I was wondering is there is a nice guide to doing this? Like what stuff I'll need to think about, etc. Also, I am hoping I am wrong, but PCI winmodems... do they still not work with anything besides windows? Thanks.
Linux Router Box
- Thread starter htmlmasterdave
- Start date
well, it really depends on your level of interest. there have already been distros created to do this for you. FreeSCO and LPD come to mind and ClosedBSD too. there are a bunch out there. just google those names to get links to their site.
but, if I were to buil my own, I would start with OpenBSD and set up the firewall and port forwarding and such. I chose OpenBSD because out of the box, it's a very secure OS, meaning no daemons are runing excipt for the the basic packet filtering and firewall setting and SSH(may be a couple other)
There are so many options, but why re-invent the wheel? It's already been done!
Good luck!
Mitch
but, if I were to buil my own, I would start with OpenBSD and set up the firewall and port forwarding and such. I chose OpenBSD because out of the box, it's a very secure OS, meaning no daemons are runing excipt for the the basic packet filtering and firewall setting and SSH(may be a couple other)
There are so many options, but why re-invent the wheel? It's already been done!
Good luck!
Mitch
well, damn. this one you caught me pissin in the wind... LOL
it's called PF (packet filter) IPFW is used in FreeBSD as IPtables and IPchains(old) is used in Linux.
Mitch
not all internal modems are Winmodems, although most are. Just remember that winmodems lack the neccissary hardware to be real modems, and they operate thru emulation on your PC's cpu. This requires special drivers and most of it is closed source stuff. People have thru a lot of effort have reverse-enginneered some winmodems and they now work in Linux to varying degrees of success.
As far as Linux routing, it depends on how hardcore you want to be about it.
For most home users a simple NAT firewall setup is great, I prefer the term Masquerading, since it's more discriptive and what the original designers called it, but NAT is the most common term nowadays.
You have one linux box with 2 network interfaces, one to the outside network and one to the internal network. You get the external IP address from the ISP, you get set up the internal network. Many linux NAT routers have a DNS server/relay/cache and DHCP server to make this easier, but is not needed. They also often have a mini-HTTP server in them to aid in the configuration and/or monitoring of the router and network logs. This is also not needed, but a nicety. They also often have proxy-ing ability and you'll need stuff like NAT Modules to handle special networking like online Quake gaming and certian types of streaming media. You'll also want to set up some port forwarding for any internet services you want to get out of you internal network, such as a Web server or a ftp server.
My first router was a redhat 7.0 box. I used a crappy winmodem and the internal network was Ethernet 10MB/s. I set it up by hand with a simple NAT rules, but had no firewall-type stuff to deny packets, create packet logs or any intrusion detection style stuff. Just a simple NAT router. The internal network was based off of a cheap hub and Mine and my roomate's computers. (I had basement they lived up stairs)
One great thing was I found was MasqDialer Server
It allowed clients to have the router dial out to the internet, disconnect, and monitor connection state (wheither it was up or down). It has clients for Windows, Macs, and linux boxes. It even has a windows 3.11 client! Plus a java client so that should run on any sort of OS that has java support.
That way I could play Quake2, while at the same time they surfed online, all on a 32-46kb phone connection. I worked out a hundred times better then any thing I've ever seen with a windows-based solution. If they needed to make a phone call, they could disconnect the network and incomming calls would disconnect the network. If they wanted to get on the internet they could make the Linux router dial out.
Now a Linux router is also usefull for bigger networks. Linux routers can handle even very sophisticated network topology using stuff like zerba, or Quagga it can perform the functions of any dedicated routing software. Athough I don't think that it's up to the level of a 5000 dollar Cisco router, yet. Although for 90% of what people use routers for, it can fit the bill easily.
Heres a website dedicated to builing a simple yet effective Linux router.
There are lots of very small Linux router projects, like the Leaf Firewall Appliance, which is what I use. It's a linux on a floppy, so you don't need to waste a harddrive or a cdrom drive on a router.
Heres a usefull Commercial-style linux project. ClarkConnect, and is designed so that even someone completely unfamilar with Linux can have a network appliance setup quickly and easily
heres a BSD-centric site for seting up unix routers. Very businesslike and security oriented
There are hundreds other sites. Also read up on security and how TCP/IP works. The more you know about this sort of thing, the better and easier it would be to set up a practicaly hacker-proof network.
Now it's easy to go out a by a 30 dollar router, but none of them will be able to approch the usefullness and versatility of a homemade Linux router.
As far as Linux routing, it depends on how hardcore you want to be about it.
For most home users a simple NAT firewall setup is great, I prefer the term Masquerading, since it's more discriptive and what the original designers called it, but NAT is the most common term nowadays.
You have one linux box with 2 network interfaces, one to the outside network and one to the internal network. You get the external IP address from the ISP, you get set up the internal network. Many linux NAT routers have a DNS server/relay/cache and DHCP server to make this easier, but is not needed. They also often have a mini-HTTP server in them to aid in the configuration and/or monitoring of the router and network logs. This is also not needed, but a nicety. They also often have proxy-ing ability and you'll need stuff like NAT Modules to handle special networking like online Quake gaming and certian types of streaming media. You'll also want to set up some port forwarding for any internet services you want to get out of you internal network, such as a Web server or a ftp server.
My first router was a redhat 7.0 box. I used a crappy winmodem and the internal network was Ethernet 10MB/s. I set it up by hand with a simple NAT rules, but had no firewall-type stuff to deny packets, create packet logs or any intrusion detection style stuff. Just a simple NAT router. The internal network was based off of a cheap hub and Mine and my roomate's computers. (I had basement they lived up stairs)
One great thing was I found was MasqDialer Server
It allowed clients to have the router dial out to the internet, disconnect, and monitor connection state (wheither it was up or down). It has clients for Windows, Macs, and linux boxes. It even has a windows 3.11 client! Plus a java client so that should run on any sort of OS that has java support.
That way I could play Quake2, while at the same time they surfed online, all on a 32-46kb phone connection. I worked out a hundred times better then any thing I've ever seen with a windows-based solution. If they needed to make a phone call, they could disconnect the network and incomming calls would disconnect the network. If they wanted to get on the internet they could make the Linux router dial out.
Now a Linux router is also usefull for bigger networks. Linux routers can handle even very sophisticated network topology using stuff like zerba, or Quagga it can perform the functions of any dedicated routing software. Athough I don't think that it's up to the level of a 5000 dollar Cisco router, yet. Although for 90% of what people use routers for, it can fit the bill easily.
Heres a website dedicated to builing a simple yet effective Linux router.
There are lots of very small Linux router projects, like the Leaf Firewall Appliance, which is what I use. It's a linux on a floppy, so you don't need to waste a harddrive or a cdrom drive on a router.
Heres a usefull Commercial-style linux project. ClarkConnect, and is designed so that even someone completely unfamilar with Linux can have a network appliance setup quickly and easily
heres a BSD-centric site for seting up unix routers. Very businesslike and security oriented
There are hundreds other sites. Also read up on security and how TCP/IP works. The more you know about this sort of thing, the better and easier it would be to set up a practicaly hacker-proof network.
Now it's easy to go out a by a 30 dollar router, but none of them will be able to approch the usefullness and versatility of a homemade Linux router.
FreeBSD also has: IPF and I believe PF has been ported (or is being ported).
NetBSD has: IPF, PF, and I think IPFW is in ports (but I'm not 100% positive).
There may be the IPF version of OpenBSD still around, but I haven't bothered to keep up with it since PF is much much nicer.
Wasn't the smoothwall guy a huge prick to people on the mailing list? Wasn't there a thread about this guy maybe half a year ago or something?
Anyways, look into coyote linux as well. Another floppy based, router distro.
I'm going to definately have to try some of this stuff.Yeah, Smoothwall is great, it's what I'm using right now. A little low on features through the web interface though, so once I get some time I'm going to replace it with an OpenBSD box and really get into the nuts and bolts of firewall configuration.
Unless I'm mistaken (and I could be), that astaro stuff costs money. Smoothwall is free. That counts for a lot to most people, especially for home use.
Astaro is 100% free up to 3 interfaces (external, internal, dmz) and 10 internal IPs.
Also if you participate in their forum (www.astaro.org) frequently enough, you can get a version that supports more NICs and IPs for free as well. You do have to pay extra for the email virus protection if you get the 3 interface, 10 IP free version. But it's well worth it.
Also if you participate in their forum (www.astaro.org) frequently enough, you can get a version that supports more NICs and IPs for free as well. You do have to pay extra for the email virus protection if you get the 3 interface, 10 IP free version. But it's well worth it.
I have no idea what you can setup...
Other than the web interface I would say probably not, but I have a feeling you're going to tell me you don't need that anyway.
Keep in mind that it *is* free. You might need to protect more than 10 devices on your LAN, or need more than 3 interfaces, but for the majority of people, that will work quite well.
Other than the web interface I would say probably not, but I have a feeling you're going to tell me you don't need that anyway.
Keep in mind that it *is* free. You might need to protect more than 10 devices on your LAN, or need more than 3 interfaces, but for the majority of people, that will work quite well.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter