DIY firewall Devices

Nowadays, there are not only a few computers in the home and connected to the Internet, and even many families have multiple computers. However, due to the complexity of the Internet, most users may be affected by viruses, hacker attacks, unknown scans, and other insecure factors. If a hardware firewall is available, that saves a lot of trouble. However, the hardware firewall products on the market often cost thousands of yuan, which is really not cost-effective for average families. In fact, as long as there is an old machine that can be used out before, and then install a free firewall product based on Linux, this goal can be achieved. For users, the cost is negligible.

There are a lot of router/firewall software available in Linux environment, such as m0n0wall, Smoothwall Express, LEAF-Bering uClibc, and ClarkConnect. This time, we refer to the turning point as "let bad packets end here" IPCop, mainly to show you how to install a hardware firewall of your own IPCop.

Prepare the hardware platform

According to the content in the IPCop user manual, the minimum hardware requirement of this software is as long as it is an "antique-class" machine with 386 processors, 32 MB memory and a MB hard disk. However, in terms of system running speed and stability, I suggest using faster hardware. A Pentium family processor plus MB of memory should be able to perform quite well, A 20 GB hard disk can also be used as an efficient Proxy Cache computer. It doesn't mean that the performance of the latest and best-configured hardware can be even better. Using the latest hardware platform may cause some problems, the main reason is that IPCop's support for new hardware products is not complete. For example, the support for PCI Express technology is just getting started, and far from being completed and mature.

The standard configuration of IPCop requires at least one network card. Do we still call a router without a network card? We chose the NIC based on Realtek 8139 series chips on the market, because the wide application of a chip is actually equivalent to ensuring that it can get more extensive driver support. In the example I introduced to you, two NICs are used, this is the same as using a SOHO Broadband Router to share the specific network structure of ADSL or cable modem for Internet access (1 ). In the network we use, a network card (the first network card) is connected to the switch at the end of the home network (indicated by a green connection line ), the other network card (the second network card) is directly connected to an ADSL or cable modem (represented by a red connection line. In fact, an ISDN card or a traditional analog modem card can also be used to replace its second Nic. In addition, we can add more NICs to meet more complex requirements.

Hardware requirements of IPCop Routers

CPU/motherboard Intel or amd cpu, Pentium series or higher, minimum 100 MHz speed (Socket 7, Socket 370, Socket A, etc)
Memory 256 mb sdram or DDR-SDRAM
Hard Disk 20-40 GB used for website cache in proxy Mode
Two 10/100 Mbit/s NICs
The video card is a 2 MB card and does not require 3D acceleration. You only need to install it.
Any kind of optical drive can be used as long as it can be used.
Any type of keyboard.

Install software system

IPCop is based on Linux, and the operating system itself and its source code can be used freely. As long as you follow the GPL license agreement, the format is an ISO optical disk photo file, which is clever and only 41 MB, you can burn it into a boot disc, and the image file can be restored to a partition for installation. In this installation, the computer responsible For the router installs the entire system from an optical drive and from the optical drive.

In the BIOS settings of the motherboard, take the optical drive as the first boot device, save the settings, and restart the computer. We can see the boot loader of Isolinux. It should be noted that if this installation process continues, all data in your hard disk will be deleted, so please be careful that you must back up important data before installation.

Press the Enter key to load the Linux kernel. Note that the other two parameters "nousb" and "nopcmcia" can be used here. These two options are essentially shielding the USB interface and PCMCIA Interface functions on the motherboard. Generally, a common Router does not need these two interfaces.

After the kernel of the operating system is loaded, the first step in the installation process is to select the language version of the installation interface, which is available in several different languages, however, it seems that there is no option for Chinese. Let's select English.

Next, the installer will ask which media we want to install, including CDROM and HTTP/FTP. If you are from a soft Drive boot system, you can select the HHTP/FTP mode, and we will select the CDROM option. Then, although we have already put the installation CD into the optical drive, but the installation program will still prompt you to insert an installation CD, be sure to confirm it.

After the installer repartitioning and formatting the hard disk, the real installation process begins. The entire process does not need to interact with the user, and is automatically executed, such as the hard drive used by the system, partition it, and then use the appropriate file system to format new partitions. Unlike other operating systems, the installer frequently requests user-related installation content, such as the size of swap partitions. In addition, we do not need to know whether the data partition uses the ReiserFS or ext3 partition format.

If you have installed such a system before and save the configuration information to a floppy disk, you can directly import all the configuration information after the installation is completed, and skip the remaining configuration process, which may save a lot of time. Just select the "Restore" button in the screen content shown in figure 3, and then let the installer complete the rest of the work. Because we have installed a new system and no configuration information is available, we can only select the "Skip" button. The installation process of the system is now complete, and the next step is to set IPCop.