What is Digg?Sponsored by Activision
Introducing DJ Hero Game view!
djhero.com - Scratch and mix 102 songs in 93 original mixes from today's hottest artists. Available Now.
33 Comments
- fmoor, on 10/12/2007, -1/+15How lame this is, just install ipcop and be done with it. 15 minute install, been in use for years.. Fred
- exobyte, on 10/12/2007, -4/+11It's also nice when something isn't Ubuntu specific, but I guess this is the only way to make the front page.
Digg me down Ubuntu fanboys!! Digg me down!! - Phocion55, on 10/12/2007, -4/+11Agreed....IPCop is a great solution. I use it at home.
But it's not Ubuntu so, ya know, no one on Digg really cares...sadly..... - exobyte, on 10/12/2007, -2/+8I bash it decause if someone only read digg, it would appear Ubuntu has 90% of the Linux market share.
Biased? Fanboys? - schestowitz, on 10/12/2007, -1/+6It's a very nice copy&paste howto. I wonder why they don't make it a script like EasyUbuntu or Automatix.
- seuaniu, on 10/12/2007, -1/+4Thats a neat how-to and all, but why use edgy? If I were gonna use ubuntu as a server at all (I won't bother starting a distro-war), I'd go with Dapper and its long-term support. That'll keep you from having to deal with dist-upgrade for 5 years.
- prammy, on 10/12/2007, -0/+2Howtoforge has some quality hwotos aimed at novices. Regardless of whether this is Ubuntu or another linux distribution, outside of the package manager/distribution specific commands, it should work for ANY distro.
I have used HOWTOs for installing Samba as a PDC on Ubuntu to run my Samba PDC on FreeBSD.
Stop bashing it because its Ubuntu, it helps people no matter what distro they run. - prammy, on 10/12/2007, -0/+1Samba/LDAP is pretty decently documented. I would recommend using a Redhat based distribution because of the Samba IMC Console which is a pain to setup on other distros.
If you don't mind using the command line tools, then feel free to use any distro you want. Debian, Ubuntu, Fedora, Centos etc all have smbldap tools in their repositories and its easy to configure and get running.
I recently did an SMB/Ldap install on FreeBSD (just so I can get experience doing it) and it was easy to setup as well. I am planning on doing a writeup and keeping it as distribution agnostic as possible.
The reason it takes a long time loading and saving settings is because your clients are using roaming profiles. Unless you explicitly want this (and have lots of disk space) , its probably better to keep profiles local. - douggmc, on 10/12/2007, -1/+2OK ... go through all that trouble, or just install something like ClarkConnect (has more gateway type functions easily installed/configured then the other firewall type distros like ipcop, smoothwall, etc.).
- cquilliam, on 10/12/2007, -0/+1This is exactly what I have been looking for. I am a system administrator for a small business that is currently using 2 Netware 5.1 servers. I want to replace one of the servers with Linux and act as the router/gateway.
Eventually I would like to replace the 2nd server with linux as well and setup a Samba PDC for the windows network. Anyone have any suggestions on the best distribution to do this with? I have setup a test network at home using Ubuntu 6.10 and it seems to work alright, except when logging in and out it seems to take more time then it should "Saving settings" and "Loading settings". - inactive, on 10/12/2007, -0/+1Smoothwall ( http://smoothwall.org ) does the same job as IPcop .I have been using it since ages.No issues till date.
- arobar, on 10/12/2007, -3/+4Indeed, how lame for someone to want to build the router themselves instead of using a prebuilt solution like IPCop. I agree that this doesn't have to be Ubuntu-specific, but don't bash it because it's just not to your taste. Having a full distro as your router gives you a wider range of functions that IPCop, m0n0wall, pfSense and the like just can't match. For example, I needed to give my Asterisk box a public IP. I only had the one, so I threw Asterisk onto my router box and it worked just great. I couldn't have put Asterisk onto my pfSense box, so at the time I was very glad that I had a full distro as my router.
- fac3less, on 10/12/2007, -0/+1@drag,
Why would you ever follow up with a / to delete a directory? That's absolutely silly. - karamba_kid, on 10/12/2007, -0/+1OpenBSD.
- prammy, on 10/12/2007, -0/+1or sudo -s :)
- drumhell, on 10/12/2007, -0/+1I agree to use IPcop, along with an added in Snort and Copfilter. It will run on way less hardware than a full *buntu distro will require, and it's FAST. My "off the shelf" firewall/routers (cough NETGEAR cough) were bottlenecking at 8 MB/Sec download when there was NO filtering enabled. IPCop runs at my full 12 MB/sec while running on a PC that I paid 45 bucks for (HP Kayak, Dual P3 800, 256).
It also separates my wireless from my trusted (green) network and provides almost endless config options. To whoever suggested adding asterisk or anything else to a firewall, it's pretty common security knowledge to run ONLY a firewall on a firewall box. Anything else is just waiting to be exploited, crash, take up CPU cycles, etc... Nice article though. - drag, on 10/12/2007, -0/+1IPcop kicks ass.
I used it to replace my Linksys router. Previous to the Linksys badboy I had a old 200mhz compaq peice of ***** computer running a linux-router-on-a-floppy distribution. I had that running for 4 years or so, but it the computer's bios refused to recognize a wifi card so I decided to 'make it easy on myself' and buy a off-the-shelf router/firewall.
What a mistake. That thing had dropped connections. It was slower. When I tried to update my listing of game servers with XQF it would literally crap out for 20-30 seconds at a time. Bittorrent was severely limited and DNS response was slow. I don't know how people put up with ***** like that.
So when they were getting rid of old PCs to the recyclers I took that opertunity to get a old dell box and I stuffed it full of 3com 100Mb/s cards. I figured I would put a custom system with OpenBSD on it, like I've always wanted to but I decided to try IPcop as a stop-gap until the weekend.
But I was so impressed with IPcop and it's web interface and capabilities I decided to keep it. VPN, DMZ zones, good DNS server, etc etc. Very fast connections with no drop outs or anything like that. Almost perfect.
I even installed OpenVPN add-on package for it.. which kicks ass. Since OpenVPN uses TLS/HTTPS for it's protocol anywere that has web access I have full network access to home. It can't be blocked by anything and it will even work through http proxies. So when travelling I don't have to pay extra for 'vpn access' or any stupid BS like that.
It's pretty good. - nayr, on 10/12/2007, -5/+5or just run freebsd...
- drag, on 10/12/2007, -0/+0What is the difference between Sudo and Su?
One of them has your regular user's password to protect it, and the other one requires you to log in using your user's account and then is also protected by a seperate root password.
Now imagine somebody guesses your user's password and logs into your computer. Think about this very very carefully.
Now you tell me which one is more secure. Sudo or Su?
(I'll give you just one guess.)
:-)
It has very little to do with security. Having a user account that has sudo access is the Linux equivelent of using a 'administrator' account in Windows. In other words it's less secure then having a seperate root account you only use sparingly. Sudo is a convience item that is used by some distros like Ubuntu to discourage people from having a root account they use on a daily basis.
If you do:
mkdir temp
rm -rf /home/username/temp /
as root your screwed. You just deleted your entire operating system.
As a regular user it will give you a small error message. - drumhell, on 10/12/2007, -0/+0...except vyatta tries to sell expensive services and requires registration to even download it. It's "open source" in the same way Red Hat is. (Red Hat is like 180 bucks for free software, er, for "support")
- yeffetn, on 10/12/2007, -0/+0For better security don't just give root account password as suggested, instead just use 'sudo su -' once to get root shell or even better, use sudo before each command (careful with escaping/quoting correctly).
- radu5er, on 10/12/2007, -0/+0Absolutely!
I run Freesco and it works great for my needs.
Great to see "preloved" and "mature" hardware get a second life as a very secure and easily managed network device. - Innatech, on 10/12/2007, -0/+0It's perfectly feasible to build a full-distro *&* low-power router using a mini-ITX mobo, a lower-power CPU and compact flash drives on IDE adapters. Fewer moving parts too. For bonus points, make sure to install support for and set up the thermal sensors and fan controller.
- pem725, on 10/12/2007, -0/+0I agree with joeanon above. There are some risks to running multiple services on a firewall but those risks can easily be offset by the costs of electricity. In some cases, noise alone might be the mitigating factor. I just replaced a smoothwall box with an ubuntu configured server. Smoothwall was great and I highly recommend it but I just needed fewer systems in my house. The electricity savings, heat reduction in the summer, and noise reduction were the factors that lead me to deciding on an all-in-one box. So you hard-line admin fanatics out there ought to consider that the ubuntu howto might have a place outside the enterprise.
- drag, on 10/12/2007, -0/+0[q]Why would you ever follow up with a / to delete a directory? That's absolutely silly.[/q]
***** happens. That's all.
Ya need a better imagination.
rm -rf ~/temp /dogBHunter/*torrent
(ah screw that I'll just delete the entire thing)
*backspace* *backspace* *backspace* etc etc *enter*
pause...
pause..
wait for it..
wait for it..
"OH *****"
*ctrl-c*
*ctrl-c*
*ctrl-c*
*ctrl-c*
*ctrl-c*
*ctrl-c*
This does happen sometimes. No joking. It's just a typo. - fmoor, on 10/12/2007, -0/+0Since you are an admin you know that you should not pollute your firewall router with other stuff.. grab an old PIII install 3 network cards, install ipcop place all of your other boxes behind it.. Red (Internet), green (secure network), orange (outside accessible servers). you will never regret it..
- joeanon, on 10/12/2007, -0/+0Actually guys I think most of you are looking at this the wrong way. I've researched some of the best PC router software out there and of all the single, super secure options I'd have to go with Pfsense over any linux based router since freeBSD is more secure than most linux distros. Ipcop and Smoothwall are also good options. For a bigger WOW factor and more fun you can try out clark connect also. However, after a lot of though I have to say none of these option are really that great because PC's use exponentially more electricity to run than dedicated risc based system. A linksys router might use 2.5-5 watts amounting in a microscopic monthly increase, but a common left over PC will cost you around 5 dollars a month running everyday.
Ok it's no price to pay for the hardened security of BSD or a customized linux kernel, but unless you're protecting a corporate enterprise the need for the worlds most secure router is questionable. If you think you'll be saving money with a linux router, you won't because it will cost you just in the first year of use what you could get a soho wireless router for. That's just the first year of use also in some areas your cost will actually be more than 5 dollars a month, but in almost no area will you run a desktop 24 hours a day for less than 5 bucks a month.
It's nothing, but so often people are dodging the upfront costs of a router by putting together a linux system. You get superior option and GREAT box for a corporate VPN solution, but if your goals are more personal it makes way more sense to put a full blown Linux distro on your computer. Since Ubuntu is one of the most popular of the day, a How To for their distro is a great idea.
You're going to pay 5 bucks a month to run that power gobbling platform you may as well get the MOST functionality out of it and sacrifice a TINY bit of security for a massive amount of versitility. This makes WAY more sense. Instead of just a router firewall, run a ftp, http, file, streaming media, intrusion detection system. Obviously only run what you need, but the point is that it's more cost effective to consolidate your needs and get the MOST out of your hardware.
These custom nix based routers are awesome, but ideally they would be run on simple risc system with passive cooling such as monowall is made to run. These processors use infinitely less electricity and perform just as well as a Core 2 in pure routing/firewall performance.
A full blown linux Distro is more useful and more fun and offers pretty damn good security if not nearly the same level as any of these products you mention since they are all based on much of the same technology. If you want the ultimately security go with Pfsense, but I really think it mostly makes sense just for the fun of using a customized linux kernel or for corporate needs where electricity is a tax write off.. ha. Since no one is predicting the cost of electricity to go down this makes these dedicated custom linux kernels running on overpowered PC architecture far from ideal. Are you willing to spend 10 bucks a month just to say you have the coolest firewall on the block ? These higher wattage devices also come with increased fire risk, so keep that in mind when tossing it into the corner. Fewer computers doing more is a better model and even if you have ADD you can still get a linux distro running nat and firewall in no time. PLUS the skill you learn are far more universal than some proprietary user interface. Same linux router projects are potential buy outs also that will give away their lite version while throwing a hefty price tag on the corporate editions.
Sooo what about the added electrical costs and the innate inefficiency of the PC architecture as a router. Linux kicks ass as an appliance style OS because of it's customizable kernel, but when it's not on customized hardware for the task it's a grossly inefficient use of power. The computer will likely never go beyond 5% cpu usage. Which might be cool if it's your works computer, but I think at home we all want the most bang for the buck. - RonDP, on 11/24/2008, -0/+0very nice +1
http://www.acadapterz.com/accessories.html - stevevmwx, on 10/12/2007, -2/+0Yep. An ol' P3 500 DeskPro EN (for
- Nodren, on 10/12/2007, -3/+1theres also vyatta, its a linux distro designed to function as a router, based on debian(like ubuntu) so theres some familiarity to it.
it also has a nice web interface which'll allow for easy remote management. and finally, its quick... i've installed it for professional jobs, and can push 100mbits(seen via iftop) through a 100mbit connection. and the router barely even has a load average above 0.01 - inactive, on 10/12/2007, -4/+0never mind, dig me down.
- inactive, on 10/12/2007, -5/+1author trying to give more information in confusing manner some of the information need to be explained much more for example if you take munin there is configuration files how to install clients and how to add plugins and how to trouble shoot small issues
- inactive, on 10/12/2007, -6/+1cuz maybe linux become a whore now but they still want to keep some image about what it was
© Digg Inc. 2009
— Content created and posted by Digg users is