Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


edc



31 posts

Geek


# 180750 20-Sep-2015 21:48
Send private message

I'm getting Vodafone UFB in about 3 weeks. I'm not sure how I'll setup the network, but this is what I've got planned:

ONT - Ubuntu 14.04.2 LTS Desktop eth0 (Router)
Ubuntu eth0 - Ubuntu eth1
Ubuntu eth1 - switch
switch - Wireless-AP-LowLatency 5GHz
switch - Wireless-AP-HighThroughput 5GHz
switch - Wireless-AP-Legacy 2.4GHz

The Wireless-APs will run on different channels, on different levels of a 3 level house.

eth1 runs services such as ssh, samba, btsync (setup already)
eth0 faces the ONT

Is there a guide for setting Ubuntu up as a router?
(This is a Linux and Networking question)

FYI
These are the interfaces:
01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8101E/RTL8102E PCI Express Fast Ethernet controller (rev 05)
03:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTS5209 PCI Express Card Reader (rev 01)
02:00.0 Network controller: Qualcomm Atheros AR928X Wireless Network Adapter (PCI-Express) (rev 01)

Thank you









View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
Mr Snotty
8829 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 1390826 20-Sep-2015 23:58
3 people support this post
Send private message

I would strongly recommend you don't do this sort of setup as if you've got a single thing wrong in your iptables configuration you could risk getting your Ubuntu machine owned. If you however would like to do it then you'll need to look into iptables + NAT (example: http://www.karlrupp.net/en/computer/nat_tutorial).

There are several firewall distributions however I think untangle is what you're looking for: http://www.untangle.com/ - this is a firewall / server distribution that'll do what you need and has a nice web interface for configuration. I do think a better approach to this is to grab a router (like the Edgerouter Lite) and configure that for your firewall putting your server behind the NAT as this will offer better protection.

How I've got it setup is Edgerouter Lite --> TP-Link Smart Switch --> Server (with a Xclaim XI-3 Wireless AP connected to the switch for WiFi) and performance is simply awesome.




28220 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1390888 21-Sep-2015 08:11
3 people support this post
Send private message

IMHO using a stock standard Ubuntu install as a firewall/router is just s crazy idea. There are distros specifically targeted at this purpose and they're a far better solution.




 
 
 
 


edc



31 posts

Geek


  # 1391516 21-Sep-2015 20:08
Send private message

I've read the replies, thank you.

How do I set Ubuntu up, with two NICs, to connect to Vodafone UFB please?





28220 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1391528 21-Sep-2015 20:34
3 people support this post
Send private message

edc: I've read the replies, thank you.

How do I set Ubuntu up, with two NICs, to connect to Vodafone UFB please?






I don't want to sound rude but if you have to ask that question you're really looking at the wrong solution and should probably be using a firewall distro that will be vastly easier to configure, and more importantly will be secure.



 

Mr Snotty
8829 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 1391532 21-Sep-2015 20:50
Send private message

sbiddle:
edc: I've read the replies, thank you.

How do I set Ubuntu up, with two NICs, to connect to Vodafone UFB please?

I don't want to sound rude but if you have to ask that question you're really looking at the wrong solution and should probably be using a firewall distro that will be vastly easier to configure, and more importantly will be secure.


Plus I have already posted how to configure iptables for NAT above. To be honest I don't think anyone here would do such a thing as there are far better solutions.




edc



31 posts

Geek


  # 1391547 21-Sep-2015 21:08
Send private message

In 2000 I was a kid. I had a Slackware/custom kernel/grsecurity gateway. My iptables ruleset I posted on the Internet is still found online.
I also had a custom OpenMosix cluster of my very own (because I had no money for a real computer and a few P166s did the trick).
10 years or so ago I decided to specialise in Finance and Accounting. I can still secure a Linux installation, once I make my iptables script run on boot the system would be secure, services will run on eth1. These things I can do, without having to figure it out, but keep in mind IT is a hobby. I want an easy to follow guide that I've not found online yet. I don't have every night to figure these things out anymore. Let's assume I have a Gentoo/grsecurity installation, no services, a F5 load balancer, a OpenBSD in series... to secure my Windows 10 box I'm typing this from. 

The VLAN 10 setup guide for Linux please?

1888 posts

Uber Geek


  # 1391563 21-Sep-2015 21:53
Send private message

apt-get install ros

Haha

Or seriously, install routerOS instead of Ubuntu.

 
 
 
 


edc



31 posts

Geek


  # 1391568 21-Sep-2015 22:20
Send private message

OK, 
routerOS, Gentoo/grsecurity installation, no services, a F5 load balancer, a *NetBSD in series. 
Let's assume routerOS hardware doesn't support what I'm going to throw at it, which is why I want to use a Linux server. So we're left with a Gentoo/grsecurity installation, no services, a F5 load balancer, a *NetBSD in series. Turns out I don't own a F5 load balancer, but my Gentoo box is so locked down the only way to access it is to force a hard shutdown, taking the disk out and mouting the encrypted disk on another box and chrooting in to it.




1888 posts

Uber Geek


  # 1392186 22-Sep-2015 20:03
Send private message

I didn't say to use "routerOS hardware", I said use routerOS, which is software

edc



31 posts

Geek


  # 1392188 22-Sep-2015 20:07
Send private message

Oh, I thought it was hardware locked? I'd prefer a x86 based, generic hardware compatible solution though, no license fees. I'll look in to routerOS

1888 posts

Uber Geek


  # 1392197 22-Sep-2015 20:16
Send private message

you can get a free trial.  the license is worth it if you must use your own hardware, otherwise the hardware would be the cheapest in class.

Mr Snotty
8829 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 1392203 22-Sep-2015 20:29
2 people support this post
Send private message

If you really knew how to Linux you'd have your answer by now.

1) I don't recommend ever using a server as a router, I mean ever.
2) No system is sufficiently secure. I still build systems that are secured with encrypted partitions, mod_security, aide, selinux and really complex firewall rules that still fail a penetration test because I've missed something often simple.
3) It doesn't matter what OS you use. The security is always in the hands of the person who set it up.

And this is why router distributions like RouterOS, PFSense, M0n0wall etc etc exist. They're designed to be /as secure/ as they can out of the box and be easy to manage.

I've done what you're asking before and soon after culled it.

If you still don't want to adhere to the many people telling you that it is a terrible idea then you'll find the top result of "ubuntu vlan" will be of help with your vast knowledge of iptables: https://wiki.ubuntu.com/vlan

I really hope your server doesn't get owned but if you seriously can't do a quick Google and work these things out for yourself then you shouldn't be doing what you're asking. It is like with me I just moved to an Ubiquiti Edgerouter from a totally different platform. I managed to set it up taking over 6 hours in the process but I gained quite a bit of experience and had fun doing so. There are router distributions that are simple to configure and offer the functionality of what you're trying to do like the one I have quoted above however I would also recommend shoving a software visualization platform on your server and just play around with some products (like the one people have quoted) and if you don't like it you can blast the VM and create a new one without too much risk to your Ubuntu server.

Don't mean to sound rude. I've just said the truth and since I deal with Linux + security as a job I do somewhat know what I am talking about here.




4176 posts

Uber Geek


  # 1392206 22-Sep-2015 20:41
2 people support this post
Send private message

RouterOS is awesome!

If IT is a hobby you will have a lot of funny playing around in RouterOS. It will literally do anything you want. Firewall, VPN, Socks Proxy, Virtual routers, hotspot system, custom scripts and all the debugging tools you could think of. Seriously cool and has a nice learning curve to go with it.

Best bit is you don't need to sit there banging away on the command line!!... unless you want to, in which case there is a fully featured CLI with auto-complete, hints etc to make things easier.

Edit: Sorry not helpful I know.... just wanted to voice an opinion haha

Mr Snotty
8829 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 1392210 22-Sep-2015 20:47
Send private message

chevrolux: RouterOS is awesome!

If IT is a hobby you will have a lot of funny playing around in RouterOS. It will literally do anything you want. Firewall, VPN, Socks Proxy, Virtual routers, hotspot system, custom scripts and all the debugging tools you could think of. Seriously cool and has a nice learning curve to go with it.

Best bit is you don't need to sit there banging away on the command line!!... unless you want to, in which case there is a fully featured CLI with auto-complete, hints etc to make things easier.

Edit: Sorry not helpful I know.... just wanted to voice an opinion haha


Totally agree with you. Every time I have used RouterOS I have been really happy with it. Such a shame the movers lost my Mikrotik >.<




edc



31 posts

Geek


  # 1392261 22-Sep-2015 21:58
Send private message

Alright, thank you for the good advice, I'll give pfSense and ipcop a spin this weekend and keep the current server behind it all. When I last used Slackware in 2000 I thought the default installation was secure enough with a small iptables ruleset applied and didn't expect an Ubuntu machine in 2015 would be a target if no services ran on the public interface. 

If anyone is interested:
I found the year 2000 ruleset online after all this time, I'm not sure if it was modified though, I kept a searchable number string in the script to trace where it went after posting it online. I uploaded it to http://pastebin.com/msYp7pXa - blast from the past, IRD helper module... There also was a version that did random kinds of rejections, which resulted in any nmap OS type scans identifying a different fingerprint every time.



 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Facebook Portal to land in New Zealand
Posted 19-Sep-2019 18:35


Amazon Studios announces New Zealand as location for its upcoming series based on The Lord of the Rings
Posted 18-Sep-2019 17:24


The Warehouse chooses Elasticsearch service
Posted 18-Sep-2019 13:55


Voyager upgrades core network to 100Gbit
Posted 18-Sep-2019 13:52


Streaming service Acorn TV launches in New Zealand with selection with British shows
Posted 18-Sep-2019 08:55


Bitcoin.com announces partnership with smartphone manufacturer HTC
Posted 16-Sep-2019 21:30


Finalists Announced for Microsoft NZ Partner Awards
Posted 16-Sep-2019 19:37


OPPO Showcases New CameraX Capabilities at Google Developer Days China 2019
Posted 15-Sep-2019 12:42


New Zealand PC Market returns to growth
Posted 15-Sep-2019 12:24


Home sensor charity director speaks about the preventable death which drives her to push for healthy homes
Posted 11-Sep-2019 08:46


Te ao Maori Minecraft world set to inspire Kiwi students
Posted 11-Sep-2019 08:43


Research reveals The Power of Games in New Zealand
Posted 11-Sep-2019 08:40


Ring Door View Cam now available in New Zealand
Posted 11-Sep-2019 08:38


Vodafone NZ to create X Squad
Posted 10-Sep-2019 10:25


Huawei nova 5T to be available 20th September
Posted 5-Sep-2019 11:55



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.