Projects tagged ‘gateway’ and ‘nat’

Endian Firewall Community is a "turn-key" linux security distribution that turns every system into a full featured security appliance with Unified Threat Management (UTM) functionality. The software ... [More] has been de signed with "usability in mind" and is very easy to install, use and manage, without losing its flexibility. The features include a stateful packet inspection firewall, application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with antivirus support, virus and spamfiltering for email traffic (POP and SMTP), content filtering of Web traffic and a "hassle free" VPN solution (based on OpenVPN). The main advantage of Endian Firewall is that it is a pure "Open Source" solution that is sponsored by Endian. [Less]

IPCop Linux is a complete Linux distribution whose sole purpose is to protect the networks on which it is installed.

eBox Platform is a unified network server that offers easy and efficient network administration for SMBs, being the open source alternative to Windows Server. eBox Platform can be set up as a ... [More] Gateway, an Infrastructure Manager, a Unified Threat Manager, an Office Server, a Unified Communication Server or a combination of them. These functionalities are tightly integrated, automating most tasks and saving time for system administrators. The company behind eBox Platform, eBox Technologies (www.ebox-technologies.com), offers commercial services such as deployment, support, managed services and training based on eBox Platform. [Less]

Vyatta software is a Linux-based, open networking (advanced routing & security) solution that leverages x86 hardware and components to deliver a flexible, affordable alternative to Cisco 1800 through ... [More] 7200 series routers. Vyatta is a enterprise class, commercial open source offering that can deliver BGP, OSPF, RIP routing, firewall, IPSec and SSL VPN, Intrusion Prevention and more that can scale from the branch office to the service provider edge for a fraction of the cost of proprietary alternatives. Being software-based also allows Vyatta to deliver a full suite of Layer-3 routing and security services to VMware and Xen virtualization platforms. [Less]

IPFire is new-developed firewall build with the latest releases of linux 2.6 and tools. You are able to install a lot of addons and you will see a firewall can become a home server.

NSPM is a free and open-source network security application whose mission is to help system and network administrator to establish, monitor and manage security policies and firewall access rules. ... [More] Relying on popular and widely used GNU/Linux components such as Iptables for rules establishment and PHP for front-end interface and web-based system interactions, it can be installed as a standalone application on most personal, SOHO or company servers without exotic dependencies or intensive configuration. Developed with security, accessibility and standards in mind, NSPM requires nothing more than a classic web browser and networking knowledge to be part of any information system. [Less]

A gateway implementation of the NAT Port Mapping Protocol (NAT-PMP) to allow applications on a private network to acquire publicly-accessible TCP and UDP ports.

SynopsisDescriptionWho should use it?Keeping it RAILLimitsFeatures and OptionsHow hard is it to maintain?Design philosophyTest environmentAlternatives SynopsisThere are no real command line options ... [More] - you configure it and leave it running. The core system provides dns caching; dhcp; firewalling and masquerading; basic network usage logging and connectivity logging. If you install the web gui (recommended), then with it you can move users away from one or more uplinks; shutdown the machine; see connectivity history at a glance; see which machines are up and running; and see basic network usage. Other modules let you do more stuff - transparent proxy web caching; detailed network usage logging of users; QOS and a virtualbox test environment. DescriptionMuggles is a multiple uplink gateway for GNU/Linux Enterprise Systems. More precisely, it is a layer 3 gateway router for multiple uplinks running on debian stable. It isn't actually "Enterprise" grade yet (you'd probably be pushing it if you try using it beyond about 200 machines on a LAN), but it does work really well for smaller outfits. Moreover, because it is well-documented, and because it follows The Debian Way, it is free as in freedom; accessibly powerful; and enormously extensible and flexible. Bolting on new debian toys into the muggles system is fun. Who should use it?Offices on a lan with unreliable isp uplinks. Keeping it RAILMuggles uses RAIL - a Redundant Array of Independent Links. The well-known RAID is a similar idea. Normal uplinks are much cheaper than specially serviced "business" or "leased" uplinks. Taking several independent normal uplinks and doing things in a RAID-like manner therefore saves costs and gets you better reliability. The Muggles core is designed for LANs that need to be connected to the internet using multiple flakey uplinks. LimitsThe current version works well for a LAN class c subnet of say, 30 machines. If there are more than 150 machines things may get interesting - for a start, you run into a default limit set for the maximum number of leases in dnsmasq (trivial to adjust, but there is a reason it is there). Beyond the class c limit (254) you'll have to change the muggles code itself. It should be easy enough to adjust for medium-to-senior level sysadmins who know their networking and who read the muggles documentation. So yeah, the "E" for Enterprise in "muggles" is a bit of a misnomer for now. It can be done, but it isn't designed or optimised for that yet, so it will need a lot of testing. The limit you'd hit will be the muggles code (not the linux networking stack. Linux networking is astonishingly capable, and quite capable of handling the kind of loads that low and mid-level cisco routers deal with, as vyatta shows). Features and Optionsdns caching (dnsmasq) dhcp serving (dnsmasq) masquerading (netfilter) usage logging (vnstat? darkstat? bandwidthd?) firewalling (netfilter) caching (transparent squid) qos (tc) a web gui admin link failover automation (custom monitoring) a test environment and all the other goodies that debian GNU/Linux has are relatively easy to bolt on. How hard is it to maintain?Muggles is actually aimed at medium-level sysadmins who want to customize and extend the gateway to their tastes, so it can get pretty complicated if you like. But it's also installable by junior-level sysadmins who have a vague idea of networking but just need a bit of a guide as to what is going on when applying stuff. (Junior/Medium/Senior levels correspond roughly to LPI 1, 2, 3 certification respectively). Documentation is therefore didactic for when you want to dig into the internals. The internals themselves run via bash scripts (even the web cgi is made up of bash scripts - just for fun, (or maybe it's idiocy :-) )) The prototypes of muggles were different and messier than the current version, but have been in production use for a few years. The code, documentation and design was comprehensible enough to be tweaked, crafted and crufted by junior-level sysadmins for a very long time after I built the systems and handed them over - not that I recommend that kind of maintenance model, but hey, that's what happened. A distribution upgrade on those prototypes would probably need a medium-level sysadmin to do the migration neatly, though. The Lenny release of muggles aims to improve the maintainability so that the upgrade path when tracking debian stable can be carried out by a junior-level sysadmin, without a lynch mob forming for the guy. So in theory, the Lenny release can be installed and maintained by a junior-level sysadmin, and upgraded without mystery problems when an upgrade to Squeeze is done. The Squeeze version of muggles will be ready when it[1] is ready. [1]muggles for Squeeze Design philosophyThe design is intended to be elegant, adhering to The Debian Way and the Unix philosophy. The core is a simple design for Debian, currently running on top of a minimal Lenny. A web gui is recommended for normal operation. Optional features and modules can be bolted on top of the core. Test environmentWhat good is building stuff for a production system unless you can give your design a shakedown test first? Networking is immensely fun but unless you can test your ideas out first, the users will hate you for applying and breaking things on the production system. So there is a virtual test enviroment option based on virtualbox ose. Abuse the virtual machines to your heart's content before deployment on the production system. AlternativesThese are "free as in freedom" alternatives with their own niches: ebox (ubuntu 8.04, 9.04) http://ebox-platform.com tomato (for routers) http://fixppp.org/ zeroshell (runs off livecd, based on source code rather than a distro) http://www.zeroshell.net pfsense (freebsd based) haproxy (designed as reverse proxy) http://haproxy.1wt.eu shorewall (latest versions can handle multipath uplinks) http://www.shorewall.net/ openwrt (firmware framework) http://openwrt.org/ vyatta (true enterprise grade. Has a community edition) http://www.vyatta.com [Less]

Zeroshell is a Linux distribution for servers and embedded devices aimed at providing the main network services a LAN requires. It is available in the form of Live CD or Compact Flash image and you ... [More] can configure and administer it using your web browser. [Less]