Firewall

The Firewall is a router called firewall in the internal network. It makes sure all connections are routed through the vpn and switches (and later balances) traffic through our different Internet connections (Satelite, DSL, [planned Fiber, maybe LTE, Wifi]).

We have at the moment a Debain running on a Z-Box (will be changed in the future). And configured the rules with “ferm”:http://ferm.foo-projects.org/.

There are several configurations in the /etc/ferm directory that can be loaded with ferm [filename]

/etc/ferm/default.conf

This file is loaded every time the VPN connection state changes with a udev rule. It ensures that traffic is only forwarded through the VPN and never leaves the box unless it is VPN traffic or DNS traffic to a limited set of servers.

/etc/ferm/admin.conf

This file is used to unlock the restrictive firewall during administration. This allows the firewall to connect to the distribution repositories and download updates.

/etc/cron.d/toggle_uplink.sh

This script is used to switch between uplinks (satellite or DSL) using a cron job. It is configured to shut down the VPN, set a different configuration (TCP for satellite, UDP for DSL) and trigger the reconnect. The VPN provider is instructed to provide a fixed IP so running downloads should continue.

crontab -e as root

At the moment the router switches at night to the satelite, to use the flatrate of the satelite between 0:00-6:00 UTC + 1.