Dear All,
Lemme throw my hat into the mix, I worked on a Windows 2k3 network and we had the same issues and all we needed was a gateway. So all we did was get an old PC (PIII, 1GB RAM, 10GB HDD), installed two network cards, and installed IPCop. The beauty was that the installation file was 60MB, installation and setup took 30 min as we had to learn to configure the box, FYI green is your network, Red is outside, and boom we were done. No console. That is all that box did, act as a gateway, hell most of the tools were missing but it was a gateway right and had to be safe. Later we discovered there was a web interface, that we could use to reboot the box every so often (set it up to do so at 3am every nyte), and we forgot about the box. Never had to login again. Every 6 months we went back to reinstall the OS, because power issues would corrupt the HDD. It was just a gateway nothing else which is what is needed. Moral: Use the simplest tool there is to solve ur problem, and Confucius he say, do not use canon (PSFsense, Zentayl, Ubuntu) to kill mosquito (gateway services only) Stephen The windows guy From: [email protected] [mailto:[email protected]] On Behalf Of Marten Vijn Sent: Tuesday, August 07, 2012 5:09 PM To: [email protected] Subject: Re: [LUG] Setting up a gateway On 08/07/2012 12:13 PM, Kakuru Peter wrote: Greetings all. Am stuck and need some help. Trying to set up a gateway on a small network. I have installed Ubuntu on my box and shorewall as the firewall. All configuration settings seem ok as per the documentation. Given the external interface IP provided by my ISP.... When i connect IDU unit to this interface, am able to surf off the machine. When I connect 2nd interface to the switch, am not able to surf on this very machine. With this setup, I can also ping the gateway from other machines on the network but NOT able to surf. Any pointers on what i should look out for? simpe as is, working under Ubuntu as root:: apt-get install iptabes Make is shell script like:: echo 1 > /proc/sys/net/ipv4/ip_forward IP=/sbin/iptables $IP -t nat -A POSTROUTING -o eth0 -j MASQUERADE $IP -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT $IP -A FORWARD -i eth1 -o eth0 -j ACCEPT run the script run tcpdump on eth0 en eth1 to check your traffic. maybe create more complex rules later.... maybe: - install fwbuilder as gui. - put above lines to /etc/rc.local to enable the firewall @boottime - enable serial acces to box if it has no keyboard/monitor (firewall games seem to lock me out every now and then. I hope this helps, 3ct Marten Regards, P. _______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
