Monday, July 14, 2008

DSL, Hardware Firewall, Router, and Ubuntu

In a previous post, I described the effort to get online with AT&T DSL. I did not have a hardware firewall; as instructed by AT&T's tech support people, I reduced the security setting on my ZoneAlarm firewall so that the DSL connection would work; and within a couple of hours, I had a trojan virus. My understanding was that this was a risk for any system that was always online, whether using DSL or cable or something else. My short-term solution, in that previous post, was to use Ubuntu Linux to connect with the Internet, since Linux does not have nearly as much virus vulnerability as Windows XP at this time. That short-term solution is still working five days later: I am writing this post using the Firefox browser within that same Ubuntu installation. In the meantime, I ordered and received a Linksys WRT54GL Wireless-G 2.4GHz 54Mbps broadband router. I connected it, but at this writing it was not working. Therefore I disconnected it and used the Ubuntu system, via direct connection with the DSL modem, to write this posting.) I did go partway through the installation process on a separate machine, running WinXP, and now I think I understand what people mean when they talk about having a Linux machine as a hardware firewall. The basic concept appears to be that your wireless router is actually a wired router in several regards: it is wired to the wall for its power; it is wired to the modem for its incoming Internet connection; and it is wired to one computer that uses the router to send the incoming Internet signal wirelessly to other computers. In this case, both the modem connection and the PC connection are by ethernet cable, though I think there may be some that use USB instead. Since the router was wired directly to one computer, my impression was that you would want that computer to be a Linux machine because, as just noted, Linux is not so vulnerable to viruses. The Linux machine serves as a hardware firewall because the incoming Windows-based viruses get nowhere on the Linux operating system. The Linux machine just receives a nice, clean Internet connection and passes on the desired data, without the undesired stuff, wirelessly to the other computers that the router connects in a network. So my main machine, running WinXP, would get a relatively safe signal through the router; and hopefully I could go back to running the full-bore ZoneAlarm software firewall with safe settings, without any worries about whether ZoneAlarm could cooperate with the DSL modem. Now the trick was to get that router running with the Ubuntu machine. I had run partway through the Windows-based installation CD, as I say, on the WinXP computer; I had connected the cables in proper order and so forth; and then it occurred to me that this was silly because the router was not even connected with the WinXP machine. It was connected to the Ubuntu machine, and of course (although I tried) the Ubuntu machine could not run Setup.exe on the router's installation CD. If I was going to use the router with the Linux machine, I was going to have to figure out how to do that without the benefit of an installation CD. As I wrote those words, it occurred to me that perhaps Linksys did have a Linux installation download; perhaps they just hadn't bothered including it on the CD, or perhaps I hadn't known where to look for it on the CD. But there didn't seem to be any drivers available on the Linksys downloads page. What Linksys did offer was links to a User Guide (filename WRT54GL-V1.1_ug.pdf) and firmware upgrades. They also offered networking tools and a Live Chat feature. Page 14 of the User Guide seemed to say that the Windows installation process or software for the router -- had I decided to connect it to the Windows computer and continue that process -- would have offered me the option of using the router as a firewall within the Windows context. In fact, it was pretty clear: the default settings on the router made it function as a firewall. This, I was sure, was what most people used. But since I wanted to pick up a bit of Ubuntu anyway, and was fond of the idea of having the more complete level of Linux protection -- which, I had heard, was part of the reason why most servers used Linux rather than Windows -- I decided to continue this process a little further. The networking tools were the EasyLink Connect installation tool, the EasyLink Firmware updating tool, and the NetCheck diagnostic tool. EasyLink Connect was an EXE file (i.e., for Windows), so that didn't help. The Firmware updating tool did not specifically list the WRT54GL as a supported router, and since I didn't want to turn my new device into a brick, I decided not to try it at this point. I tried NetCheck, but it, too, required Windows and Internet Explorer. So it was LiveChat time. But that gave me this error message:

This browser does not support Java or its use is currently disabled. You can download free Java software from http://www.java.com. You may be able to enable Java by lowering your browser security level.
When I clicked OK on that dialog box, I got a webpage that offered to install Java. But was that OK, security-wise? The only webpage I found on it, in a short search, was a three-year-old posting that made it sound OK. I was sure they had seen this coming, when they were designing Linux, so I went ahead with the installation link. That took me to the Java Download for Linux webpage, which offered four downloadable files. I chose the self-extracting BIN file, the only one that was not for Red Hat RPM or 64-bit Linux. This required me to figure out how to install BIN files -- which, according to a forum posting, required me to type these lines at a Terminal prompt (Applications > Accessories > Terminal) in Ubuntu:
cd \ cd ~/Desktop chmod +x jre-6u7-linux-i586.bin ./jre-6u7-linux-i586.bin
I'm not sure the first line, "cd \", was either correct or necessary, but that's what I did. It took me a couple minutes of screwing around to realize that Desktop is case-specific -- that it wouldn't work if I typed "cd ~/desktop". But anyway, it seemed to run after I typed the fourth line. I went back to the Live Chat window and tried again. It still wouldn't go. I thought maybe I had to restart Firefox to make it work. But that didn't work either, not even after rebooting the system. So no Live Chat for me. I ran a Google search and saw that some people in the Linksys forums seemed to be having trouble using this particular router with Ubuntu. But the customer reviews at Newegg had made this router sound perfectly well suited for Ubuntu. Those reviews offered some tips. I couldn't read all 1,426 of them. But I did search them for references to Linux or Ubuntu. I had seen where someone had used Ndiswrapper to connect an Ubuntu PC to a Windows wireless network with this router, but that was the opposite of what I was trying to do. But now one of these user reviews at Newegg made it sound like Ndiswrapper would work for my purposes too. I noticed that this reviewer also recommended open-source Tomato firmware. As I continued browsing the user reviews, I saw other mentions of Tomato and DD-WRT, which were apparently Linux-based, so I thought maybe I would use that instead of the firmware update from Linksys. But I wasn't ready to update firmware yet. Other Newegg user reviews (which I had reviewed, to some extent, before buying the router) said that this router definitely supports Linux; that this router could replace a Linux machine being used as a firewall (apparently if/because the router's firmware is Linux-based); that Linksys's own firmware was open-source; that loading open-source firmware would enable you to load additional firmware to extend the router's capabilities; that apparently the "L" in GL stands for Linux. I came to my next-step decision after reading this user comment:
For beginners I suggest DD-WRT, and Linux pros might choose OpenWRT. www.dd-wrt.com && www.openwrt.org; Read before you attempt to flash - use Mini BEFORE Standard or you will brick it. At this time don't use DD-WRT RC6.2 - you could brick your router, I'm lucky I didn't; RC5 works well though.
It seemed fairly clear that I was going to have to give up, for now, on the idea of using the Linux computer as my firewall. It sounded complicated, dangerous, and unnecessary. I would just go ahead with the Windows installation process on the WinXP computer. Then, I could connect the Linux computer to the Internet wirelessly or by wire through the DSL modem. This grand plan did not go too far. On the Windows machine, I got to step 8 in the router installation program provided on the Linksys setup CD. Then I got an error message:
Unable to connect to the Router! Check that the Router has been connected to the computer, and that your Ethernet adapter is working.
I didn't think the problem was with the adapter or cable. At about the same time, I also got a warning balloon from Windows, telling me:
Local Area Connection This connection has limited or no connectivity. You might not be able to access the Internet or some network resources. For more information, click this message.
I decided to speed up the timetable for connecting the Linux computer, so I plugged it, too, into the router. But whereas it was able to connect to the Internet just fine when it was plugged directly into the modem, it was not able to connect at all through the router. So it looked like the router might be defective. The Linksys setup process did not provide a Help option. The "Frequently Asked Questions" page that came with the router had one question, or statement, germane to my situation: "I can't connect to the Internet." The instructions for that problem were:
Check that your router is powered on. Make sure the Power LED is on and not blinking. Power down everything, and power on each device in the following order: 1. Cable or DSL modem 2. Router 3. PC Check that everything is connected properly. The PC should be connected to the ports numbered 1-4 on the router, and the modem must be connected to the Internet port on the router.
I took these steps, powering down and back up. In fact, I left the computer off for several minutes before turning the modem back on (or, more precisely, before reconnecting its power supply), and allowed at least a full clock minute before each of steps 2 and 3. This seemed promising: now, unlike previously, Start > Settings > Network Connections (on the Windows machine, in classic view) stated that my Local Area Connection was Connected. Yet I still wasn't able to browse to a webpage. Using the Ubuntu computer, I tried the Ask Linksys tech support link. There, I clicked on the link entitled How to get online using a Linksys router. This led me to a webpage where I got some new information on, specifically, how to access the router's web-based settings page by entering 192.168.1.1 into the address line of Internet Explorer. When asked for a user name and password, the instructions were to leave the user name blank and use the default "admin" as the password. This worked. I was able to access that webpage. It seemed that at least my router was not totally dead. It had shown all the appropriate power lights, as Linksys had told me to look for, but now it seemed I was reaching a webpage actually located in the router's firmware. The next instruction was to change the router's Local IP Address, on that webpage, to 192.168.2.1. Apparently their idea was that my problem might be caused by a conflict in the connection address. I clicked "Save Settings," as advised, and I got "Settings are successful." Although it said it would be only "several seconds" before I would be returned to the previous webpage, it actually took about a half-minute, and then all I had was the failed "Internet Explorer cannot display the webpage" message that I had been looking at before I went to the router's webpage. Meanwhile, the next Linksys instruction was to renew the computer's IP address. This called for opening a DOS command box (Start > Run > cmd) and, at the prompt, typing these lines:
ipconfig /release ipconfig /renew
The "release" step was supposed to make the IP address 0.0.0.0. It did. Then the "renew" step showed that the Default Gateway address was now 192.168.2.1. (They didn't tell me to close the DOS box by typing EXIT but I did anyway.) Now, typing that new number (192.168.2.1) into Internet Explorer's address bar, with the "admin" password and so forth, as above, they told me to check the Status option (at the top right corner of the screen) and then look at my IP Address. In my case, that address was no longer all zeroes (0.0.0.0). Their instructions weren't clear what to do in that case, but apparently I was supposed to be able to connect to the Internet at that point. So I tried and, you know, it worked. I was online. Now, I needed to come back to the Ubuntu machine and finish this posting. So I plugged its ethernet cable into the router, and that worked too. The next question was whether I needed to fool with all that stuff about updating the firmware. The sucker was working for both computers. If it works, don't fix it. I started with the wireless router FAQs post on the Linksys forums. One of their FAQs confirmed that software firewalls may or may not work with the router. Mine seemed to be working, which was good. They also reminded me of the Linksys networking tools mentioned above, which I had forgotten about. I downloaded the EasyLink Connect tool so that, if I ever needed it again to set up a Windows computer, I would have it available locally. But I wasn't sure that I needed to upgrade the router's firmware, beyond whatever Linksys itself might provide. One webpage listed some of the advantages of installing DD-WRT:
Many of DD-WRT's features are not included in typical router firmware. These features include support for the Kai network, daemon-based services, IPv6, Wireless Distribution System, RADIUS, advanced quality of service, radio output power control, overclocking capability, and software support for a Secure Digital Card hardware modification.
I supposed I would know what all of those things were someday. At present, I did not. I still felt that way after reading the writeup on the Tomato webpage. Wikipedia had some additional information on the matter. I found the latest Linksys firmware for my router and downloaded it. The version information indicated that updates in the firmware had repeatedly addressed newly discovered security issues. So that did seem like a good reason to have the latest Linksys firmware update. Then again, I wasn't sure what version I had already. So I went back to the router's webpage, as described above, and . . . the rest is lost to science. I write these words several weeks later, when I do not remember the remaining steps I took. I believe the reason is that things were working and I was off and running -- until a later point when the router stopped working again.

0 comments: