Security in the internet - or howto install a firewall router at home


Think about it:  Everyone who connects to internet is part of World Wide Web!
So you can be hacked. Have a look at Georgi Guninski demo pages. Here he shows for example your harddisk contents.

Well, it depends on the used adjustments of your browser and naturally which pages you visit. But without Java you won't see very much on display. By assignment of dynamic IP addresses by your provider the normal user is also further on the safe side.

The normal user (to which I also count myself) has a computer, standard software and modem/ISDN. Everyone, which
pursues the press releases, hears e.g. of internet attacks on Yahoo, download monitoring by Microsoft etc.

What about the acquisition of a firewall solution ? What is that? Freely translated  firewall is a protection against unauthorized penetration e.g. in a local network. There are many possibilities howto realize this from a firewall router
to proxy firewall.

What do you need? In this example: 2 network cards, 1 crossover cable and a second computer (like 486 with 8MB RAM). Costs approx. 70,- DM and your old computer taken from the cellar : -)

I'm not a programmer, so I looked for free solutions and found this small listing:



The above mentioned programs are naturally :) based on linux, which fit on 1 (-3) floppy disk and work even without harddisk. Who absolutely wants Microsoft based software, he should try the Jana-server . For comparison test the free lightversion of GNATbox .

Who has a second high performance computer, can naturally use a full linux distribution to get a similar protection with
Samba, ipfwadm and tcpd. However you decides, I use FREESCO and I'm very happy with it.

FREESCO has the advantage to fit only on one disk and it works already with a 386SX. It is recommended to work with 486 and 16MB RAM; I use only 8MB RAM, but I create swapfile on harddisk.

How to do?

Download image, driver and rawrite files to DOS environment and create install floppy. Insert networt cards and run configuration; on the small(!) computer you need only DOS and modem attached. Boot from floppy and after usual root/root identification, run setup.

Network cards according to 3Com and Ne2000 or compatible are detected, otherwise you need the driver file. IRQ adjustments of modern network cards are often determined by software. It's recommended to give a fixed address like io=0x280, irq=5.

For use on harddisk just type move2hdd; software is installed on a umsdos environment and should be started by execution of  router.bat. Take care, never edit this files in DOS session!

The whole configuration is easily and described in developers documentation . Documentation is not finished yet, because software is still beta, but works fine for most people.

The main difficulty is the configuration of clients (here Win9x); I also stopped here for first time... You only need to install TCP/IP ! The hopefully correctly detected network card needs the following adjustments: IP address (192.168.xxx.xxx), at gateway and DNS the IP address of router (192.168.xxx.yyy), as domain according to default setting enter inet and as hostname e.g. router.inet. The client should also have a name, entry somewhere under network/identification.

Thats it. Restart both computer and test the connection with ping 192.168.xxx.yyy on client. Then start your favorite browser and type router address, port 82 (192.168.xxx.yyy:82). Voilá, the httpd should know be there! Yes, this software offers also an administration by webclient. Do you want to test your homepage layout under "real" conditions ? Then activate httpd under setup/advanced for external world and place your files under /mnt/www.

At present the software offers the following: DNS -, DHCP -, time-, telnet-, web-, print and Remote Access server services.

For harddisk installation extensions like database mSQL or MidnightCommander are possible. You may consider the use of  libc5-libraries and placing binaries under /mnt/router/rc as well as the adjustment of rc_user file. The system operates completely in RAM, so root directory / is quasi virtual and it will be rebuild every restart. All modifications in the root directory are lost.

Check out your mini net with satan, saint or nessus . And don't forget to change all passwords.

Well, sunday afternoon is saved and surfing the WWW is a bit more secure.







freesco