FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 05-02-2011, 12:09 PM
Roland Roland
 
Default Centos as Gateway ? (Router/transparent proxy)

Hi All,

I'm lately suffering from Quota abuse at home. believe it or not my
teenagers are eating through my allowed quota.

Hence, i'm thinking of setting up a centos machine to work as such:

HDSL modem(natted to an onboard dhcp service for lan users) -> Centos -
> Switch - LAN users


Hw specs:

3 GB ram
3.0 core 2 duo
2 X 1 TB HDD
2 X 1 Gb NIC


Centos will contain the following:

1. DHCP # is there a way i could use the modem's dhcp service
instead? or using a centos based dhcp service is better?
2. Samba # sharing files for lan users
3. Squid
4. clamav
5. OpenRadius # wifi authentication
6. knockd service (anyone tried it? i read about this service a few
weeks ago and am wondering if it's worth giving it a shot... for public
access to the server )
6. Things which are needed :
a. Ability to separate Wireless router from LAN. (thinking
of vlans though as i have a dumb switch am thinking of adding a 3d NIC
to my desktop and dedicating it to the wifi ? )
b. Accountablity of quota and bandwidth used (i was
thinking of SARG and SQstat for squid)
c. using some sort of shell script that will parse squid
logs (mysar will help me access squid logs through mysql) and if someone
bypassed their allowed quota for the day they will be moved to a delay
pool with lower bandwidth.

As you noticed above, my whole "connection management" is relying on
squid, i'm worried that it will process only traffic that's forwarded
to port "80" instead of everything going through the server. any idea if
thats the case?


I previously thought of untangled, and IPCOp, though i don't want a
standalone router as i'd like to be able to use VirtualBox over it
occasionally.
waiting for your advice about the above setup, keep in mind that i don't
mind changing the setup if there's something better to use, actually i
do prefer it.

Best,


--Roland
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2011, 12:18 PM
Ljubomir Ljubojevic
 
Default Centos as Gateway ? (Router/transparent proxy)

Roland Roland wrote:
> Hi All,
>
> I'm lately suffering from Quota abuse at home. believe it or not my
> teenagers are eating through my allowed quota.
>
> Hence, i'm thinking of setting up a centos machine to work as such:
>
> HDSL modem(natted to an onboard dhcp service for lan users) -> Centos -
> > Switch - LAN users
>
>
> Hw specs:
>
> 3 GB ram
> 3.0 core 2 duo
> 2 X 1 TB HDD
> 2 X 1 Gb NIC
>
>
> Centos will contain the following:
>
> 1. DHCP # is there a way i could use the modem's dhcp service
> instead? or using a centos based dhcp service is better?
> 2. Samba # sharing files for lan users
> 3. Squid
> 4. clamav
> 5. OpenRadius # wifi authentication
> 6. knockd service (anyone tried it? i read about this service a few
> weeks ago and am wondering if it's worth giving it a shot... for public
> access to the server )
> 6. Things which are needed :
> a. Ability to separate Wireless router from LAN. (thinking
> of vlans though as i have a dumb switch am thinking of adding a 3d NIC
> to my desktop and dedicating it to the wifi ? )
> b. Accountablity of quota and bandwidth used (i was
> thinking of SARG and SQstat for squid)
> c. using some sort of shell script that will parse squid
> logs (mysar will help me access squid logs through mysql) and if someone
> bypassed their allowed quota for the day they will be moved to a delay
> pool with lower bandwidth.
>
> As you noticed above, my whole "connection management" is relying on
> squid, i'm worried that it will process only traffic that's forwarded
> to port "80" instead of everything going through the server. any idea if
> thats the case?
>
>
> I previously thought of untangled, and IPCOp, though i don't want a
> standalone router as i'd like to be able to use VirtualBox over it
> occasionally.
> waiting for your advice about the above setup, keep in mind that i don't
> mind changing the setup if there's something better to use, actually i
> do prefer it.
>
> Best,
>
>
> --Roland

Check out ClearOS. It's based on CentOS and can install extra CentOS
packages you need. If you add CentOS repositories in yum config you
could add KVM instead of VirtualBox, or headless VirtualBox it that is
possible.
Almost all you need is there and packaged in nice Web interface. I also
always add Webmin to it.

Ljubomir

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2011, 12:21 PM
Fajar Priyanto
 
Default Centos as Gateway ? (Router/transparent proxy)

Also worth considering is to upgrade the subscription to unlimited
internet access.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2011, 12:35 PM
Ljubomir Ljubojevic
 
Default Centos as Gateway ? (Router/transparent proxy)

Fajar Priyanto wrote:
> Also worth considering is to upgrade the subscription to unlimited
> internet access.

In Australia for example, and other remote locations have mandatory caps
because they get their internet via limited throughput links (satellite
or old "under the see" cables?), so he might not have a choice.

Ljubomir
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2011, 01:31 PM
Kai Schaetzl
 
Default Centos as Gateway ? (Router/transparent proxy)

Roland Roland wrote on Mon, 2 May 2011 15:09:00 +0300:

> As you noticed above, my whole "connection management" is relying on
> squid, i'm worried that it will process only traffic that's forwarded
> to port "80" instead of everything going through the server. any idea if
> thats the case?

Correct. The easy solution is to ban bittorrent and other P2P services.
There's a 99% chance that this is what eats up your traffic. And youtube.
Banning P2P lets you sleep better in the night, too.

Kai


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2011, 01:41 PM
 
Default Centos as Gateway ? (Router/transparent proxy)

Fajar Priyanto wrote:
> Also worth considering is to upgrade the subscription to unlimited
> internet access.

Or consider checking into just what your teenagers are downloading that's
gigabytes and gigabytes....

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2011, 04:30 PM
David G. Miller
 
Default Centos as Gateway ? (Router/transparent proxy)

Roland Roland <R_O_L_A_N_D@...> writes:

> Hence, i'm thinking of setting up a centos machine to work as such:
>
> HDSL modem(natted to an onboard dhcp service for lan users) -> Centos -
> > Switch - LAN users
>
> Hw specs:
>
> 3 GB ram
> 3.0 core 2 duo
> 2 X 1 TB HDD
> 2 X 1 Gb NIC

Your proposed configuration is pretty close to what I've been running for
several years (my original server had an AMD K-6 and ran Red Hat 6). The
hardware is way more than sufficient. I have CentOS doing the natting instead
of the modem. Just use the modem as a pass through.

Pretty much everything I've done is documented on my blog at
http://davenjudy.org/davesBlog. I describe what I've done on the blog and that
way I document what I did for my future use and someone else might be able to
use it.

>
> Centos will contain the following:
>
> 1. DHCP # is there a way i could use the modem's dhcp service
> instead? or using a centos based dhcp service is better?
> 2. Samba # sharing files for lan users

See my blog.

> 3. Squid
> 4. clamav

Don't do clamav since I even got my wife to use Linux. No real need for squid.

> 5. OpenRadius # wifi authentication

See my blog.

> 6. knockd service (anyone tried it? i read about this service a few
> weeks ago and am wondering if it's worth giving it a shot... for public
> access to the server )

I just used public keys for ssh and disabled password login. I also suggest you
move the sshd port to something non-standard just to cut down on the fruitless
attempts to login there. The script kiddies generally don't scan to see if sshd
is listening on a non-standard port.

> 6. Things which are needed :
> a. Ability to separate Wireless router from LAN. (thinking
> of vlans though as i have a dumb switch am thinking of adding a 3d NIC
> to my desktop and dedicating it to the wifi ? )

3rd NIC is probably the easiest with a crossover cable to the WiFi AP. That way
you can easily set up specific firewall rules for the WiFi traffic.

> b. Accountablity of quota and bandwidth used (i was
> thinking of SARG and SQstat for squid)
> c. using some sort of shell script that will parse squid
> logs (mysar will help me access squid logs through mysql) and if someone
> bypassed their allowed quota for the day they will be moved to a delay
> pool with lower bandwidth.
>

Hopefully, someone else can help you with these.

Most of my recent blog posts deal with setting up IPv6. You'll need to look
through the "CentOS server set up and maintenance notes" section for some of the
older articles (DHCP, RADIUS, etc.).

Cheers,
Dave

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2011, 07:03 PM
John R Pierce
 
Default Centos as Gateway ? (Router/transparent proxy)

On 05/02/11 6:31 AM, Kai Schaetzl wrote:
> Correct. The easy solution is to ban bittorrent and other P2P services.


not as easy as it sounds. those services are remarkably agile at
dodging firewall rules


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2011, 07:30 PM
Ljubomir Ljubojevic
 
Default Centos as Gateway ? (Router/transparent proxy)

John R Pierce wrote:
> On 05/02/11 6:31 AM, Kai Schaetzl wrote:
>> Correct. The easy solution is to ban bittorrent and other P2P services.
>
>
> not as easy as it sounds. those services are remarkably agile at
> dodging firewall rules
>
P2P always happens on much higher ports and if you create rules that
block destination ports higher then 1024, with exceptions of VNC, etc
ports, you can pretty much limit abuse. Also worth noting is iptables
rule for limiting the number of connections for those higher ports, and
using HTB bandwidth limiting with giving priority to regular traffic.

Ljubomir, 7 years small WISP.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-02-2011, 07:44 PM
Drew
 
Default Centos as Gateway ? (Router/transparent proxy)

>> Correct. The easy solution is to ban bittorrent and other P2P services.
>
> not as easy as it sounds. * those services are remarkably agile at
> dodging firewall rules

At home it's a bit easier. You can do stuff at the firewall but any
parent should have their kid's computer's root password so they can
get on whenever they need to. And last I checked there weren't any
laws that prohibited parents from conducting random unannounced
inspections of the kid(s) machines.

--
Drew

"Nothing in life is to be feared. It is only to be understood."
--Marie Curie
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 04:04 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org