Ubuntu Gateway

Pandu Poluan pandu at poluan.info
Mon Apr 4 03:01:10 UTC 2011 

Hello Kaushal.

I've been using Ubuntu Server as a gateway and firewall since the last
LTS before 10.04 LTS. Currently, my company's Internet gateway is
10.04.02 LTS, handling 4 Internet Connections (2Mbps, 2Mbps, 10Mbps,
1Mbps), outgoing *and* incoming.

You'll need to be familiar with iptables. And by familiar, I mean
*really* familiar. I'd say I know iptables better than I know my wife
:) ... well, just kidding. Sort of.

You'll also need to become familiar with iproute2 if you need
Policy-Based Routing (e.g., routing based on source instead of
destination). And you will want to learn fwmark-based routing.

If you want to throttle connections, you also have to familiarize
yourself with tc. Or use tcng for a (much) friendlier way to configure
tc.

You will want to tune the box's networking parameters. In particular,
various timeouts and buffer sizes. Oh, and use HTCP rather than CUBIC.

Finally, when you've gone the highly-customized system route like I
did, you can't rely on simple iptables management like
iptables-persistent. Even Shorewall or Arno's can't fulfill my needs.
I have to create my own 'harness' to run everything, e.g.:
+ Custom startup scripts to ensure ipset's sets get loaded before
iptables' rules
+ Custom startup scripts to populate the routing table
+ Custom scripts to save the state of the firewall/gateway when a
change has been made (so that the next startup will properly restore
the state)

I am currently in the progress of making Python-based scripts to help
in my firewall/gateway maintenance. But it's still in 'Deep Alpha'
state, so I can't share it with you yet.

Feel free to contact me privately if you want to see how I set things
up. I'll share my scripts and configs.

Rgds,


On 2011-04-04, Kaushal Shriyan <kaushalshriyan at gmail.com> wrote:
> Hi,
>
> I have planned to use 10.04 LTS for setting up Internet Gateway in my
> office. What should be the hardware configuration and what all recommended
> applications are needed ?
>
> Thanks
>
> Kaushal
>


-- 
--
Pandu E Poluan - IT Optimizer
My website: http://pandu.poluan.info/

More information about the ubuntu-server mailing list