Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
LinuxRouterBox
Edit
PageHistory
Diff
Info
LikePages
AddToMe! When going to describe this page, I was given a great haiku: ''Windows NT crashed. I am the Blue Screen of Death. No-one hears your screams.'' A perfect introduction to the science of creating a LinuxRouterBox! ---- !!What does a Linux Router Box do? Connects to the Internet (via ADSL, dial-up, etc), provides [NAT] and 'masquerading' of the connection to any number of computers on your network. Provides a [FireWall]. Allows you to provide a local MailServer, a WebServer, [DynamicDNS], [WebProxy] any of the useful things you might want to do with any server machine. ---- !! Why would I want to use one? I quote my parents as a great example; they have a computer, my brother has a computer, and they were all discussing getting ADSL. The parents wanted control of the connection, my brother wanted to be able to use the DSL without their computer being on, and I wanted them not to buy a Windows-only modem :) Otherwise, you might just want to learn about Linux, or be able to ensure the connection at your house will still be up when your main PC has gone to a LAN, or crashed, or is turned off at night, or whatever myriad of other reasons you might have. !! What you will need * An old computer - anything from a 486 up is permissable, but if you have to use a 486, chances are someone can give you a Pentium class [CPU] for free. * CD-ROM drive * Network card * DebianLinux CDs This introduction is written with the relatively new Linux user in mind. It is written for DebianLinux because of the ease of installing software. This task is perhaps easier to provide under another distribution (see [SelectingADistribution] for a bit of background) -- if you can figure all this out, you can change distribution. ---- !! Step 1. Install Linux This section is being left terse at the moment; make sure to read PartitioningSuggestions. When you're finished this stage you should have a basic Linux installation. !! Step 2. Update your /etc/apt/sources.list and dpkg database See AptSourcesList for information about what this file is and what you might want to put in it. When this is done, perform apt-get update This will bring your database up to date. !Step 2a. apt-get upgrade !!Step 3. Add some extra packages Ensure you have iptables installed; apt-get install iptables !!Step 3. Recompile your kernel The default kernel from your distribution may not be set up for firewalling. You will need at the very least iptables support: ("Networking Options" -> "Network packet filtering" and then "IP: Netfilter Configuration" -> "IP tables support" a bit further down). Enabling the "Socket Filtering" support is probably also a good idea (in case you want to [DHCP] from the machine, although maybe dhcp-server doesn't require this). !!Step 4. Set up networking !!Step 5. Obtain firewall See PerrysFirewallingScript for instructions on how to do this !!Step 6. Install Services See ThingsToDoWithYourLinuxBox for some background info. ![DNS] Install [BIND]. You can name your internal network easily enough. See NamedNotes. Setup hosts for "smtp", "wpad", "proxy" for your various services. Thusly if you move the smtp server to another machine, a simple DNS change will update all the machines on your network. ![DHCP] Install a dhcpd(8) server daemon to work as a dhcp server for the network. ![WebServer] To host various reporting services used below. ![WebProxy] Install [Squid]. If you have a WebServer on the firewall, be sure to setup [WPAD] so the windows machines can configure themselves correctly. You may wish to transparently proxy people through your WebProxy. When configured with a program that can take [Squid] logs and provide reports about it (see SquidNotes). This can be used by parents to monitor their childrens activity on the Internet. ![SMTP] Install [Exim] or SendMail as a SMTP server for your local network. If you trust your [ISP], configure it's smarthost to be your [ISP]'s [SMTP] server. You should probably bind this to your internal interface only. ![SNMP] Install a [SNMP] server (bind it to your local interface only!) and use something like Cacti for graphing bandwidth usage. ---- Incomplete; being worked on. ---- Comment for the end - IPCop [http://www.ipcop.org] is a nice tidy linux firewall install, which deals with dial-on-demand or always-on connections. It runs better on a pentium machine, but 486 is fine too. IPCop sets up squid for web caching, a caching dns server, and standard stuff like an internal DHCP server.
One page links to
LinuxRouterBox
:
InNeedOfRefactor