Ubuntu Gateway
Diego Xirinachs
dxiri343 at gmail.com
Mon Apr 4 05:24:20 UTC 2011
I think what Pandu suggested is great but way to advanced for some people
(including me), I would say shorewall can fulfill most people needs, and
what they say its true (shorewall, iptables made easy). I use it and have
had no problems at all with it. For me, just shorewall + squid does the job,
I mantain 2 offices, 1 with + clients and the other one with 56, in both I
have the same setup and works very well.
Pandu's approach is great but like he said, you need to know iptables more
than you know your wife.
cheers and hope it helped
2011/4/3 Pandu Poluan <pandu at poluan.info>
> Hello Kaushal.
>
> I've been using Ubuntu Server as a gateway and firewall since the last
> LTS before 10.04 LTS. Currently, my company's Internet gateway is
> 10.04.02 LTS, handling 4 Internet Connections (2Mbps, 2Mbps, 10Mbps,
> 1Mbps), outgoing *and* incoming.
>
> You'll need to be familiar with iptables. And by familiar, I mean
> *really* familiar. I'd say I know iptables better than I know my wife
> :) ... well, just kidding. Sort of.
>
> You'll also need to become familiar with iproute2 if you need
> Policy-Based Routing (e.g., routing based on source instead of
> destination). And you will want to learn fwmark-based routing.
>
> If you want to throttle connections, you also have to familiarize
> yourself with tc. Or use tcng for a (much) friendlier way to configure
> tc.
>
> You will want to tune the box's networking parameters. In particular,
> various timeouts and buffer sizes. Oh, and use HTCP rather than CUBIC.
>
> Finally, when you've gone the highly-customized system route like I
> did, you can't rely on simple iptables management like
> iptables-persistent. Even Shorewall or Arno's can't fulfill my needs.
> I have to create my own 'harness' to run everything, e.g.:
> + Custom startup scripts to ensure ipset's sets get loaded before
> iptables' rules
> + Custom startup scripts to populate the routing table
> + Custom scripts to save the state of the firewall/gateway when a
> change has been made (so that the next startup will properly restore
> the state)
>
> I am currently in the progress of making Python-based scripts to help
> in my firewall/gateway maintenance. But it's still in 'Deep Alpha'
> state, so I can't share it with you yet.
>
> Feel free to contact me privately if you want to see how I set things
> up. I'll share my scripts and configs.
>
> Rgds,
>
>
> On 2011-04-04, Kaushal Shriyan <kaushalshriyan at gmail.com> wrote:
> > Hi,
> >
> > I have planned to use 10.04 LTS for setting up Internet Gateway in my
> > office. What should be the hardware configuration and what all
> recommended
> > applications are needed ?
> >
> > Thanks
> >
> > Kaushal
> >
>
>
> --
> --
> Pandu E Poluan - IT Optimizer
> My website: http://pandu.poluan.info/
>
> --
> ubuntu-server mailing list
> ubuntu-server at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>
--
X1R1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20110403/db32ecfd/attachment.html>
More information about the ubuntu-server
mailing list