How to build your own router | News | TechRadar UK Updated 12 hours ago
Username Password Remember me | Forgotten details?Forgotten details? Close Email me my password*Email not recognised
Go Please check your inbox for your password reminder email. Thank you. -->Log in|Join TechRadar and get our free newsletter 15574 products + 260401 members HomePremier PartnerSamsung News All newsMobile PhonesTVsTabletsComponentsCamerasComputingLaptopsMore Reviews Browse categoriesMobile phonesComputingTabletsCamerasAVLatest ReviewsHow to buy Blogs New postsAppleHome CinemaPCsSatelliteHardwareMacTechRadarAll Forums Forum homeAdvanced search TR Store Phone dealsMobile phone recycling Magazines Tech magazines All magazines Like us on FacebookWindows 8iPhone 5Where am I?NewsNews by technologyNetworkingAll feeds Get weekly newsletter Join TechRadar How to build your own router Tutorial: Turn an old computer into a powerful firewall and routerNetworking News By Neil Bothwick December 28th 2010 | Tell us what you think [ 4 comments ] Tweet IPCop works like normal router software - through an internet browser on a PC connected to the network <>
Linux is built on networking. It's at the core of the operating system, not a bolted on extension. This means that if you want to build an internet appliance, Linux is the obvious choice.
The most popular internet appliance is a router and most homes have one these days, translating your DSL or cable internet connection into Ethernet or wireless to be used by your computer. If you have more than one computer, such a device is even more important because it enables them to use the internet at the same time without getting their packets in a twist.
If you do have a number of computers, it's possible you have at least one that's neglected and gathering dust in a cupboard somewhere because it's no longer considered powerful enough for current needs. You've probably thought about putting it on Ebay, but a combination of apathy and the rapidly diminishing value of older hardware means you never got round to it.
Well, you can give this box a new lease of life as an internet gateway. You may be asking why you would want to do this instead of using a pre-packaged modem/router.
One reason is that you can have far more control over exactly what goes on in the box, what functions it has and who can do what. Another reason for doing it is because it's a fun way of learning about such things, rather than just leaving it all to a magic black (or, more likely, white or silver) box.
There are two ways of approaching this task; the first is to use a distro specifically designed for the job, already set up with the packages you need. The other is to build it entirely yourself, using a minimal Linux installation and adding the software you need to do what you want.
This month, we'll look at the first path, but we'll cover the full DIY approach in the next issue.
Pick a distro
There are quite a few distros intended for use on firewall appliances, and some of them are based on FreeBSD rather than Linux. The distros can be divided into two groups, those that provide a dedicated firewall/router and those that comprise a more complete internet gateway, including things like print, mail, file and even web servers.
For this tutorial, we are concentrating on a pure gateway, a more flexible and powerful alternative to an off-the-shelf modem/router and one that enables the other services to be run more securely behind the firewall.
The distro that we've picked for this example is IPCop. We are using the stable 1.4.21 release, although the more adventurous might consider the 1.9 version.
You will also need a computer, obviously. Just about anything modern enough to be powered by electricity should be acceptable. An i586 or later box can handle the internet requirements of a medium-sized network.
There's no desktop with IPCop – after installation, everything is done remotely via a web browser, so memory requirements on the hardware are minimal. You will need a keyboard and monitor for installation, but these can be removed once the system has rebooted.
The computer will need at least two network interfaces: Ethernet for the local network and whatever your internet connection needs. This could be a PCI DSL modem card, another Ethernet card to connect to a standard cable or DSL modem or even just a USB port if you have no wired connection and are using a 3G dongle.
If you want to set up a demilitarised zone (DMZ) you'll need another Ethernet card, and you'll need a wireless card if you want this box to also act as a Wi-Fi access point. An Ethernet switch or hub plugged into the green Ethernet port will enable multiple computers to be connected to the network.
Installation Boot from the IPCop CD to get into the text-based installer. If you have only used the graphical installers of the likes of OpenSUSE, Mandriva and Ubuntu, this may come as a bit of a shock – use the cursor keys to move around, the Space bar to select options and Enter to proceed.
Heed the warning early on: this installer will wipe your hard drive. You can't dual boot your router with Windows – this is a one-shot machine.
The lack of partitioning or package choices means there's very little for you to do prior to installation. Select Skip at the restore screen. The next step is to pick the Ethernet interface to use for the green network; the other interface(s) will be set up later.
Letting the installer probe for a suitable interface is generally best, although there are manual configuration options should your network adaptor need special module options passed to it. Because the router will also act as a DHCP server for your network, it must have its address assigned statically. If in doubt what to put here, 192.168.1.1 is a good choice.
You are now given the web address for configuration, so make a note of this. The network configuration type is one of the most important choices during installation; the historical default is to use Ethernet for green and a modem for the red network. If your modem connects via Ethernet, change this to GREEN + RED.
Choose the option that includes ORANGE or BLUE if you also want a DMZ or wireless sector in your network – you can change this later if you would rather keep it simple and just set up the red and green networks to start with.
You then need to tell IPCop what to use for the extra interfaces in the Drivers And Card Assignments section.
Address configuration
The DNS and Gateway section can be left blank if your modem gets this information from your ISP with DHCP, but the DHCP configuration section relates to the addresses that IPCop gives out over the green and blue networks. You specify a range of addresses from which IPCop can choose, but leave some for any computer that may use static addressing.
I generally start the DHCP range at 100 (192.168.1.100 if you used 192.168.1.1 for IPCop itself) and use lower addresses for any static allocations, for no other reason than it makes it immediately obvious whether an address has been given by DHCP.
You must also enable the DHCP server here. The primary DNS server can be left at the address of the IPCop computer, which means IPCop will act as a DNS cache, speeding up lookups when the same domain is referenced by more than one computer – how many computers on your network don't look up www.google.com or www.linuxformat.com?
Finally, you need to set passwords for three users. The root user is not normally used, unless you want to log in directly on the router, the admin user is the user of the web interface, which you will normally use for configuration, and the backup user. Now you can remove the installation CD and reboot.
Starting up
The computer will reboot to an unhelpful-looking login prompt, but you won't be using this. Open a browser on another computer on the green network and go to https://192.168.1.1:445, replacing the IP address with whatever you set in the installation.
If the computer you're connecting from had its network started after rebooting the router, you can use the hostname set in the installation instead; the default is ipcop (https://ipcop:445). Your browser will probably complain about an untrusted certificate when connecting, which you can tell it to accept.
This is because IPCop is using a self-generated certificate, so your browser can't check its trustworthiness. Since you've just installed it, you know you can trust it.
Remember the admin user's password you set up during installation? IPCop enables you to view the home page without it, but selecting anything pops up a password requester.
The first link you should select is System > Updates since the home page will have told you there are updates available. Press the Download button, which doesn't appear to do much, but the description of the updates should appear in the section below, so press Apply Now.
If you see an error that this is not an authorised update, your hardware clock is probably way out. This isn't uncommon on hardware that has not been used for years or had a BIOS reset.
Go to Services > Time server and set the time manually. Then tick the box to use a network time server and press Save. You have to set the time manually first because NTP will not change the time if the jump is too great.
The web interface is where you do everything from now on. If you want, you can now power down the router, disconnect the keyboard and monitor and tuck it away somewhere out of sight and sound before switching back on (but make sure it has enough air to cool itself).
Your new router should now be providing DHCP and DNS services to your local network and giving access to the internet, so it's time to start exploring the options.
Your first stop should be System > Backup, where you can create a DAT file containing all your settings, enabling you to roll back if your changes don't work out as intended. Do this before you start experimenting. You can even use the Export button to transfer this to a USB stick for safe keeping.
Explore the features
IPCop provides a number of services that are not enabled by default but are worth investigating and turning on.
These can be found in the Services menu and include a web proxy, to reduce traffic and response times for commonly used pages, a time server, a dynamic DNS feature to update your IP address on services like www.dyndns.org, intrusion detection with Snort and traffic shaping. The last is useful with several machines sharing limited bandwidth, you don't want someone's BitTorrent download of the latest Ubuntu ISO image to slow down your browsing of the Fedora forums.
By setting various port ranges to High for email ports such 25, 110 and 143, Medium for web ports 80 and 443, and Low for FTP (21) and BitTorrent (6881–6999) you can stop file downloads from slowing down browsing by too much while making sure that email always gets through.
We said that you can add a network post-installation, so how do you do this when there doesn't appear to be an option in the web interface? The answer is that this has to be done on the command line, either directly on your IPCop box (assuming it still has a keyboard and monitor) or via an SSH connection from the green network. For the latter, you need to enable SSH access from the System menu, then connect to it with: ssh -p 222 root@ipcop
Then run setup to get a curses GUI similar to the installer from where you can change choices made at that time. Go into Networking > Change Network Type and pick GREEN + ORANGE + RED to add a DMZ, or add a BLUE for a wireless sector. Either way, you must have a suitable network card already installed in the computer.
Go to Drivers And Card Assignments to pick the card for the new network, then use Address Settings to pick an address for the new network's interface. This must be on a different subnet, so if you used 192.168.1.1 for green, use 192.168.2.1 for orange.
Once you have done this, turn off SSH for security.
Setting up the DMZ
Now that you have a DMZ, you can begin setting it up. There is no DHCP server on the orange network, so any computer you add here should have a static address, which is a good thing if you're providing access from outside because you need to forward traffic to a specific address.
To set up access to a web server with the address of 192.168.2.2, the first step is to set up port forwarding, just as you would on a standard modem/router, except here we are forwarding to the server on the DMZ.
Go to Firewall > Port Forwarding page. The Source IP Or Network box is normally left blank, to enable access from all external addresses, but you can restrict access to a specific address or range if you wanted your server to only be accessible from one location (although a VPN may be a more suitable approach in this situation).
Set the source and destination ports to 80 (HTTP) and the Destination IP to 192.168.2.2, press Add to see the rule appear in the list below. Now hit Reset and repeat the process for port 443 (HTTPS).
Now you have a web server that is accessible from the internet and from your LAN (the green network), but it cannot access your green network. This means that if the server, or perhaps some PHP code it is running, is exploited, it can only harm itself, not the rest of your computers.
Poking holes
There may be times when your web server needs to communicate with a machine on the green network, for example sending a backup of its MySQL tables.
IPCop has a feature called a DMZ pinhole that provides restricted access from one computer in the orange network to one port on one computer in the green network. This is set up in Firewall > DMZ Pinholes but use this option only when you have to, because it partially compromises the security provided by the DMZ.
There is lots more you can do with IPCop, but we've given you enough to get started. Browse around the web interface and read the associated documents on the IPCop website for more information.
------------------------------------------------------------------------------------------------------First published in Linux Format Issue 139Liked this? Then check out 7 of the best Linux firewallsSign up for TechRadar's free Weird Week in Tech newsletterGet the oddest tech stories of the week, plus the most popular news and reviews delivered straight to your inbox. Sign up at http://www.techradar.com/registerFollow TechRadar on Twitter * Find us on Facebook Tags: tutorial, Linux, routers, IPCopTweetreddit!Stumbleupon Your comments (4) Click to add a new commentantalves
4. Is it ready the second part of your tutorial?
Thanks
Alert a moderatorelfsternberg3. "Just about any [computer] modern enough to be powered by electricity should be acceptable."
An amendment, if I may. One thing that you should pay special attention to is the quality of the network cards you're using. I have a home-based router of exactly this kind, running a ten-year-old copy of Trustix on an archaic P5; the cards are 10-base-Ts, which was fine in 2001, but in 2010 they're the limiting factor on the inbound network. Make sure your router, hubs, and everything else are capable of handling the maximum speeds coming out your provider's pipe.
Alert a moderatortentimes2. lmao! I've just spent the whole weekend (I'm sad) researching this, and I load up my favourite tech site today and here is your article! hahaha :) What a happy coincidence ;) Going to read it now and see if you came to the same conclusion as me ;)
Alert a moderatorbnr10661. I think the presentation of ADSL or DSL is more important than the brief mention of two lines...
The most common internet connection in the UK uses PPP and is handled by the router so not addressing that aspect of an internet gateway is a bit of a hole in the overall application, no?
Alert a moderator Tell us what you thinkYou need to Log in or register to post comments By submitting this form you agree to our Terms of Use and so are legally responsible for anything you submit. DO NOT submit anything which may violate the Terms of Use or another person's rights including copyrighted or offensive materials. Submit Explore News LANWi-fiRouters & storage Related News Top 50 best Linux apps 2011Ignore the speculation, Linux is far from deadGoogle: Chromebooks will succeed where Linux netbooks failed10 best Linux distros for 2011Is Linux on the desktop dead?Best Linux music player: 5 reviewed and rated Related Reviews OpenSUSE Linux 11.1Nero Linux 3 Get the best deals on subscriptionsAnd find out more about Linux Format Magazine
7 of the best Linux firewallsDistributions designed to secure your network
Best Linux apps for managing your mediaOrganise and edit your music, movies and photos
10 essential Linux security tipsLock down your machine today with our 10-step checklist
25 internet security tipsSecurity advice to help you stay safe online
NEWESTMOST READMOST COMMENTED TECH NEWS HEADLINESWeek in camera news6 of the best mid-price monitors for your MacThis week's hottest reviews on TechRadarThree UK takes legal action over NFC consortiumStar Wars Blu-rays first to offer THX Media Director techAndroid to overtake iPhone app downloads for first timeReports: Nintendo can't get Wii U to workMore TECH NEWS HEADLINESHands on: Samsung Galaxy Note reviewTop 160 best Android apps 20116 of the best mid-price monitors for your Mac10 best Linux distros for 201120 best mobile phones in the world todayTop new camera rumours for 2011Android to overtake iPhone app downloads for first time TECH NEWS HEADLINESiPhone 5 rumours: what you need to know (114)Windows 8: everything you need to know (30)Ice Cream Sandwich: everything you need to know (13)Apples strikes new blow to Samsung in German court kerfuffle (12)Are glasses killing 3D TV? (9)Samsung Galaxy Note UK pre-orders begin (7)Why Sony's Personal 3D viewer is game-changing (6)Find a review
Get more from TechRadar iPhone 5 rumours: what you need to knowHands on: Samsung Galaxy Note reviewiPad 3 rumours: what you need to knowSamsung Galaxy SHP TouchPadHTC Sensation20 best mobile phones in the world todaySamsung Galaxy AceHTC Wildfire SSony Ericsson Xperia ArcAmazon Kindle 3HTC Desire HDSony Ericsson Xperia PlayHTC WildfireiPhone 4HTC Desire SiPad 2 TechRadar PollWhich new product shown at IFA 2011 is the most exciting?
Sony Tablet PSony Tablet SSamsung Galaxy NoteIdeaPad U300 SToshiba AT200Xperia Arc SSony VAIO SPhilips 46PFL9706HSamsung Series 7HTC RadarHTC TitanGalaxy Tab 7.7 Vote Results Where am I?Technology NewsTech newsApple newsMobile phone newsTablet newsTV newsCamera newsPC component newsPC newsLaptop newsInternet newsGadget newsGaming newsHome cinema newsHi-fi newsTechnology ReviewsDigital camera reviewsCamcorder reviewsMobile phone reviewsMP3 and iPod reviewsNetworking reviewsPC reviewsPC component reviewsLaptop reviewsTablet reviewsTV reviewsBlu-ray reviewsHi-fi reviewsTechRadar UKAbout usContact usSitemapReport this pageAccessibilityMedia enquiriesTerms and conditionsPrivacy policyAdvertising enquiriesJobsMore from TechRadarRegister & email newsletterFacebookTwitterYouTubeRSS feedsForumsPhone dealsSell your old mobileTechRadar Network3D RadarTap! magazineMacFormat magazinePC Format magazinePC Plus magazineLinux Format magazineCopyright 2006 - 2011 Future Publishing Limited,
30 Monmouth Street, Bath, BA1 2BW, United Kingdom
England and Wales company registration number 2008885
1 comments:
How can I tell which one is the best product among those mentioned on the list here?
Best Wireless Doorbell
Post a Comment