I found the networking configured by
libvirt (KVM) did not allow me to firewall the network as I desired. I use Shorewall for firewalling, and DNSMasq for internal DNS and DHCP. After a little experimentation, I found that I could configure Ubuntu to create the network. This allows me to get a reliable firewall configuration with a virtual DMZ.
The virtual hosts are assigned to a bridge, and only have connectivity to other networks as defined in the Shorewall configuration. A single DNSMasq server provides DSN an DHCP services for all virtual servers, as well as the network the server is connected to. The network and firewall configuration remains consistent even as servers are cycled up and down. An additional bridge was created to support virtual servers in the DMZ zone. Continue reading
Squid is a proxy service for HTTP and other requests. This article covers installing it and configuring it to run on Ubuntu as a transparent proxy. This documentation includes configuring Web Proxy Auto-Discovery (
I run a heterogeneous configuration. This provided a number of challenges as various implementations of
WPAD were encountered. These each seem to require something different. The final configuration works for Ubuntu, Windows X/P, and Windows Vista. Both Internet Explorer and Firefox configured correctly. Continue reading
Now I have replaced my old firewall with OpenWRT, I needed to enhance the configuration of
dnsmasq to support the network. The old Ubunutu based firewall was already running
dnsmasq, as does the DNS server on the LAN.
I run a mixed network with wired and wireless clients on separate address ranges. DHCP services are provided by the OpenWRT router. An Ubuntu server is the primary DNS server for the wired network. Continue reading