
Setting up a Linux router in Fedora 10. The router has an IP (192.168.1.1) for the eth0 on the internal LAN and a static registered IP for eth1 on the internet connection. All the internal LAN client PCs have gateway set to 192.168.1.1. My question is what do I set the gateway address to on eth0 and eth1 and how would I configure this in /etc/sysconfig/network?
I wish to setup my spare PC as a router. I was wondering what programs, in ubuntu, I can use to monitor and change settings concerning bandwidth usage. I want to throttle down a computer in my network so what program would be good for this?
Okay, a few days ago I got a small job setting up a router for a neighbour of mine. He wanted me to set up a wireless network for him. The router he bought is a Linksys Wireless N-Router E1000. I set it up the passwords and everything. Only to find out that I couldn't connect at all to it. The main computer with a direct ethernet connection to the router was the only one that had internet. Everytime I attempt to connect wirelessly with any device, it will take extremely long time to connect, to the point where I will just quit connecting.(Example: 15 minutes of waiting, when the laptop is right next to the router)
Any ideas about what I am doing wrong here? As far as I can think of it might just be a faulty router, because the router will not implement any changes(like setting a password) I set on it. Only wired connections seem to work. the router is called a linksys wirless N-router E1000.
World of Warcraft requires that TCP Ports 1119, 1120 and 3724 are forwarded. The Blizzard Downloader requires that TCP ports 3724, 1119, 4000, 6112, 6113 and 6114 are forwarded. It can also benefit from having ports 6881 through 6999 forwarded. The World of Warcraft Voice Chat feature uses UDP Port 3724.
i use the hotspot feature to play warcraft and i am running ubuntu 10.10 ... i need to forward these ports ... any way to easily download an app to configure the phone like you would a router? its probably easy i just cant find it.
I decided to try and get my network ready for IPv6. All of my hosts are set up to do stateful autoconfig, I have radvd installed and working, and I can ping6 ipv6.google.com from my Ubuntu server. However, when one of the clients on the inside tries to ping6, no packets return and I get this message in the router's syslog:
Code:
Feb 8 17:55:17 foo kernel: [ 1344.824474] Dead loop on virtual device tun6to4, fix it urgently!
I have a Linksys WAG54G2 Router - this is set up and was working fine with Xp and my Apple I phone.I have just changed over from XP to Ubuntu, and am having difficulty in configuring wireless settings to accept UBUNTU.The hard wired Ethernet connection works fine.
I am thinking of moving the router behind a server and connecting the server directly to the internet via a modem. Are there any security issues related to doing this? or other things I should be aware of. Iptables are implemented on the server blocking access on unused ports.
I have an old pc that I would like to use as a headless server for my music, files, etc that I can access at work and other places outside of my network. I'm a complete noob in this department so please excuse my overwhelming ignorance. The only thing I've managed to succeed at was installing fedora 13. Two things in particular are giving me trouble: 1.)setting up my router and fedora box so that it has a static ip address and 2.)connecting to the fedora box via vncviewer on my laptop.
HERE ARE SOME QUICK SPECS THE DEVICES INVOVLED: Fedora Box: Intel Pentium 4 2.66GHz, 1GB ram, Fedora 13 Laptop: Toshiba Satellite A505, Intel Core 2 Duo T6600 2.20GHz, 4GB ram, Windows 7 Home Premium 64-bit Router: D-Link WBR-1310 ISP: Comcast (cable)
HERE'S WHAT I'VE DONE SO FAR: Setting Static IP On the fedora 13 box: 1.)Went to Network Connections and added a new connection 2.)Copied mac address from the default connection 3.)On IPv4 tab, added new address: 192.168.0.200 (this is out of the range which my router will assign automatically) netmask 255.255.255.0, set gateway to 198.168.0.1(router's ip on the network)
When I connect to this new connection web pages don't load, etc. but when I'm on the default connection I have no problems.
Connecting With Vnc Viewer On the fedora 13 box: 1.)System -> Preferences -> Remote Desktop 2.)Under Sharing I checked "Allow other users to view your desktop" and "Allow other users to control your desktop" 3.)Under Security I unchecked "Ask you for confirmation", checked "Require the user to enter this password", and specified a password
On the router 1.)Set up port forwarding for port 5900, TCP only, to the ip address of the fedora box.
On the laptop 1.)Installed VNCViewer 2.)Went to whatsmyip(dot)org to get ip address of router 3.)Tried to connect to that address, port 5900 (ex. ##.##.##.###::5900) 4.)Connection times out everytime.
Setting up desktop (9.04) behind router for remote access by latptop (9.10) I am setting up desktop (9.04) behind router for remote access by latptop (9.10). Rationale: All of my files are on my desktop HD, but I am often out of my home needing to work on my files. It is becoming labour intensive to keep track of the files I make/change and try to copy them on my non-connected desktop/laptop.
Dream: Able to remote access and modify my desktop files from my laptop (while the files remain on the desktop). Request: A simple, GUI, basic, non-technical guide how to set it up!
What I know: 1.I was going to use the 'Remote Desktop' VNC connection under System->Preferences. However, if I understand this correctly, this only secures my computer (i.e. Locks the front door of my desktop) and the data streamed between them is not encrypted.[URL]..
2.Then I need to set up my router to accept the connection from my laptop.
3.Then I will need to use SSH to secure the info sent between them. This is the bit I don't really have a good grip on.
I have three machines say A B and C. I want to make machine B as a router for A and C, so that the ping packets from C to A should be going via B. I have directly connected two interfaces(eth4) of A and B and similarly two interfaces(eth5) of B and C. I have even set up a route between B and C. 1. But I am not able to set a route between B and A.2. If I ping A from eth4 of B(viceversa) it works. When I ping B from eth5 of C it work but not the viceversa.3. Also, if I ping from C to A, B receives the packets, but not A.
i must make this work with the use of virtual pc's. I have vm player and installed fedora ( the latest version ) and one xp . So i have 2 virtual pc's. I'm making it simple for start so i can add more pc's when i see that it is working. I have setup a dhcp server at the fedora virtual pc. The fedora virtual pc is like a soho router. The xp pc is getting ip from dhcp while the fedora one has a static one.
My pc is behind an adsl router. Both virtual pc's can see each other which means i have no connectivity issues.Im trying to setup a squid proxy ( transparent one ) so for example the xp pc can access porn sites and such. I used all required configuration for the squid to work and started the service. Ive also inserted with iptables the commands to forward all incoming port 80 packets to port 3128 ( the squid ). It doesnt seems to be working and i thik i know why but i dont know how to fix it.
Because the xp has a gateway at 192.168.1.1 ( the adsl router ) packets go directly to it and not to the soho router ( fedora virtual pc as i intend to do) What can i do to solve this problem ? How can i forward all packets to go to the fedora virtual pc first and then the fedora pc to forward them (if necessary) to the adsl router? PS. I used Bridged connection on the networking configutration on the vmware player ! If you also want i can post the code for squid or iptables if needed !
I have linux server setup on a network with 2 interfaces. One (eth0) is connected to the regular network and the other (eth1) has a DHCP server and transparent web cache listening on it. The machines connected on the eth1 side are on a different subnet and the linux server is there gateway. Untrusted machines are introduced to this network to keep them isolated.
This isolation works well, too well. There are a small set of resources on the regular network I would like to make available to machines on untrustworthy network. I think I need to use iptables but alas I've had no luck in piecing together the command I need (in one case looking myself out and having to physically reset the machine).
In an effort to learn more about firewalls and iptables I have left behind gui set-up tools and have setup a firewall using iptables that logs to its own file. The firewall is as follows:
Code: *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :TCP - [0:0]