Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Internet -> Modem -> Linux(eth1[public], eth0[local])
Linux machine is an ubuntu PC with IP Tables
:PREROUTING ACCEPT [19:1629]
:INPUT ACCEPT [8:693]
:OUTPUT ACCEPT [3:178]
:POSTROUTING ACCEPT [1:73]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [22:1237]
:FORWARD ACCEPT [5:420]
:OUTPUT ACCEPT [18:762]
-A FORWARD -i eth1 -j ACCEPT
COMMIT
Now there comes another network - Another Private network - So currently 3 networks[ 1.Local 2.Internet 3.Private ]
We planned to change the existing ubuntu gateway machine with another machine with three NIC and with a dedicated routing software and tried Zeroshell and IPfire. But it seems that these two applications are not supporting multiple WANs. We are not able to provide IP address of the gateway machines of each network. Is is not possible to do this setup using these softwares.
Shall I write IPtables?
Is there a solution with web interface for doing this stuff?
Now there comes another network - Another Private network - So currently 3 networks[ 1.Local 2.Internet 3.Private ]
We planned to change the existing ubuntu gateway machine with another machine with three NIC and with a dedicated routing software and tried Zeroshell and IPfire. But it seems that these two applications are not supporting multiple WANs. We are not able to provide IP address of the gateway machines of each network. Is is not possible to do this setup using these softwares.
Don't know...have you read the manuals for those pieces of software to see??
Quote:
Shall I write IPtables?
Don't know...you tell us. Do you think that would work in your environment, and have you thought about how to accomplish what you want??? You've been working with iptables for years now: https://www.linuxquestions.org/quest...lp-4175609131/
....so you should have all the knowledge you need on how to accomplish such a task.
Quote:
Is there a solution with web interface for doing this stuff?
Lots, and there are even interfaces for iptables. However, there is no 'interface' that eliminates your need to think about what you're doing. You don't say how you want this third network treated, how you want things routed/visible, etc., so until you have a clear plan on what you need to do, no 'web interface' is going to do anything magic to help you accomplish it.
Yes, But, I am not a person working as IT professional. I am a Clerk - But doing IT jobs when requirement arises - so there is a large gap between my activities. I have to refresh my IT knowledge when such situation arises(as I am not frequently engaged with this).
Yes, But, I am not a person working as IT professional. I am a Clerk - But doing IT jobs when requirement arises - so there is a large gap between my activities. I have to refresh my IT knowledge when such situation arises(as I am not frequently engaged with this).
If you're not the admin, then let the admin do their own job. And saying you don't know iptables when you have used it before, is plain wrong. You know how to use it, so it's a matter of sitting down and DOING it. You can refresh you memory pretty easily. And after ELEVEN YEARS of using Linux, no one is going to believe that you don't know anything. Seems odd that you ask about scripting, proxy servers, programming, etc., etc., for eleven years, but don't work in IT admin.
If your boss is asking you to do this, now is a perfect time to remind them that you're a clerk, not the IT admin.
Quote:
Currently Ubuntu 14.04
...and that's fairly old.
Past all of this, you STILL don't tell us anything about how you want the networks to interact. We aren't going to guess, and until *YOU* know the goals and how things are supposed to work, there is no magic piece of software that will just do it for you, regardless of the interface.
I did't mean that I don't know IPTables or system admin work/programming. I posted this for suggestion regarding these who have experience in using any of these application. I have posted this thread after a lot of hours of experimentation with Zeroshell, IPCop and IPFire.
I know this can be done by IP Tables. But my intention is to reduce dependency on me to other people who are not comfortable with terminals.
Please don't expect every organization to have dedicated IT staff doing IT matters everytime,
Particularly, Linux is not only for persons who have opted their profession in IT field. It is not only for satisfying the BOSS. Even if we are not the authorized person to do such things, Knowing how to do it and experimenting with it is not a crime - It is this curiosity of lakhs of people which nurtured opensource and linux. These are applicable to home environments also,
If any message conveys insufficient information for provide feedback, point out it, or just ignore it.
Yes 14.04 is very old one. At the time of setup, it was not old. Hence I am in a process of migration.
It supports multiple WANs through interface. (zeroshell and ipfine not)
I have installed in VM trying to install in physical machine. Actually I was hesitated to experiment with it since it is a BSD one.
@TBOne
I did't mean that I don't know IPTables or system admin work/programming. I posted this for suggestion regarding these who have experience in using any of these application. I have posted this thread after a lot of hours of experimentation with Zeroshell, IPCop and IPFire.
Great; which you didn't say anything about, did you? And again, you say you're a 'clerk' and not IT admin...yet you've spent a lot of hours working with those programs and trying to find out about more??? Who did your job during that time?
Quote:
I know this can be done by IP Tables. But my intention is to reduce dependency on me to other people who are not comfortable with terminals.
Again, you're not making much sense. The 'other people' shouldn't be touching the server **AT ALL**, and should call the IT admin folks for any issues. The 'other people' don't have to be comfortable with things, only the admin does.
Quote:
Please don't expect every organization to have dedicated IT staff doing IT matters everytime,
You were the one who said there was a dedicated IT admin, didn't you?
Quote:
Particularly, Linux is not only for persons who have opted their profession in IT field. It is not only for satisfying the BOSS. Even if we are not the authorized person to do such things, Knowing how to do it and experimenting with it is not a crime - It is this curiosity of lakhs of people which nurtured opensource and linux. These are applicable to home environments also,
Yep; except you're asking about it in a professional work environment, with a dedicated IT admin. Who does have a 'boss', and coworkers. Don't try to flip this back to "I'm just doing it out of curiosity" now. And since you say you're NOT the IT Admin, you didn't opt for that profession, did you?
Quote:
If any message conveys insufficient information for provide feedback, point out it, or just ignore it.
I did, and continue to. You STILL don't say *WHAT YOUR ACTUAL GOAL IS* with whatever software you pick. Saying "I have three networks", tells us nothing. HOW do you want them routed/protected/whatever??? Different tools/different capabilities. But you STILL don't say, despite being asked three time now, in very plain language.
Quote:
Yes 14.04 is very old one. At the time of setup, it was not old. Hence I am in a process of migration.
No kidding; everything was new at one time, so saying it wasn't old when it was first set up is plain common sense. And YOU are in the process of upgrading a server, or the mystery 'IT Admin' is???
Sounds like your company has real issues, if they let everyone touch and mess with their servers. Because it's not just clerks like you, apparently, but 'others' as you said above, who are going to play with firewall rules?? Either your admin is lazy or incompetent, to let such things happen.
Actually this is the problem. But for PFSense it is ok. Now I am configuring it in the Virtualbox
..except for the part where you actually say what the 'two applications' are, how the networks need to interact, etc.
And WAN is a pointless term in your 'problem', since it'll just have an IP address (same as any other network), and that traffic needs to be routed/bridged/blocked/whatever. Which you still don't say anything about. Good thing your 'IT Admin' is lazy, and lets everyone do as they wish.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.