X
xane
Guest
The Linux Router Project (LRP) was set up to provide a small installation that could run on any available hardware and emulate a typical router, install was so small in fact it boots off a 1.44MB floppy diskette and runs entirely in RAM.
So, if you had old kit lying around, even stuff like laptops and 486s, then it could be made into a router. If you already have a LAN then this becomes just another node, otherwise if you have a standalone machine its relatively easy to install a NIC and use a crossover cable to connect it.
From this sprung a number of derivative projects that expanded the router into regular firewalls, using standard Linux utilities like IPChains and free packages like Snort. These packages are still quite small, around 20MB install, and have been set up to be as secure and simple to use as possible.
A Linux-based router/firewall is better than using Windows with a proxy, NAT or ICS for three good reasons:
(a) it's faster - a LOT faster, hardly any effect on ping and no CPU overload because its on another machine.
(b) it's safer, the Linux install contains no unnecessary utilities, not even FTP or Telnet, so even if they did break into it there is nowhere to go.
(c) its free, all code is open source, this applies to the updates too.
If you are new to the Linux world like I am, then having someone organise and provide a cut-down Linux installation specifically for use as a router, firewall and intrusion detection is a godsend.
Two projects come to the fore; Smoothwall and IPcop, the latter forked away from the former and the two are virtually identical at the moment, just following different development paths.
So, here's what you have to do:
1. Find some kit.
You need a basic machine, 486 or above, any amount of RAM, any video, with a small HDD (at least 50MB), a CD-ROM, a NIC and a communications device (modem, ISDN or ADSL). Obviously if using the UK ADSL Alcatel "Frog" modem then you'll need USB support too.
2. Burn.
Download the ISO image (around 20MB) from the project site and burn a CD-R.
3. Boot and install.
Boot the kit using your CD-R, if the kit doesn't allow CD-ROM boot then they provide a floppy diskette image as well. The install repartitions and reformats the HDD, loads the software and performs basic configuration.
4. Configure.
Configuration is done from another PC in the network using a web browser, so you need the new firewall actually connected into your LAN, you browse the IP address of the firewall machine and it brings up web pages where you get access to all the configurations you need.
Installation takes around 15-20 minutes, configuration around 5-10 minutes, you can be up and running in half an hour !
5. Upgrade.
Check for upgrades to the firewall software, download them from the project website and then use the web interface to upload the TAR zipped file directly.
Issues.
(a) Linux is fussy about certain NICs, for example the Netgear cards are not very well supported (they are held in low regard in the Linux world), best for use and compatibility is the 3com cards.
(b) Linux is in fact fussy about every smegging piece of hardware, so if you are using a rare or very modern modem, then you may be out of luck. Fortunately, Linux now supports all methods of USB controller, so these devices are actually quite "safe" now.
(c) If you use the Alcatel "Frog" USB ADSL Modem, you'll need the modem firmware drivers from their website, you then use the web interface to upload them onto the firewall machine. Point to note is that Alcatel provide a TAR zipped file, you need to extract and rename the file (mgmt.o) first before you upload.
(d) If you're using any UK ADSL service, then you need to know the VPI and VCI numbers to connect, the ISP is supposed to provide these but rarely do, don't worry as we all have to use BT and they are always 0 (zero) and 38 respectively.
(e) Always remember the machine is a dedicated firewall and not intended for use by anything else, so don't expect to be able to utilize spare disk capacity. Putting a file sharing mechanism will destroy the dedicated firewall idea.
Control of the firewall is done entirely using the web interface from another machine, by relaxing the security you can even connect from an external address. Both the mentioned projects include a web server and VPN software as part of the package.
You don't need to actually learn Linux either, I personally have been using UNIX for 15 years, but as you can do everything you need to do via the web interface (including shutdown and reboot), you never actually need to login to the firewall let alone type commands.
So, if you had old kit lying around, even stuff like laptops and 486s, then it could be made into a router. If you already have a LAN then this becomes just another node, otherwise if you have a standalone machine its relatively easy to install a NIC and use a crossover cable to connect it.
From this sprung a number of derivative projects that expanded the router into regular firewalls, using standard Linux utilities like IPChains and free packages like Snort. These packages are still quite small, around 20MB install, and have been set up to be as secure and simple to use as possible.
A Linux-based router/firewall is better than using Windows with a proxy, NAT or ICS for three good reasons:
(a) it's faster - a LOT faster, hardly any effect on ping and no CPU overload because its on another machine.
(b) it's safer, the Linux install contains no unnecessary utilities, not even FTP or Telnet, so even if they did break into it there is nowhere to go.
(c) its free, all code is open source, this applies to the updates too.
If you are new to the Linux world like I am, then having someone organise and provide a cut-down Linux installation specifically for use as a router, firewall and intrusion detection is a godsend.
Two projects come to the fore; Smoothwall and IPcop, the latter forked away from the former and the two are virtually identical at the moment, just following different development paths.
So, here's what you have to do:
1. Find some kit.
You need a basic machine, 486 or above, any amount of RAM, any video, with a small HDD (at least 50MB), a CD-ROM, a NIC and a communications device (modem, ISDN or ADSL). Obviously if using the UK ADSL Alcatel "Frog" modem then you'll need USB support too.
2. Burn.
Download the ISO image (around 20MB) from the project site and burn a CD-R.
3. Boot and install.
Boot the kit using your CD-R, if the kit doesn't allow CD-ROM boot then they provide a floppy diskette image as well. The install repartitions and reformats the HDD, loads the software and performs basic configuration.
4. Configure.
Configuration is done from another PC in the network using a web browser, so you need the new firewall actually connected into your LAN, you browse the IP address of the firewall machine and it brings up web pages where you get access to all the configurations you need.
Installation takes around 15-20 minutes, configuration around 5-10 minutes, you can be up and running in half an hour !
5. Upgrade.
Check for upgrades to the firewall software, download them from the project website and then use the web interface to upload the TAR zipped file directly.
Issues.
(a) Linux is fussy about certain NICs, for example the Netgear cards are not very well supported (they are held in low regard in the Linux world), best for use and compatibility is the 3com cards.
(b) Linux is in fact fussy about every smegging piece of hardware, so if you are using a rare or very modern modem, then you may be out of luck. Fortunately, Linux now supports all methods of USB controller, so these devices are actually quite "safe" now.
(c) If you use the Alcatel "Frog" USB ADSL Modem, you'll need the modem firmware drivers from their website, you then use the web interface to upload them onto the firewall machine. Point to note is that Alcatel provide a TAR zipped file, you need to extract and rename the file (mgmt.o) first before you upload.
(d) If you're using any UK ADSL service, then you need to know the VPI and VCI numbers to connect, the ISP is supposed to provide these but rarely do, don't worry as we all have to use BT and they are always 0 (zero) and 38 respectively.
(e) Always remember the machine is a dedicated firewall and not intended for use by anything else, so don't expect to be able to utilize spare disk capacity. Putting a file sharing mechanism will destroy the dedicated firewall idea.
Control of the firewall is done entirely using the web interface from another machine, by relaxing the security you can even connect from an external address. Both the mentioned projects include a web server and VPN software as part of the package.
You don't need to actually learn Linux either, I personally have been using UNIX for 15 years, but as you can do everything you need to do via the web interface (including shutdown and reboot), you never actually need to login to the firewall let alone type commands.
