Chinaunix首页 | 论坛 | 博客
  • 博客访问: 7694068
  • 博文数量: 637
  • 博客积分: 10265
  • 博客等级: 上将
  • 技术积分: 6165
  • 用 户 组: 普通用户
  • 注册时间: 2004-12-12 22:00
文章分类

全部博文(637)

文章存档

2011年(1)

2010年(1)

2009年(3)

2008年(12)

2007年(44)

2006年(156)

2005年(419)

2004年(1)

分类: 网络与安全

2005-11-17 13:30:10

虽然没有写什么实质性的东西,但是写得还是 很有意思的

This page sets out to explain:

  • What a router is and why you need one.
  • Why setting up your own router / firewall is better than buying something 'off the shelf'.
  • How simple it is setup a very secure router / firewall for you i'net connection at minimum cost and effort (i.e. for free in 1 hour!).
  • The secrets - what the router manufacturers didn't want you to know ;)

Why Do I Need A Router?

A router or router-firewall (I will use the terms interchangably, where I say 'router' I mean 'router-firewall') in the simplest sense is just something that sits between your ISP connection (be that a dial-up modem an ADSL modem or a cable modem) and allows data (e.g. the web page you are viewing) to be routed between the internet and your internal 'home network'.

Your 'home network' might be just one PC but a router allows you to block all types inbound or network related attacks, e.g. any kind of internet worm that works by connecting to RPC or DCOM ports and many other types of attacks that try to connect to you from the internet. In simple terms a firewall-router protects your PC(s) from the bad people on the internet very effectivly, you don't need to know anything about how it works or how to setup the 'firewall' side of things to be protected, most routers come configured to work well with no real setup needed.

The other main advantage to using a router is that you can leave it on 24/7 and connect any number of PCs into your network at home to all share the internet connection with minimum fuss. A router should be very stable and many people leave them on 24/7 to give them a more or less permanent connection to the internet.

Some people suggest running a 'personal firewall', this is no bad thing but it suffers from some major drawbacks. The term 'personal firewall' I take to mean a firewall application that is running on your actual PC, that's the problem with it! Anything that runs on your PC is vunerible to a potential virus or malware that you might accidently download and run. Some malware explictly targets personal firewall apps and disables them, sometimes in ways which are not obvious to spot. A 'router-firewall' on the other hand is running on a dedicated box and so is far harder to bypass or disable. That's not to say they are useless, they are certainly better than nothing, there's free ones about so check them out if you decide not to have a router!

 

Why Should I Make My Own?

because you can and it's fun! :)

An ADSL router can be purchased and they aren't much more now than an ADSL USB modem but many people already have USB modems and want to 'upgrade' to use a router-firewall, if you make your own you can use the existing USB modem and build the actual firewall-router part, saving money.

Many routers you can buy are just plain rubbish, you only need to search the intarweb (ian :p ) for people trying to use a purchased router with a peer2peer app (like emule / kazza etc) to see the amount of issues.

A cheap purchased router in a lot of cases tends to crash or 'reset' when you push your internet connection with lots of downloads or uploads. In my experiance I can have over 1000 simultaneous connections and the router I built doesn't even break a sweat, let alone become unstable.

Making your own router gives you the kind of flexibility that you can't get from a purchased router, it is upgradable with a simple download and new features are being added as time goes on. Once you have bought a router you are stuck with the functionality you got when you bought it, until you buy a newer one of course!

Support, a router you build based on the free open source software around is made by a bunch of people like you, there is an active community of people who will help you get setup and offer advice if you want your router to do something more as your needs and understanding grows.

 

Setting Up The Router-Firewall

To make a router you will need the following,

a) 1 old PC (a p100 with 32 megs ram and a 500 meg or 1 gig HD is more than enough),, this will become the dedicated router-firewall.

b) some way to connect the router to the ISP, i.e. an ADSL USB modem for ADSL or a NIC (ethernet card) for cable modem or a dialup modem if you are using dialup. If the old PC doesn't have a USB port then you can get a PCI USB card for around 15 quid or less.

c) a NIC card to connect the router to your home lan (wireless will be an option soon!) a NIC card costs around 5 quid, you will also need a NIC card in each PC you need to connect.

d) a ethernet switch (or hub) if you have more than one PC you need to connect, a switch works just like a multi-way extention cable but it's designed to split an ethernet connection between your PCs so you can plug in many PCs (an 8 way switch for connecting 7 PCs is about 50 quid or less now, a 4 way switch for connecting 3 PCs is around 20 quid), if you have more than 7 PCs you want to connect then get another switch and connect it in or get a larger switch to start with.

Once you have the bits you are set :)

In my opinion the the easiest and best router-firewall can be made by downloading 'IPCop' from - it's a free, open source firewall.

Installation is simple, just burn a CD from the downloaded file (the complete OS is only 30 megs!) and boot from the CD to install. If your old / doner PC can't boot from CD then you will need to use floppy disks which can be created on another PC by using the IPCop CD you made. (there are other ways to install it without needing even a CD drive - but that is beyond the scope of this txt!)

IPCop is a complete operating system, which means there is no underlying windows OS required on the p100 / doner PC and no licenses to worry about. This is the truely neat part, a free OS that is pre-configured to install simply and provide you with a high quality dedicated firewall-router that is simple to setup and simple to use.

If you are installing IPCop for the first time then you will need to read the IPCop installation manual, think of it as reading the manual to your video recorder, it isn't that long and will allow you to understand IPCop and become more confident about the installation process. I think you can install it in about an hour after reading install guide, have a quick look at the FAQ as it should answer most questions you may have.

If you get stuck, ask! :)

 

Secrets Of Purchased Routers

ok - not that secret and mostly conjecture - lol

Many people are under the impression there is something called a 'hardware router-firewall' that is magically more secure and stable than a 'router-firewall' you can make yourself.. this is generally wrong on 2 counts,

A purchased ADSL router, if you opened it up, is really something like a 486 CPU with not much memory running some firewall software that's loaded off a diskless storage device, i.e. it's not a 'hardware router-firewall',. if such a thing even exists! They can crash and fail just like any other computer you ever used.

Whether it can be more secure is not quite so easy to dispute, all things have flaws, firewalls are no exception,. generally speaking a firewall based on linux (as IPCop) is secure if setup correctly, IPCop is easy to setup and hard to setup wrongly (though as with a purchased router-firewall it can be setup to be insecure if you try!).

IPCop regularly puts out fixes for their code, the kind of fixes you will see are generally not fixes to the 'internet side' of the router, they are usually small issues that could only be exploited with great difficulty by a determined hacker who could plug their computer into the network at your house (of course there's other ways that can happen e.g. some kind of remote access trojan).

It's hard to know what kind of issues exist within a purchased router, if there are so called 'firmware upgrades' these may contain fixes for insecurities in the firewall - it is hard to tell because they may not want that kind of information made public?

..

I'll add more to this as I think of it,..

Sil

PS, there's no section at the moment called 'day to day' running, I have 2 IPCops on my home network (I have cable i'net and ADSL) and I am very pleased with how IPCop performs, the setup and any maintenance is via a web browser which you point at the router, any fixes or patches that need to be applied are also done through the web page, most fixes do not require a reboot.. once IPCop is installed it behaves like most any other router you can purchase that is pre-built :)

阅读(1783) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~