hi I'm trying to get my home server to share internet to the other computers at home. i want it to be my "router" in that i want to install a wireless card in it and have all the wireless devices in my house use it to access the internet. I'm planing on making it a dns server and a media server, I'm also wanting to be able to block unauthorized computers for security if possible. thanks!!

The Arch wiki is always an excellent resource. https://wiki.archlinux.org/index.php/router

If you do a web search for "[your distro] router" you should find a lot of stuff. For us to help you more, we'd need to what distro/version you are running and, ideally, what ethernet cards you have in it (you need at least two--one for the internet and one for the local network). You will also need a switch or a hub to connect other computers within your network to the router computer.

If you need wireless, you can achieve that with an access point, which is just a wireless transceiver that doesn't route and can be connected to the hub or switch with its own IP address. I quite happily used one for some time at my previous residence because I already had a non-wireless router.

I'd be inclined not to use the routing computer as a file and media server, if only because it's public-facing. I don't have a reason for it--it's probably just my inbred caution talking--but I'd want to research that more to make sure there are no implications for security or functionality.

Yes, the Arch wiki rocks. For this task, however, you may want to give serious consideration to OpenBSD

http://www.openbsd.org


Espeically since you mentioned running a DNS server.

thanks guys, I'm going to get three 10/100/1000 cards and put two in the server and the other in my desktop computer because its the one i ssh in on or transfer media files from and right now its stuck at 10mbs speed which isn't bad but its not good either. i have ubuntu server 12.10 i think! is there any good security features i can get for it other then ufw??? is there any way i can make the ethernet computers one lan and the wireless computers another? none of them are networked together anyway but i could lock the computer ip's on one lan and then allow a few ip's on the wireless??

ufw is a frontend for iptables, which is built into the kernel.

If there are any Windows machines, it would be wise have some way to scan traffic for malware.

To have two subnets (one for wireless and one for wired) you pretty much need two routers, one to form a subnet under the other one. It's probably not worth the effort unless you just want the practice.

Here's the clearest tutorial on subnetting I've ever seen. Don't let the HTML 3.0 look throw you; it used to be on some *.edu site and I think the author just took it with "as is" when he left, but it's clear and thorough.

You've got the makings of a classic "3 legged" routing firewall here. Use the nics in your firewall to set up external (ext_if) and internal interfaces (int_if). The ext_if goes to your upstream router. Try to use static, routable IP's for these if you can, e.g. /30 subnet would give you 1 IP address for firewall ext_if and another for upstream WAN access point. Then NAT the firewall's int_if to e.g. a 10.0.0.0/28 subnet (assuming a 16 port switch here, adjust as necessary to suit). Then hopefully you can also stick a wireless card into that router/firewall. Depending on how centrally this box is located, you may consider external atenna. Or use a 3rd nic to a dedicated wap set up in bridging mode. In either case, call that wifi_if and NAT that to another subnet, e.g. 10.0.1.0/28. Take it another step futher and consider setting up radius server on the wifi_if. Configure DHCP server on firewall/router to dole out IP address from respective subnets on wifi_if and int_if. Now you've got 3 zones: internal eth, internal wifi, and external that you can use to set up trust relationships.

Maybe I'm glossing over it a bit too much but you get the idea. There is a lot of info on the web to help you with the specifics. Especially since it's late here & I'm sleepy.

P.S.; Here's an example using OBSD and pf

http://www.openbsd.org/faq/pf/example1.html

Add an additional stub for your wifi network. Adjust to suit if you want to use Linux and iptables, but when it comes to security sensitive stuff like firewall, I am of the opinion OBSD is the best way to go.

Similar thread might help. https://www.linuxquestions.org/quest...ng-4175494648/

ok i got the server up and sending out ip addressess but it wont connect to the internet when i type arp -a in the terminal it has <incomplete> on the eth0 and the wireless any ideas on whats wrong??

yeah, we'll need a little more info than that mayne. start by giving the output of "ip addr show" & "iptables -nvxL", censoring the addresses if you want. and i'll echo that Archlinux router guide, it is quite succinct.

you said you're using ubuntu; i got NO idea what kinds of frontends/GUIs it has to "help" configure the routing settings, but all you should need to use is "iptables", and make sure you have enabled packet forwarding. and as far as blocking off wireless/wired clients, the easiest way to do that would be to have 3 NICs in the server; 1 going out to the internet, 1 to your wired LAN, and 1 to the wireless LAN, all with different subnets, and then use iptables to prevent forwarding from the wireless to the wired subnet.

iptables typically stores all of its settings in 1 file, iptables.rules, and is usually in /etc/iptables/, though your distro may put it somewhere else.

here's a basic version of an iptables.rules file, and it's very close to the rules i use on several small Linux-based router PCs. "external" is the interface to the modem, "internal" is the interface to LAN, and "internal" is connected to a 192.168.0.x/255.255.255.0 network: