Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


edc

edc

31 posts

Geek


#180750 20-Sep-2015 21:48
Send private message

I'm getting Vodafone UFB in about 3 weeks. I'm not sure how I'll setup the network, but this is what I've got planned:

ONT - Ubuntu 14.04.2 LTS Desktop eth0 (Router)
Ubuntu eth0 - Ubuntu eth1
Ubuntu eth1 - switch
switch - Wireless-AP-LowLatency 5GHz
switch - Wireless-AP-HighThroughput 5GHz
switch - Wireless-AP-Legacy 2.4GHz

The Wireless-APs will run on different channels, on different levels of a 3 level house.

eth1 runs services such as ssh, samba, btsync (setup already)
eth0 faces the ONT

Is there a guide for setting Ubuntu up as a router?
(This is a Linux and Networking question)

FYI
These are the interfaces:
01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8101E/RTL8102E PCI Express Fast Ethernet controller (rev 05)
03:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTS5209 PCI Express Card Reader (rev 01)
02:00.0 Network controller: Qualcomm Atheros AR928X Wireless Network Adapter (PCI-Express) (rev 01)

Thank you









View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
michaelmurfy
meow
13240 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1390826 20-Sep-2015 23:58
Send private message

I would strongly recommend you don't do this sort of setup as if you've got a single thing wrong in your iptables configuration you could risk getting your Ubuntu machine owned. If you however would like to do it then you'll need to look into iptables + NAT (example: http://www.karlrupp.net/en/computer/nat_tutorial).

There are several firewall distributions however I think untangle is what you're looking for: http://www.untangle.com/ - this is a firewall / server distribution that'll do what you need and has a nice web interface for configuration. I do think a better approach to this is to grab a router (like the Edgerouter Lite) and configure that for your firewall putting your server behind the NAT as this will offer better protection.

How I've got it setup is Edgerouter Lite --> TP-Link Smart Switch --> Server (with a Xclaim XI-3 Wireless AP connected to the switch for WiFi) and performance is simply awesome.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.




sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1390888 21-Sep-2015 08:11
Send private message

IMHO using a stock standard Ubuntu install as a firewall/router is just s crazy idea. There are distros specifically targeted at this purpose and they're a far better solution.




edc

edc

31 posts

Geek


  #1391516 21-Sep-2015 20:08
Send private message

I've read the replies, thank you.

How do I set Ubuntu up, with two NICs, to connect to Vodafone UFB please?







sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1391528 21-Sep-2015 20:34
Send private message

edc: I've read the replies, thank you.

How do I set Ubuntu up, with two NICs, to connect to Vodafone UFB please?






I don't want to sound rude but if you have to ask that question you're really looking at the wrong solution and should probably be using a firewall distro that will be vastly easier to configure, and more importantly will be secure.



 

michaelmurfy
meow
13240 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1391532 21-Sep-2015 20:50
Send private message

sbiddle:
edc: I've read the replies, thank you.

How do I set Ubuntu up, with two NICs, to connect to Vodafone UFB please?

I don't want to sound rude but if you have to ask that question you're really looking at the wrong solution and should probably be using a firewall distro that will be vastly easier to configure, and more importantly will be secure.


Plus I have already posted how to configure iptables for NAT above. To be honest I don't think anyone here would do such a thing as there are far better solutions.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.


edc

edc

31 posts

Geek


  #1391547 21-Sep-2015 21:08
Send private message

In 2000 I was a kid. I had a Slackware/custom kernel/grsecurity gateway. My iptables ruleset I posted on the Internet is still found online.
I also had a custom OpenMosix cluster of my very own (because I had no money for a real computer and a few P166s did the trick).
10 years or so ago I decided to specialise in Finance and Accounting. I can still secure a Linux installation, once I make my iptables script run on boot the system would be secure, services will run on eth1. These things I can do, without having to figure it out, but keep in mind IT is a hobby. I want an easy to follow guide that I've not found online yet. I don't have every night to figure these things out anymore. Let's assume I have a Gentoo/grsecurity installation, no services, a F5 load balancer, a OpenBSD in series... to secure my Windows 10 box I'm typing this from. 

The VLAN 10 setup guide for Linux please?

MadEngineer
4271 posts

Uber Geek

Trusted

  #1391563 21-Sep-2015 21:53
Send private message

apt-get install ros

Haha

Or seriously, install routerOS instead of Ubuntu.




You're not on Atlantis anymore, Duncan Idaho.

 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

edc

edc

31 posts

Geek


  #1391568 21-Sep-2015 22:20
Send private message

OK, 
routerOS, Gentoo/grsecurity installation, no services, a F5 load balancer, a *NetBSD in series. 
Let's assume routerOS hardware doesn't support what I'm going to throw at it, which is why I want to use a Linux server. So we're left with a Gentoo/grsecurity installation, no services, a F5 load balancer, a *NetBSD in series. Turns out I don't own a F5 load balancer, but my Gentoo box is so locked down the only way to access it is to force a hard shutdown, taking the disk out and mouting the encrypted disk on another box and chrooting in to it.




MadEngineer
4271 posts

Uber Geek

Trusted

  #1392186 22-Sep-2015 20:03
Send private message

I didn't say to use "routerOS hardware", I said use routerOS, which is software




You're not on Atlantis anymore, Duncan Idaho.

edc

edc

31 posts

Geek


  #1392188 22-Sep-2015 20:07
Send private message

Oh, I thought it was hardware locked? I'd prefer a x86 based, generic hardware compatible solution though, no license fees. I'll look in to routerOS

MadEngineer
4271 posts

Uber Geek

Trusted

  #1392197 22-Sep-2015 20:16
Send private message

you can get a free trial.  the license is worth it if you must use your own hardware, otherwise the hardware would be the cheapest in class.




You're not on Atlantis anymore, Duncan Idaho.

michaelmurfy
meow
13240 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1392203 22-Sep-2015 20:29
Send private message

If you really knew how to Linux you'd have your answer by now.

1) I don't recommend ever using a server as a router, I mean ever.
2) No system is sufficiently secure. I still build systems that are secured with encrypted partitions, mod_security, aide, selinux and really complex firewall rules that still fail a penetration test because I've missed something often simple.
3) It doesn't matter what OS you use. The security is always in the hands of the person who set it up.

And this is why router distributions like RouterOS, PFSense, M0n0wall etc etc exist. They're designed to be /as secure/ as they can out of the box and be easy to manage.

I've done what you're asking before and soon after culled it.

If you still don't want to adhere to the many people telling you that it is a terrible idea then you'll find the top result of "ubuntu vlan" will be of help with your vast knowledge of iptables: https://wiki.ubuntu.com/vlan

I really hope your server doesn't get owned but if you seriously can't do a quick Google and work these things out for yourself then you shouldn't be doing what you're asking. It is like with me I just moved to an Ubiquiti Edgerouter from a totally different platform. I managed to set it up taking over 6 hours in the process but I gained quite a bit of experience and had fun doing so. There are router distributions that are simple to configure and offer the functionality of what you're trying to do like the one I have quoted above however I would also recommend shoving a software visualization platform on your server and just play around with some products (like the one people have quoted) and if you don't like it you can blast the VM and create a new one without too much risk to your Ubuntu server.

Don't mean to sound rude. I've just said the truth and since I deal with Linux + security as a job I do somewhat know what I am talking about here.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.


chevrolux
4962 posts

Uber Geek
Inactive user


  #1392206 22-Sep-2015 20:41
Send private message

RouterOS is awesome!

If IT is a hobby you will have a lot of funny playing around in RouterOS. It will literally do anything you want. Firewall, VPN, Socks Proxy, Virtual routers, hotspot system, custom scripts and all the debugging tools you could think of. Seriously cool and has a nice learning curve to go with it.

Best bit is you don't need to sit there banging away on the command line!!... unless you want to, in which case there is a fully featured CLI with auto-complete, hints etc to make things easier.

Edit: Sorry not helpful I know.... just wanted to voice an opinion haha

michaelmurfy
meow
13240 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1392210 22-Sep-2015 20:47
Send private message

chevrolux: RouterOS is awesome!

If IT is a hobby you will have a lot of funny playing around in RouterOS. It will literally do anything you want. Firewall, VPN, Socks Proxy, Virtual routers, hotspot system, custom scripts and all the debugging tools you could think of. Seriously cool and has a nice learning curve to go with it.

Best bit is you don't need to sit there banging away on the command line!!... unless you want to, in which case there is a fully featured CLI with auto-complete, hints etc to make things easier.

Edit: Sorry not helpful I know.... just wanted to voice an opinion haha


Totally agree with you. Every time I have used RouterOS I have been really happy with it. Such a shame the movers lost my Mikrotik >.<




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.


edc

edc

31 posts

Geek


  #1392261 22-Sep-2015 21:58
Send private message

Alright, thank you for the good advice, I'll give pfSense and ipcop a spin this weekend and keep the current server behind it all. When I last used Slackware in 2000 I thought the default installation was secure enough with a small iptables ruleset applied and didn't expect an Ubuntu machine in 2015 would be a target if no services ran on the public interface. 

If anyone is interested:
I found the year 2000 ruleset online after all this time, I'm not sure if it was modified though, I kept a searchable number string in the script to trace where it went after posting it online. I uploaded it to http://pastebin.com/msYp7pXa - blast from the past, IRD helper module... There also was a version that did random kinds of rejections, which resulted in any nmap OS type scans identifying a different fingerprint every time.



 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.