Re: [ubuntu-uk] Home network configuration
Thanks to everyone for your advice and help. I have managed to set up the ubuntu server as a transparent caching proxy with web content filtering. This is what I did: Bought a netgear gigabit wireless router and a gigabit network card for the ubuntu server. I configured the network as follows Internet->DSL Modem->Ubuntu Server->netgear wireless router->Home LAN (wired and wireless) On the Ubuntu server I installed squid, dansguardian and shorewall to configure the firewall. Works great and I can use the ubuntu server for other things. The DSL modem has a firewall in it also so I am double firewalled which is nice. Thanks for all your help - I feel like I've achieved something setting that lot up as I'm not a sysadmin. Thanks, Mark. On Jan 9, 2008 12:58 AM, Dave Murphy <[EMAIL PROTECTED]> wrote: > > On Tue, 2008-01-08 at 19:16 +, Mark Allison wrote: > > Thing is the Ubuntu server is not only used for firewall/filtering, I > > use it for running BackupPC as well - can IPCop run that? I don't > > however see the need to move to IPCop as the Ubuntu server does > > everything I need it to. > > I'm a fan of specific devices, and IPCop makes gateways easy. Personally > I'd move the server "inside" the network and put a cheap/small box in to > run IPCop. > > -- > Dave Murphy - http://www.schwuk.com > Get in touch - http://schwuk.com/static/contact-details > > -- > ubuntu-uk@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk > https://wiki.kubuntu.org/UKTeam/ > > -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] Home network configuration
On Tue, 2008-01-08 at 19:16 +, Mark Allison wrote: > Thing is the Ubuntu server is not only used for firewall/filtering, I > use it for running BackupPC as well - can IPCop run that? I don't > however see the need to move to IPCop as the Ubuntu server does > everything I need it to. I'm a fan of specific devices, and IPCop makes gateways easy. Personally I'd move the server "inside" the network and put a cheap/small box in to run IPCop. -- Dave Murphy - http://www.schwuk.com Get in touch - http://schwuk.com/static/contact-details signature.asc Description: This is a digitally signed message part -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] Home network configuration
> > Save yourself some hassle and replace the Ubuntu server with IPCop and > > Advproxy/Urlfilter and your setup as you described is pretty much > > complete. Of course at this point your Wireless Modem is not doing much, > > so replace it with a USB/PCI one direct into the IPCop box. > > Thing is the Ubuntu server is not only used for firewall/filtering, I > use it for running BackupPC as well - can IPCop run that? I don't > however see the need to move to IPCop as the Ubuntu server does > everything I need it to. > > Thanks for the reply. > Have you tried to use iptables? It's easier and you still can use your Ubuntu. http://taufanlubis.wordpress.com/2007/09/27/setup-firewall-with-iptables-in-ubuntu-part-1/ http://taufanlubis.wordpress.com/2007/09/28/setup-firewall-with-iptables-in-ubuntu-part-2/ http://taufanlubis.wordpress.com/2007/09/30/setup-firewall-with-iptables-in-ubuntu-part-3/ http://taufanlubis.wordpress.com/2007/09/30/setup-firewall-with-iptables-in-ubuntu-part-4/ and you can use tcptrack to monitor your tcp traffic http://taufanlubis.wordpress.com/2007/12/29/network-monitor-tcptrack/ but make sure to check your security hole. http://taufanlubis.wordpress.com/2007/12/27/nmapfe-%e2%80% 93-nmap-front-end/ Cheers, Taufan Lubis Registered Ubuntu User #16660 The more you give to others, the more respect you get in return. My Articles@ www.taufanlubis.wordpress.com -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] Home network configuration
> Change your search terms - what you want is a Wireless Router with a > Gigabit switch. I found a couple from Belkin and Netgear. If the price > is too much, try the following alternative: Cool, will have a look, thanks! > Save yourself some hassle and replace the Ubuntu server with IPCop and > Advproxy/Urlfilter and your setup as you described is pretty much > complete. Of course at this point your Wireless Modem is not doing much, > so replace it with a USB/PCI one direct into the IPCop box. Thing is the Ubuntu server is not only used for firewall/filtering, I use it for running BackupPC as well - can IPCop run that? I don't however see the need to move to IPCop as the Ubuntu server does everything I need it to. Thanks for the reply. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] Home network configuration
On Fri, 2008-01-04 at 21:59 +, Mark Allison wrote: > The bit that's missing is the gig wireless switch. Do such things > exist? If not how else can I configure the network? I need it to be > gigabit because the ubuntu server is running BackupPC and throws > around a lot of data. Change your search terms - what you want is a Wireless Router with a Gigabit switch. I found a couple from Belkin and Netgear. If the price is too much, try the following alternative: Stick three network cards in your server: 1) Router 2) Gigabit Switch 3) Wireless Access Point If you don't want the wired/wireless networks separated, just plug the WAP into the switch and ditch the third network card. Save yourself some hassle and replace the Ubuntu server with IPCop and Advproxy/Urlfilter and your setup as you described is pretty much complete. Of course at this point your Wireless Modem is not doing much, so replace it with a USB/PCI one direct into the IPCop box. -- Dave Murphy - http://www.schwuk.com Get in touch - http://schwuk.com/static/contact-details signature.asc Description: This is a digitally signed message part -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] Home network configuration
Mark Allison wrote: > Thanks guys - I've looked for wireless gigabit switches and they do > exist but seem to be designed for racks and not home use. I'll have a > think and will probably implement what you have suggested. It would > have been nice to have a transparent proxy with a dansguardian filter > over wireless, but it looks too prohibitively expensive for home use. > I would prefer not to have to buy another two devices (gigabit swtich > and wireless AP) to implement the solution. > > Mark. > What you can do put your wireless router on a different subnet to the main network. For this you will need two network cards in your server. Connect one card from the server to the router (give it say a 192.168.0.x subnet) and disable DHCP on the router, connect the other NIC (the gigabit NIC) to the gigabit switch and give it another subnet (I set mine on a different subnet, I used 10.0.0.x). Then set the server up with dansguardian/squid to do transparent proxying and dhcp/dns and point the server's gateway to the router IP address. Then connect the gigabit switch to the router. This way as long as the machines are either set statically to use the same subnet as the server (and use the server as the gateway) then they should be forced to go through the server to connect to the internet. I did something similar when I had a Vonage router. I disabled DHCP on my Netgear wireless router, connected one port from the wireless router to the WAN connection on the Vonage box (which the LAN side of it was on a different subnet to the wireless router) and then connected one of the 4 LAN ports on the Vonage box back to the wireless router. The Vonage box was taking care of DHCP/DNS/QoS so any machines connecting were looking at the Vonage router as the gateway (which in turn was looking at the wireless router's IP as it's gateway). I suppose the wireless in the wireless router works as another network port and you could probably transfer any old protocol (TCP/IP, IPX/SPX etc) over it. Hope this makes sense. You're probably looking at about £20 to £30 for an 8 port Gigabit switch, oh and enough cables to reach to the desktops (I'm lucky in the respect that my other half is fairly understanding about the 3 CAT5 cables running up from the lounge to the loft through the ceiling and kids bedroom). Rob -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] Home network configuration
Thanks guys - I've looked for wireless gigabit switches and they do exist but seem to be designed for racks and not home use. I'll have a think and will probably implement what you have suggested. It would have been nice to have a transparent proxy with a dansguardian filter over wireless, but it looks too prohibitively expensive for home use. I would prefer not to have to buy another two devices (gigabit swtich and wireless AP) to implement the solution. Mark. On Jan 4, 2008 11:57 PM, Tom Bamford <[EMAIL PROTECTED]> wrote: > > Mark Allison wrote: > > Hi there, > > > > I have 6 PCs at home, and have them all connected to a Netgear DG834G > > wireless ADSL modem. Some PCs are connected directly, others via > > wireless. The current topology is: > > > > ADSL Router-->Home LAN > > > > One of my PCs is an Ubuntu server running squid and dansguardian and > > I'd like to configure the network as follows: > > > > ADSL Router-->ubuntu-server-->Gigabit wireless switch-->Home LAN > > > > The bit that's missing is the gig wireless switch. Do such things > > exist? If not how else can I configure the network? I need it to be > > gigabit because the ubuntu server is running BackupPC and throws > > around a lot of data. > > > > Any insights appreciated! > > > > Thanks, > > Mark. > > > > > Hi, > > If you don't want or need the Ubuntu server to be the firewall/gateway > between your network and the Internet, the simplest solution would be to > leave your wireless modem router running as it is and just buy a Gigabit > switch, then plug your DG834G box and your server (plus any other wired > machines) into the new switch. The existing wireless part of your > network will be kept as it is but you'll have a Gigabit backbone for > your cabled machines. If you want fully functioning local DNS then you > can do as Rob recommends and set up dhcp3-server on your Ubuntu machine > together with bind9 with dynamic updates. You'll then have a network > where all your machines will be identifiable by their hostname by every > other machine regardless of its operating system. > > As a side note, it may be worth looking to see if there is any newer > firmware for your DG834G modem/router at > http://kbserver.netgear.com/products/DG834G.asp. Some DG834* boxes I > have worked with have had performance issues with older firmware so if > you aren't running the latest firmware for your model it is worth > considering updating it. > > Regards, > Tom > > > -- > ubuntu-uk@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk > https://wiki.kubuntu.org/UKTeam/ > -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] Home network configuration
Mark Allison wrote: > Hi there, > > I have 6 PCs at home, and have them all connected to a Netgear DG834G > wireless ADSL modem. Some PCs are connected directly, others via > wireless. The current topology is: > > ADSL Router-->Home LAN > > One of my PCs is an Ubuntu server running squid and dansguardian and > I'd like to configure the network as follows: > > ADSL Router-->ubuntu-server-->Gigabit wireless switch-->Home LAN > > The bit that's missing is the gig wireless switch. Do such things > exist? If not how else can I configure the network? I need it to be > gigabit because the ubuntu server is running BackupPC and throws > around a lot of data. > > Any insights appreciated! > > Thanks, > Mark. > > Hi, If you don't want or need the Ubuntu server to be the firewall/gateway between your network and the Internet, the simplest solution would be to leave your wireless modem router running as it is and just buy a Gigabit switch, then plug your DG834G box and your server (plus any other wired machines) into the new switch. The existing wireless part of your network will be kept as it is but you'll have a Gigabit backbone for your cabled machines. If you want fully functioning local DNS then you can do as Rob recommends and set up dhcp3-server on your Ubuntu machine together with bind9 with dynamic updates. You'll then have a network where all your machines will be identifiable by their hostname by every other machine regardless of its operating system. As a side note, it may be worth looking to see if there is any newer firmware for your DG834G modem/router at http://kbserver.netgear.com/products/DG834G.asp. Some DG834* boxes I have worked with have had performance issues with older firmware so if you aren't running the latest firmware for your model it is worth considering updating it. Regards, Tom -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
Re: [ubuntu-uk] Home network configuration
Mark Allison wrote: > Hi there, > > I have 6 PCs at home, and have them all connected to a Netgear DG834G > wireless ADSL modem. Some PCs are connected directly, others via > wireless. The current topology is: > > ADSL Router-->Home LAN > > One of my PCs is an Ubuntu server running squid and dansguardian and > I'd like to configure the network as follows: > > ADSL Router-->ubuntu-server-->Gigabit wireless switch-->Home LAN > > The bit that's missing is the gig wireless switch. Do such things > exist? If not how else can I configure the network? I need it to be > gigabit because the ubuntu server is running BackupPC and throws > around a lot of data. > > Any insights appreciated! > > Thanks, > Mark. > As far as I'm aware the fastest speed you're likely to get on wireless is about 200MBit, you'd also need matching wireless cards too (I think it's 802.11N). One possible way of getting around it is to plug your server and wired desktops into a gigabit switch (with a gigabit connection) and also plug the router into the gigabit switch. Give your router a static IP address on the internal network and disable DHCP. Then get your server to dish out IP addresses via DHCP. You can then either set the gateway in the DHCP server configuration on the server to the router, or a non existent machine on the network (this can also be done on a per mac address basis - I did this with my kids PC to block them accessing the internet directly). Then on the machines you want to use the proxy, just setup Firefox etc to use the proxy server. Your wireless machines should be able to still pick up an IP address (you can also add Mac address filtering and WPA security on the router still) and browse the network and your desktop machines will talk to each other and the server at 1Gbit. Worked for me, although I dare say there may be more elegant ways of doing it. Hope this helps. Rob -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
