LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-13-2016, 04:14 PM   #1
Keruskerfuerst
Senior Member
 
Registered: Oct 2005
Location: Horgau, Germany
Distribution: Manjaro KDE, Win 10
Posts: 2,199

Rep: Reputation: 164Reputation: 164
2 network cards in one computer - how to configure?


I want to build a firewall for my home network.
It is a mini ITX computer with Intel celeron processor, 8GB RAM and a 256 GB SSD.

I want to use a server linux distro like Ubuntu server 64 Bit.

How to configure the two network interfaces for firewall use?
 
Old 02-13-2016, 09:42 PM   #2
jefro
Moderator
 
Registered: Mar 2008
Posts: 21,976

Rep: Reputation: 3623Reputation: 3623Reputation: 3623Reputation: 3623Reputation: 3623Reputation: 3623Reputation: 3623Reputation: 3623Reputation: 3623Reputation: 3623Reputation: 3623
I know this isn't what you asked but consider using Untangle firewall or maybe pfsense or other firewall distro.

In a simple sense you use iptables to configure the two. Might be easier to use Firewall Builder. http://www.fwbuilder.org/ if you insist on using Ubuntu straight out of box.

I haven't gotten untangle to boot and load uefi but I think I'll get that in a few days if you are needing emmc card in computer. Otherwise these firewalls do OK off a usb flash drive.
 
Old 02-14-2016, 03:32 AM   #3
Keruskerfuerst
Senior Member
 
Registered: Oct 2005
Location: Horgau, Germany
Distribution: Manjaro KDE, Win 10
Posts: 2,199

Original Poster
Rep: Reputation: 164Reputation: 164
Thank you.

I will test Utangle.
 
Old 02-14-2016, 05:40 AM   #4
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,685

Rep: Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894
You can find many examples on using iptables rules to configure a firewall/router but typically the internet connecting device is setup for DHCP and the LAN device as static. Setup a DHCP server on the LAN interface and use IP forwarding to route traffic from the LAN to the WAN. With a masquerading rule you now have a simple NAT router. Add rules as desired. I think that Ubuntu still uses UFW as default.
 
Old 02-14-2016, 06:12 AM   #5
Keruskerfuerst
Senior Member
 
Registered: Oct 2005
Location: Horgau, Germany
Distribution: Manjaro KDE, Win 10
Posts: 2,199

Original Poster
Rep: Reputation: 164Reputation: 164
Unhappy

I have searched the Internet for a firewall solution.
The "out-of-the-box" solutions do have some disadvantages:
1. Cisco: support contract
2. Too few network connectors
 
Old 02-14-2016, 06:30 AM   #6
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,685

Rep: Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894
Here is another firewall distribution
http://www.zeroshell.org/
 
Old 02-14-2016, 08:16 AM   #7
Keruskerfuerst
Senior Member
 
Registered: Oct 2005
Location: Horgau, Germany
Distribution: Manjaro KDE, Win 10
Posts: 2,199

Original Poster
Rep: Reputation: 164Reputation: 164
Has anyone experience how much computing power such a firewall distro needs?
 
Old 02-15-2016, 06:00 PM   #8
jefro
Moderator
 
Registered: Mar 2008
Posts: 21,976

Rep: Reputation: 3623Reputation: 3623Reputation: 3623Reputation: 3623Reputation: 3623Reputation: 3623Reputation: 3623Reputation: 3623Reputation: 3623Reputation: 3623Reputation: 3623
Generally they tend to rate this stuff by users. A dedicated firewall device is rather expensive for a home or soho use. They also tend to require additional costs each year in many cases. So a 10- 50 user might be $1000 or so. They go up a lot for more services and speeds.

Specs on these dedicated are generally secret. Their claims based on almost meaningless metrics. Here is one that may be somewhat less than your board. https://nexgenappliances.com/ng-fire...FQqKaQodYqsK1w


The more features you add to the firewall the more resources it will consume. A simple iptables (type) fireall distro running maybe bsd or linux could support a home use for basic tasks. Not sure you could game it on a fiber cable without running red hot. Gamers sometimes just bypass the router and firealls anyway.

There are a number of distro's and their ability to block things vary mostly on the ability of the admin to configure it.

You'll notice that many firewall distro's offer some pretty advanced tools that a soho user would never need.

Useful info here. https://www.freebsd.org/doc/handbook/firewalls.html


You can easily test almost any of the firewall distro's in a vm. You create the vm (or download a pre-made virtual appliance) and run all traffic through it. It will also help you decide on how much it will consume.

Almost all of these can run on a usb flash too.

Some boot to a live environment or you could make one live.

In all cases, you'd need to test for your use.

Last edited by jefro; 02-15-2016 at 07:24 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
2 network cards in 1 computer scpu1 Linux - Networking 1 02-07-2012 01:14 PM
Ping from a computer with 2 network cards joseph_k Linux - Networking 3 05-27-2004 11:07 AM
2 network cards in one computer hamish Linux - Networking 17 04-18-2004 08:05 AM
Double network cards configure? bin_shell Linux - Networking 1 04-05-2004 07:21 AM
2 network cards on the same computer zovres Linux - Networking 4 08-02-2003 10:19 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration