I present the fourth article in the series, aimed at "continuing" system administrators, for experienced ones, I can hardly discover something new.
In these articles, we will look at building an Internet gateway on linux, allowing you to link several company offices, and provide limited access to the network, traffic prioritization (QoS) and simple load balancing with redundancy between two providers.
Specifically in this part:
And in the
first part were considered:
- The simplest setting is Shorewall
- Awfully tricky dnsmasq setup
- No less complicated setting OpenVPN
- And for many continuing admins atypical, dynamic routing, for example, OSPF
And in the
second :
- More detailed setting Shorewall
- Terrible and not clear QoS
- Load balancing and redundancy
And in the
third :
- Full QoS in Shorewall
- More detailed setting Shorewall
- Channel traffic scaling according to protocols
- Crutches, without them, nowhere
')
Developments
Everything is both simple and difficult. For interest, consider PortKnocking.
/ etc / shorewall / actions Here we simply announced our action on the event.
/etc/shorewall/action.Knock Here we do event handling, the idea is this:
If there is a request for port 1600, open port 22 for the same source address for 60 seconds. If there is a request for port 1599 or 1601, close port 22.
/ etc / shorewall / rules And here we have included work with PortKnoking on the appropriate connections.
The topic of event handling is extensive, so you should carefully read the manuals.
Macros
They allow you to write rules effectively (we have already mentioned a little about macros).
/etc/shorewall/macto.TEST Apply the rules:
/ etc / shorewall / rules