Viper Lair
Latest Stuff

Antec NeoPower 480W PSU
A.C. Ryan Mod Roundup
Ultra 400W Dual LED ATX PSU
Ultra 500W Titanium ATX PSU
Ultra Retractable Cables
Ultra Portable HDD Enclosure 2.5"
MSI DR16-B 16X Dual Layer DVD
Thermalright XP-120
Transcend JetFlash 2A 256MB
Mushkin MP3/WMA/Voice Recorder V2 128MB
Latest Stuff
Search for lowest prices:


Price Search:    for    

How to setup a Linux Router/Firewall: Following up on our Windows ICS article, we look at setting up a Linux router/firewall. It'll allow you to share your Internet connection and provide some protection to your home network.

Date: December 3, 2002
Manufacturer: N/A
Written By: Jim Scheffler

Now we need to answer whether or not your Internet connection runs on DHCP or not. If you were provided with an IP address when your cable modem was installed you probably have a static IP, if you were not provided with an IP address you most likely have a dynamic IP. Dynamic IP's are more common and also what we will cover.

Answer 'y' to this question and press 'Enter'.

Next we answer whether we want our router to log messages from clients. This is good for troubleshooting but otherwise is just a waste of resources. Answer 'N' and press 'Enter'.

We are then asked if we would like to update DNS settings through DHCP. Since this is how your computer finds other computers on the Internet hit 'y' and press 'Enter'.

Now we will set up the network card that is attached to our network. Generally, the second network card in a Linux system is called 'eth1'. Since we have no good reason to change that we won't. Type in 'eth1' and press 'Enter'.

Next we have to choose an IP address for our internal network card. I chose ''. This is a non-routable address and would be a good choice. Type in '' and press 'Enter'.

Our network mask will be ''.

Now we will set up our DHCP server for ease of connecting machines to our network. While you can theoreticly add as many IP addresses as you want to this field you should remember that every IP address that your machine has to manage will slow it down. Be reasonable in picking your IP range. You want enough IP's to cover as many computers and devices as you think will be attached to your system and a few more for safety.

I selected ''. This provides us with just over 200 addresses

Next we will be setting up DNS. Please read the warnings on the screen. We want to enable the caching DNS server on our router but make it available only to computers on our local area network (LAN). Choose 's' for secure and press 'Enter'.

Next is whether we want to enable DNS request logging. Much like DHCP logging it is good for troubleshooting but not for much else. Answer 'n' and hit 'Enter'.

We want to be able to use our internal DHCP server to dole out IP addys so type 's' and 'Enter'.

We are not going to worry about WINS at this point so type '-' and hit 'Enter'.

Now we need to determine how long we want our DHCP leases to last. The default value is 604800 seconds, or 7 days. This should be fine for our purposes.

We have a ability to create reservations for certain computers so they will always have the same IP address. If you are interested in doing this please read up on it. It is fairly easy to do but for the sake of keeping this article short we won't be covering it. Press 'n' and hit 'Enter'.

Freesco will allow you to run a web page from your router. We will also not delve into this area but remember it is there if you want to come back to it later. Hit 'n' and press 'Enter'.

Next we want to enable the router control and time server but make it available only on the LAN. Select 's' and hit 'Enter'.

The control HTTP server now needs to know what port to run on. The default is '81' but I have chosen something a little farther away and hopefully more hidden (5000). You may choose either.

Select the default for the time server ( and press 'Enter'.

Time offset is how far away you are from Greenwich Mean Time. I am in the eastern time zone and we are behind GMT by 5 hours. My entry would be '-0500'. You must calculate your offset and hit 'Enter'.

Your router is capable of acting as a print server as well. You can come back and change it later but for now we will disable this feature. Press 'n' and hit 'Enter'.

A telnet server is a nice interactive way to enter and control your router. We will want this available only to our LAN so hit 's' and press 'Enter'.

Your router can save energy while it is idling and shut off your monitor and spin down your hard drive (assuming you are running off one). You can come back and set this up later. Type '0,0' and hit 'Enter'.

If you will be running from a hard drive you will want to come back later and set a swap file size. For now hit '0' and type 'Enter'.

The extra modules are not things we need to run at this point so hit 'n' and press 'Enter'.

For log sizes we can accept the defaults and just hit 'Enter'.

The host gateway is your default gateway. If you are using DHCP you will not need to provide this information.

You will now need to enter your primary DNS numbers. These numbers are provided by your ISP.

You can also provide a secondary DNS number if you have one.

You can add in a web proxy if your ISP provides one and if you want to use it. Otherwise type in '-' and hit 'Enter'.

Export services is used to route ports from your firewall to machines on your system. These can be set up through the control panel later. Hit 'n' and press 'Enter.

Press 'Enter' to continue.

Well, we are now done with the hardest part. We will now save our settings, reboot and if everything is entered properly our router should start sharing the internet.

Press 's' to save settings and exit.

Type 'reboot' and hit 'Enter' to restart our router.

Your router should now be able to share your internet connection across your LAN. This has been VERY stable for me. I have been running it for about four monthes and have only had to reboot once.

Thanks to RedShoes and Dan for pointing me in the direction of this proggy--you guys are linux freaks!

If you have any comments, be sure to hit us up in our forums.


Copyright 2001-2004 Viper Lair. All Rights Reserved.