November 13, 201312 yr Like the title say, how can we set up a firewall or a NAT? Is there any modules/function missing in the kernel ? Tools: iptables package: http://search.slackware.eu/cgi-bin/package.cgi/view/slackware-13.37/slackware/n/iptables-1.4.10-i486-1.txz More tools needed? How to set up firewall on unraid? Some links that might be useful http://code.seanodonnell.com/?id=44 http://www.m0rd0r.eu/how-to-make-small-home-network-with-slackware/ http://slackalaxy.wordpress.com/tag/iptables/ www.LinuxGuruz.com FORUM http://www.linuxguruz.com/forum/viewforum.php?f=35 Firewall generator http://www.slackware.com/~alien/efg/ http://www.perturb.org/content/iptables-rules.html http://www.mista.nu/iptables/ OpenVPN server & iptables http://docs.slackware.com/howtos:network_services:openvpn We also need to invoke with some commands .I have found these , do not know if all is necessary or is missing some... modprobe ip_tables modprobe ip_conntrack modprobe iptable_filter modprobe iptable_mangle modprobe iptable_nat modprobe ipt_limit modprobe ipt_state modprobe ipt_owner modprobe ipt_REJECT modprobe ipt_MASQUERADE modprobe ip_conntrack_ftp modprobe ip_conntrack_irc modprobe ip_nat_ftp modprobe ip_nat_irc modprobe iptable_filter modprobe ip_conntrack
November 13, 201312 yr I would love to have the ability to control access to the unRAID server by IP based on times. For example, kids want to keep watching TV after bedtime, so at 9:00pm, I could restrict access to their machines and turn it back on the next morning
November 13, 201312 yr Author some missing modules.... FATAL: Module ip_conntrack not found. FATAL: Module iptable_nat not found. FATAL: Module ipt_limit not found. FATAL: Module ipt_state not found. FATAL: Module ipt_owner not found. FATAL: Module ipt_MASQUERADE not found. FATAL: Module ip_conntrack_ftp not found. FATAL: Module ip_conntrack_irc not found. FATAL: Module ip_nat_ftp not found. FATAL: Module ip_nat_irc not found. FATAL: Module ip_conntrack not found
November 14, 201312 yr I would NEVER use unraid as a NAT firewall. There are too many security issues to think about when it comes to NAT. If Tom is trying to add traffic shaping to improve performance, I feel he is barking up the wrong tree. Traffic shaping should be handled by the router. For me that would be Smoothwall, though there are others. Smoothwall express 3.0 has some QOS built into the software, which helps with performance. This seems to work real well for me. Here is a screen shot of the QOS settings in Smoothwall express: Sideband Samurai
November 14, 201312 yr If Tom is trying to add traffic shaping to improve performance, I feel he is barking up the wrong tree. I think Tom added base IPTABLES at a user's request. I don't see him planning to use it for any core unraid functions.
November 14, 201312 yr I needed iptables so I could connect to openvpnserver from an Android client (I am not the one who requested it though)
November 14, 201312 yr Requesting the inclusion of iptables originally was to provide the ability to nat/firewall those that use openVPN server/client on unRAID. Without nat/firewall one exposes their unRAID server to the outside world regardless of what hardware/software firewall is between the server the Internet. To properly set up either manually or through a script package like Shorewall it requires more than just iptables added to the kernel. These are the details that I believe peter_sm is asking help for to work out.
November 14, 201312 yr I would love to have the ability to control access to the unRAID server by IP based on times. For example, kids want to keep watching TV after bedtime, so at 9:00pm, I could restrict access to their machines and turn it back on the next morning If you own a Broadcom based wireless router, installing Tomato firmware will give you those tools (and plenty more). DD-WRT is also a choice and most wireless routers do include some form of access restrictions in the stock firmware.
November 15, 201312 yr I would love to have the ability to control access to the unRAID server by IP based on times. For example, kids want to keep watching TV after bedtime, so at 9:00pm, I could restrict access to their machines and turn it back on the next morning If you own a Broadcom based wireless router, installing Tomato firmware will give you those tools (and plenty more). DD-WRT is also a choice and most wireless routers do include some form of access restrictions in the stock firmware. I'm pretty sure you can only block all wifi devices, or Internet access to certain devices, so if the device is wired it will still be able to access the unraid box unless you want to get fancy with your network setup and add a second router to your network. Sent from a mobile device, sorry for any typos.
November 15, 201312 yr I would love to have the ability to control access to the unRAID server by IP based on times. For example, kids want to keep watching TV after bedtime, so at 9:00pm, I could restrict access to their machines and turn it back on the next morning If you own a Broadcom based wireless router, installing Tomato firmware will give you those tools (and plenty more). DD-WRT is also a choice and most wireless routers do include some form of access restrictions in the stock firmware. I'm pretty sure you can only block all wifi devices, or Internet access to certain devices, so if the device is wired it will still be able to access the unraid box unless you want to get fancy with your network setup and add a second router to your network. Sent from a mobile device, sorry for any typos. Yep, you are correct. Was thinking about a different scenario. Should be able to set up a cron job to block certain IPs as needed, once we get this figured out.
Archived
This topic is now archived and is closed to further replies.