Find the answer to your Linux question:
Results 1 to 5 of 5
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Create a firewall, Load-balancing, traffic control / shaping, web, file server

    Hi guys, (this is my first post and hope it is in the most relevant category).

    Essentially my problem is this. I have been looking at all the firewall distros that are available and do not believe that any one of them have all the features I need. What I want to do is this...

    I have a fairly low grade PC which "importantly" only has space enough for 2 network adapters and I want to turn it into a server for my network. I have two ISPs and a number of users and I want to do the following, (described using some information I have learnt recently, I'm fairly inexperienced):

    1) Input to red interface, from switch where both ISP connections are connected. 1.1) This interface needs to support load-balancing across two virtual interfaces going out to two separate ISPs with different metrics/DNS servers etc.
    2) Output from green interface to a network switch. single IP seen by our internal network

    Inside the box:
    3) Proxy server, transparent, with cacheing, I am thinking Squid? any thoughts?
    4) Firewall + IP tables, not sure yet? power similar to smoothwall.
    4.1) DNS + NTP +DHCP <-- should be simple, I have done this once before, any advice?
    5) Webmin, I have used this before, any thoughts with this setup?

    Not sure at all about these two...
    6) IMPORTANT, block certain internal IPs/MACs accessing certain ports, and or IPs
    7) IMPORTANT, limit bandwidth of certain internal IPs/MACs

    I am thinking also about adding a simple apache web server showing basic status of server for accessing some services on the internal network both externally and internally
    9) add a small space on the server to save critical network files sFTP
    10) Snort IDS ?

    Key note, I don't want to buy any new hardware (both because I am poor and because I am fairly certain what I want can be done with software, It would also be fun to set something like this up for the first time). [note I know you can buy network cards for very little that have more than one physical port but I was hoping that it would not come to that :P THIS WILL BE FUN ]

    Essentially do a little of everything

    I have done quite a bit of research but this is a massive area and this project is a little over my head. There is a lot of stuff out there. I am not a complete novice but would love if anyone could point me in the right directions/give any advice.

    The distribution I have had the most experience with is Debian and I think that it is a good choice for this project?


    Stuart (Sorry long post)

  2. #2
    Linux Newbie sarlacii's Avatar
    Join Date
    May 2005
    South Africa
    Hi splatcat, welcome to
    Check out some of the existing posts on firewall distros for a few opinions, as there have been a number of threads in the past about possible solutions... it's a big, but also common, topic.
    I would tend to stick with an application-specific distro like ClarkConnect etc. as you mention, because all the stuff you need is nicely integrted.
    However, Debian of course has all the tools (and more... much more, this is Debian after all) in order to do the whole thing yourself... depends on how much time you've got on your hands. LOL
    May want to have a look at the debian package listings to get an idea of what is available by default?
    Respectfully... Sarlac II
    The moving clock K' appears to K to run slow by the factor (1-v^2/c^2)^(1/2).
    This is the phenomenon of time dilation.
    The faster you run, the younger you look, to everyone but yourself.

  3. #3
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    1.1) This interface needs to support load-balancing across two virtual interfaces going out to two separate ISPs with different metrics/DNS servers etc.
    I am unsure if you could get this working with a switch in between the two ISPs? I mean, you would get two distinct IP addresses for the same hardware. That alone gets me headache. So, I would plug in another network adapter (they don't cost that much these days) into the firewall device and combine these two physicals into one virtual adapter that would become the "red" zone.

    7) htb

  4. $spacer_open
  5. #4
    Thank you for your responses. With regards to checking other forums for information; I have done this and I feel I am at the point where I could almost build the server. I was more looking for responses from people who have tried to construct / found software that does everything I am looking for and what problems or tools that could help with the whole package.

    Thanks for the suggestion of ClarkConnect I had not come across that.

    Kloschüssel: I am tring to set this up on a piece of hardware where I do not have the ability to add another NIC even if I wanted to, I would have to buy an entirely new PC. That is one of the things that is quite complicated about this setup. From my research I would have thought it would still be possible, but I still pretty inexperienced.

    Does anyone have any thoughts on this?

  6. #5
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Thoughts on what? Except the above two things I would not see any problem. But hey: It strongly depends on your hardware. If it is an embedded device for example you may have only 32mb memory and 200MHz. It may be enough for dhcp, dns, ntp, firewall + QoS but not for storage or snort as these things are CPU and memory intensive leading to a high load and poor performance when it comes to latency and fast network speeds. You just have to provide more information if you want a more accurate answer.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts