Differences between current version and predecessor to the previous major change of LinuxRouterBox.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 15 | Last edited on Sunday, November 28, 2004 10:30:24 am | by AristotlePagaltzis | |
| Older page: | version 10 | Last edited on Thursday, January 8, 2004 8:10:24 am | by AarnoAukia | Revert |
@@ -11,35 +11,33 @@
----
!!What does a Linux Router Box do?
-Connects to the Internet (via ADSL, dial-up, etc), provides [NAT] and 'masquerading' of the connection to any number of computers on your network. Provides a [FireWall]. Allows you to provide a LocalMailServer
, a WebServer, [DynamicDNS], [WebProxy] any of the useful things you might want to do with any server machine.
+Connects to the Internet (via ADSL, dial-up, etc), provides [NAT] and 'masquerading' of the connection to any number of computers on your network. Provides a [FireWall]. Allows you to provide a local MailServer
, a WebServer, [DynamicDNS], [WebProxy] any of the useful things you might want to do with any server machine.
----
-!!Why would I want to use one?
+!! Why would I want to use one?
I quote my parents as a great example; they have a computer, my brother has a computer, and they were all discussing getting ADSL. The parents wanted control of the connection, my brother wanted to be able to use the DSL without their computer being on, and I wanted them not to buy a Windows-only modem :)
Otherwise, you might just want to learn about Linux, or be able to ensure the connection at your house will still be up when your main PC has gone to a LAN, or crashed, or is turned off at night, or whatever myriad of other reasons you might have.
-!!What you will need
+!! What you will need
* An old computer - anything from a 486 up is permissable, but if you have to use a 486, chances are someone can give you a Pentium class [CPU] for free.
* CD-ROM drive
* Network card
* DebianLinux CDs
-This introduction is written with the relatively new Linux user in mind. It is written for DebianLinux because of the ease of installing software. This task is perhaps easier to provide under another distribution (see [SelectingADistribution] for a bit of background) - if you can figure all this out, you can change distribution.
-
-See SomePeopleChangeTheirDistributionsAsOftenAsOthersChangeTheirUnderpants
.
+This introduction is written with the relatively new Linux user in mind. It is written for DebianLinux because of the ease of installing software. This task is perhaps easier to provide under another distribution (see [SelectingADistribution] for a bit of background) -
- if you can figure all this out, you can change distribution.
----
-!!Step 1. Install Linux
+!! Step 1. Install Linux
-This section is being left terse at the moment; theres a lot of things
to be said about the best ways of DrivePartitioning
.
When you're finished this stage you should have a basic Linux installation.
+This section is being left terse at the moment; make sure
to read PartitioningSuggestions
. When you're finished this stage you should have a basic Linux installation.
-!!Step 2. Update your /etc/apt/sources.list and dpkg database
+!! Step 2. Update your /etc/apt/sources.list and dpkg database
See AptSourcesList for information about what this file is and what you might want to put in it.
When this is done, perform
@@ -52,10 +50,16 @@
Ensure you have iptables installed;
apt-get install iptables
+
!!Step 3. Recompile your kernel
+The default kernel from your distribution may not be set up for firewalling. You will need at the very least iptables support:
+("Networking Options" -> "Network packet filtering" and then "IP: Netfilter Configuration" -> "IP tables support" a bit further down).
+
+Enabling the "Socket Filtering" support is probably also a good idea (in case you want to [DHCP] from the machine, although maybe dhcp-server doesn't require this).
+
!!Step 4. Set up networking
!!Step 5. Obtain firewall
@@ -66,24 +70,29 @@
See ThingsToDoWithYourLinuxBox for some background info.
![DNS]
-Install bind(8)
. You can name your internal network easily enough. See NamedNotes. Setup hosts for "smtp", "wpad", "proxy" for your various services. Thusly if you move the smtp server to another machine, a simple DNS change will update all the machines on your network.
+Install [BIND]
. You can name your internal network easily enough. See NamedNotes. Setup hosts for "smtp", "wpad", "proxy" for your various services. Thusly if you move the smtp server to another machine, a simple DNS change will update all the machines on your network.
![DHCP]
Install a dhcpd(8) server daemon to work as a dhcp server for the network.
![WebServer]
To host various reporting services used below.
![WebProxy]
-Install squid(8)
. If you have a WebServer on the firewall, be sure to setup [WPAD] so the windows machines can configure themselves correctly. You may wish to transparently proxy people through your WebProxy. When configured with a program that can take squid(8)
logs and provide reports about it.
This can be used by parents to moniter
their childrens activity on the Internet.
+Install [Squid]
. If you have a WebServer on the firewall, be sure to setup [WPAD] so the windows machines can configure themselves correctly. You may wish to transparently proxy people through your WebProxy. When configured with a program that can take [Squid]
logs and provide reports about it (see SquidNotes)
. This can be used by parents to monitor
their childrens activity on the Internet.
![SMTP]
-Install exim(8)
or sendmail(8)
as a SMTP server for your local network. If you trust your [ISP], configure it's smarthost to be your [ISP]'s [SMTP] server. You should probably bind this to your internal interface only.
+Install [Exim]
or SendMail
as a SMTP server for your local network. If you trust your [ISP], configure it's smarthost to be your [ISP]'s [SMTP] server. You should probably bind this to your internal interface only.
![SNMP]
Install a [SNMP] server (bind it to your local interface only!) and use something like Cacti for graphing bandwidth usage.
----
Incomplete; being worked on.
+
+
+----
+
+Comment for the end - IPCop [http://www.ipcop.org] is a nice tidy linux firewall install, which deals with dial-on-demand or always-on connections. It runs better on a pentium machine, but 486 is fine too. IPCop sets up squid for web caching, a caching dns server, and standard stuff like an internal DHCP server.
