Jump to content

Coaxial router and UTM all in one?

Jenshiye
 Share
Go to solution Solved by brwainer,

By “coaxial router” do you mean something that has the coax modem builtin? I know Cisco makes some very high end business routers/firewalls with the modem builtin, but for custom devices based on normal server hardware there isn’t any options for DOCSIS 3.0+ - there were PCIe card modems for DOCSIS 2.0, but most ISPs are dropping support for 2.0. So really you are just talking about a business grade router.

 

For what you are talking about doing, premade router operating systems, like PFSense and Untangle, will do exactly what you want. PFSense is a little limited and painful to set up for the IDS/IPS role, but it can be done with either suricata or snort. PFSense is free unless you want to pay for direct support - normally only needed by businesses. The makers of PFSense, NetGate, also offer a number of appliances that have PFSense preinstalled, however since you are interested in a lot of features that require a lot of processing, I recommend you go with a multi-core and recent x86 system. I am less familiar with Untangle, but my understanding is that they offer a more traditional subscription based rule update system. Untangle isn’t free, but they have a home-use license for $50/year that includes all modules/features. I believe they also offer both appliances and the raw OS for install on custom systems.

 

If you really want to start from scratch, then any server-centric Linux distribution will work, you can pick what works for you. I prefer CentOS, but there is also Debian, Ubuntu Server, and many more. A YouTuber I like recently did (and might still be working on) a video series for making a router based on CentOS. Here is the first video in the series:

 I’m not sure whether he will show how to do full IPS with something like Suricata or Snort - you may have to figure that out yourself. 

 

EDIT: I just noticed you also mentioned a game server. I don’t recommend mixing that in the same operating system. But if you buy a fast enough server, you can first install a hypervisor like ESXi, XCP-ng, or ProxMox, and then install the router and game servers as separate VMs. When using PFSense in a VM, you need to do some tweaks: https://docs.netgate.com/pfsense/en/latest/virtualization/index.html

Posted

Hi everyone,

 

Admittedly, a long time ago, on literally a different continent, I worked at a company, where they plugged a modem into the back of a Kubuntu 7 server and it was the router, UTM, file server, download caches server and so forth all in one.

As I was fresh out of college with an associate programming degree in the Windows eco-system, I picked up very little of the technical intricacies and only did basic command input administration.

 

However, it always stuck with me a conversation along the lines of, "Why don't you just use the supplied router?" "Do you want a plastic toy or a beastly machine guarding the gates to your network? Which do you think would handle a brute force attack better? Which do you think you can customise more for traffic monitoring and alerts?"

 

I think I finally have enough of an understanding to implement some guides.

Anyone know of any good ones on configuring firewalls, configuring a Linux OS and such?

What OS is considered the most secure or suited for this?

Anyone tried something like this Sophos UTM OS? Has Sophos improved since Tavis Ormandy toyed around with it?

What block lists would you recommend?
Could I use Geo-blocking on a solution like this to reduce the chances that I team with Russians in CS:GO? ?

Thoughts on making an all-in-one server, UTM, game host and router, the drawbacks, risks, etc?

Thank you in advance,

 

Jen

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Solution

By “coaxial router” do you mean something that has the coax modem builtin? I know Cisco makes some very high end business routers/firewalls with the modem builtin, but for custom devices based on normal server hardware there isn’t any options for DOCSIS 3.0+ - there were PCIe card modems for DOCSIS 2.0, but most ISPs are dropping support for 2.0. So really you are just talking about a business grade router.

 

For what you are talking about doing, premade router operating systems, like PFSense and Untangle, will do exactly what you want. PFSense is a little limited and painful to set up for the IDS/IPS role, but it can be done with either suricata or snort. PFSense is free unless you want to pay for direct support - normally only needed by businesses. The makers of PFSense, NetGate, also offer a number of appliances that have PFSense preinstalled, however since you are interested in a lot of features that require a lot of processing, I recommend you go with a multi-core and recent x86 system. I am less familiar with Untangle, but my understanding is that they offer a more traditional subscription based rule update system. Untangle isn’t free, but they have a home-use license for $50/year that includes all modules/features. I believe they also offer both appliances and the raw OS for install on custom systems.

 

If you really want to start from scratch, then any server-centric Linux distribution will work, you can pick what works for you. I prefer CentOS, but there is also Debian, Ubuntu Server, and many more. A YouTuber I like recently did (and might still be working on) a video series for making a router based on CentOS. Here is the first video in the series:

 I’m not sure whether he will show how to do full IPS with something like Suricata or Snort - you may have to figure that out yourself. 

 

EDIT: I just noticed you also mentioned a game server. I don’t recommend mixing that in the same operating system. But if you buy a fast enough server, you can first install a hypervisor like ESXi, XCP-ng, or ProxMox, and then install the router and game servers as separate VMs. When using PFSense in a VM, you need to do some tweaks: https://docs.netgate.com/pfsense/en/latest/virtualization/index.html

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
2 hours ago, brwainer said:

... based on normal server hardware there isn’t any options for DOCSIS 3.0+ - there were PCIe card modems for DOCSIS 2.0, but most ISPs are dropping support for 2.0. So really you are just talking about a business grade router.

 

For what you are talking about doing, premade router operating systems, like PFSense and Untangle, will do exactly what you want. 

 

 A YouTuber I like recently did (and might still be working on) a video series for making a router based on CentOS. Here is the first video in the series:

 

Thank you, this is some very good info.

I was thinking of trying something like Unraid. Load up the "security" server in say 2-4 cores then dedicate the rest to hosting games.

I recently built a Ubuntu server, it wakes up on the weekends, runs its own updates, grabs backups from Windows shares then goes to sleep again. Ended up with a boot drive + ZFS RAID (threw it together with an old 8 thread PC and spare drives because the main provided solution keeps failing). However, it all sits behind a pre-made UTM.

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×