What I would Like To See On a Linux Router

As you guys know, I am rather keen to using a Linux PC as my router. The main reason why I would like to use a Linux PC as a router...

As you guys know, I am rather keen to using a Linux PC as my router. The main reason why I would like to use a Linux PC as a router than those consumer routers from Linksys or Dlink or whever, is because they are much more powerful. I am a heavy Internet user, mainly for video streaming, emails, FTP, downloading Linux distros and so on, so I need the power. But I also need it to be easy to install and easy to configure and administrate. They must come with a web-based administrative interface. And because of that, I have tried a lot of different firewall/gateway linux based distros but most of them isn’t perfect. Some distros have this important feature but lack certain other important feature. The best I ever used is Monowall. It’s a lightweight router/firewall/gateway with some very powerful features and works perfectly as a gateway and can handle most of what I throw at it. And best of all, it doesn’t require a Harddisk so you just need to boot from CD and store all your configuration files on your floppy. However, because they need to keep it lean, some features are not included.

Anyway, the below points are what I would like to see on a perfect router/gateway.

1. Multiple WAN and load balancing + redundancy. Hey, with the Internet now so important and with broadband charges dropping, I think that a lot of us can afford 2 internet connection. Won’t it be great to have redundancy and faster internet access together?

2. VPN. Hey, it’s very important for mobile workers. And since a lot of us work both from home and office, having VPN access to our homes is a godsent. No longer do we need to carry portable hdds to and from office. And it’s reasonably secure.

3. Captive Portal + Time Limitations. Good for families with children. You can control your children’s internet access by limiting how long they can surf and chat online. In order for them to get into the Internet, a username and password is needed. And yo can control which time of the day they can access the Internet. For the rest of the adults, well…..

4. DNS Server. DNS Caching is good. Why, because a lot of ISPs have very crapy DNS servers. This really slows down the speed in which you can access a website, especially if you are like me who likes to visit all sorts of websites. I had to use OpenDNS to get a decent DNS!

5. Proxy Server. Can really speeds up http access. And with a proxy server, you can easily control which websites your children can access. Proxy Server comes with a log as well, so you can find out what your children have been visiting when they surf the Internet. However, I discovered that sometimes video streaming can be affected if I connect through a local proxy server. Perhaps it is because my own ISP is using a proxy server as well?

6. Enhanced Wireless Support. A lot of Linux routers have limited support for wireless adaptors. So if they have a wider range of Wireless adaptor support, tha would be great. But of course, the problem would lie with the underlying OS rather than the developer of the gateway. Oh, and WPA support as well.

7. Antivirus. Help us help the Internet by stopping virus from spreading. Antivirus at the gateway level will be great to stop virus from even reaching us in the first place.

8. Loads from CF Cards. I just don’t trust HDDs. They break down too easily. And they are power hungry too. So it would be great if it works from CF Cards. Or just use a LiveCD without a HDD and have all the configuration files on a floppy. But I don’t think the Proxy Server and the antivirus service can work without some storage space.

9. Lightweight. Sure, the proxy service will probably take about 50-100 MB as cache, but they rest should be lean. I don’t like bloatware and such a software should allow me to uninstall a certain feature which I don’t use. Not too mention, a lightweight router will be more responsive and speedier.

10. Dynamic DNS. Who remembers IP addresses? And who keeps tracks of IP address changes? No one. Not even big brother.

If I think of more ideas and suggestions, I will add them here. Hope someone will create such a perfect distro for us to enjoy.

Impressed – eBox Platform

Yes, finally I am impressed with something. And yes, it’s the eBox Platform which I have been raving yesterday. I have finally downloaded it and had installed it on my spare PC. Well,...

Yes, finally I am impressed with something. And yes, it’s the eBox Platform which I have been raving yesterday. I have finally downloaded it and had installed it on my spare PC. Well, I had some installation problems, it seems that eBox is very particular about the network card it uses, I tried 2 different types of NIC and both cannot be detected. I think the problem lies with Debian rather than the developers at eBox. Anyway, NICs are cheap nowadays, you can find a list of supported NICs from the Debian website and see whether you can find one that works in your local store. However, after I found one NIC which works, everything went fine for me. No other installation problems.

The web based interface is great as well. Very well organized and you can easily find what you need on their main page. If you have some experience with routers and administrating servers, this should be a breeze for you to handle. However, one thing about eBox, the user interface is a bit sluggish. I am using the interface through the local network and it feels rather sluggish. Even saving any configuration is slow. Not sure why that happens.

The best part about eBox is that it allows you to configure and add as many network interfaces as you want, through their web based interface. No longer is there a need to figure out how to edit whatever file to do that (like SME Server). You can even add virtual interfaces as well. So one NIC can have different IP addresses. But I don’t think it is recommended. And as I said, NICs are very cheap nowadays, you can add more network cards if you need. And setting up these new devices are a breeze, just go to the activate the interface (eth0, eth1 and so on). Of course, make sure that the NIC is supported first.

I am using the eBox Platform mainly for the mails function. Setup is pretty easy. Goto Mails, and enable the mail server. And if you need, activate the POP3 (and IMAP) as well. Then you will need to add users. eBox supports virtual domains, which allows you to have different domains on the same server. If you need to send mails from the eBox sever, you need to create something called objects which is actually an IP Address or IP Address range and then allow it to relay mails. So, this will be a problem for those roaming users. I am not sure how to set “allow all” to send/relay mails. You can of course go and find out all the IP Address ranges and allow that, but it’s very tedious and tme consuming.

eBox doesn’t have a webmail either. And there is no interface for users to access the eBox for changing of settings and configurations. This is kind of disapointing. Users cannot change their passwords themselves. Only the administrator has the ability to do that. If eBox adds a web-based email service, it would be perfect!

For it’s antivirus and antispam portion, it looks adequate enough. They have a variety of options for filtering spam and to configure spam assassin. You can add white or blacklist to your spam filter, pretty standard for an spam filter system. It looks like the version of freshclam installed by eBox (they use ClamAV) is old but it doesn’t seem to affect the antivirus system. Updates are downloaded as per normal.  It’s too bad they don’t have any option to configure how often the virus definitions are updated.

For those who are not interested in the mail functions, I think one of the things that will interest you is that it supported Load Balancing. So if you have two Internet connections, you can use this to “load” balance your WAN connection. I believe that it even supports more than 2 WAN interfaces! I have not tried it before, so I am not sure how effective it can be. All you need to do is to configure two of your network cards to external and setup the gateways and then configure the rules. Note that this doesn’t acually increase the speed of your Internet connection (it’s not like twice as fast or something), it provides a sort of QoS for your Internet needs.

eBox has pretty good documentation, but a lot of terms and jargon are used without much explanation. I am sure beginners will find it very difficult to understand. I think eBox would do a lot better if it improves on it’s documentation, and cater their documentation to beginners as I am sure a lot of eBox users will be beginners.