Hi Everyone,
I've got kids who are growing older and I want to build a Linux box to filter Internet access. I've got six computers on the Internet, plus the laptops -- most run Windows. I'm not sure if it's called a router or gateway or...? I don't mind doing the leg work, I just don't know where to start. I'm pretty sure I'm *not* looking for a web server (though it might be fun to have a local web) -- I might also use the computer for a file server, but I mostly want a... proxy server? Not sure what tool I need to use. I seem to remember there were specialty Linux distributions for this purpose.
Once I do figure out what kind of box I'm building, would I still be able to put my Linksys router behind it, or would the Linux box *be* the router? -- and would I have to get a wireless switch instead? Would a Pentium III handle this duty, or would it gum up the works and make the Internet too slow?
Sorry for stupid questions. At some point I'm going to have to learn about Linux servers. I'm hoping this project will help me get started on that.
Thanks for any pointers.
Hi Everyone,
I've got kids who are growing older and I want to build a Linux box to filter Internet access. I've got six computers on the Internet, plus the laptops -- most run Windows. I'm not sure if it's called a router or gateway or...? I don't mind doing the leg work, I just don't know where to start. I'm pretty sure I'm *not* looking for a web server (though it might be fun to have a local web) -- I might also use the computer for a file server, but I mostly want a... proxy server? Not sure what tool I need to use. I seem to remember there were specialty Linux distributions for this purpose.
Once I do figure out what kind of box I'm building, would I still be able to put my Linksys router behind it, or would the Linux box *be* the router? -- and would I have to get a wireless switch instead? Would a Pentium III handle this duty, or would it gum up the works and make the Internet too slow?
Sorry for stupid questions. At some point I'm going to have to learn about Linux servers. I'm hoping this project will help me get started on that.
for what you want, I'd suggest pfSense, which is a FreeBSD Unix based firewall.
a P3 would be plenty powerful enough, although I'd want something small and very low power, like a MiniITX board such as an Alix 2d2 card.
this system would replace your existing linksys router, although you could setup your linksys to act as a wireless gateway on the LAN side.
On Sun, 2010-08-22 at 17:48 -0500, Ron Blizzard wrote:
Hi Everyone,
I've got kids who are growing older and I want to build a Linux box to filter Internet access. I've got six computers on the Internet, plus the laptops -- most run Windows. I'm not sure if it's called a router or gateway or...? I don't mind doing the leg work, I just don't know where to start. I'm pretty sure I'm *not* looking for a web server (though it might be fun to have a local web) -- I might also use the computer for a file server, but I mostly want a... proxy server? Not sure what tool I need to use. I seem to remember there were specialty Linux distributions for this purpose.
Once I do figure out what kind of box I'm building, would I still be able to put my Linksys router behind it, or would the Linux box *be* the router? -- and would I have to get a wireless switch instead? Would a Pentium III handle this duty, or would it gum up the works and make the Internet too slow?
Sorry for stupid questions. At some point I'm going to have to learn about Linux servers. I'm hoping this project will help me get started on that.
Thanks for any pointers.
There is a long list of options here:
http://en.wikipedia.org/wiki/List_of_router_or_firewall_distributions
My preferences are IPCop and Tomato Firmware, depending on the needed complexity. IPCop will run on junk hardware and Tomato runs on several home routers like the Linksys WRT54GL.
There are many IPCop add-ons, including DansGuardian, which is basically a very effective porn filter. Like many/most on the list, both IPCop and Tomato are configured via web interfaces.
Many people like SmoothWall or, for something more extensive, SME Server or ClearOS (previously known as ClarkConnect). If you want a high performance router, look at pfSense.
Steve
At Sun, 22 Aug 2010 17:48:14 -0500 CentOS mailing list centos@centos.org wrote:
Hi Everyone,
I've got kids who are growing older and I want to build a Linux box to filter Internet access. I've got six computers on the Internet, plus the laptops -- most run Windows. I'm not sure if it's called a router or gateway or...? I don't mind doing the leg work, I just don't know where to start. I'm pretty sure I'm *not* looking for a web server (though it might be fun to have a local web) -- I might also use the computer for a file server, but I mostly want a... proxy server? Not sure what tool I need to use. I seem to remember there were specialty Linux distributions for this purpose.
Once I do figure out what kind of box I'm building, would I still be able to put my Linksys router behind it, or would the Linux box *be* the router? -- and would I have to get a wireless switch instead? Would a Pentium III handle this duty, or would it gum up the works and make the Internet too slow?
It depends. The CentOS box could be a router. Typically you'd have two NICs (Network Interface Cards), one connecting to your cable/DSL/whatever 'modem', and the other to your LAN. Your Linksys router would then become merely a switch and wireless AP. You would probably disable the Linksys router's dhcp server and on-board caching name server, and transfer these functions to the CentOS box. Ditto for the firewall.
CentOS can also run a 'proxy' server, which could be used to filter / block / etc. access to web sites eg it could be used to limit 'teenage' access to certain sorts of websites for various reasons, including traffic limitations (no Youtube/iTunes video/audio downloads while daddy/mommy needs to use VPN to connect with the office, no IM'ing after bedtime on school nights, etc.). With the addition of the shaper module, you can also create a separate 'teen' virtual network with limited bandwidth.
Your Linksys router IS a simple 32-bit computer running Linux (typicall an ARM processor, not really any faster than a PIII, probably slower actually). A PIII has more than enough processing power to function as a router, DNS, and DHCP server. And probably as a proxy server too. The proxy server's limitations would mostly be a matter of fast enough disk access, partitularly if it was set up as a caching proxy server.
Sorry for stupid questions. At some point I'm going to have to learn about Linux servers. I'm hoping this project will help me get started on that.
Thanks for any pointers.
On Sun, Aug 22, 2010 at 7:34 PM, Robert Heller heller@deepsoft.com wrote:
Your Linksys router IS a simple 32-bit computer running Linux (typicall an ARM processor, not really any faster than a PIII, probably slower actually). A PIII has more than enough processing power to function as a router, DNS, and DHCP server. And probably as a proxy server too. The proxy server's limitations would mostly be a matter of fast enough disk access, partitularly if it was set up as a caching proxy server.
For what its worth, most Linksys routers these days run VxWorks, not an embedded Linux. (Apparently they can put 8MB or so less RAM in them with VxWorks.)
Another option you could try is to set up your own DNS server (if you install your own firmware onto that Linksys router you can probably do this.) Then, you can whitelist specific DNS domains, e.g. google.com, wikipedia.org, etc. (I won't even suggest you try to come up with a comprehensive list of domains to blacklist.) Everything else can be redirected to 127.0.0.1. The advantage of this is its simpler and very powerful. The downside is you'll be blocking access to a fair number of legitimate sites (but probably not as many as you'd think.)
On 8/22/2010 8:11 PM, Michael Semcheski wrote:
On Sun, Aug 22, 2010 at 7:34 PM, Robert Hellerheller@deepsoft.com wrote:
Your Linksys router IS a simple 32-bit computer running Linux (typicall an ARM processor, not really any faster than a PIII, probably slower actually). A PIII has more than enough processing power to function as a router, DNS, and DHCP server. And probably as a proxy server too. The proxy server's limitations would mostly be a matter of fast enough disk access, partitularly if it was set up as a caching proxy server.
For what its worth, most Linksys routers these days run VxWorks, not an embedded Linux. (Apparently they can put 8MB or so less RAM in them with VxWorks.)
Another option you could try is to set up your own DNS server (if you install your own firmware onto that Linksys router you can probably do this.) Then, you can whitelist specific DNS domains, e.g. google.com, wikipedia.org, etc. (I won't even suggest you try to come up with a comprehensive list of domains to blacklist.) Everything else can be redirected to 127.0.0.1. The advantage of this is its simpler and very powerful. The downside is you'll be blocking access to a fair number of legitimate sites (but probably not as many as you'd think.) _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Look into buffalo tech. their higher end "n" routers run dd-wrt which IS Linux based.
Ron Blizzard wrote:
Hi Everyone,
I've got kids who are growing older and I want to build a Linux box to filter Internet access. I've got six computers on the Internet, plus the laptops -- most run Windows. I'm not sure if it's called a router or gateway or...? I don't mind doing the leg work, I just don't know where to start. I'm pretty sure I'm *not* looking for a web server (though it might be fun to have a local web) -- I might also use the computer for a file server, but I mostly want a... proxy server? Not sure what tool I need to use. I seem to remember there were specialty Linux distributions for this purpose.
Once I do figure out what kind of box I'm building, would I still be able to put my Linksys router behind it, or would the Linux box *be* the router? -- and would I have to get a wireless switch instead? Would a Pentium III handle this duty, or would it gum up the works and make the Internet too slow?
Sorry for stupid questions. At some point I'm going to have to learn about Linux servers. I'm hoping this project will help me get started on that.
Thanks for any pointers.
m0n0wall http://m0n0.ch/wall/ is the probably easiest firewall package to use. It is FreeBSD based with a web interface to manage it. You can put it on any number of hardware configurations, including an older PC with two network cards. I've been using it for a couple of years now with no problems. It forwards logs to an internal syslog server on my home network.
Bob McConnell N2SPP
On Mon, Aug 23, 2010 at 3:06 AM, Bob McConnell rmcconne@lightlink.comwrote:
Ron Blizzard wrote:
Hi Everyone,
I've got kids who are growing older and I want to build a Linux box to filter Internet access. I've got six computers on the Internet, plus
m0n0wall http://m0n0.ch/wall/ is the probably easiest firewall package to use. It is FreeBSD based with a web interface to manage it. You can
From the FAQ: "There are no filtering capabilities built into m0n0wall based
on web site content, keywords, etc., nor any supported add-ons with such functionality."
So that's probably not the easiest of accomplishing what the OP wants to do ;-)
BR Bent
Thanks everyone. "Firewall" was the term I was having trouble coming up with. Now I'm overwhelmed with all the choices. I think, for someone as "green" (as in "inexperienced") as I am, something like IPCop might be an easy place to start. I'll experiment with a Pentium III I have, but will probably work towards some kind of fanless,, small computer (as suggested by another poster). I'm not sure the BSD firewalls will work for me (at this point) because I've got a couple Linux add-ins I'm thinking of using.
Just to confirm. The Linksys wireless router can become a wireless switch with the firewall and router capabilities disabled. (This is a Linux version, BTW, so I'm also going to look into the firmware modifications, but I doubt I can load my programs there and am a little nervous about bricking the router).
Again, thanks.
Ron Blizzard wrote:
Thanks everyone. "Firewall" was the term I was having trouble coming up with. Now I'm overwhelmed with all the choices. I think, for someone as "green" (as in "inexperienced") as I am, something like IPCop might be an easy place to start. I'll experiment with a Pentium III I have, but will probably work towards some kind of fanless,, small computer (as suggested by another poster). I'm not sure the BSD firewalls will work for me (at this point) because I've got a couple Linux add-ins I'm thinking of using.
If you're setting up a normal machine to be your firewall/router, run Bastille Linux. It's not a distro, but a hardening system. I ran it for about 10 years on RH, and to the best of my knowledge, never had an intrusion, while being on broadband the whole time.
Of course, file under the heading of professional paranoia, I also had *no* compilers, or X, or pretty much anything on that box.
Just to confirm. The Linksys wireless router can become a wireless switch with the firewall and router capabilities disabled. (This is a Linux version, BTW, so I'm also going to look into the firmware modifications, but I doubt I can load my programs there and am a little nervous about bricking the router).
Which Linksys?
mark, who needs to get something to put between the DSL modem and his box
Just to confirm. The Linksys wireless router can become a wireless switch with the firewall and router capabilities disabled. (This is a Linux version, BTW, so I'm also going to look into the firmware modifications, but I doubt I can load my programs there and am a little nervous about bricking the router).
while you still have connectivity to the router do exactly the following steps.
A) set the linksys's internet/WAN IP address to a 'safe' static IP, lets use 192.168.250.250 ... we'll never use this address. don't plug anything into the WAN port.
B) disable the DHCP and DNS service on the router, and configure the linksys LAN IP address to something unused on your 'new' LAN, like 192.168.0.250 ... you will use this to access the linksys configuration web page.
C) setup your new 'nix gateway to talk to your ISP (static, dhcp, or PPPoE, depending on the ISP configuration), and the 2nd ethernet as LAN address 192.168.0.1, with a dhcp server dishing out a reasonable IP range like 192.168.0.100-200. Also setup a DNS forwarder on the 'nix gateway, and set 192.168.0.1 as the DNS address returned by the DHCP zone option for DNS. your clients will use 192.168.0.1 as their gateway and DNS, with network mask 255.255.255.0 if you have hosts with static IP's you can use any IPs between 192.168.0.2 and 192.168.0.99, also 192.168.0.201-254 not counting 250 that we used for the linksys.
D) plug a linksys LAN port into your 'nix gateway, and plug a PC into another LAN port on the linksys, and see if its all working. you should be able to raise the linksys config pages as http://192.168.0.250 if you used the addresses I gave above.
Several weeks ago I've moved away from IPCop for a while until v. 2.0 will come out of beta and have addons available. Currently running pfSense with transparent proxy / filtering for ads, spyware, porn, etc ...
But you're right in choosing IPCop. There was nothing coming close to it when I factor in the way I was using it: - transparent proxy w/ advanced proxy addon - url filter addon - updates accelerator (only 1 computer would download the updates, the rest will get them locally at LAN speed) - snort + guardian addon (making snort active) - net2net vpns, road warriors und so weiter...
And I had IPCop installed on 7-8 locations on ancient hardware (I've decommissioned a P120 cpu and now the oldest out of them is a Celeron Mendocino @466Mhz)
Anyway, snort on IPCop 1.4.21 would no longer get its updates as that version is no longer supported. The kernel in version 2.x will obviously bring support for latest snort but it will take a while until final release and even more for addons like the ones I was using to be ported on the new release.
Now I am working on setting up a CentOS 5.5 32 bit with XEN and run pfSense distribution as a VM on my home LAN. And hanging in there until I see IPCop back :)
-----Original Message----- From: Ron Blizzard Sent: Monday, August 23, 2010 10:12 PM To: CentOS mailing list Subject: Re: [CentOS] CentOS or other Linux Internet Router/Gateway
Thanks everyone. "Firewall" was the term I was having trouble coming up with. Now I'm overwhelmed with all the choices. I think, for someone as "green" (as in "inexperienced") as I am, something like IPCop might be an easy place to start. I'll experiment with a Pentium III I have, but will probably work towards some kind of fanless,, small computer (as suggested by another poster). I'm not sure the BSD firewalls will work for me (at this point) because I've got a couple Linux add-ins I'm thinking of using.
Just to confirm. The Linksys wireless router can become a wireless switch with the firewall and router capabilities disabled. (This is a Linux version, BTW, so I'm also going to look into the firmware modifications, but I doubt I can load my programs there and am a little nervous about bricking the router).
Again, thanks.
On Sun, Aug 22, 2010 at 5:48 PM, Ron Blizzard rb4centos@gmail.com wrote:
I've got kids who are growing older and I want to build a Linux box to filter Internet access. I've got six computers on the Internet, plus the laptops -- most run Windows. I'm not sure if it's called a
Ron: We have IPCop running on an Intel 233 MMX box, with 64 MB of RAM. No problems with it during the past several years.
I would also suggest that you contemplate using the free DNS service of OpenDNS and configure your web browsers, router, etc. to use their DNS services (8 cities in the USA and 2 in Europe). http://www.opendns.com/
I believe they also have a free filtering service families can use, however, I'm not sure it is free, because we are not using it.... HTH, Lanny
Ron Blizzard píše v Ne 22. 08. 2010 v 17:48 -0500:
Hi Everyone,
I've got kids who are growing older and I want to build a Linux box to filter Internet access. I've got six computers on the Internet, plus the laptops -- most run Windows. I'm not sure if it's called a router or gateway or...? I don't mind doing the leg work, I just don't know where to start. I'm pretty sure I'm *not* looking for a web server (though it might be fun to have a local web) -- I might also use the computer for a file server, but I mostly want a... proxy server? Not sure what tool I need to use. I seem to remember there were specialty Linux distributions for this purpose.
If you want to try something CentOS based see ClearOS:
http://www.clearfoundation.com/Software/overview.html http://en.wikipedia.org/wiki/ClearOS
it looks great and it is working
Pavel
Once I do figure out what kind of box I'm building, would I still be able to put my Linksys router behind it, or would the Linux box *be* the router? -- and would I have to get a wireless switch instead? Would a Pentium III handle this duty, or would it gum up the works and make the Internet too slow?
Sorry for stupid questions. At some point I'm going to have to learn about Linux servers. I'm hoping this project will help me get started on that.
Thanks for any pointers.
-
[xfg] -
Bent Terp -
Bob McConnell -
John R Pierce -
Lanny Marcus -
m.roth@5-cent.us -
Michael Semcheski -
Pavel Lisy -
Robert Heller -
Ron Blizzard -
S.Tindall -
William Warren