Differences between version 14 and predecessor to the previous major change of LinuxRouterBox.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 14 | Last edited on Thursday, June 24, 2004 5:51:04 pm | by CraigBox | Revert |
| Older page: | version 10 | Last edited on Thursday, January 8, 2004 8:10:24 am | by AarnoAukia | Revert |
@@ -11,9 +11,9 @@
----
!!What does a Linux Router Box do?
-Connects to the Internet (via ADSL, dial-up, etc), provides [NAT] and 'masquerading' of the connection to any number of computers on your network. Provides a [FireWall]. Allows you to provide a LocalMailServer
, a WebServer, [DynamicDNS], [WebProxy] any of the useful things you might want to do with any server machine.
+Connects to the Internet (via ADSL, dial-up, etc), provides [NAT] and 'masquerading' of the connection to any number of computers on your network. Provides a [FireWall]. Allows you to provide a local MailServer
, a WebServer, [DynamicDNS], [WebProxy] any of the useful things you might want to do with any server machine.
----
!!Why would I want to use one?
@@ -52,10 +52,16 @@
Ensure you have iptables installed;
apt-get install iptables
+
!!Step 3. Recompile your kernel
+The default kernel from your distribution may not be set up for firewalling. You will need at the very least iptables support:
+("Networking Options" -> "Network packet filtering" and then "IP: Netfilter Configuration" -> "IP tables support" a bit further down).
+
+Enabling the "Socket Filtering" support is probably also a good idea (in case you want to [DHCP] from the machine, although maybe dhcp-server doesn't require this).
+
!!Step 4. Set up networking
!!Step 5. Obtain firewall
@@ -66,24 +72,31 @@
See ThingsToDoWithYourLinuxBox for some background info.
![DNS]
-Install bind(8)
. You can name your internal network easily enough. See NamedNotes. Setup hosts for "smtp", "wpad", "proxy" for your various services. Thusly if you move the smtp server to another machine, a simple DNS change will update all the machines on your network.
+Install [BIND]
. You can name your internal network easily enough. See NamedNotes. Setup hosts for "smtp", "wpad", "proxy" for your various services. Thusly if you move the smtp server to another machine, a simple DNS change will update all the machines on your network.
![DHCP]
Install a dhcpd(8) server daemon to work as a dhcp server for the network.
![WebServer]
To host various reporting services used below.
![WebProxy]
-Install squid(8)
. If you have a WebServer on the firewall, be sure to setup [WPAD] so the windows machines can configure themselves correctly. You may wish to transparently proxy people through your WebProxy. When configured with a program that can take squid(8)
logs and provide reports about it.
This can be used by parents to moniter
their childrens activity on the Internet.
+Install [Squid]
. If you have a WebServer on the firewall, be sure to setup [WPAD] so the windows machines can configure themselves correctly. You may wish to transparently proxy people through your WebProxy. When configured with a program that can take [Squid]
logs and provide reports about it (see SquidNotes)
. This can be used by parents to monitor
their childrens activity on the Internet.
![SMTP]
-Install exim(8)
or sendmail(8)
as a SMTP server for your local network. If you trust your [ISP], configure it's smarthost to be your [ISP]'s [SMTP] server. You should probably bind this to your internal interface only.
+Install [Exim]
or SendMail
as a SMTP server for your local network. If you trust your [ISP], configure it's smarthost to be your [ISP]'s [SMTP] server. You should probably bind this to your internal interface only.
![SNMP]
Install a [SNMP] server (bind it to your local interface only!) and use something like Cacti for graphing bandwidth usage.
----
Incomplete; being worked on.
+
+
+----
+
+Comment for the end - IPCop [http://www.ipcop.org] is a nice tidy linux firewall install, which deals with dial-on-demand or always-on connections. It runs better on a pentium machine, but 486 is fine too. IPCop sets up squid for web caching, a caching dns server, and standard stuff like an internal DHCP server.
+
+----
