Freesco implements Linux Routing SystemThe Internet is made up of network interconnection, and the device implementing Internet interconnection is the gateway. Any user connects to the Internet through a gateway. Most gateways on the Internet are dedicated routers and switches. At present, Linux is becoming more and more universal. After proper configuration, it can take the role of a router, the physical cornerstone of the Internet. After a high level of developers on the Internet simplified and customized Linux, the Linux software freesco was launched, which can be run only through one floppy disk, effectively reducing the requirements for hardware resources, and improves work efficiency.
The name of freesco is abbreviated as "Free Cisco". developers hope that freesco can replace the dedicated router on the network. Freesco claims that it can run smoothly on more than 386 of PCs, and only needs 8 MB of memory. Its purpose and design philosophy are very similar to those of embedded systems. Compared with LRP, another Linux router/firewall software, it works basically in the same way. The difference is that the LRP configuration method is relatively primitive, each step requires a command line or a configuration file to be modified. freesco provides an interactive menu wizard configuration program, making it easier to operate.
Currently, the latest version of freesco is 0.3.2, based on the Linux 2.0.38 kernel. Available on the software Homepage.
System Requirements
The computer used as a router needs to have a CPU of more than 386, 8 MB of memory, a soft drive, a NIC connected to the LAN, and a network device connected to the Internet. This device can be a network card connected to ADSL, it can also be a cable modem or a common Modem.
Freesco has very low CPU requirements and 32 MB memory is recommended. Freesco supports many network card types. You can download the software package: http://www.freesco.cc/descargas/ingles/modules-03x.zip.
Software Installation
Decompress the downloaded package and run the following command:
#make_fd.batThis batch file will write the floppy image"freesco.032" onto a 1.44mb disk in drive a:Please insert a formatted diskette into drive A: and press -ENTER- : |
Add a MB Floppy disk as prompted. The preparation process is completed automatically, which takes about 50 seconds.
Network Connection
Add the computer installed with the freesco software to the LAN. If you use an ADSL/cable modem to connect to the Internet, you need two NICs, one connected to the LAN and the other connected to the ADSL/cables device. The author's network topology is shown in Figure 1.
Figure 1 Network Topology
STARTUP configuration
Restart the computer and enable it with a soft drive in the BIOS. the startup interface is shown in figure 2.
Figure 2 freesco Linux Startup Interface
As shown in figure 2, The ramdisk technology is used in freesco's work. In Linux, part of the memory can be used as a partition, which is called ramdisk. For files that are frequently accessed and not changed, you can place them in the memory through ramdisk, which can significantly improve system performance. Ramdisk works on the Virtual File System (VFS) layer and cannot be formatted, but multiple ramdisks can be created. Press enter to enter the basic configuration. Note that the default root account password is "root ".
After entering Linux, first enter the "setup" command for basic configuration. Freesco provides an interactive menu wizard configuration program, which is easier to use. Select "1" for basic vro configuration.
1. Basic vro settings. Set the IP address in the LAN. set other options based on the actual situation of the LAN. For computers dedicated to connecting to the LAN, the system will generate a program based on parameters such as the NIC model and nic interrupt value. Therefore, when configuring Nic parameters, make sure that the program is accurate.
Figure 3 configure Nic Information
2. built-in service settings. As its name implies, it provides services for computers in the LAN, including DNS services (domain name resolution service), DHCP services (Addressing service), FTP services, Telnet services, and UTC services. If you select DNS, you need to provide the IP address of the DNS server; if you select DHCP, you need to provide the IP address range for the system to assign. This range depends on the number of computers in the LAN.
3. Determine the protocol type used to connect to the Internet. If you have installed an ADSL or cable modem, the available protocols include pppoe, PPP, and DHCP. Different network service providers may use different protocols. If you are using a ddnleased line, select a fixed IP address. If you use a common Modem for dial-up Internet access, use the PPP protocol. If you use a VPN connection, use the PPTP protocol.
In addition, you must enter the ISP provider information, such as the access phone number, DNS primary/secondary address, and user authentication method, as shown in figure 4. Verification methods include password verification protocol (PAP) and challenge-handshake verification protocol (CHAP ).
Figure 4 Internet connection Configuration
PAP is a simple plaintext verification method. NAS (Network Access Server) requires users to provide user names and passwords, and PAP returns user information in plaintext. Obviously, this authentication method is less secure. A third party can easily obtain the transferred user name and password, and use this information to establish a connection with Nas to obtain all the resources provided by Nas. Therefore, once a user's password is stolen by a third party, Pap cannot provide protection measures to avoid being attacked by a third party.
CHAP is an encrypted authentication method that prevents the user's real password from being transmitted when a connection is established. NAS sends a challenge password (Challenge) to remote users, including the session ID and an arbitrary challenge string (arbitrary challengestring ). Remote users must use the MD5 one-way hashing algorithm to return the user name and encryption challenge password, session ID, and user password. The user name is sent in non-Hash mode.
After the above configuration, the Linux router is basically complete. Select ttsung under the main control interface, and the system will generate a report.txt file under the “routerworkflow directory. If you select "V", the system will list all the settings you just set. If you find that the parameters in the List need to be changed, you can go back and set them again. Finally, select "S" to save the configuration and restart the computer.
Advanced Applications
The Linux Routing System configured above can provide DNS, DHCP, FTP, telnet, and print services. Next, let's take a look at some of its advanced applications. Select "A" in the master menu to go to the "Advanced Settings" menu, 5.
Figure 5 freesco advanced settings menu
Freesco provides a modular management menu, it can be divided into "system settings", "Security/limitations", "users/passwords", "services", "hardware", "Networks", "modems", and "dial-up Router" and "permanent Router, provides 38 function options. It mainly includes:
1. Network Address Translation (NAT)
Nat can connect to the Internet, but does not allow all computers in the network to have a real Internet IP address. The NAT Function allows you to manage valid Internet IP addresses in a unified manner. When an internal computer needs to access the Internet, it dynamically or statically converts a fake IP address to a valid IP address. In addition, the external network user can be unaware of the internal structure of the network.
2. Connecting pppoe and PPTP to the Internet
You can connect to the network service provider through the adsl modem connected to the ethernet card interface, and support PPP Security Authentication for PAP/chap.
3. Connect a fixed IP address to the Internet
You can set a public network's fixed IP address, subnet mask, default gateway, and DNS server, suitable for leased line users.
4. PPP connection to the Internet
Connect to the Internet using a common telephone line and a 56k modem in PPP mode.
5. built-in DHCP server
Enable the Intranet computer to automatically obtain network parameter configurations from the vro, such as IP addresses, gateways, and Domain Name Server addresses, to avoid repeated computer settings and bind IP addresses and network card MAC addresses.
6. built-in DNS Server
Provides Domain Name Service proxy for computers in the network to speed up the search for IP addresses corresponding to the host name, thereby improving the speed of webpage access, and allows you to customize host name and IP Address Resolution, and supports dynamic DNS.
7. built-in Network Time Server
In Linux, we recommend that you set up at least one time server to synchronize local time, which makes it easier to process collection logs and management on different systems. Freesco also provides a client software for Windows-freetimeclient.
8. port forwarding
The destination IP address is called destination Nat, which is used to implement Internet access to the internal network. The common application form is port forwarding ). The destination network address translation allows servers in the internal network to accept access from the Internet and be monitored by the firewall.
9. User Management
By setting user permissions, you can cut off the "Black Hands" that harm the network ".
10. Host access restrictions
You can restrict hosts in the network to access computers outside the network or use certain communication protocols and service ports according to their IP addresses, network segments, or network card MAC addresses.
11. BANNER Modification
FTP and Telnet service programs usually display their "banner". Many system intrusion tools have the function of Automatically Obtaining "banner, by modifying the "banner", you can disguise Linux as a Windows host to reduce the risk of intrusion.
12. Print Service
Supports LPR and raw protocol printing services. computers inside and outside the network can share the printer connected to the parallel port of the router or USB.
13. Set "Read Only Floppy"
When a floppy disk is used to protect the write of a floppy disk, the boot medium of the system becomes read-only, and the entire system runs on the memory file system, it is easy to recover even if the system is damaged by intrusion.
14. Remote Management of freesco
After freesco is configured, it can be managed through a web server or any computer browser on the network. Enter the IP address and Management port number 82 in the browser IP address to see the management interface shown in 6. For such a Linux system, after installation, you can save the display, hard disk, keyboard, mouse, and so on, thus greatly reducing hardware costs.
Figure 6 freesco Remote Management Interface
To enable the Linux routing system to provide more functions, more content must be included in the disk space. However, the disk space is limited, the read/write speed is slow, and it is easy to be damaged. Currently, newer computers support USB flash drives. Therefore, you can copy files from a floppy disk to a USB flash drive to improve the system performance.
TCP/IP is developed on UNIX and inherited well in Linux. This makes TCP/IP an integral part of Linux. Because the implementation of TCP/IP stack in Linux is particularly mature, Linux is claimed to have the most powerful routing function in the industry, coupled with its flexible and easy to customize advantages, therefore, it is favored by senior network administrators and high-level users.
Freesco only needs to use a low-configuration computer to implement the router function, so that LAN computers can share a broadband line to access the Internet, at the same time, a secure firewall can be established between the Internet and the LAN. This solution is applicable to the network environment in which the Linux system is used as a router in the home, dormitory, and small office network. (T111)
Figure 1 Network Topology
STARTUP configuration
Restart the computer and enable it with a soft drive in the BIOS. the startup interface is shown in figure 2.
Figure 2 freesco Linux Startup Interface
As shown in figure 2, The ramdisk technology is used in freesco's work. In Linux, part of the memory can be used as a partition, which is called ramdisk. For files that are frequently accessed and not changed, you can place them in the memory through ramdisk, which can significantly improve system performance. Ramdisk works on the Virtual File System (VFS) layer and cannot be formatted, but multiple ramdisks can be created. Press enter to enter the basic configuration. Note that the default root account password is "root ".
After entering Linux, first enter the "setup" command for basic configuration. Freesco provides an interactive menu wizard configuration program, which is easier to use. Select "1" for basic vro configuration.
1. Basic vro settings. Set the IP address in the LAN. set other options based on the actual situation of the LAN. For computers dedicated to connecting to the LAN, the system will generate a program based on parameters such as the NIC model and nic interrupt value. Therefore, when configuring Nic parameters, make sure that the program is accurate.
Figure 3 configure Nic Information
2. built-in service settings. As its name implies, it provides services for computers in the LAN, including DNS services (domain name resolution service), DHCP services (Addressing service), FTP services, Telnet services, and UTC services. If you select DNS, you need to provide the IP address of the DNS server; if you select DHCP, you need to provide the IP address range for the system to assign. This range depends on the number of computers in the LAN.
3. Determine the protocol type used to connect to the Internet. If you have installed an ADSL or cable modem, the available protocols include pppoe, PPP, and DHCP. Different network service providers may use different protocols. If you are using a ddnleased line, select a fixed IP address. If you use a common Modem for dial-up Internet access, use the PPP protocol. If you use a VPN connection, use the PPTP protocol.
In addition, you must enter the ISP provider information, such as the access phone number, DNS primary/secondary address, and user authentication method, as shown in figure 4. Verification methods include password verification protocol (PAP) and challenge-handshake verification protocol (CHAP ).
Figure 4 Internet connection Configuration
PAP is a simple plaintext verification method. NAS (Network Access Server) requires users to provide user names and passwords, and PAP returns user information in plaintext. Obviously, this authentication method is less secure. A third party can easily obtain the transferred user name and password, and use this information to establish a connection with Nas to obtain all the resources provided by Nas. Therefore, once a user's password is stolen by a third party, Pap cannot provide protection measures to avoid being attacked by a third party.
CHAP is an encrypted authentication method that prevents the user's real password from being transmitted when a connection is established. NAS sends a challenge password (Challenge) to remote users, including the session ID and an arbitrary challenge string (arbitrary challengestring ). Remote users must use the MD5 one-way hashing algorithm to return the user name and encryption challenge password, session ID, and user password. The user name is sent in non-Hash mode.
After the above configuration, the Linux router is basically complete. Select ttsung under the main control interface, and the system will generate a report.txt file under the “routerworkflow directory. If you select "V", the system will list all the settings you just set. If you find that the parameters in the List need to be changed, you can go back and set them again. Finally, select "S" to save the configuration and restart the computer.
Advanced Applications
The Linux Routing System configured above can provide DNS, DHCP, FTP, telnet, and print services. Next, let's take a look at some of its advanced applications. Select "A" in the master menu to go to the "Advanced Settings" menu, 5.
Figure 5 freesco advanced settings menu
Freesco provides a modular management menu, it can be divided into "system settings", "Security/limitations", "users/passwords", "services", "hardware", "Networks", "modems", and "dial-up Router" and "permanent Router, provides 38 function options. It mainly includes:
1. Network Address Translation (NAT)
Nat can connect to the Internet, but does not allow all computers in the network to have a real Internet IP address. The NAT Function allows you to manage valid Internet IP addresses in a unified manner. When an internal computer needs to access the Internet, it dynamically or statically converts a fake IP address to a valid IP address. In addition, the external network user can be unaware of the internal structure of the network.
2. Connecting pppoe and PPTP to the Internet
You can connect to the network service provider through the adsl modem connected to the ethernet card interface, and support PPP Security Authentication for PAP/chap.
3. Connect a fixed IP address to the Internet
You can set a public network's fixed IP address, subnet mask, default gateway, and DNS server, suitable for leased line users.
4. PPP connection to the Internet
Connect to the Internet using a common telephone line and a 56k modem in PPP mode.
5. built-in DHCP server
Enable the Intranet computer to automatically obtain network parameter configurations from the vro, such as IP addresses, gateways, and Domain Name Server addresses, to avoid repeated computer settings and bind IP addresses and network card MAC addresses.
6. built-in DNS Server
Provides Domain Name Service proxy for computers in the network to speed up the search for IP addresses corresponding to the host name, thereby improving the speed of webpage access, and allows you to customize host name and IP Address Resolution, and supports dynamic DNS.
7. built-in Network Time Server
In Linux, we recommend that you set up at least one time server to synchronize local time, which makes it easier to process collection logs and management on different systems. Freesco also provides a client software for Windows-freetimeclient.
8. port forwarding
The destination IP address is called destination Nat, which is used to implement Internet access to the internal network. The common application form is port forwarding ). The destination network address translation allows servers in the internal network to accept access from the Internet and be monitored by the firewall.
9. User Management
By setting user permissions, you can cut off the "Black Hands" that harm the network ".
10. Host access restrictions
You can restrict hosts in the network to access computers outside the network or use certain communication protocols and service ports according to their IP addresses, network segments, or network card MAC addresses.
11. BANNER Modification
FTP and Telnet service programs usually display their "banner". Many system intrusion tools have the function of Automatically Obtaining "banner, by modifying the "banner", you can disguise Linux as a Windows host to reduce the risk of intrusion.
12. Print Service
Supports LPR and raw protocol printing services. computers inside and outside the network can share the printer connected to the parallel port of the router or USB.
13. Set "Read Only Floppy"
When a floppy disk is used to protect the write of a floppy disk, the boot medium of the system becomes read-only, and the entire system runs on the memory file system, it is easy to recover even if the system is damaged by intrusion.
14. Remote Management of freesco
After freesco is configured, it can be managed through a web server or any computer browser on the network. Enter the IP address and Management port number 82 in the browser IP address to see the management interface shown in 6. For such a Linux system, after installation, you can save the display, hard disk, keyboard, mouse, and so on, thus greatly reducing hardware costs.
Figure 6 freesco Remote Management Interface
To enable the Linux routing system to provide more functions, more content must be included in the disk space. However, the disk space is limited, the read/write speed is slow, and it is easy to be damaged. Currently, newer computers support USB flash drives. Therefore, you can copy files from a floppy disk to a USB flash drive to improve the system performance.
TCP/IP is developed on UNIX and inherited well in Linux. This makes TCP/IP an integral part of Linux. Because the implementation of TCP/IP stack in Linux is particularly mature, Linux is claimed to have the most powerful routing function in the industry, coupled with its flexible and easy to customize advantages, therefore, it is favored by senior network administrators and high-level users.
Freesco only needs to use a low-configuration computer to implement the router function, so that LAN computers can share a broadband line to access the Internet, at the same time, a secure firewall can be established between the Internet and the LAN. This solution is applicable to the network environment in which the Linux system is used as a router in the home, dormitory, and small office network. (T111)
Figure 1 Network Topology
STARTUP configuration
Restart the computer and enable it with a soft drive in the BIOS. the startup interface is shown in figure 2.
Figure 2 freesco Linux Startup Interface
As shown in figure 2, The ramdisk technology is used in freesco's work. In Linux, part of the memory can be used as a partition, which is called ramdisk. For files that are frequently accessed and not changed, you can place them in the memory through ramdisk, which can significantly improve system performance. Ramdisk works on the Virtual File System (VFS) layer and cannot be formatted, but multiple ramdisks can be created. Press enter to enter the basic configuration. Note that the default root account password is "root ".
After entering Linux, first enter the "setup" command for basic configuration. Freesco provides an interactive menu wizard configuration program, which is easier to use. Select "1" for basic vro configuration.
1. Basic vro settings. Set the IP address in the LAN. set other options based on the actual situation of the LAN. For computers dedicated to connecting to the LAN, the system will generate a program based on parameters such as the NIC model and nic interrupt value. Therefore, when configuring Nic parameters, make sure that the program is accurate.
Figure 3 configure Nic Information
2. built-in service settings. As its name implies, it provides services for computers in the LAN, including DNS services (domain name resolution service), DHCP services (Addressing service), FTP services, Telnet services, and UTC services. If you select DNS, you need to provide the IP address of the DNS server; if you select DHCP, you need to provide the IP address range for the system to assign. This range depends on the number of computers in the LAN.
3. Determine the protocol type used to connect to the Internet. If you have installed an ADSL or cable modem, the available protocols include pppoe, PPP, and DHCP. Different network service providers may use different protocols. If you are using a ddnleased line, select a fixed IP address. If you use a common Modem for dial-up Internet access, use the PPP protocol. If you use a VPN connection, use the PPTP protocol.
In addition, you must enter the ISP provider information, such as the access phone number, DNS primary/secondary address, and user authentication method, as shown in figure 4. Verification methods include password verification protocol (PAP) and challenge-handshake verification protocol (CHAP ).
Figure 4 Internet connection Configuration
PAP is a simple plaintext verification method. NAS (Network Access Server) requires users to provide user names and passwords, and PAP returns user information in plaintext. Obviously, this authentication method is less secure. A third party can easily obtain the transferred user name and password, and use this information to establish a connection with Nas to obtain all the resources provided by Nas. Therefore, once a user's password is stolen by a third party, Pap cannot provide protection measures to avoid being attacked by a third party.
CHAP is an encrypted authentication method that prevents the user's real password from being transmitted when a connection is established. NAS sends a challenge password (Challenge) to remote users, including the session ID and an arbitrary challenge string (arbitrary challengestring ). Remote users must use the MD5 one-way hashing algorithm to return the user name and encryption challenge password, session ID, and user password. The user name is sent in non-Hash mode.
After the above configuration, the Linux router is basically complete. Select ttsung under the main control interface, and the system will generate a report.txt file under the “routerworkflow directory. If you select "V", the system will list all the settings you just set. If you find that the parameters in the List need to be changed, you can go back and set them again. Finally, select "S" to save the configuration and restart the computer.
Advanced Applications
The Linux Routing System configured above can provide DNS, DHCP, FTP, telnet, and print services. Next, let's take a look at some of its advanced applications. Select "A" in the master menu to go to the "Advanced Settings" menu, 5.
Figure 5 freesco advanced settings menu
Freesco provides a modular management menu, it can be divided into "system settings", "Security/limitations", "users/passwords", "services", "hardware", "Networks", "modems", and "dial-up Router" and "permanent Router, provides 38 function options. It mainly includes:
1. Network Address Translation (NAT)
Nat can connect to the Internet, but does not allow all computers in the network to have a real Internet IP address. The NAT Function allows you to manage valid Internet IP addresses in a unified manner. When an internal computer needs to access the Internet, it dynamically or statically converts a fake IP address to a valid IP address. In addition, the external network user can be unaware of the internal structure of the network.
2. Connecting pppoe and PPTP to the Internet
You can connect to the network service provider through the adsl modem connected to the ethernet card interface, and support PPP Security Authentication for PAP/chap.
3. Connect a fixed IP address to the Internet
You can set a public network's fixed IP address, subnet mask, default gateway, and DNS server, suitable for leased line users.
4. PPP connection to the Internet
Connect to the Internet using a common telephone line and a 56k modem in PPP mode.
5. built-in DHCP server
Enable the Intranet computer to automatically obtain network parameter configurations from the vro, such as IP addresses, gateways, and Domain Name Server addresses, to avoid repeated computer settings and bind IP addresses and network card MAC addresses.
6. built-in DNS Server
Provides Domain Name Service proxy for computers in the network to speed up the search for IP addresses corresponding to the host name, thereby improving the speed of webpage access, and allows you to customize host name and IP Address Resolution, and supports dynamic DNS.
7. built-in Network Time Server
In Linux, we recommend that you set up at least one time server to synchronize local time, which makes it easier to process collection logs and management on different systems. Freesco also provides a client software for Windows-freetimeclient.
8. port forwarding
The destination IP address is called destination Nat, which is used to implement Internet access to the internal network. The common application form is port forwarding ). The destination network address translation allows servers in the internal network to accept access from the Internet and be monitored by the firewall.
9. User Management
By setting user permissions, you can cut off the "Black Hands" that harm the network ".
10. Host access restrictions
You can restrict hosts in the network to access computers outside the network or use certain communication protocols and service ports according to their IP addresses, network segments, or network card MAC addresses.
11. BANNER Modification
FTP and Telnet service programs usually display their "banner". Many system intrusion tools have the function of Automatically Obtaining "banner, by modifying the "banner", you can disguise Linux as a Windows host to reduce the risk of intrusion.
12. Print Service
Supports LPR and raw protocol printing services. computers inside and outside the network can share the printer connected to the parallel port of the router or USB.
13. Set "Read Only Floppy"
When a floppy disk is used to protect the write of a floppy disk, the boot medium of the system becomes read-only, and the entire system runs on the memory file system, it is easy to recover even if the system is damaged by intrusion.
14. Remote Management of freesco
After freesco is configured, it can be managed through a web server or any computer browser on the network. Enter the IP address and Management port number 82 in the browser IP address to see the management interface shown in 6. For such a Linux system, after installation, you can save the display, hard disk, keyboard, mouse, and so on, thus greatly reducing hardware costs.
Figure 6 freesco Remote Management Interface
To enable the Linux routing system to provide more functions, more content must be included in the disk space. However, the disk space is limited, the read/write speed is slow, and it is easy to be damaged. Currently, newer computers support USB flash drives. Therefore, you can copy files from a floppy disk to a USB flash drive to improve the system performance.
TCP/IP is developed on UNIX and inherited well in Linux. This makes TCP/IP an integral part of Linux. Because the implementation of TCP/IP stack in Linux is particularly mature, Linux is claimed to have the most powerful routing function in the industry, coupled with its flexible and easy to customize advantages, therefore, it is favored by senior network administrators and high-level users.
Freesco only needs to use a low-configuration computer to implement the router function, so that LAN computers can share a broadband line to access the Internet, at the same time, a secure firewall can be established between the Internet and the LAN. This solution is applicable to the network environment in which the Linux system is used as a router in the home, dormitory, and small office network.