Building a Router at Home With Ubuntu
Many homes now have Internet access independent. Some of them even had to use a broadband connection with a fairly high speed. The question is, Can the Internet connection is being shared to multiple PCs or notebooks at home? The answer could be, with the router!
Router that will be made - though for home-based classes - guaranteed to have stability and enterprise-class security as supported by the Linux operating system. Eits, do allergies first with Linux. Linux is intentionally selected from Ubuntu Desktop - the easiest Linux distributions and is widely used as a working terminal. We assure you, you baseball will meet with the Linux command line is much feared by ordinary users.
Here we will use the Desktop versions of Ubuntu Linux 8.10 (Intrepid Ibex). But underneath the version of Ubuntu users are also fixed to follow the same steps. Oh yes, the router that we will make use Firestarter application (www.fs-security.com) who has a 100% license free. Originally, this application is a firewall router features. So your router will have a firewall facilities. Fun, right?
Let's get started. As a first step, prepare a PC that had been installed Ubuntu and have an active Internet connection so you can browse there. Do not forget to also provide an additional network card to connect Ubuntu to the local network.
Installation of Main Components
1. There are two main components that must be installed before we can enable the PC as a router, that is Firestarter and DHCP (Dynamic Host Configuration Protocol). DHCP component need only be installed if you want an IP address automatically allocated to clients. If you want to configure the address manually, DHCP is not required to be installed. To install Firestarter and DHCP, click the menu System> Administration> Synaptic Package Manager (SPM). Then enter your Ubuntu root password (if requested).
2. From the window of the MSS, use the "Quick Search" to search for Firestarter package. If you've met, click the small box next to the Firestarter package and select "Mark for Installation".
3. Furthermore, in the same way, do a search for DCHP packets. If SPM presents many choices, make sure you select the package "dhcp3-server". Click the little box again and select "Mark for Installation". Then click the "Apply" with a green check mark icon at the top. The rest I'll work on Linux.
Router Configuration
4. If the installation went smoothly, the next step is to configure Firestarter for all connections from the client can be forwarded to the Internet. Run Firestarter from the menu Applications> Internet> Firestarter and enter your Ubuntu root password when prompted.
5. From the Firestarter main window, click the Preferences menu at the top (make sure the tab "Status" is active), then select Network Settings. Notice the two drop-down box that was there. Drop-down box at the top is the interface to connect to the Internet. If using an Ethernet network card, the interface is shown most likely is "eth0". While the second drop-down box shows the interface to the local network.
6. If it is determined where the Internet and local network, you can simply enable (check) the option "Enable Internet connection sharing" and "Enable DHCP for the local network" (automatic client IP allocation). Range of IP allocation using DHCP also can you set yourself, by clicking the black arrow next to the option "DCHP server details". Other options on this window can be left as is, because we do not really need it.
7. After all is finished is set, click the "Accept". By clicking the "Start Firewall", your PC has become a router to share an Internet connection. Easy, right?
TIPS: Bonus Firewall
Incomplete feel if a router is not equipped with additional security to ward off attacks that are likely to come from the Internet. Fortunately, Firestarter is designed to secure a PC connected to the Internet, including clients that are connected via Internet Connection Sharing.
Actually, by default, Firestarter has worked as a firewall since it was first activated. But the default settings in our opinion still has many holes which if not closed it is not likely going to be penetrated cracker.
If security is your priority while surfing fun, it never hurts to follow the simple steps below.
A. Facing Attacks from Outside
1. Reopen the Preferences window in Firestarter. This time select "ICMP Filtering" and enable (check) the option "Enable ICMP Filtering". Ignore the other options under it if there are no other features of the ICMP protocol which allowed acceptable PC. Next, click the Accept button.
2. Back to the Firestarter main window, then select the tab "Policy". In Editing options, make sure the chosen "Inbound traffic policy" which means we will make rules about "who can access a PC or a port from the Internet". If no port that can be accessed from the Internet, so be sure to list the "Allow connections from host", "Allow service", and "Forward service" to be empty. Conversely, if you want to allow a host of Internet-connected to the router side of this, right-click an empty area on the list "Allow connections from host" and choose "Add rule". Then enter the IP address of hosts that are allowed to access the router. If you have, do not forget to click the "Add" and "Apply". The same way can be done to allow port connection / service from the Internet, it's just that you have to work in the "Allow service".
3. If you have, try to test your PC with the help of site security audits of Gibson Research (www.grc.com). Compare the results before and after the configuration is done (see if you get the title of "Passed" on TruStealth Analysis or not).
B. Restricting Client Access URL
After successfully restrict access from the outside, now we will make restrictions on clients that will access the Internet. This is especially useful if you want to save bandwidth or to prevent underage users accessing inappropriate sites. Here's how to do it.
1. From the Firestarter main window, click the tab "Policy" and change the dropdown editing to "Outbound traffic policy". This option is used to restrict access to the Internet or a local client opposite of "Inbound traffic policy" that we discussed above.
2. Two radio buttons will appear which each contain an option "Permissive by default, traffic black list" and "Restrictive by default, whitelist traffic". Permissive by default used if you want to allow all data traffic from clients to the Internet and using a list of policy to block addresses, the host or service / specific ports. Conversely, Restrictive by default is used to block all traffic from client to Internet data and use the list policy to allow access to the address, host or service / specific ports. If you want to block a specific address, select Permissive by default.
3. To order for Firestarter block certain sites, do it by right-clicking an empty area on the list of "Deny connection to host", then choose "Add rule". Enter the IP address or domain name (without "http://") in the field "IP, host or network", then click Add. If you have, do not forget to click Apply at the top of the window of Firestarter. Try to visit the address had been blocked using the browser.