amXa

Why amXa?

Setting up a network with a 'hardware router' is an easy and straitforward thing.. Usually these routers do not just the routing to the internet, they also nice do things like NAT, DHCP and firewall etc. Shortly the do all the basic things you need that severals boxes can acces the internet easyly and safely. But you are restricted to the services this 'router' offers. They usualy lack things like (a real) DMZ, DNS and so on.

Setting up a linux box as a replacement of such a router is a solution to this problem, but is much more complicated than the 'hardware router'. Specialy the setup of the netfilter (firewall, port forwarding and NAT)  needs some expert knowledge.

What does amXa?

amXa combines the simple setup of a 'hardware router' with the flexibility of a linux routing box. amXa just reads one simple configuration file an produces a set of (sys5init) shell scripts  to setup the box automaticaly on each boot. It configures the following items:

How to use amXa?

Edit the file 'amxa.conf' and run the script amxa. This produces a sys5init-style bash script, which has to benn placed in the apropriate directory.
 
A simple sample 'amxa.conf' file (for the syntax cf. the full sample below):
[zones]
ext bluewin ppp0 0.0.0.0 0.0.0.0 80
int clients eth2 10.0.2.0 255.255.255.0

[clients]
range workstation 10.0.2.40 10.0.2.99


This simple file configures the following:

A complete config file:
[zones]
#
# 1) zone type is one of 'ext', 'int' or 'dmz'.
# 2) the zone types 'ext' and 'int' can be repeated. For security
# and simplissity each zone _must_ have it's own interface.
# 3) the zone type 'dmz' can _only_ used once an is _allways_ named 'dmz'.
# 4) if there are more than one of zones typ 'ext', the lines are bundled.
# 5) several zones of type 'int' form independent networks
# 6) the names of the zones 'int' and 'dmz' form the network name.
# 7) for each declared zone of type 'int' and 'dmz' there _must_ be
# definition of the hosts in this zone.
# 8) 'ipnumber' and 'netmask' set these values for this interface.
# use '0.0.0.0' for 'ipnumber' and 'netmask' if dhcp is used.
# 9) if 'upspeed' (in kbits/s) is given upload shaping is done.
#10) 'downspeed' is used for load balancing if more than one zone 'ext' exist.
#
# syntax: tpye network zone-name ip-number netmask
#
ext bluewin ppp0 0.0.0.0 0.0.0.0 80 300
ext balcab eth1 10.0.1.0 255.255.255.0 200 600
int clients eth2 10.0.2.0 255.255.255.0
int staff eth0 0.0.0.0 0.0.0.0 0 0
dmz dmz eth3 10.0.3.0 255.255.255.0



[staff]
#
# for each zone definition of type 'int', the must be a section with the
# name of the zone declaring the host in this zone.
#
# there three types of host declarations:
#
# a) 'range' declares a range of host using dhcp:
# 1) only _one_ 'range' defintion can be given.
# 2) the range must _not_ overlap with any static addresses in this zone.
# 3) the host in a range are automaticaly named with the given hostname
# with the ip-number as prefix (e.g. 10.0.1.40-workstation)
#
# syntax: range begin-ipnumber end-ipnumber
#
# b) 'host' declares a single host with a fixed ipnumber.
# 1) the can be any number of host definition.
# 2) if the forth parameter (the mac-number) is given, dhcp will be used.
# 3) if dhcp is _not_ used the the clients _must_ be configured manualy.
# the most easy way is using dhcp by declaring the mac-number.
#
# syntax: host hostname ip-number
#
# c) 'alias' declares an aliasname of a host declaration:
# 1) the can be any number number of aliases.
#
# syntax: alias aliasname realname
#
range workstation 10.0.1.40 10.0.1.99
host gaya 10.0.1.101 ab:ab:ab:ab:ab:ab
host berlin 10.0.1.102 ab:ab:ab:ab:ab:ab
host edith 10.0.1.103 ab:ab:ab:ab:ab:ab
host madrid 10.0.1.2
host akela 10.0.1.22
alias router madrid
alias proxy madrid
alias ns madrid
alias xdm akela

[clients]
#
# same as in [staff]
#
host earth 10.0.2.4 ab:ab:ab:ab:ab:ab
host venus 10.0.2.1 ab:ab:ab:ab:ab:ab
host jupiter 10.0.2.34 ab:ab:ab:ab:ab:ab
alias www earth

[dmz]
#
# The 'dmz' zone is similar to a 'int' zone, but there are to additional
# parameters, namely the port(s) which are forwarded to the dmz-zone and the
# destination port(s) on the decalred host. The 'range' keyword is not allowed.
#
host earth 10.0.3.4 00:00:00:00:00:00 ssh
host venus 10.0.3.1 00:00:00:00:00:00 413 4413
host jupiter 10.0.3.34 ab:ab:ab:ab:ab:ab 0:1024 0:1024
alias www earth





SourceForge.net Logo