In these days Internet security is more important than ever, would it not be neat if you could run all your Internet traffic through a big filter to filter out all those nasty viruses, malware and privacy concerns!? Well, if you happen to have an old PC lying around or as I have a server running MS-Hyper-V then you actually can fairly simple (and free)..
Ok, you may have heard about such solutions as; Smoothwall, monowall and others like them? These are basically routers/firewalls, and could with a PC (and two nics) replace your broadband router, they contain complex firewall capabilities and maybe even VPN connect possibility. All very cool and quite easy to setup and use..
Untangle go a step further than this, to the basic router capability is added firewall, vpn, antivirus scanning, privacy filter, ad filter, spam filter, captive page and much much more. The best part is that most of this is free, you can download a bunch of apps and install these (this is point and click, so no linux knowledge is required).
So how does it work, is it a proxy or is it a gateway or what? Well once installed you set the LAN nic IP as the default gateway and viola all traffic is now filtered against malware, virus, spam, privacy concerns and what not..
I setup my Untangle box as a Hyper-V machine on my Windows 2008R2 server, gave it 640mb ram and two cpu’s and a 120gb hard drive (of which it is now using aprox 6-7gb).
Once installed you configure everything via the web-interface (not on the box itself if you use Hyper-V, but on you own pc);
So a few notes on installing the app as a hyper-v virtual server;
- Obvious disadvantages, you will never be able to install the Hyper-V additions into the Linux box, thus no mouse ever which leaves the user interface on the installed box useless.
- I had to run the installation 4-5 times before I succeded, dont know why it failed but it was as if the installer just stalled during the installation, thus I suggest you take a snapshot once you manage to install the basic system (now you can always revert to here).
Ok, let me just give you the quick tour of installing the thing, it is not a complete guide
(so no screenshots and some obvious steps may be omitted, but if you know a bit of Hyper-v’ing it should not be too hard);
1. Download the Untangled install cd from; http://www.untangle.com/Downloads/Download-ISO
2. Create a new Hyper-V machine (I suggest 640mb ram, 2 cpu’s), replace the NIC with two legacy NIC’s (required to work), an IDE drive – I used a dynamic drive of 120gb but I think performance may be better if you set a static drive of perhaps 20gb, mount the downloaded ISO as the CD rom. Tweaks; you can stick to one legacy NIC if you do not plan to use the box as a firewall (eg. if you have a HW firewall in your ISP router etc), some things will not work with only one nic but most will.
3. Start the system and select the Text based installer (as you have no mouse in hyper-v), I seemed to have better luck with the advanced installer.. You should set static IP’s so decide on two IP’s before getting started.
4. Once the installation is complete switch to your browser and connect to the IP you set as the LAN side during install
5. Take a snapshot of your of your Hyper-V machine.
6. Now download the “open source pack”, on the left of the interface.
7. Configure the different modules, I suggest you disable/turn off the firewall, anti spam, PG, intrusion prevention features (unless you plan on using the device as your main router) as this will speed up performance.
8. Now set the LAN NIC IP as your default gateway on your pc (or on your DHCP server)
You can even set up a captive page, this will require people to have a password in order to access the Internet quite cool – sadly it does not support limiting bandwidth, download ratios etc. but well it’s still cool.
Don’t worry if your first or second install fails, as mentioned I had to do multiple installs before it succeeded, but now it runs fairly smooth. I have experienced that the web-interface was unavailable (network still worked, but I could not reach the interface), but after a reboot everything was back online.