1

My ISP has installed a fiber link at the place where I work. It has provided an ethernet WAN link to my office and has given a set of static ip's on 187.xxx.xxx.224/29 network. I need to setup a linux router/Gateway so that I can make use of those static ips. This linux router/Gateway should be able to provide static internet ip's to my NAT router, mail server, webserver so on. The linux machine has two NIC's: eth0 and eth1. 187.xxx.xxx.225 should be it's public ip, and remaining 6 ip's should be made available for NAT router, mail server, webserver so on. I goggled for howtos, and most of them dealt with setting up NAT router, which I don't need.

EDIT1 I already have Ubuntu server installed. Can I do it with the default Ubuntu tools like iproute2, ifconfig, iptables?

nixnotwin
  • 1,543
  • 5
  • 35
  • 55
  • Is there any reason you can't use a device that is designed for this exact purpose, such as an edgemarc, sonicwall or cisco router? They require minimal setup to do what you are looking to do, will generally have lower maintenance and power consumption, and are easily configured to handle snmp and telnet or ssh services as well. – MaQleod Apr 22 '11 at 05:31

3 Answers3

3

I'd look at either pfSense or Vyatta. I've used pfSense and heard lots of good things about Vyatta. I think either of these would do what you needed.

ErnieTheGeek
  • 2,037
  • 16
  • 22
  • I'll say +1,000 for Vyatta. IMHO they're as close to Enterprise as you're going to get in open source (free or paid version with support and more features). Very good features, and VERY stable. – Jason Antman Apr 21 '11 at 19:36
1

You may want to look at the Shorewall setup guide. In your case you can ignore the NAT information. If you have a different IP for your upstream connection, then you have a simple two interface setup. If not, then you need to look at a bridging configuration.

BillThor
  • 27,737
  • 3
  • 37
  • 69
  • I highly recommend Shorewall. I've used it for years as an edge router/firewall with no problems. I've not set up 1-to-1 NAT (which is what you need to setup here), but I know Shorewall is fully capable of it and that lots of people use this functionality successfully. And, if you ever have problems, the Shorewall mailing list is very helpful, including rapid responses from the programmer behind it! – Kromey Apr 21 '11 at 16:50
  • @Kromey: I read the post and it appears that 1-to-1 NAT may be appropriate. This setup is a well documented option for this case, and the one the developer has used. – BillThor Apr 21 '11 at 21:52
0

Another solution, Untangle or ClearOS.

Vick Vega
  • 2,398
  • 16
  • 22