A friend of mine pointed me in the direction of this software that will allow you to share out your Internet connection more reliably and faster than Window's ICS. After two days battling with the software I finally emerged as the victor with a working router/firewall. Some of the things I have noticed that work (that didn't through ICS) are that I can receive and send IRC DCC file transfers, ICQ transfers now work again and a noticeable difference using the internet in general.
This is a small guide written to guide you on your journey of setting up a Linux router/firewall. It'll allow you to share your Internet connection and provide some protection to your home network.
The oldest computer you can get your hands on (within reason). Just couldn't convince yourself the old 486 is really obsolete? Well, here is a good use for it. I personally am using a P75 with a 500MB hard drive. The hard drive is optional. You will need at least 8MB of RAM.
Two network interface cards (NICs). I prefer using ISA network cards as you can set the hardware address and know exactly where they are. Also since most of you can't afford an Internet connection over 10Mb/s it should be plenty fast.
Go to http://www.freesco.org/, follow their download link and grab the newest version (0.3.0 at this writing), though 0.2.7 was used for this writing. Unzip the package into a directory and you should see this in your directory:
At this point you will need to find yourself a floppy to use to write the disk image to. Go to the freesco directory and double click the make_fd.bat file. A command window will come up. Place a formatted floppy in your A: drive and hit Enter.
Wait for the image to extract and now we are ready to boot your router for the first time!
At this point I would like
to mention that it is a good thing to already have your hardware set up and the addresses
on your NICs set. The ISA NICs that I have used (3com 3c509 and Linksys EtherLAN) cards
have an executable that comes with the drivers to set the memory address and the IRQ. BE
SURE TO WRITE THESE DOWN. You will need them. You will also need to have the information
to hook up your Internet connection. While this program does support sharing a dialup
connection I will not be covering that aspect. This will be for xDSL or cable connections
only. You will need the computer name that was assigned by your provider and that is it if
you are using DHCP. If you have a static address you will also need the IP, default
gateway and your primary and secondary DNS servers.
Once you have all of the above information together put the floppy into the floppy drive and boot your machine up. If all goes well you will see the freesco header and below it you will see the prompt:
At this prompt you will need to type 'setup' and hit enter to begin the configuration process.
Wait for the kernel to load and when it comes to the login prompt type in "root". By default the password is root (you will be able to change that later).
This is the first
configuration screen. Since we are setting it up for the first time we want to choose #2.
Next we want to select "e" to start the setup of an Ethernet router.
The first step is to enter the name for your computer given to you by your ISP, known as your host name.
Next you will need to provide a domain name for your router. The domain name isn't too important at this point so just use your imagination.
Next you can autodetect any modems attached to your system. This is for if you want to be able to dial into your network from outside. You can experiment and set this up later on your own.
The next step is to start configuring your network cards.
Note: This is where
you need the settings I told you to save earlier.
The setup will ask how many network adapters you have. Since this is a simple instruction set we will answer 2.
Next question is what I/O
address your first network adapter is at (this is the one connected to the internet). In
my case it is 0x300.
Another Note: I/O addresses are given in hex format. Meaning before the number there is a '0x'.
Next you will need to enter the IRQ of the adapter. Repeat the last two steps for the 2nd adapter as well.
Now we need to answer
whether or not your Internet connection runs on DHCP or not. If you were provided with an
IP address when your cable modem was installed you probably have a static IP, if you were
not provided with an IP address you most likely have a dynamic IP. Dynamic IP's are more
common and also what we will cover.
Answer 'y' to this question and press 'Enter'.
Next we answer whether we want our router to log messages from clients. This is good for troubleshooting but otherwise is just a waste of resources. Answer 'N' and press 'Enter'.
We are then asked if we would like to update DNS settings through DHCP. Since this is how your computer finds other computers on the Internet hit 'y' and press 'Enter'.
Now we will set up the network card that is attached to our network. Generally, the second network card in a Linux system is called 'eth1'. Since we have no good reason to change that we won't. Type in 'eth1' and press 'Enter'.
Next we have to choose an IP address for our internal network card. I chose '10.0.0.2'. This is a non-routable address and would be a good choice. Type in '10.0.0.2' and press 'Enter'.
Our network mask will be '255.0.0.0'.
Now we will set up our DHCP
server for ease of connecting machines to our network. While you can theoreticly add as
many IP addresses as you want to this field you should remember that every IP address that
your machine has to manage will slow it down. Be reasonable in picking your IP range. You
want enough IP's to cover as many computers and devices as you think will be attached to
your system and a few more for safety.
I selected '10.0.0.11 10.0.0.254'. This provides us with just over 200 addresses.
Next we will be setting up DNS. Please read the warnings on the screen. We want to enable the caching DNS server on our router but make it available only to computers on our local area network (LAN). Choose 's' for secure and press 'Enter'.
Next is whether we want to enable DNS request logging. Much like DHCP logging it is good for troubleshooting but not for much else. Answer 'n' and hit 'Enter'.
We want to be able to use our internal DHCP server to dole out IP addys so type 's' and 'Enter'.
We are not going to worry about WINS at this point so type '-' and hit 'Enter'.
Now we need to determine how long we want our DHCP leases to last. The default value is 604800 seconds, or 7 days. This should be fine for our purposes.
We have a ability to create reservations for certain computers so they will always have the same IP address. If you are interested in doing this please read up on it. It is fairly easy to do but for the sake of keeping this article short we won't be covering it. Press 'n' and hit 'Enter'.
Freesco will allow you to
run a web page from your router. We will also not delve into this area but remember it is
there if you want to come back to it later. Hit 'n' and press 'Enter'.
Next we want to enable the router control and time server but make it available only on the LAN. Select 's' and hit 'Enter'.
The control HTTP server now needs to know what port to run on. The default is '81' but I have chosen something a little farther away and hopefully more hidden (5000). You may choose either.
Select the default for the time server (www.clock.org) and press 'Enter'.
Time offset is how far away you are from Greenwich Mean Time. I am in the eastern time zone and we are behind GMT by 5 hours. My entry would be '-0500'. You must calculate your offset and hit 'Enter'.
Your router is capable of acting as a print server as well. You can come back and change it later but for now we will disable this feature. Press 'n' and hit 'Enter'.
A telnet server is a nice interactive way to enter and control your router. We will want this available only to our LAN so hit 's' and press 'Enter'.
Your router can save energy while it is idling and shut off your monitor and spin down your hard drive (assuming you are running off one). You can come back and set this up later. Type '0,0' and hit 'Enter'.
If you will be running from a hard drive you will want to come back later and set a swap file size. For now hit '0' and type 'Enter'.
The extra modules are not things we need to run at this point so hit 'n' and press 'Enter'.
For log sizes we can accept the defaults and just hit 'Enter'.
The host gateway is your default gateway. If you are using DHCP you will not need to provide this information.
You will now need to enter your primary DNS numbers. These numbers are provided by your ISP.
You can also
provide a secondary DNS number if you have one.
You can add in a web proxy if your ISP provides one and if you want to use it. Otherwise type in '-' and hit 'Enter'.
Export services is used to route ports from your firewall to machines on your system. These can be set up through the control panel later. Hit 'n' and press 'Enter.
Press 'Enter' to continue.
Well, we are now done with
the hardest part. We will now save our settings, reboot and if everything is entered
properly our router should start sharing the internet.
Press 's' to save settings and exit.
Type 'reboot' and hit 'Enter' to restart our router.
Your router should now be able to share your internet connection across your LAN. This has been VERY stable for me. I have been running it for about four monthes and have only had to reboot once.
Thanks to RedShoes and Dan for pointing me in the direction of this proggy--you guys are linux freaks!