Sunday, June 6, 2010

Install, Build and Secure Router At Home With Ubuntu

Install, Build and Secure Router At Home With Ubuntu

Install, Build and Secure Router At Home With Ubuntu

Many homes now have Internet access independent. Some of them even had to use a broadband connection with a fairly high speed. The question is, Can the Internet connection is shared to multiple PCs or notebooks at home? The answer could be, with the router!

Router that will be made - even for home-based classes - guaranteed to have stability and enterprise-class security supported by the Linux operating system. Eits, not used by Linux allergy. Linux is deliberately chosen from Ubuntu Desktop - the easiest Linux distributions and is widely used as a working terminal. We guarantee you will not meet with the Linux command line is much feared by ordinary users.

Here we will use the Desktop version of Ubuntu Linux 8:10 (Intrepid Ibex). But Ubuntu user version is also still under it can follow the same steps. Oh yes, the router that we will make use application Firestarter (www.fs-security.com) who have 100% free license. Originally, this application is a firewall router features. So your router will have a firewall facilities. Fun, right?

Let us begin. As a first step, prepare a PC that had been installed Ubuntu and have an active Internet connection so you can browse there. Do not forget to provide also an additional network card to connect Ubuntu to the local network.

Installing the Main Components
1. There are two main components that must be installed before we can enable the PC as a router, which is Firestarter and DHCP (Dynamic Host Configuration Protocol). DHCP components only need to be installed if you want your IP address is allocated automatically to the client. If you want to configure the address manually, DHCP is not required to be installed. To install Firestarter and DHCP, click the menu System> Administration> Synaptic Package Manager (SPM). Then enter your Ubuntu root password (if requested).

2. From the window of SPM, use the facility "Quick Search" to search for Firestarter package. If you have met, click the small box next to the Firestarter package and select "Mark for Installation".

3. Furthermore, in the same way, do a search for DCHP packets. If SPM presents many choices, make sure you select the package "dhcp3-server". Click back to the little box and select "Mark for Installation". Then click the "Apply" with a green check mark icon at the top. The rest I'll work on Linux.


Router Configuration
4. If the installation goes smoothly, the next step is to configure Firestarter for all connections from the client can be forwarded to the Internet. Run Firestarter from the menu Applications> Internet> Firestarter and enter your Ubuntu root password when prompted.

5. From the Firestarter main window, click the Preferences menu at the top (make sure the tab "Status" is active), then select Network Settings. Note 2 drop-down box there. Drop-down box at the top is a network interface connected to the Internet. If using an Ethernet network card, the interface is likely to be shown "eth0". While the drop-down box shows the interface for both the local network.

6. If you've determined where the Internet and local network, you can simply enable (check) the option "Enable Internet connection sharing" and "Enable DHCP for the local network" (the automatic allocation of IP clients). Range of IP allocation using DHCP you can also set yourself, by clicking the black arrow next to the option "DCHP server details". Other options on this window can be left as they are, because we do not really need it.

7. When all was set, click the "Accept". By clicking the "Start Firewall", the PC you've become a router to share an Internet connection. Easy, right?

TIPS: Bonus Firewall

Not complete it if a router is not equipped with additional security to ward off attacks that are likely to come from the Internet. Fortunately, Firestarter is designed to secure a PC connected to the Internet, including clients that are connected through the Internet Connection Sharing facility.

Actually, by default, Firestarter has worked as a firewall since it was first activated. But according to the default settings we still have a lot of holes that would otherwise be closed is not going to penetrate a cracker.

When security becomes your priority while surfing fun, there's no harm in following the simple steps below.

A. Against Attacks from Outside
1. Reopen the Preferences window in Firestarter. This time select "ICMP Filtering" and enable (check) the option "Enable ICMP Filtering". Ignore the other options under it if there's no other features of the ICMP protocol which allowed the PC received. Next, click the Accept button.


2. Back to the Firestarter main window, then select the tab "Policy". In Editing options, be sure to select "Inbound traffic policy" which means we will make rules about "who gets access to a PC or a port from the Internet". If no port that is accessible from the Internet, so be sure to list "Allow connection from host", "Allow service", and "Forward service" empty. Conversely, if you want to allow a host of the Internet is connected to the router, right-click an empty area on the list "Allow connection from host" and choose "Add rule". Then enter the IP address of hosts that are allowed to access the router. If you have, do not forget to click the "Add" and "Apply". The same way can be done to allow the port connection / service from the Internet, you just have to work on the list of "Allow service".

3. If so, try to test your PC with the help of your site's security auditing Gibson Research (www.grc.com). Compare the results before and after the configuration is done (see if you get a title of "Passed" on TruStealth Analysis or not).


B. Restricting Access Client URL

After successfully restrict access from the outside, now we will make restrictions on clients that will access the Internet. This is especially useful if you want to save bandwidth or to prevent underage users accessing inappropriate sites. Here's how to do it.

1. From the Firestarter main window, click the tab "Policy" and change the dropdown editing the "Outbound traffic policy". This option is used to restrict access to a local client to the Internet or the opposite of "Inbound traffic policy" that we discussed above.

2. Would appear that the two radio buttons each with the option "Permissive by default, traffic black list" and "restrictive by default, whitelist traffic". Permissive by default be used if you want to allow all data traffic from clients to the Internet and use the list to block policy address, host or service / specific port. Conversely, restrictive by default is used to block all traffic from the client to the Internet and using a list of policy to allow access to the address, host or service / specific port. If you want to block a specific address, select Permissive by default.

3. Firestarter ordered to block certain sites, do by right-clicking an empty area on the list of "Deny connection to host", then select "Add rule". Enter the IP address or domain name (without "http://") in the field "IP, host or network", then click Add. If you have, do not forget to click Apply at the top of the window Firestarter. Try to visit the address had been blocked using the browser.

No comments:

Post a Comment