Zeroshell is a Linux distribution for servers and embedded devices aimed at providing the main network services a LAN requires. It is available in the Live CD or Compact Flash image and can be configured and administered through a web browser. Below are the main features of this Linux distribution useful to build Net Appliance:

  • Balancing and failover of multiple connections to the Internet;
  • UMTS / HSDPA 3G modem;
  • RADIUS server to provide authentication and automatic management of encryption keys to wireless 802.11b, 802.11g and 802.11a supporting the 802.1x protocol in the form of EAP-TLS, EAP-TTLS and PEAP, WPA modes are supported with TKIP and WPA2 with CCMP complies with the 802.11i standard, the RADIUS server may also, depending on the username, group or MAC Address of the supplicant, allow the access on a 802.1Q VLAN assigned to an SSID;
  • Captive Portal to support the web login on wireless and wired networks. Zeroshell acts as a gateway for the network on which the Captive Portal is active and on which IP addresses (usually belonging to private) are dynamically assigned by DHCP. A client that accesses this private network must authenticate using a web browser using Kerberos 5 username and password before the firewall Zeroshell allows him to access the public LAN.Captive Portal Gateways are often used to provide Internet access in the HotSpots in alternative 802.1X authentication protocol too complicated to configure for the users. Zeroshell implements the functionality of Captive Portal in native way, without using other specific software or as NoCat Chillispot;
  • Management of QoS (Quality of Service) and traffic shaping to control traffic on congested networks. It may impose constraints on the minimum guaranteed bandwidth, maximum bandwidth and the priority of a package (useful in real time connections such as VoIP). These constraints can be applied on Ethernet interfaces on the VPN, PPPoE on point to point, on the bridge and bonding (aggregation) of VPN. The classification of traffic can also be done by the Layer 7 filters that allow the Deep Packet Inspection (DPI) and then adjust the bandwidth and priority to be given to the flows of applications such as VoIP and P2P;
  • HTTP Proxy with open source ClamAV anti-virus can block on a centralized web pages containing Virus. The proxy, made HAVP, can work in waystransparent proxy , meaning that there is no need to configure your web browser users to use the proxy server, but http requests will be automatically redirected to it. It is obvious that in this case, the machine that acts as a proxy must also be a gateway (IP router or bridge);
  • Support for the functionality of the Wireless Access Point with Multiple SSID using WiFi network cards based on Atheros chipset. In other words, a Zeroshell box with one of these cards can work as WI-FI Access Point for IEEE 802.11 networks supporting the 802.1x, WPA for authentication and dynamic key generation. Obviously, authentication is via EAP-TLS or PEAP RADIUS server using the built-in;
  • VPN LAN-to-host protocol in which L2TP/IPsec L2TP (Layer 2 Tunneling Protocol) authenticated with Kerberos v5 username and password is encapsulated within IPsec authenticated with IKE with X.509 certificates;
  • LAN-to-lan VPN with encapsulation of Ethernet in SSL / TLS tunnel, with support for 802.1Q VLAN and aggregates in load balancing (band increase) or fault tolerance (reliability increase);
  • Router with static and dynamic routes (RIPv2 with MD5 or plain text authentication and Split Horizon and Poisoned Reverse algorithms);
  • 802.1d bridge with Spanning Tree protocol to avoid loops even in the presence of redundant paths;
  • Firewall Packet Filter and Stateful Packet Inspection (SPI) with filters applicable in both routing and bridging on all types of interfaces including VPN and VLAN;
  • Firewall and QoS control by means of filing traffic type P2P file sharing;
  • NAT to use private class LAN addresses hidden on the WAN with public addresses;
  • TCP / UDP port forwarding (PAT) to create Virtual Server or cluster of real servers having a unique IP address (the address of the Virtual Server).Requests to the virtual server will be sorted on the server in real Round-Robin (cyclically) maintaining the existing connections and sessions. You can obtain the load balancing web farm, and SQL cluster computing farm;
  • Multizone DNS server with automatic management of the Reverse Resolution;
  • Multi subnet DHCP server with the ability to assign IP address based on MAC address;
  • 802.1Q Virtual LAN (tagged VLAN) Ethernet interfaces on applicable on the VPN LAN-to-LAN, VPN, and the bonding of the bridge consisting of Ethernet interfaces, VPN, VPN and bonds;
  • PPPoE client to connect to the WAN via ADSL, DSL and cable (requires appropriate MODEM);
  • Dynamic DNS client used to easily reach even when the WAN IP is dynamic. Dynamic management of the DNS MX records to route e-mails on SMTP mail server with IP variable;
  • Server and client NTP (Network Time Protocol) to keep the host clocks synchronized;
  • Syslog server for receiving and cataloging the system logs produced by the remote hosts including Unix systems, routers, switches, WI-FI access points, network printers and others compatible with the syslog protocol;
  • Kerberos 5 authentication using an integrated KDC and cross-domain authentication;
  • Authorization LDAP, NIS and RADIUS;
  • X509 certification authority for issuing and managing electronic certificates;
  • Integration between Unix and Windows Active Directory on a single system of authentication and authorization using LDAP and Kerberos 5 cross realm authentication.

More Details Visit

Post By Gishore J Kallarackal (2,121 Posts)

Gishore J Kallarackal is the founder of techgurulive. The purpose of this site is to share information about free resources that techies can use for reference. You can follow me on the social web, subscribe to the RSS Feed or sign up for the email newsletter for your daily dose of tech tips & tutorials. You can content me via @twitter or e-mail.

Website: → Techgurulive