Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


edc



16 posts

Geek


Topic # 180750 20-Sep-2015 21:48
Send private message

I'm getting Vodafone UFB in about 3 weeks. I'm not sure how I'll setup the network, but this is what I've got planned:

ONT - Ubuntu 14.04.2 LTS Desktop eth0 (Router)
Ubuntu eth0 - Ubuntu eth1
Ubuntu eth1 - switch
switch - Wireless-AP-LowLatency 5GHz
switch - Wireless-AP-HighThroughput 5GHz
switch - Wireless-AP-Legacy 2.4GHz

The Wireless-APs will run on different channels, on different levels of a 3 level house.

eth1 runs services such as ssh, samba, btsync (setup already)
eth0 faces the ONT

Is there a guide for setting Ubuntu up as a router?
(This is a Linux and Networking question)

FYI
These are the interfaces:
01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8101E/RTL8102E PCI Express Fast Ethernet controller (rev 05)
03:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTS5209 PCI Express Card Reader (rev 01)
02:00.0 Network controller: Qualcomm Atheros AR928X Wireless Network Adapter (PCI-Express) (rev 01)

Thank you









View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
6300 posts

Uber Geek
+1 received by user: 2745

Moderator
Trusted
Subscriber

  Reply # 1390826 20-Sep-2015 23:58
3 people support this post
Send private message

I would strongly recommend you don't do this sort of setup as if you've got a single thing wrong in your iptables configuration you could risk getting your Ubuntu machine owned. If you however would like to do it then you'll need to look into iptables + NAT (example: http://www.karlrupp.net/en/computer/nat_tutorial).

There are several firewall distributions however I think untangle is what you're looking for: http://www.untangle.com/ - this is a firewall / server distribution that'll do what you need and has a nice web interface for configuration. I do think a better approach to this is to grab a router (like the Edgerouter Lite) and configure that for your firewall putting your server behind the NAT as this will offer better protection.

How I've got it setup is Edgerouter Lite --> TP-Link Smart Switch --> Server (with a Xclaim XI-3 Wireless AP connected to the switch for WiFi) and performance is simply awesome.




Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router Guide | Electric KiwiCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


25073 posts

Uber Geek
+1 received by user: 4956

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1390888 21-Sep-2015 08:11
3 people support this post
Send private message

IMHO using a stock standard Ubuntu install as a firewall/router is just s crazy idea. There are distros specifically targeted at this purpose and they're a far better solution.




 
 
 
 


edc



16 posts

Geek


  Reply # 1391516 21-Sep-2015 20:08
Send private message

I've read the replies, thank you.

How do I set Ubuntu up, with two NICs, to connect to Vodafone UFB please?





25073 posts

Uber Geek
+1 received by user: 4956

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1391528 21-Sep-2015 20:34
3 people support this post
Send private message

edc: I've read the replies, thank you.

How do I set Ubuntu up, with two NICs, to connect to Vodafone UFB please?






I don't want to sound rude but if you have to ask that question you're really looking at the wrong solution and should probably be using a firewall distro that will be vastly easier to configure, and more importantly will be secure.



 

6300 posts

Uber Geek
+1 received by user: 2745

Moderator
Trusted
Subscriber

  Reply # 1391532 21-Sep-2015 20:50
Send private message

sbiddle:
edc: I've read the replies, thank you.

How do I set Ubuntu up, with two NICs, to connect to Vodafone UFB please?

I don't want to sound rude but if you have to ask that question you're really looking at the wrong solution and should probably be using a firewall distro that will be vastly easier to configure, and more importantly will be secure.


Plus I have already posted how to configure iptables for NAT above. To be honest I don't think anyone here would do such a thing as there are far better solutions.




Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router Guide | Electric KiwiCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


edc



16 posts

Geek


  Reply # 1391547 21-Sep-2015 21:08
Send private message

In 2000 I was a kid. I had a Slackware/custom kernel/grsecurity gateway. My iptables ruleset I posted on the Internet is still found online.
I also had a custom OpenMosix cluster of my very own (because I had no money for a real computer and a few P166s did the trick).
10 years or so ago I decided to specialise in Finance and Accounting. I can still secure a Linux installation, once I make my iptables script run on boot the system would be secure, services will run on eth1. These things I can do, without having to figure it out, but keep in mind IT is a hobby. I want an easy to follow guide that I've not found online yet. I don't have every night to figure these things out anymore. Let's assume I have a Gentoo/grsecurity installation, no services, a F5 load balancer, a OpenBSD in series... to secure my Windows 10 box I'm typing this from. 

The VLAN 10 setup guide for Linux please?

1348 posts

Uber Geek
+1 received by user: 320


  Reply # 1391563 21-Sep-2015 21:53
Send private message

apt-get install ros

Haha

Or seriously, install routerOS instead of Ubuntu.

edc



16 posts

Geek


  Reply # 1391568 21-Sep-2015 22:20
Send private message

OK, 
routerOS, Gentoo/grsecurity installation, no services, a F5 load balancer, a *NetBSD in series. 
Let's assume routerOS hardware doesn't support what I'm going to throw at it, which is why I want to use a Linux server. So we're left with a Gentoo/grsecurity installation, no services, a F5 load balancer, a *NetBSD in series. Turns out I don't own a F5 load balancer, but my Gentoo box is so locked down the only way to access it is to force a hard shutdown, taking the disk out and mouting the encrypted disk on another box and chrooting in to it.




1348 posts

Uber Geek
+1 received by user: 320


  Reply # 1392186 22-Sep-2015 20:03
Send private message

I didn't say to use "routerOS hardware", I said use routerOS, which is software

edc



16 posts

Geek


  Reply # 1392188 22-Sep-2015 20:07
Send private message

Oh, I thought it was hardware locked? I'd prefer a x86 based, generic hardware compatible solution though, no license fees. I'll look in to routerOS

1348 posts

Uber Geek
+1 received by user: 320


  Reply # 1392197 22-Sep-2015 20:16
Send private message

you can get a free trial.  the license is worth it if you must use your own hardware, otherwise the hardware would be the cheapest in class.

6300 posts

Uber Geek
+1 received by user: 2745

Moderator
Trusted
Subscriber

  Reply # 1392203 22-Sep-2015 20:29
2 people support this post
Send private message

If you really knew how to Linux you'd have your answer by now.

1) I don't recommend ever using a server as a router, I mean ever.
2) No system is sufficiently secure. I still build systems that are secured with encrypted partitions, mod_security, aide, selinux and really complex firewall rules that still fail a penetration test because I've missed something often simple.
3) It doesn't matter what OS you use. The security is always in the hands of the person who set it up.

And this is why router distributions like RouterOS, PFSense, M0n0wall etc etc exist. They're designed to be /as secure/ as they can out of the box and be easy to manage.

I've done what you're asking before and soon after culled it.

If you still don't want to adhere to the many people telling you that it is a terrible idea then you'll find the top result of "ubuntu vlan" will be of help with your vast knowledge of iptables: https://wiki.ubuntu.com/vlan

I really hope your server doesn't get owned but if you seriously can't do a quick Google and work these things out for yourself then you shouldn't be doing what you're asking. It is like with me I just moved to an Ubiquiti Edgerouter from a totally different platform. I managed to set it up taking over 6 hours in the process but I gained quite a bit of experience and had fun doing so. There are router distributions that are simple to configure and offer the functionality of what you're trying to do like the one I have quoted above however I would also recommend shoving a software visualization platform on your server and just play around with some products (like the one people have quoted) and if you don't like it you can blast the VM and create a new one without too much risk to your Ubuntu server.

Don't mean to sound rude. I've just said the truth and since I deal with Linux + security as a job I do somewhat know what I am talking about here.




Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router Guide | Electric KiwiCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


3043 posts

Uber Geek
+1 received by user: 859

Subscriber

  Reply # 1392206 22-Sep-2015 20:41
2 people support this post
Send private message

RouterOS is awesome!

If IT is a hobby you will have a lot of funny playing around in RouterOS. It will literally do anything you want. Firewall, VPN, Socks Proxy, Virtual routers, hotspot system, custom scripts and all the debugging tools you could think of. Seriously cool and has a nice learning curve to go with it.

Best bit is you don't need to sit there banging away on the command line!!... unless you want to, in which case there is a fully featured CLI with auto-complete, hints etc to make things easier.

Edit: Sorry not helpful I know.... just wanted to voice an opinion haha

6300 posts

Uber Geek
+1 received by user: 2745

Moderator
Trusted
Subscriber

  Reply # 1392210 22-Sep-2015 20:47
Send private message

chevrolux: RouterOS is awesome!

If IT is a hobby you will have a lot of funny playing around in RouterOS. It will literally do anything you want. Firewall, VPN, Socks Proxy, Virtual routers, hotspot system, custom scripts and all the debugging tools you could think of. Seriously cool and has a nice learning curve to go with it.

Best bit is you don't need to sit there banging away on the command line!!... unless you want to, in which case there is a fully featured CLI with auto-complete, hints etc to make things easier.

Edit: Sorry not helpful I know.... just wanted to voice an opinion haha


Totally agree with you. Every time I have used RouterOS I have been really happy with it. Such a shame the movers lost my Mikrotik >.<




Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router Guide | Electric KiwiCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


edc



16 posts

Geek


  Reply # 1392261 22-Sep-2015 21:58
Send private message

Alright, thank you for the good advice, I'll give pfSense and ipcop a spin this weekend and keep the current server behind it all. When I last used Slackware in 2000 I thought the default installation was secure enough with a small iptables ruleset applied and didn't expect an Ubuntu machine in 2015 would be a target if no services ran on the public interface. 

If anyone is interested:
I found the year 2000 ruleset online after all this time, I'm not sure if it was modified though, I kept a searchable number string in the script to trace where it went after posting it online. I uploaded it to http://pastebin.com/msYp7pXa - blast from the past, IRD helper module... There also was a version that did random kinds of rejections, which resulted in any nmap OS type scans identifying a different fingerprint every time.



 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Push notifications: A productivity killer
Posted 25-Jul-2017 14:15


Intergen takes SKYCITY to the cloud
Posted 25-Jul-2017 14:04


Nothing nebulous about Microsoft’s cloud-transition
Posted 21-Jul-2017 15:34


We’re spending more on tech, but not as much as Australians
Posted 21-Jul-2017 11:43


Endace announces EndaceFabric for network-wide packet recording
Posted 20-Jul-2017 20:49


Acorn 6: MacOS image editing for the rest of us
Posted 20-Jul-2017 17:04


HTC faces backlash over keyboard pop-up ads
Posted 19-Jul-2017 15:53


BNZ adds Visa credit cards to Android Pay wallet
Posted 18-Jul-2017 19:44


Still living in a Notification hell – Om Malik
Posted 18-Jul-2017 13:00


Duet Display uses iPad to extend Mac, PC
Posted 18-Jul-2017 10:58


PC sales could be worse
Posted 17-Jul-2017 07:34


Crypto-currencies, tulips, market bubbles
Posted 17-Jul-2017 06:38


NZ Tech Podcast: Big batteries, solar cars, cold war, IoT
Posted 16-Jul-2017 16:53


Vodafone Australia mulls Wisp alliance, NZ implications
Posted 13-Jul-2017 16:49


Rural health professionals see fibre pay-off
Posted 13-Jul-2017 11:52



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.