Linux Gateway?

[Bobalob]

I run a lan centre and i need an effective way of controlling bandwidth usage so people dont just go taking the piss downloading on limewire and steam updates are also pretty fun. Someone informed me i could install another network card in my server, crack linux on it and use it as a gateway and can pretty much do everything i need with that, well ive done all of that and at the moment im using Fedora, which i dont think has what i need, does anyone know a good linux distrubution for this purpose?

I am pretty new to linux, have tried it many times before and usualy end up getting frustrated and cracking winxp back on after a few days, but with this new revalation that i need it as a gateway i have ordered some books on the subject and plan to stick it out.

On another note, most IRC servers (Quakenet in this case) only allow so many connections from a specific line, you need a "trust" which allows you to connect more than 4 pc's to irc. Well i have 16, i have such a trust, but not an "IDENT server" to get it working, im pretty sure this cant be done on windows so once again linux to the rescue, however i have no idea what i need to get this ident server up and running. Any help?

Id appreciate any help given, and this is the only forum i have come across that users genuinly go out of their way to help other

Thanks

 

[Malk-a-mite]

which i dont think has what i need, does anyone know a good linux distrubution for this purpose?

Here is the general firewall list, you'll want to look at Smoothwall and Clarkconnect primarily (in my opinion) - both come with web based administration and throttling based on IP/Port/program.

You might also consider moving your questions on the topic to the Networking forum. We handle this type of thread fairly often.

This is all thanks to draconius
---------------------------------
Misc. Firewall Distributions-
http://www.astaro.com/
http://www.freeswan.org
http://www.strongsec.com/freeswan/
http://www.clarkconnect.org
http://www.smoothwall.org
http://m0n0.ch/wall/
http://www.coyotelinux.com/
http://www.freesco.org/
http://www.zelow.no/floppyfw/
http://edge.fireplug.net/
http://www.gnatbox.com
http://www.dubbele.com/index.html
http://www.ipcop.org/

FreeBSD stuff-
http://www.unixforums.net/modules.p...rticle&artid=40 - IPF/IPNAT
http://www.unixforums.net/modules.p...rticle&artid=41 - IPFW/NATD
http://www.unixforums.net/modules.p...rticle&artid=66 - Redundant firewall/vpn solution
http://www.unixforums.net/modules.p...rticle&artid=47 - Advanced IPFW with WF2Q
http://www.unixforums.net/modules.p...rticle&artid=26 - IPfilter setup script
http://www.unixforums.net/modules.p...article&artid=4 - Setting up IPFW (basic)
http://www.schlacter.net/public/Fre...d_IPFILTER.html - Freebsd stable firewall with IPFW


OpenBSD Stuff-
http://www.unixforums.net/modules.p...rticle&artid=38 - Firewalling/setting up gateway

Linux Stuff-
http://www.unixforums.net/modules.p...rticle&artid=36 - Setting up firewall
http://ezunix.org/modules.php?op=mo...artid=24&page=1 - Another firewall guide

One of the many good threads on the topic:
http://hardforum.com/showthread.php?p=1027471231#post1027471231

 

[MalfurionStormrage]

All you need is a Linux distribution running iptables. I use ipf on OpenBSD (does the same thing that iptables does) and you can lock the ports down to your heart's content.

However, Smoothwall is a good choice for a Linux distro designed for what you want.

EDIT: Also consider not granting your users the ability to install programs on their primary desktops. It's hard to abuse the network if you remove the ability of the user to install a program to abuse it.

 

[Bobalob]

I have tried clark connect just now, it seems a little to bland for my liking and i cant actually figure out how to get some bandwidth limiting going, or anything else for that matter.

I am looking for some full OS (so i can run game servers etc.) which is also a gateway, trying smoothwall now, see how that goes, but weighing in at 40mb im pretty sure its gonna be limited

 

[Bobalob]

Smoothwall only spears to have a few dozen network card drivers, and it wont auto detect either of mine... and i have no idea how to do it manually, is there not a mainstream linux dist that i could install this ip tables onto?

:/

Thanks

 

[doh]

www.lartc.org

 

[Bobalob]

"As the title implies, this is the "Advanced" HOWTO. While by no means rocket science, some prior knowledge is assumed"

That isnt me so that doesnt really help...

 

[Bullitt]

What NICs do you use? We can probalby suggest a distro or some tweaks to get clark connect working or at the very least, suggest some NICs that work with your distro. We're talking about $30 in additional hardware with clarkconnect....

 

[Bobalob]

I use the motherboards onboard MSi 875p Neo and a Netgear GA311 (both gigabit)

 

[LoStMaTt]

I have been using IPCOP for about a year now. They have been cooking up a ton of updates lately and I find the addons to be unstopable.

 

[Bullitt]

that netgear card should work with a more recent kernel. Probably a 2.6 variant, 2.6.6 is the one that shows up with a quick google search. What version of the kernel does clarkconnect use?

 

[Bobalob]

not a clue, im a complete nubje :O but i want more of an OS so i can install some game server and stuff

 

[Bobalob]

right ive been using this guide http://yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html

im pretty sure ive got some sort of linux router going, (tho i never get an opitunity to take all the pc's offline to test it as we are an internet cafe) but i havnt managed to come accross anyhing in the way of bandwidth limiting or shaping for other pc's on the network :/ is there some sort of REAL noobie guide knocking around somewhere?

 

[Malk-a-mite]

is there some sort of REAL noobie guide knocking around somewhere?

Not a "real newbie guide" since it's not really a newbie subject.

Anyway.. these are the search terms I used on google ["linux bandwidth limiting"] and this is the first link:
http://www.tldp.org/HOWTO/Bandwidth-Limiting-HOWTO/index.html

Good luck.

 

[HHunt]

I keep hearing good things about M0n0wall, and it looks like it'll be able to do everything you need except the ident. Perhaps not ideal, since you need everything from one box, but if you set things up another way, it'll be worth looking at.

 

[Bobalob]

yep I have come across m0n0wall in my travels through linux firewalls, but it seemed to be another standalone firewall thing, which would prevent me running some linux game servers as it isnt a full OS, and waste a pretty powerfull machine, im going to give it a go as it does look pretty idiot proof and would be good for me actually get some shaping and bandwidth limiting going and try and figure it out for myself.

Hopefully i will get a chance to give my iptables thing ive got going on fedora 3 a test tomorrow and see if it actually works.

A perfect solution for me would be a nice little gui prog for linux to configure iptables easily etc.

i came across something along the lines of "webmin" something or other (cant check atm, im at home) which at first, apeared to be that exact solution, though it turned out to be a web admin server for the entire box, but may be of some help yet.

Also ive been having trouble getting a VNC server going on this box, (www.realvnc.com download just times out...) and i end up googling some vnc clone thing which wont install (i dont have some random package on my linux box, <3 linux)

anyway thanks for the new suggestions, good to see you havnt given up on me yet, and i have a fair feeling there are a lot more people (who are linux noobs like myself) who need a bandwidth limiting solution themselves to prevent downloading siblings or surfing parents from lagging their online gaming pleasure

 

[Bobalob]

reading through all these ip tables guides looks so confusing :/ and unfortunitly i cant afford to "test" these attempts on on my paying customers.

Is there a way for me to simply limit each pc on my network to say, 10k/s (U+D) using iptables? i have no idea how to do this with commands in iptables any suggestions would be nice, heres some info if you need it

Cisco Router IP: 192.168.254.254
Box NIC 1 eth0 192.168.254.100 ( these might be other way rnd cant remember )
Box NIC 2 eth1 192.168.254.253

Clients: 192.168.254.1 - 192.168.254.16
HTTP proxy: 192.168.254.103 (i just set inet and firefox/p2p software etc. to this)

topology (see if i remember what this word means ;o)

Router
|
Linux Box
|
_____Switch________
| | | |
PC1 PC2 PC3 HTTP Proxy etc.

 

[Bullitt]

Yes its possible, but you need a firm understanding of linux networking and iptables concepts first.

Visit lartc.org and they have a "conceptual" guide at bandwidth throttling, but you have to come up with the code. Its not difficult, but you need to know about iptables and linux networking first. Its not for the faint of heart or inexperienced.

 

[[H]EMI_426]

Looks like maybe you should start playing with Linux in your spare time. If you just throw Linux on a machine and don't know what you're doing to a certain degree you're going to get burned, so start messing with it...Outside of an environment where you're actually depending on it to get work done.

I wouldn't run a firewall on a machine that does much else, again particularly in an environment where you need everything working. Have a separate machine for a firewall box...It doesn't have to be much. I handle multiple subnets, DHCP, and a few other connection-related services for my home LAN (with almost sixteen machines) with just a Duron 900 on a MicroATX board in a 2U rack box.

I'm using FreeBSD and pf to do what you want to do. You can firewall, route, shape traffic (limit bandwidth) and lots of other neat tricks with pf. For ident I run fakeident on my file server (where my IRC clients run from) and just forward port 113 from the firewall to the file server.

You need to do some research. Setting up a firewall wisely is not a fire-and-forget procedure. You're also going to have to learn a lot. Get used to it if you really want to use Linux (or any other Unix-like or Unix operating system) well.

 

[One_Eye]

I do everything you are asking for with IPCOP. Works great. Little strange to get up and running , but once you get the config correct it works great.

 

[deuce868]

why not just use a firewall distro on a small box. I use clarconnect on a P2-233 for 15 machine office at work and a m0n0wall on a p2-300 on a old desktop at home.

The firewall should be separate from your other machines anyway in the end.

 

[dekard]

I have tried clark connect just now, it seems a little to bland for my liking and i cant actually figure out how to get some bandwidth limiting going, or anything else for that matter.

I am looking for some full OS (so i can run game servers etc.) which is also a gateway, trying smoothwall now, see how that goes, but weighing in at 40mb im pretty sure its gonna be limited

Your not looking deep enough. Clarkconnect is running CentOS 4, based on Red Hat Enterprise Linux 4. Thats a 'real linux os'. You can install anything on here that you want to, just get a copy of putty.exe on your windows pc and you'll have full command line access to the system to setup any game servers you may want to. Or anything else, for that matter.

 

[VAfred]

Boosting Post count maybe. Makes you wonder who he works for?!

 

[Bullitt]

Boosting Post count maybe. Makes you wonder who he works for?!

I dunno, he's dredged up a couple threads mentioning "what distro" and spouted off the clarkconnect / CentOS stuff.


I think he's just spouting off marketing junk at this point.....