I want to use Ubuntu as a firewall and wireless AP, with some external traffic passing through openVPN, and the rest just through a firewall

I would like to do some configuration through Zentyal or a similar setup, but I am also willing to use config files.

I am connecting to a commercial VPN using a username and password. I want that traffic to then pass through a firewall, then I want to provide services like dhcp and dns to a wired and wireless interface (wireless using hostapd).

I also would like to have a similar network on two other interfaces that passes through the firewall but not the VPN. If possible I want both networks to see the local machines on each network and receive services such as a SAMBA and CUPS share, NTP, etc. It is important the DNS passes through the VPN on the VPN bonded network.

Is this even possible, and if so, how do I accomplish it? I am not afraid to get my hands dirty, but I am somewhat of a novice at Linux networking.


This kind of setup is very complex and fragile during updates if you aren't experienced with the ins and outs of networking in Ubuntu. Sadly there haven't found any good tools for performing these functions on vanilla Ubuntu install but there are lots of Ubuntu dirivatives that offer the functionality you describe. You may want to checkout Untangle, or my personal favorite pfSense (FreeBSD based has many advanced features). They are both great solutions but I recommend pfSense because it has some more advanced networking features that require a support license to use in Untangle. Both install and function very well inside Virtualbox for testing so that might be a good place to start.

If you really want to go through with this the hard way, I would strongly recommend this book http://www.amazon.com/gp/aw/d/0137081332 . It has lots of great information and will help you get started.

Update: one other thing I would recommend if doing it by hand, learn how to use a version control system and track your configuration files with it. Git, Murcurial, SVN, doesn't matter; it will save your life if you need to roll back a change that breaks something or track changes made to your configuration by an overzealous update package.