Heh, to each their own poison, I guess :-) But Diego is right: For most use-cases, Shorewall or Arno's would be enough.
So it all depends on one's needs. On Mon, Apr 4, 2011 at 12:24, Diego Xirinachs <[email protected]> wrote: > I think what Pandu suggested is great but way to advanced for some people > (including me), I would say shorewall can fulfill most people needs, and > what they say its true (shorewall, iptables made easy). I use it and have > had no problems at all with it. For me, just shorewall + squid does the job, > I mantain 2 offices, 1 with + clients and the other one with 56, in both I > have the same setup and works very well. > Pandu's approach is great but like he said, you need to know iptables more > than you know your wife. > cheers and hope it helped > > 2011/4/3 Pandu Poluan <[email protected]> >> >> Hello Kaushal. >> >> I've been using Ubuntu Server as a gateway and firewall since the last >> LTS before 10.04 LTS. Currently, my company's Internet gateway is >> 10.04.02 LTS, handling 4 Internet Connections (2Mbps, 2Mbps, 10Mbps, >> 1Mbps), outgoing *and* incoming. >> >> You'll need to be familiar with iptables. And by familiar, I mean >> *really* familiar. I'd say I know iptables better than I know my wife >> :) ... well, just kidding. Sort of. >> >> You'll also need to become familiar with iproute2 if you need >> Policy-Based Routing (e.g., routing based on source instead of >> destination). And you will want to learn fwmark-based routing. >> >> If you want to throttle connections, you also have to familiarize >> yourself with tc. Or use tcng for a (much) friendlier way to configure >> tc. >> >> You will want to tune the box's networking parameters. In particular, >> various timeouts and buffer sizes. Oh, and use HTCP rather than CUBIC. >> >> Finally, when you've gone the highly-customized system route like I >> did, you can't rely on simple iptables management like >> iptables-persistent. Even Shorewall or Arno's can't fulfill my needs. >> I have to create my own 'harness' to run everything, e.g.: >> + Custom startup scripts to ensure ipset's sets get loaded before >> iptables' rules >> + Custom startup scripts to populate the routing table >> + Custom scripts to save the state of the firewall/gateway when a >> change has been made (so that the next startup will properly restore >> the state) >> >> I am currently in the progress of making Python-based scripts to help >> in my firewall/gateway maintenance. But it's still in 'Deep Alpha' >> state, so I can't share it with you yet. >> >> Feel free to contact me privately if you want to see how I set things >> up. I'll share my scripts and configs. >> >> Rgds, >> >> >> On 2011-04-04, Kaushal Shriyan <[email protected]> wrote: >> > Hi, >> > >> > I have planned to use 10.04 LTS for setting up Internet Gateway in my >> > office. What should be the hardware configuration and what all >> > recommended >> > applications are needed ? -- Pandu E Poluan ~ IT Optimizer ~ Visit my Blog: http://pepoluan.posterous.com -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
