I know iptables can route packets like a router. I've read tutorials where a Raspberry Pi can replace a home router. iptables can allow only specific ports through. However, in my enterprise environment, I have 32 WAN IPs - not all are in use - with a handful of servers (WWW/HTTPS, FTP, Email) that have their own IPs, and end users are NATted behind a global address. Can iptables duplicate this same functionality?
Asked
Active
Viewed 726 times
1
-
1Yes, it can. I'm not sure what more to say. – MadHatter Apr 26 '18 at 06:00
1 Answers
2
Yes. Several distributives based on Linux or FreeBSD can be used as soft router. By example DD-WRT, OPENWRT, BSDRP, ALPINE LINUX and many others. They can do all what can do Cisco router without proprietary protocols. But they need compatible hardware. Raspberry PI isn't good choice, because it has only one Ethernet port and low productivity. USB Ethernet extension doesn't help you.
Iptables is used as firewall, NAT and port forwarding. Iprote2 is used for routing by source IP address. Quagga is used for dynamic routing by BGP, OSPF and others.
Old computer can be used to create soft router or use some special motherboard with integrated CPU and 2 and more Ethernets ports.
Another way is using router of another manufacturer (by example Mikrotik). Choose router not only by functionality. It must stability work with your load.
Mikhail Khirgiy
- 2,073
- 11
- 7