Extra
Extra
Get 'em while they are hot!
Seagate 300gb Drives for $90
Seagate 400gb drives for $200
$500 GB drives fro $257!
A whole list of inexpensive drives
from Newegg
Hey there fellow geek, welcome
back! We got one so big for you this week! Well, ok,
it could be small, but the idea is BIG. We are
talking about big storage, lots of it. More data than
you can shake a stick at. Some of you may be able to
remember a when nerds could carry just about
everything they needed on a 1.4 megabyte diskette. We
dug through the Archatechs Museum of Nerdom and found
a 20 megabyte hard drive. When we could finally put
an entire gigabyte on a computer we thought: "surely
this is enough storage to last us for ever, we'll
never need more." Oh what naive geeks we were. We bet
most of you have a more realist idea of storage.
There was a time when people laughed when you said
"hey, I'm going to put all of my CDs on my computer!"
Then the movie industry said: "no one will ever have
enough storage to copy DVDs to their computers..."
But you know better. There just one problem, where do
you fit all those bits and bytes?
Least we
forget, remember to check out the new Technopimpin'
forums!
Let us introduce you to FreeNAS, a simple way to create
your own Network Attached Storage server.
This go-round we are going to delve into building
your own FreeNAS server and why you'd want to do such
a thing. We've been saying for a long time that its
increasingly common to have multiple computers in the
house. With Network Attached Storage you can easily
shared folders, or volumes, that every device on your
network can see and use. With computers shipping with
250 gigabyte hard drives, its pretty safe that say
that you can fit your entire music library on one
computer. But what if you want to share those files
with other computers? Better yet, what if you want to
put your video collection online? Its not as crazy as
you think. DVDs are easy to scratch (we know, we
tried to watch a 5 year old copy of Tron recently
that had more scratches than a 82 Chevy Nova). An
online video library means you can also watch movies
anywhere in your house. Just grab a Mac Mini, hook it
up to your HD TV and connect it to your NAS server.
You've got instant access to all of your DVDs.
Another great use for NAS is just keeping files in a
central location. Want to share a document, throw it
on your NAS box. Finally, and this may be our
favorite reason, you can use it to back up files! Go
ahead, raise your hands if you haven't backed up
lately...its ok, we won't look...ok we lied, we
looked and caught you. Nothing is worse than loading
25 or more blank CDs into your computer to back up,
we know why you don't do it. The bad news is, all it
takes is one virus, one bolt of lightening, one trip
to public hotspot and your data is gone for good. So,
got the picture? Lets build a FreeNAS sever.
What you'll
need:
A FreeNAS CD - downloaded from FreeNAS's
site and
burnt using your favorite burning software.
A old PC - a $70 clunker from Ebay will do. We know
people who like stuff like these
too.
Hard Drives - We'll get into this in detail. Chances
are you'll want more than one. Read on...
Hard Drive Controller Card - optional, depending on
how many drives the old PC you are using supports.
Gigabit network card - this is optional but will
improve your speeds if you have the network to
support it.
We expect the total cost of a FreeNAS solution to run
anywhere from $100 to $1,000.00 depending on how much
storage you want.
But here's the good news. The popular brands of NAS
with 1 terabyte (thats 1,000 Gigabytes) runs about
$1,000.00. You can build one with FreeNAS for about
$400.00! If you don't need a terabyte you can
certainly spend a lot less.
While the ability to share files has been built into
almost every major operating system since Windows For
Workgroups (big nerd high-five for those unfortunate
enough to remember that one!), file sharing at home
has never worked quite as well as in a corporate
setting. One of the main reasons shared folders on
your office network work so well is DNS, or domain
name service. We talked a little about DNS when we
covered IPcop in part 2 of Pimpin Aint
Easy.
Think of it like that cocktail party you went to
where you knew faces but not names. You could
shake hands, but you'd be hard pressed to say "Hey
Joe, been a long time". Well computers on your
home network are the same way. That means if you
want to access files from the office computer on
your wireless laptop, you have to know that IP
address of the office computer. You also have to
know a username and password on that computer to
access those files. FreeNAS means you only have to
remember one IP address, and we'll even show you a
trick to assign it a real name. FreeNAS also
allows you to manage users and access privileges
in one place. For the those of you with true geek
souls, stay tuned for our next article: One
Password to Rule then All, we'll cover a network
directory server for even more user and password
goodness.
One last note before we dig in: FreeNAS does a great
job once its up and running, but the install process
leaves a little to be desired. Its a little tricky,
but we are going to try and walk you through it. You
may have to play around a bit until you get the
set-up just right. While we aren't going to get under
the hood and do anything too techy, a even a novice
linux skill set will help you a lot with this one. Go
a head, give it a try...we promise its not tooooooo
hard.
Lets get started. First, download the
FreeNAS ISO from this
site.
Once you have it downloaded you'll need to burn it
to a CD. That's not as simple as copying the
downloaded file to a disk. We have to take that
ISO file, which is like a freeze-dried CD, and
reconstitute it. On the Mac you can use Disk
Utility, located in your utilities folder. Just
select Open ISO from the file menu and then click
burn. On windows most popular burning software
will take care of ISOs. We like Nero but
UltraISO is an inexpensive alternative.
Before we can load up FreeNAS we have to make some
choices.
First, what is your goal for network storage? NAS can
work in a few ways. In its most basic 'mode' you have
one hard disk. FreeNAS divides that disk two or more
partitions, or virtual disks. The first, and smallest
partition is used to hold the actual FreeNAS
software- its the brains that makes the whole thing
tick. The rest of the drive is used for storage of
your files. Another option is to use more than one
drive to create one large "virtual drive". In that
example you will need a 3rd drive or USB key to hold
the FreeNAS software since it cannot live on disks
being spanned (creating one large disk). Since
FreeNAS only takes about 100mb, you can probaly use
the existing drive in the old clunker you bought. If
that is not an option, look for a 128mb USB key, they
run about $20 in most stores. The final (at least
that we'll cover) way to use FreeNAS is for those of
you who are truly paranoid about losing data. In this
mode you take two or more drives of the same size and
treat them all like one hard drive. The difference is
rather than creating a large virtual disk, the drives
are not "spanned" but "mirrored" So if you put in two
300gb drives then FreeNAS creates a 300gb volume for
you. However it will make copies of everything to
each disk in the array. That benefit is, if one of
the disks breaks or fails, then your data is still
safe on the other disks. Think about it like built in
backup.
Each of these scenarios represents a type of
something us nerds call RAID. RAID, or Redundant
Array of Inexpensive Disks, is a way to take
advantage of more than one hard drive to provide
storage the way you want it. In our examples above
using two or more drives to create one large virtual
drive is called RAID 0. If you want to use 2 disks of
the same size to create a copy on each hard drive,
then you would use RAID 1. But wait, it gets better.
There is another type of RAID we can use called RAID
5. With RAID 5 you can use (at a minimum) three disks
to create a volume that is both redundant and spans
the data. It offers some of the best of both worlds.
With RAID 5 any single disk can fail and you can
re-create it's data by adding a new disk into the
array. RAID 5 gets a little tricky to understand. If
you want to learn more, check out this article from The
Wikipedia. All of you readers may wish to
play with RAIDcalc, a web site that helps
illustrate different
configurations. One last note about Raid 5:
You may actually be able to get more "bang for
your buck". For instance, the going rate (at the
time of writing) for a 500gb drive is about $275.
You can slap two of those bad boys in your FreeNAS
box and use RAID 0 and get a terabyte drive. For
About $600 you have made something that retails
for $1,000.00. But, if we use five 250 GB drives,
about $80 a pop, with RAID 5 you do the same thing
for about $500 (Including $70 for your old
clunker). The best part, even those expensive
$1,000.00 devices don't offer the redundancy of
RAID5! Play around with RAIDcal and determine what works best
for your budget.
Oh, one more thing. Most PC can handle only 4 drives.
For about $35 you can pick up a hard drive controller
card that will support two or four more drives,
depending on the card. Thats just one more reason to
use a USB thumb drive to hold the FreeNAS software.
Dr.
Frankenstein
Now its time to preform the operation. First open up
your subject and install the hard drives according to
the manufactures specifications. If you are adding or
using a controller card, make sure to read up on
installing it as well. Drive and cards usually come
with screws and mounting brackets. They also come
with CD-ROMs chock full of...well, nothing we need,
so toss em aside. Once you have the drives in place,
close up the patient.
This is a bit like a brain transplant, feel like Dr.
Frakenstein yet? This is just like
our article on
IPcop,
once you load in the FreeNAS CD and reboot, it
will format your hard drive. That means everything on it
goes bye-bye! If you are going to use an older PC
of your own, make sure to get any of those old tax
returns off before you do this, you ain't getting
em back.
Once the system boots you'll get a simple text menu:
First we need to actually install the software, so
select option 7
Like we alluded to, we
prefer a USB install. It means you can use all the
drives in your system for the RAID array. Remember,
if you install on a hard drive, that drive cannot be
part of the RAID. The downside is that not all
computers are capable of booting from a USB key. You
may need to play with your BIOS settings to make that
work. You know when you first boot up there is a
message bout pressing F2 or DEL or some other key for
settings? Take a peak in there and see if you see an
option for boot devices. If all else fails, grab a
small hard drive to use outside of your RAID array.
At this menu you want to select option 1 - install
onto HD, CF or USB key. The install is going to ask
for the name of your CD-ROM drive, just use what it
has in the menu above. Its probably
acd0
for most systems. The
next question asks for the USB drive, check the list
of what it offers and find the device that
corresponds to your USB drive, ours was
da0. After the software is copied and
installed, remove the CD and reboot.
After the system reboots you'll see the setup menu
again:
This time, we are going to chose option 1 for the
Interface setup. Again we want to go with what the
system shows us in the menu. 
In our case the
installer has identified the network card as
de0
so enter de0 for the
LAN interface name. Once you are done, the system
will prompt for a reboot.
This time, from the main menu we are going to set up
the IP address for the system. So select option #2
Since we are going to
need to know the IP address of the server when we are
done, DHCP is not an option. We need to manually
assign an IP address. Make sure its one that is not
being used by anything else on your network. If you
are using IPcop and configured it according to our
article, then anything below 100 should be safe. We
chose 10.1.1.55
. Also, make sure to
use an address within your subnet. That means if your
computers all use 193.168.1."something" then FreeNAS
needs to also start with 192.168.1... The system then
asks you for the Subnet bit count, this is a fancy
way of entering the subnet. Since most home routers,
including IPcop, only use class C addressing,
or 255.255.255.0,
then entering 24 for the bit count should work for
almost everyone. You should see this screen next:
Great news, that was
our last step in the black and white wold of the
installer!
To the
Web!:
Now that we've installed the software and setup the
networking pieces, we can do the rest from the web
based gui. Using firefox, or any web browser, enter
the IP address that you assigned.
You will get prompted for a username and password.
The default username is: admin and the password is:
freenas
. You should get a
screen that looks like this:
There is a lot going on
on this page, so we are going to focus on the basics
of getting the file server up and running.
Lets start in the DISKS menu. Click on
Management.
From here, we can see a
note that says we need to add the hard drives. Just
click that little plus sign hanging out there on the
right side of the screen.
There are a lot of
options on this screen. We have chosen to keep the
defaults, but you may want to investigate the power
management or acoustic level settings. If you are
creating a server that will be accessed infrequently
it might be advantageous to conserve power.
Similarly, if you are going to place the FreeNAS
server in a room where you spend time, you might want
to optimize the drive to run more quietly. Of course
that also means the drive is going to run a bit more
slowly, and that could cause issues with sharing
music or DVDs. With your options set, click the ADD
button. Oh, we didn't forget about the formatting
menu, we'll come back to that! Repeat this process
for each of the drives in your system.
That should bring you back to the main disks screen
but this time you'll see your newly added disks. You
should also see a note about applying the changes. If
you are happy with your choices, click the apply
button. Now, select the Format tab on that same
screen. Again, keep the defaults and click
Format. Remember, this is going to erase
your drives!
FreeNAS will report the
output of the formatting commands and let you know
when it is complete. This time we are going to click
on Mount
Point from the
left menu.
Again we want to click the little plus sign to create
a new mount point. We are going to keep the defaults
and give the mount point a name, we chose "music".
Remember to save and then click the apply button.
Share
the love
We are almost done with a very basic setup. Just a
few more steps and you'll be sharing files left and
right. There are several ways, or protocols, that we
can use to share files and folders. The most common
for windows and the mac is something called CIFS, you
may also know it as SMB or just windows file sharing.
Under Services on the left, select
CIFS.
As usual we are going
with mostly defaults. The options you do want to fill
in are the NetBiosName
and Workgroup.
For the NetBiosName give your FreeNAS server a name,
anything you like. For the workgroup you want to use
the same setting that you use for the rest of your
computers. If you've never heard of that setting or
have never changed it, then just enter "workgroup".
You'll notice that we used our own internal domain
name. We also entered the address of a WINS server on
our network. If you don't have a WINS server, and
lets face it you probably don't, then just leave that
blank. Click save when you are done.
Take it for a
spin - thats hard drive humor
WOW! Once
again we've managed to burn about 2 hours of your
time and you may not even be sure why at this point.
Well its time to test the system and see how we did.
Windows:
There are
a few ways to access shared drives in wndows. The
most user friendly way is by going through My Network
Places. However, My Network Places in windows
requires a WINS server to really work correctly.
Microsoft knows that most people don't have WINS
servers at home, thats why they built a mini WINS
server into each copy of windows. The problem is that
is just doesn't work! So, we are going to teach you
the super-geek way...hey you can use it to impress
your friends.
First, click the start button, and click run.
That will cause the run
dialogue box to appear. Once it does, we want to
enter the IP address of the FreeNAS server proceeded
by two backslashes, those the the ones right above
the return or enter key.
Click OK and you should
see a widow like this shortly:
Congrats! Check out
your shared folder and enjoy! You can point your
itunes or windows media player library there and
share your music files all over the house!
If you want to make sure you always have the shared
folder, you can "map" it as a network drive. Thats a
little tricky so check back for part 2 where we'll
cover that.
OS X
Like
windows' my network places, OS X can browse the
network graphically, but its also a little rocky. We
are going to follow a similar approach for mounting
the drive in OS X.
In the Finder click the GO menu and select
Connect To
Server...
Here we are going to
start with cifs:// followed by the IP of the FreeNAS
server. We've also included the name of the share
which will take me right into the Music folder.
Click Connect and you'll be rewarded with your new
shared folder.
Oh, and those other entries in the Favorite Servers
section, see how they use a name and not an IP? Thats
all part of Part 2, so come back soon! We'll also
show you how to make sure the share is available
every time you start up.
So, pat yourselves on the back and take pride knowing
you've pimped your pad yet again!
What's
Next?
In part 2 we are going to look at:
RAID
Adding multiple shared folders
auto-mounting the shares
Sharing media files such as music and videos
Adding security to the shares
and much much more!
Like this
article? Digg It!
Editors Notes:
We've been on a bit of a break, but thanks to some
encouragement from Ultimateone and a few others we
are ready to push Part 3 of pimpin' out the door to
you. This one is a little light on whit and a tad
dry. Check back, we'll keep re-working this article
as we have time.
After a little summer hiatus we are back and ready to
roll on the 3rd and final post in this series. If you
followed Pimpin' Part 1 and Part 2 then you are well on your
way to a home network that would make any nerd
proud. Last time around we talked about using an
old PC and IPcop to build your own router and
firewall. In part 3 we are going to go into some
details on customizing IPcop as well as our take
on WiFi networking. So grab a mountain dew and
your copy of the matrix because this is going to
be another geeked out venture deep into the world
of nerdom. Like always, drop us a line or leave a comment
if you have any questions.
At a recent dinner party- yeah even the boys in the
lab get out, sometimes- we overheard a conversation
about MySpace and how the internet is dangerous for
children. While none of us in the Archatechs
corporation claim to be parenting experts, a true
nerd knows there is safety in numbers (specifically 1
and 0). One way to keep children safe is to regulate
what they can and cannot access on the internet. Most
schools- at least those with net access- are already
applying this 'content filtering' to make sure even
innocent web search don't trigger an adult-orented
advertisement or worse. Think of content filtering
like the child lock on the liquor cabinet or the
parental controls on your TV. Perhaps you are just
tired of ads or pop-up sites, no one said you have to
do this for the kids only. Another useful trick is to
control access to selected services based on time or
day. Want to make sure Junior isn't on myspace or
using instant message during homework hours? Just
turn on a rule on IPcop.
The other area we promised to cover this week is
setting up security for your wifi network. Since your
wifi signal may very well extend past your front door
and out into the street, it makes your network an
open target. Really there are two threats: A) someone
accesses your data B) someone uses your connection to
do something malicious. While both come some of other
nasty side effects (like slowing down your
connection) really you have to decide if you are
concerned by either or both threats. Frankly, even
though its our policy to enforce security, we have
had some discussions with people who are just not
convinced. We've heard "Oh, I dont have any data I'm
worried about" or "why would someone hack my
connection with a password, when there is an open
connection from my neighbor". Don't worry, we'll
scare you into following our security logic, keep
reading!
Before we can talk about filters and wifi and tcp and
udp and any other TLA (three letter acronym) we have
to lay some ground work. One of the King Nerds out
there has got to be Steve Gibson of GRC.com. Steve
hosts a security related podcast with
ex-TechTV host Leo Laporte. Steve has had some
great discussions about how home networks, routers
and the internet, in general, works. We suggest
episodes 25-27 and 42 of Security Now. We like to think
of internet routing in terms like the postal
service. In part 2 we mentioned that each router
is like your local post office. Think about
mailing a letter from Washington DC to San
Francisco. When the local postman in Washington
picks up your letter and sees the destination is
1234 Main St in San Francisco he probably doesn't
personally know how to personally get the letter
all the way to San Francisco. So, he takes the
letter back to the post office which knows how to
get it to the post office in San Francisco. That
San Francisco post office gives it to a post man
who knows just were 1234 Main St is. Here's where
it gets fun. Lets say 1234 Main St in San
Francisco is a business with 4 people working
inside. If you want the letter to reach a specific
resident then you have to address it to them. The
postman doesn't know who any of the people inside
are, thats the job of the person in the mail room.
The internet works pretty much the same way. Your
Internet provider (ISP) gives you one public IP
address. That's like your street address for the
internet. But what happens when traffic needs to
reach a specific computer with in your house.
Thats where the router works its magic. It allows
you to share that one public address with many
computers. Now you are asking, right but how is
that a firewall. Well, perhaps that is a term that
is frequently misused, but we won't get into that
right now. What we do need to discuss is the geeky
magic that is NAT- or network address translation.
When you enter www.google.com on the kitchen
computer the router makes a tiny little note "ok,
if any traffic from google comes back, I need to
make sure the kitchen computer gets it". Then
someone in the office trys to go to
www.bbcnews.com and the router makes another
little note. All of the sudden traffic from a
hacker just appears at the routers door. The
router checks all its little notes and says "hey,
no body requested this traffic, I'm just going to
totally ignore it!". That's how NAT router protect
you. By literally dropping unsolicited packets you
are guaranteed to get only the stuff from the
internet that you requested. Its been demonstrated
that a if you put a Windows XP computer right out
onto the internet with no protection that it will
become compromised with spyware and viruses with
in seven to 15 minutes! Putting a simple NAT
router (like our IPcop boxes) in front of your
network will keep your computers safe from most
threats.
Ok, but what if you actually want the
outside world to have access to one of your
computers. For instance, you are planning on building
a Trixbox server for VoIP, but in the mean time you
are using Skype. Well, if your router is blocking
unsolicited traffic and a call comes in, then the
router is going to drop the packets before they ever
make it to your computer. (For the alpha nerds out
there who are shouting 'but what about skype's
ability to traverse NAT routers!' we hear you, just
go with it as an example) In instances like VoIP, or
some games, it may be necessary to allow traffic from
the internet that you didn't specifically request.
Since we know putting a Windows computer unprotected
on the net for even a little while is risky then how
can we expose only a tiny portion of that computer?
Ports. Think of ports like windows in the house. You
wouldn't want to leave your front door wide open, but
it may be ok to allow some fresh air in through a
window. Ports are your computers way of doing the
same thing. For instance, to view this web page you
are talking to our servers on port 80. In order to
bring you this pimptastic content we don't have to
let our servers hang out in the net unprotected, we
just open up port 80 and keep everything else
battened down. Got the general idea? Lets say you
want to access your home Windows XP pro computer from
anywhere on the internet? Just enable remote desktop
(right click on my computer, click on properties and
then click on the remote tab) and open port 3899 on
your router.
In IPcop you access the port forwarding section from
the firewall menu. Just select Port Forwarding.
Pasted Graphic
One of the reasons we like IPcop over the traditional
consumer routers is its ability to preform 'stateful
packet inspection'. That means you can pick and chose
who on the public internet you want to open ports
for. Its not the most secure idea to open access to
XP's remote desktop to the entire world. However, if
you know your IP address or range (ask your IT guy)
then you can allow access to remote desktop only from
your work computer and not anywhere else on the
internet.
But we promised you an article on content filtering a
WiFi and here we are rambling about ports. If you
want to know more about some common ports (or need to
determine what ports to open) check out PortForward. You may also want
to do a few google searches before you open a
port. If it is one that is known to be a security
hazard then you might want to consider an another
plan. For instance, ports 138 and 139 deal with
windows file sharing. Its probably not a good idea
to open your hard drive to the entire world. Also,
security experts are ardent that changing a
services default port is always smart. In that
regard you may want to be able to access your Mac
via VNC remote control. VNC normally operates on
port 5900, but we'd recommend picking something
random like 8764. Normally that would take a trick
or two in the configuration on the VNC server.
However with IPcop you can specify a source port
of 8764 and a destination port of 5900. That means
you can contact your Mac via 8764 on the internet
and never have to change the default settings on
the Mac itself.
Show me the good stuff (only)
We had the boys in the lab check out several of the
filters that are available for IPcop and give us
their opinion. While they liked bits and pieces of
each, there just wasn't a solitary solution that fit
the bill for everything we wanted... but there are
two add-ons that combined make a great content
filter. URL Filter and Advanced Proxy by Marco
Sondermann make a dynamite combination. Advanced
Proxy builds on the Squidguard proxy already
present in IPcop and puts some advanced features
at your fingertips. With advanced proxy you can
specify which computers are filtered and which
ones have unfettered access. You can restrict
access times, types of traffic and more. URL
filter adds even more functionality by allowing
you to block content by types. Simply put a check
box next to "drugs" and IPcop will do its best to
block access to sites relating to drug use or
sales. One of the nice things about URL filter is
the ability to block sites at certain times. Just
enter oscar.aol.com from 3pm - 5pm and you've
blocked AOL Instant Messanger during prime
homework time. Installing both AdvProxy and URL
filter takes a little work under the hood, but we
are here to guide you through it.
First, download both URL Filter and AdProxy from the
links above. Getting the files over to your IPcop box
requires the use of SFTP, or secure File Transfer
Protocol. On windows we like to use WinSCP. While OS X has sftp
built in to the command line tools, for a nice
pretty graphical interface we go with Fugu. Fire up either WinSCP or
Fugu and enter the address of the green network
card in your IPcop box. Its the same address you
use to access the web interface, probably 10.1.1.1
if you followed out lead. Normally SFTP works on
port 22 (like SSH) but in the name of security
IPcop uses port 222, so make sure you change that
in the appropriate place in your client. For the
username, we are going to use the root account-
you do remember the password from the install,
right? Once you've logged in you can drag and drop
the files from your computer to IPcop. We like to
put everything in the root directory, /root/ .
Once you have everything copied over, its time to
get into the command line. We are going to
interact with IPcop via SSH. If you are using a
Mac, just open up the terminal
(Applications-->Utilities--> Terminal). On
windows you can snag a free copy of Putty. Again we are going to
log in as root and we have to change the port to
222. In putty you'll see a place for the port. On
a Mac the command looks like this: ssh -p 222
root@10.1.1.1 .
Make sure you use the appropriate address if its
not 10.1.1.1 . Once you are logged in you should
find yourself in the root directory, if not just
type cd ~ then
press enter. Those two files we copied,
ipcop-advproxy and ipcop-urlfilter should be
present. You can check by typing
ls
then
enter.
Now we have to extract the files. In linux tar/gz
files are like zip files, they are compressed and
contain many files inside. Here are the commands to
extract the two files. Just copy and paste and press
enter/return after each one. Also, you may need to
change the version number depending on which version
you've downloaded.
tar -xzf
ipcop-urlfilter-1.7.1.tar.gz
tar -xfz ipcop-advproxy-1.2.2.tar.gz
To install the proxy server, just copy and paste this
command followed by enter/return.
./ipcop-advproxy/install
note
the leading period, its crucial! After a few seconds
you'll get a message that the installer has finished,
time for the URL filter.
./ipcop-urlfilter/install
Again,
pay attention to that leading period.
Assuming you didn't get any errors, then you should
be good to go. Open a web browser point it at your
IPcop box (probably https://10.1.1.1:445). You should
have two new options in the services menu: Advanced
Proxy and URL Filter.
First, lets check out Advanced Proxy.
A proxy works by sitting on the edge
of your network and relaying requests for websites.
That means that your computer sends a request for
www.google.com, the proxy server intercepts the
request and makes its own. The proxy server then
retrieves google's page and relays it back to the
your computer. The end result is that your computer
talks to the proxy server and the proxy server talks
to internet for you. So why all the bother? Well one
reason is exactly what we are after. The proxy server
can filter offensive or unwanted content. Believe it
or not, a proxy server can also speed up surfing.
Since the server will cache, or store some of the
graphics and information, it can help load pages
faster. Oh, by the way, cache is pronounced like
cash...just a pet-peve that we harbor around the
Archatechs world headquarters. In order to take
advantage of the proxy you have to enable it. If you
are running a blue network for unprotected wifi
clients then you'll see two options: proxy for green
or proxy for blue. If you only have a green network,
then you'll just set the one set of settings. Make
sure to check all of the boxes. We want to enable the
proxy on both networks (we'll talk about some special
blue tricks) and make it transparent. Transparency
means you don't have to configure anything on your
computers or web browsers.
If your ISP requires you to use their proxy as well,
you can fill that information into the next part of
the screen - upstream proxy. Similarly, if you are
using a service such as proxify you can fill in their
proxy information here as well.
Cache management depends on your IPcop hardware. But
if you are using something with more than 256mb of
memory and more than 2gb of hard drive space then
feel free to crank the numbers up. Memory cache is
how much of the RAM (or memory) the proxy server will
use. Remember RAM is always faster than hard drive
storage, so throwing a little more RAM at the proxy
server will help- especially if you have a lot of
bandwidth. We like at least 250 - 500 mb of hard
drive cache. Think about the cache like this: the
proxy server goes to google and says "hey, I have
this copy of your logo that is a week old, is there a
newer version? No, ok, I'll use my copy, don't send
me a new one". Thats where that little speed
advantage can come into play. Believe it or not, that
little exchange is often faster than just requesting
a new version of the graphic logo file outright.
Restricted Air Space
The next section, Network Based Access Control,
allows you to specify specific computers which have
totally unfettered (or blocked) access. For instance,
if you want to make sure the computer in your home
office is never filtered (the proxy doesn't apply)
then you can add it's IP to the unrestricted IP
address section. Similarly, if you have a device that
you never want to access the internet, place its IP
in the banned range.
The next section also deals with restrictions. Adding
time restrictions allows you to effectively turn off
the internet for your entire network. Since you'll
probably want to do that on a per-computer basis, we
are going to revisit that with the URL Filter. The
download throttling can be especially useful. If
you've set up a blue network with an unprotected WiFi
access point, then you can provide free internet
access for neighbors and guests. Thats a very
magnanimous thing to do, and we encourage it (if your
ISP and local laws allow it). However, of generosity
only extends so far. Its no fun if someone is
stealing all of your bandwidth. In other words, if
the kid down the street is downloading movies all day
and night on your connection, that doesn't leave much
speed for you. Similarly, if someone with a computer
infected with malware/spyware joins your blue
network, they could unknowingly be used to attack
other computers on the internet. Limiting how much
traffic they can send and receive just makes sense.
How much you limit each connection is up to you. On
the green network it may not be necessary to limit
connections at all. However, if someone in the house
is a heavy user and you find speeds elsewhere to be
unacceptable, then you can place limits on the green
network as well.
Here we've limited the entire blue network to about
one megabyte per second. We also limited each
individual computer on the blue network to only
one-half a megabyte each. That means the entire blue
network cannot exceed 1 megabyte/second and each but
each individual computer only gets one-half a
megabyte. Since broadband is considered to start at
256kbs (or 1/4 megabyte / second) then we feel like
that is ample for a guest.
The last few sections of the Advance proxy deal with
advanced settings. To learn more, check out the
documentation here. The
authentication section will become interesting
when we discuss the Fedora Directory Server- but
thats another post coming soon.
URL Filter
Before we leave the advanced proxy,
make sure to enable the URL Filter. Its towards the
bottom
Now select URL Filter from the services menu in
IPCop.
Right off the bat you can block entire categories of
content for every computer on your network. Blocking
ads for every computer may make sense, but you may
not want to categorically deny everything to
everyone- we'll get to that.
The custom black and white lists allow you to
explicitly deny (black list) or permit (white list)
sites or domains. For instance, you may want to block
all mail sites but allow access to Google Mail.
Simply place www.gmail.com in the white list box.
The custom express list requires knowledge of a
computer language known as regular expressions, or
're'. So unless you are comfortable with 're' then
skip down to Network based access control. This is
just like the same fields on the Advanced Proxy. If
you want to allow unrestricted access to a specific
computer, list it here. This can be useful if you
want to block entire categories but have one (or
more) computer that is unaffected.
The Fun Part - or how to be Big
Brother
Depending on how you feel about restricting access,
this is either the fun part or the part that makes
you Big Brother. Click the time constrtin button in
the middle of the page. You'll get this window:
This is where you can block specific sites during
specific times. If you wanted to block access to
AOL's Instant Messenger then you'd add oscar.aol.com to
the source host. Next fill out the times you want to
block and click add. You can also block or allow
entire categories this way.
Where to go next
Thats the basics of URL Filter. If you want to get in
deeper, check out the documentation here. For the
truly paranoid (or to awaken the control freak in
us all), check out BOT, or Block Out Traffic. Just
make sure to read the docs carefully. If you
miss the crucial install step you won't be able to
log into IPcop at all!
Did we say paranoid?
If you haven't noticed we are a little freakish on
wifi security. We have these conversation all the
time:
Or it goes like thisArchatech: "what kind of wifi security do you have?"Friend: "I don't need security, I don't have anything important to protect"
And then there is this oneFamily member: "we WEP, it works just fine (and its all TiVo supports)"Archatech: "you know WEP can be cracked in 10 minutes, right?"Family Member: "well yeah, but who is going to take the time to break mine when there is an open network next door?"
A lot of you probably feel the same way; you've got nothing important or don't think anyone will bother breaking in. You might also be under the impression that hiding your network name or filtering MAC addresses is security. You'd be wrong on all counts.Archatech: "Why don't you use security?"Co-worker: "I use MAC address filtering and I hide my SSID (wireless network name), thats safe enough"
WiFi security is about two things. Protecting your network from outsiders and encrypting your traffic. Lets tackle the first one for starters.
Close your boarders
With a wired network, someone has to physically have access to a CAT5 port to gain access. If you doors and windows are locked, its pretty tricky to plug in. With a wireless network all of the sudden your network extends past your doors and out into the street. Its pretty hard to control invisible radio waves. What we can do is make sure passer-bys cannot use those waves. MAC filtering and SSID hiding are ways, albeit poor ones, to help keep others off your network. Every networking device in the world has a unique serial number called a MAC address. No two devices (network cards, wireless cards, bluetooth devices, VoIP phones, xboxes, etc) have the same MAC. Almost all wireless access points (and even IPCop) allows you to maintain a list of "allowed" MAC addresses. If your MAC isn't on the list, you don't get access. Sounds like a good way to lock things down, right? Well besides the hassle of having to maintain that list on on each access point, its just broken. It turns out changing the MAC address, called spoofing, is pretty easy with some free software tools. There are even tools out there that discover valid MAC address on the wireless network and report to you which ones you can spoof to gain access.
The SSID is the name if your wireless network. When you hide the SSID windows will not give you that little pop-up that says its found a network. You'd have to know the network name to join it. Well, almost any wifi "sniffer" tool will thwart that and find hidden SSIDs.
Even if you don't have important data on your computer you have some things to protect. First your computers themselves. Hackers would love to get remote control of your system and use it for malicious hacks. One of the most common is called a DDOS, or distributed denial of service. Hackers commandeer an army of computers (which they have hacked for remote access) from all over the net. Then they make all of those computers point to one web site or server. The overwhelming amount of traffic, from around the world, basically shuts the site or server down. The other thing you want to protect is your bandwidth. Remember setting that traffic limit on the blue network? Well if someone compromises your green network then you could suddenly find all of your bandwidth is being used by someone else!
Pimp your signal
The other real problem with using MAC filtering or SSID hiding is that they still do nothing to protect your traffic. The other part of wifi security is encryption. With out strong encryption you are not only extending your network outside of your doors and into the street, your broadcasting everything your do. Every email you send will be out there floating around the air for anyone to see (or 'sniff'). When you employ strong protection your traffic becomes encrypted, meaning everything between your computer and your wireless access point is unreadable- by anyone!
Where WEP failed...
Early wireless access points used something called WEP to protect access and encrypt traffic. The basic flaw is that they transmitted the "key" over and over. So someone could "sniff" the airwaves and observe enough messages between your computer and the access point to figure out the encryption. This gets a little tricky, but its based on something called a "one time pad". For more information, listen to episodes 10 and 11 of Security Now. You can also read transcripts here.
Here is what you need to know about WEP, it can be cracked in 10 minutes by a kid with a laptop. Once its cracked, everything you do can be observed and your systems are all exposed and at risk. With strong encryption in place you rest assured that no one can read your traffic, even other users on the same wireless network.
WPA Succeeded
The next generation of wifi security is called WPA and it fixed the loophole in WEP. Basically, no two keys are ever used more than once, so no matter how much of your traffic someone captures, they'd never be able to ascertain the key to unscramble it. There is a known vulnerability though. (queue scary music) When you use a short password or, even worse, a common dictionary word, as your password you can be at risk. Someone could capture a block of your traffic and attempt a "brute force" attack where they try and unlock the block of traffic by trying every word in the dictionary. For short, but random, passwords they can even attempt every combination of letters and numbers. The good news is that even with modern processors, this takes time. Someone would have to really want in badly....never underestimate those kids with laptops though!
The solution is to use the longest, most random password your access point will support. We like Steve Gibson's password generator, but you can download or use any one you like. GRC's password generator includes some notes on how its written and we trust it. If you download a password tool make sure you know how it works and that you trust it. When using any tool, its a good idea to mix several passwords. Most routers allow a max of 64 characters. You can take 32 random characters from GRC's page and then reload the page and take another 32. You can even mix and match sections of 8 or 16. That way you know your password is truly unique.
Once you have the password, simply paste it into every wireless access point you want to protect and enable WPA or WPA2 (WPA2 is newer and may not be supported on all hardware).
What's the Key?
So, you've' got this super long random password, how do you get it on each computer that needs to connect? Grab a $15 128mb USB key. Paste the key into a text file (we like plain text rather than MS Word) and put that file on the key. When ever you need to add a computer to your WiFi network, simply plug in the key and copy and paste where needed. Make sure to keep that key safe! One trick may be to copy several passwords, each 64 characters long into the text file. Lets say you paste 5 different passwords into the text file, you know that the 3rd one is the valid one. You could even copy and paste from the first 32 characters of two different lines. Hey, we said paranoid, right?
And I've gone crosseyed...
Got the big picture? With properly secured access points on your green network, you can sleep safely knowing that your wifi is as secure as your wired network. With an open access point on your blue network you can allow guests and use devices (like TiVo) that do not support WPA encryption, all while knowing devices on the blue network cannot talk to the green network (unless you open ports in IPcop). Its the best of both worlds: secure private wireless and a open but cordoned off public network. If you need to grant access to the private network, just whip out the USB key with your super long and random password and you are good to go. Hopefully you also have an understanding of how your IPcop router uses NAT technology to keep the bad guys out. With a few simple add-ons you can even custom tailor the access that each computer and yours in your house has to content on the web.
Coming Soon to Archatechs
Archatechs Call to Action - Net Neutrality: some politicians and big business want to charge you extra for the internet depending on what you want to do (like VoIP). ITs time to tell congress what you think.
One password to rule them all - Fedora Directory Server and single-sign-on
Storage for everyone - FreeNAS and online storage
So, you spent last weekend crawling around under your house, pulling wires, attaching CAT5 ends- and what for? What are we going to hook that bird’s nest of copper into? This time around we are going to talk about the equipment that turns wires into a network. From the topography to hardware we’ll have you one step close to nerd Zen.
Of course, we want to remind everyone in the Central Virginia area to contact us at info@archatechs.com if you'd like some help pimpin' your home - nerd style.
We here at Archatechs know how you feel. You are asking yourself: “Why for the love of Calico Vision would you do all of this work? I can get a wireless router for $40!!!” Ok, we hear you. Let’s be honest, we do this kind of stuff because we are geeks! On the other hand there are some real reasons to consider building your own router. First is flexibility (and you thought we’d say security). Linux-based routers, such as IPcop, allow you to take advantage of features not often found in off-the-shelf models. With IPcop we can do things like traffic shaping, where the connection to your voice provider takes priority over all other traffic. That way when Junior is downloading music your call quality is not affected. Traffic shaping is also nice for folks who work at home. You can prioritize your VPN connection to the office. Another area where IPcop provides flexibility is content filtering. IPcop allows you to block offensive websites, instant messaging and more. The icing on the cake is that you can be selective about where and when you block things. For instance, you can turn off IM during homework hours for the kids but block adult sites for them all the time. Conversely, you may never block traffic from your office computer.
The second reason is security. For the most part the NAT (network address translation) that IPcop provides is the same as a Linksys WRT45g, or any other off-the-shelf router. Where IPcop excels is in providing real time, active protection (sometimes called stateful packet inspection). IPcop can not only allow you to open ports but you can isolate access to those ports from a specific IP address or network. That means you can safely open the port for Windows XP’s remote desktop but specify that only your work computer can access it. Thus, IPcop will reject traffic to the remote desktop port, unless it comes from your work computer. Another great security feature is the inclusion of snort. Snort is a firewall that monitors attempts to break into your network. Snort looks for people attempting to use the latest security exploit against you and helps protect your network. With a few simple add-ons you can make IPcop a powerful virus and spam filter. Forget running a program every night on each computer, let IPcop stop viruses and spam before they even hit your network!
IPcop is also great for wireless networks. It includes the ability to have a second WiFi network that is cordoned off from your main network. That’s nice for devices that cannot support wireless security or for providing guests access to your internet connection. Before we get in too deep, rest assured, we are going to discuss network design a few pages down.
Finally, IPcop is just more reliable. Linksys, D-Link, Netgear and the other major providers have made some great improvements. However, we’ve still seen problems with all of the major devices ‘locking up’ with more than four or five devices. That’s not a rule of thumb, per se. But we like rock solid, and that’s what IPcop is.
Oh wait; we didn’t really say what IPcop is did we? IPcop is free software you install on any old PC turning it into a power firewall and router. Just like Trixbox or Asterisk@home when we talked about VoIP, IPcop comes as a downloadable CD. You take an old PC- bet you can find one for $40 on ebay- and load the IPcop CD. After about 20 minutes of loading and rebooting you have a fully functioning router and firewall. You configure the router with a web browser, just like the ones from the major manufactures. Of course, you’ll need to add a few network cards, but you can usually pick those up for $15 at your local ‘big box’ store. Put simply, IPcop becomes the backbone of your network. It’s what gives you a firewall, content filter, virus/spam filter and more.
Red, Green and Blue
Before we get into installing IPcop we need to do some design work. If you made a drawing for your network from our first post then grab it. In most home installations the topography is pretty simple. You have an internet connection coming in, we’ll call that the red line. Then you have your computers and devices in your house, we’ll say those are on the green lines. If you have devices that don’t support advanced wireless security, or have the need to allow guests to have access to your connection then you can also set up a blue section. Basically traffic flows upstream from green out to the internet or red. Things from red cannot talk to green devices (unless you explicitly allow it). If you have a blue section then it works similarly. The catch is that blue devices cannot talk to green devices (unless you allow it). That way you can put guests on the blue section and they can have access to the internet but not your computers (which are green). Got it straight? How about some pictures to help?
This example shows a simple red/green setup. Notice the switch, we’ll get there soon. In this case all the green traffic can pass freely to the internet, but not vice-versa. So, you could go to www.archatechs.com from the green laptop. But a hacker cannot even see the green laptop, let alone attack it.
Here we are showing an example with a blue network. We’ve removed the lines to make the picture a little cleaner, but it works the same. Devices can connect to internet sites just like green devices. They are also protected, just like green devices. However, blue devices cannot talk to green devices. That means you can allow a guest to use your internet connection without fear that they will be able to see your data.
Making the Switch:
We’ve often referred to switches, but haven’t gone into detail about what they are. When you think about cable TV, you may think of those little splitter devices. One cable goes in and two cables come out. Well, the idea of a network switch isn’t much different. If you want all of your devices to be able to talk to each other then those cables have to be connected somehow. Unlike older telephone technology, we cannot simple twist all the little copper wires together and tape it up with duct tape (oh, like you’ve never done it!). What we can do is plug each wire into a switch. A switch takes traffic from one device (like a computer) and transmits it to another device (like a networked printer). Switches can even talk to other switches. We mentioned using two switches to make running wires between floors a bit easier. Need a visual, take a look at this:
By using two switches and one single CAT5 cable between the two of them, all of the devices on each switch can communicate. Here the computer in the kids room can print to the printer in the office, all through the switches.
Get the Blues
In our first part of Pimpin Ain’t Easy we talked about a home base. The idea was to pull all of your CAT5 cables to that home base and put those plastic ends on them. Then we said you could plug those ends into a switch. The switch is what gives those cables a purpose. With one end secureed into the switch and a CAT5 (Ethernet) jack on the other, you can plug a device into any jack and have it talk to other devices around the house. Don’t forget, your router is a device like any other- it has to be plugged into the switch too!
Right now you are thinking ‘why didn’t they tell me this last time?’ Fair enough, but we wanted to introduce the concept of the blue network before we made any final decisions on switches. If you have jacks in a guest room, or would like to set up a guest wireless network, now is the time to think blue. Honestly, almost any laptop purchased in the last few years is going to have WiFi networking. We like to install a single access point on the blue network for guest access. However, if you prefer to have some of your jacks wired on the blue network, you’ll need a dedicated blue switch. Often we’ve used smaller 4 or 8 port switches for the blue network. That gives you plenty of ports (receptacles) for a guest room, an access point and future expansion. Here’s the kicker, if you simply plug the green and blue line into the same switch, there is no way to predict which network your devices will be on. That means you desktop could be on the green side, then after a reboot show up on the blue side. That’s not fun, we don’t like that.
Here’s what we are talking about
Like we said you can use a smaller switch for the blue network. However, if you are only connecting an access point, you can omit the switch and connect the access point directly to the blue part of the IPcop router.
Route 101
What’s this router business about anyway? Routing is about connecting two different networks. Think about it like this, lets say you have a letter to mail (you know, before e-mail). If you write and stamp that letter in your living room, my guess is that you know how to get it to you office or to the kitchen. However, do you really know how to get it across town? Think of the post office like a router in that case. It picks up your letter and takes to the post office. Then it sorts it and takes it to a building across town. Easy enough, right? Now what if you are sending it to another state? In that case, your post office in Washington DC may not know how to get a letter to a building in San Francisco, CA. In that case your post office sends the letter to the San Francisco office which does know about the streets and buildings in San Francisco. That’s two routers talking to each other! Replace the word ‘letter’ with the word ‘packet’ and you’re all set. In order for packets to get from your local network (green) to Archatechs out on the internet, a series of routers takes that packet from your computer, over the internet and to the router in front of our servers.
This is where the beauty of a technology called NAT comes into play- but that’s the topic of Pimpin’ Part 3. Stay Tuned.
Officer stop that packet!
Whew! That was a lot to digest. By now, you’ve got your cables run, your jacks in the wall and your switches set up on the other end. At this point if you could plug two computers into your network jacks and they may be able to talk to each other. There’s another layer that we touched on yet that’s required to make everything really come together: IP address. Fret not, that’s part of our IPcop setup process.
First, the hardware; here’s what you’ll need to get IPcop up and running:
- Old PC- you may have a relic lying around or you can find one on ebay. All you need is a Pentium processor (even 250mhz will do), 128mb of ram and about 2 gigabytes of hard drive space. Don’t spend more than $40!
- 3 network cards- most likely your old PC has one built in, in which case you only need two more. All we need are inexpensive 10/100 Ethernet cards. These are about $10 – $15 at CompUSA, BestBuy or Circuit City.
- A few CAT5 patch cables – if you have RJ45 and some left over cable from Pimpin’ Part 1, then you can make your own. Just use our wiring diagram (from part 1) and put the plastic terminators on both ends. Three or for patch cables should do it. If you do buy them, get 1 of each color: red, green, blue and orange.
- A permanent marker
Now the software:
- Download IPcop from here. It’s an ISO file, which is a compressed ‘snapshot’ of a CD-ROM.
- Burn the ISO to a blank CD. In OS X you can use Disk Utility (Utilities Folder) on Windows you will need to download a tool. We like Nero Burning Rom or UltraISO. Both have free trials.
Time to crack open the case of the old PC and install the networks cards. You can throw away and CDs or driver discs that came with the cards. Refer to the instructions the manufacturer provides for installation. Usually it’s just a matter of snapping the cards into open PCI ports. Now, borrow a keyboard and monitor from another computer and plug ‘em into The Subject (the old PC). Plug in the power and boot it up. As soon as you have power, put the CD in the drive. You’ll be presented with the IPcop logo and some text instructions. Just hit enter. At this point IPcop will warn you that it is going to format the hard drive- that means erase everything that is on it. If you had some old bank records you may need, now would be the time to remove the CD and move those files off. If you are ok with wiping the drive, just press enter to continue.
You are going to have about 20 minutes on your hands. You could click on one of our sponsor’s ads or add to the Nerd Honeypot or you could just have coffee.
After 20 minutes or so, depending on how old The Subject is, IPcop will be and ready for you. This part is still text based, but don’t worry its easy. Just use your arrow keys to move around and tab to change fields. The spacebar is like your mouse button, and enter/return clicks buttons.
House of Cards
One of the first steps that IPcop takes is to determine which network card you want to use for what. For most set-ups you’ll want to just select ‘probe’. Probing will try and determine which driver to use for your network cards. This is where it gets a little tricky. IPcop will find the first card that it can use and assign it to the green interface. So, how do you know which card it has found? Well IPcop will report the make and model, but if you bought two or three of the same card (and why wouldn’t you?) you may not know which one IPcop has found. Nevertheless, we’ll come back around to that later.
IP Addresses:
At this point in the install you’ll need to assign some IP address. Just like every house on your street, every computer on a network needs to have an address. Those take the form of 123.456.789.101 . If you have used off-the-shelf routers you may be used to seeing 192.168.1.100 for your computer. We are going to keep our IP Address discussion short (because we want you to read Pimpin’ Part 3 damn it!). Nevertheless, you will need to make a few decisions here. First, you need to set the address for the RED network. This is the address your internet service provider gives you. Most of the time it’s assigned automatically, so just select the DHCP Assigned box and save your changes. If your ISP has given you a specific IP address and Gateway, fill those in here. After that, its time to assign ranges for your internal network(s). We like to break away from the 192… scheme and use 10. (Often called ten-dot) addresses. For your green network use the following:
Network: 10.1.1.1
Netmask: 255.255.255.0
That’s it (for now).
The installer is going to run through a few more questions (keyboard, timezone, etc). For hostname and domain, you can pick anything you like, unless your ISP has given you specific settings. We are going to assume you are not using ISDN, so simple select Disable and move on. When you reach this screen then its time to assign some more address:
Select Network Configuration Type and then OK. On the next screen you want to highlight GREEN + RED + BLUE and select OK. Now, move down to drivers and card assignments. Again, let IPcop probe for the cards. It will try and find a red card first. Once it has found a card it can use, you’ll need to enter an IP address. Most people will want to select DHCP – that means your ISP assigns your public (red) address. If your ISP has given you an address and net mask, then plug it in here. Repeat the probe process for the blue interface. For the blue address use the following:
Network: 10.1.1.2
Netmask: 255.255.255.0
DHCP
We are almost there, just a few more steps. We talked a little about IP addressing earlier. What we didn’t tell you is how your computer gets that address. Well, you can manually assign addresses to each device on your network; but why not let IPcop do that for you? That’s where the DHCP server comes into play.
On this screen the installer allows you to enable the DHCP server. Simply mark the check box (space bar) and use the tab button to select each field. Unlike the image above, here are the settings we prefer:
Start Address: 10.1.1.100
End Address: 10.1.1.200
Primary DNS: 10.1.1.1
Default Lease: 60
Max Lease: 120
Domain Name Suffix: This one is your choice. We like to pick something like “ourhouse.local” or “smithnet.cc” The only thing that is important is to stay away from real suffixes, likc .com or .net. Using .local is a safe bet.
Password:
Finally, the installer asks you to set a few passwords. We bet you can figure this out, but a few notes. The ‘root’ user is the ultimate user on IPcop. That being said, you won’t interact with the system as root very often. Pick something secure, but not too hard to remember. We like to use farmiliar expressions and change them up a bit. For instance, someone who does a lot of cooking may use “eyeLik2C00k” (notice the zeors for o’s in cook). That way you can remember the phrase and its still a strong password. The admin user is the one you will use most often, follow the same idea as the root user.
This time, IPcop is going to reboot one more time. After it has finished the shutdown process, kill the power. It’s time to move the box to your home base. All you’ll need is the power cable and those patch cables you made and labeled.
Back At Home Base
First we need to determine which network card is being used for each interface. Chances are the first one in the system (either the built in card or the first one from the top) is the green interface. The next one down is probably red. This is where we test your geek fortitude. You'll have to play around a bit to find the right card. How will you know? Once you are connected and have finished our gide, if you still cannot reach web pages, you may need to re-arrange the cabeling going into your IPcop box. Its trial and error here people. Once you have determined, use some colored electerical tape to mark each card.
Attach the red cable to the WAN port on your cable or DSL modem. Note: if you are using another kind of connection, such as T-1 or FiOS you may need to use a special ‘cross-over cable’ for your red cable. A quick Google search will tell you more. Now plug the green cable into your green network card and plug the other end into your switch. If you aren’t using a blue network, then that’s all there is to it. If you do have a blue access point or switch, connect that with your blue cable. Of course, if you’ve placed the blue access point somewhere else, like a hall closet, make sure you use the CAT5 cable from that location. It’s time to power your new IPcop router on.
If all went well, you’ll hear IPcops audio chime when it is done booting. It may take a few minutes to boot, so don’t panic. Once you hear those chimes you’ll need to reboot any computer already attached to your network. The idea of the reboot is to make the computer ask IPcop for an IP address (that’s the DHCP stuff, remember?). There are other ways to renew the address, but when was the last time you rebooted anyway?
Web Interface
Whether you are using a Mac, Linux or Windows the rest of the process is the same. Fire up your web browser (Firefox, Internet Explorer, Safari, etc) and type this address into the address bar: http://10.1.1.1 . That should look farmil