Ubuntu Machine as Default Gateway / Router from Behind a Bridged Adapter on an XP Machine?

Alan
Alan used Ask the Experts™
on
Hi All,

I am wondering if I can have a setup summarised in the attached diagram.

LAN
My question is whether I can set the Ubuntu machine to be the router / default gateway for the LAN given its position behind the bridged adapter on the XP machine?


If so, I would then use the Ubuntu machine to act as a firewall / proxy for all traffic so that I can filter (haven't decided on what software to use for that yet, but it is Phase II for now).

Thanks,

Alan.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Aaron TomoskyDirector of Solutions Consulting
Commented:
Yes as a proxy. Look at squid. No as a gateway as the gateway need to have the lan&wan connections. If you physically put Ubuntu connected to the modem and give it a scone nic it can be the gateway.
AlanConsultant

Author

Commented:
Okay - How about this:

Give the modem / router an IP of 192.168.1.2/24

Give Ubuntu two IPs (as it is a router, it should be 'connecting' two networks):

192.168.1.1/24

and

192.168.1.1/24

Make Ubuntu the router, DHCP server, and default gateway for 192.168.1.0/24 and have its default gateway being the modem / router.

If I turn off DHCP on the modem / router, fix its and Ubuntu's IPs (in their private network), and block all traffic transitting the modem / router except if going to / from Ubuntu, then no other devices can avoid Ubuntu and Squid?

Would that work?

Can Ubuntu have two IPs, on different networks (192.168.1.0/24 and 192.168.2.0/24) with a single physical (wired) NIC?

Thanks,

Alan.
Aaron TomoskyDirector of Solutions Consulting
Commented:
I think each nic can only have more than one ip if they are within the same subnet mask. I've done that before. I don't think you can give one nic two ips with different subnets but honestly I've never tried. Always used two nics.

Ok, I did some searching and apparently this IS something you can do.
http://www.windowsreference.com/windows-2000/how-to-addassign-multiple-ip-address-in-vistaxp20002003/
http://www.tomshardware.com/forum/23763-42-multiple-address-single
http://linux.m2osw.com/two_ips_on_one_nic
http://www.liberiangeek.net/2010/09/create-multiple-static-virtual-ip-addresses-ubuntu-10-10-maverick-meerkat/
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

You could probably get it to work, but don't do it. Your performance would be very poor, and it would be very easy to unintentionally bypass (not to mention intentionally) the firewall you are trying to setup. Go with a straight forward 2 NIC setup to do it right.
AlanConsultant

Author

Commented:
Hi Inbox788,

How would it be easy to bypass - intentionally or unintentionally?

If the modem / router won't transit any packets except to / from 192.168.1.1, then how would any other device get out?

I could also set the router / modem to only accept LAN-side packets from Ubuntu's MAC address to make it more solid?

However, I'm really more interested in avoiding unintentional / basic bypasses.  If anyone was truly intent on getting past it, I accept they'd find a way.

Thanks,

Alan.
I assumed, may incorrectly, that the computers would be plugging into the switch. Now it's unclear to me where you intend to connect the computers. What device do the wired and the wireless devices connect to? If they don't physically depend on the firewall router to route packages, then it's possible to bypass it. Say you have more than one DHCP server (not recommended), it could pick up an unfiltered IP address.
AlanConsultant

Author

Commented:
Yes - I see what you are saying, and you are correct.  There is nothing FORCING all packets to go via the Ubuntu machine.

The 'security' would rely on the fact that the modem / router would only accept packets to / from the Ubuntu machine's IP / MAC.

Still, it should be pretty secure?  If not, how would you go about circumventing it?

Thanks,

Alan.
Aaron TomoskyDirector of Solutions Consulting
Commented:
If the modem was somehow set to only accept packets from Ubuntu then to bypass it you would have to fake its Mac or ip depending on the filtering. Not trivial but not difficult. Brand name gigabit intel nics are $30. Offbrand are $10.
AlanConsultant

Author

Commented:
Yep - good point.  I am being skinflint!

Thanks,

Alan.
AlanConsultant

Author

Commented:
Hi Guys,

My apologies for not closing this before - I just missed it somehow.

I went with the two-NIC solution at the time, but since then bought a new router that has much improved firewall functionality so using that for now.

Thanks,

Alan.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial