Presented 12/04/1999

Linux Router Project (LRP) - An Introduction

The Linux Router Project (LRP) is: "A networking-centric micro-distribution of Linux."

Feature List:

Able to fit on, and boot from, a single floppy diskette.
Runs solid state in RAM memory. - no file system to corrupt.
Flexible - run any combination of router, firewall, switch, etc.
Secure - small and light, less to worry about, less to break, ssh support.
IP control - IP masquerade (NAT), port redirection, load balancing, etc.
Traffic monitoring & advanced routing capabilities.
Supports multiple interfaces & multiple protocols.
POSIX feel - works like a full unix system
Open hardware - uses standard modular PC components.
Free and open - complete source code available.

Hardware Recommendations:

10 Mbps ethernet router - 486, 1.44 floppy, 12 MB RAM, NICs
10/100 Mbps router/switch - P100+, 1.44 floppy, 16 MB RAM, 10/100 PCI NICs
RADIUS PPP/SLIP RAS - P100+, LS-120 or Zip drive, 32+ MB RAM, 10/100 PCI NIC, serial port boards
DS1 WAN router - P166+, LS-120 or Zip drive, 64+ MB RAM, 10/100 PCI NICs, etc.
Many other hardware/software configurations are possible

LRP Deep Dark Secrets

The Linux Router Project is an efficient, elegant tool for building routers, firewalls, and similar devices. However, some vital information regarding the LRP may not be readily apparent...

The main LRP web page at http://www.linuxrouter.com/ has not been actively maintained for the last six months. Current LRP information is available from http://lrp.c0wz.com/.
LRP 2.9.4, the current stable linux router project release, uses linux kernel version 2.0.36. However, Matthew Grant has created a variation of LRP 2.9.4, called Kilimanjaro, that uses linux kernel version 2.2.11 (and, of course, ipchains, etc.)
Binary kernel modules for use with LRP 2.9.4 are available from Modmaker or 2.0.36pre15-1.tar.gz. Binary kernel modules for Kilimanjaro are available from 2.2.11-1.tar.gz.
The LRP mailing list archives are a valuable problem-solving resource.

A Comparison of LRP 2.9.4 and Kilimanjaro

	LRP 2.9.4	Kilimanjaro
Description	latest stable version of linux router project	LRP 2.9.4, tweaked to use linux kernel version 2.2.x
Release Date	May 29, 1999	Sep 1, 1999
Linux Kernel Version	2.0.36	2.2.11
Networking Configuration Tools & Commands	ifconfig, route, ipfwadm, ipportfw, ...	ip, ipchains, ipmasqadm, ...
Binary Diskette Images	idiot-image_1440KB_2.9.4	1440-basic.floppy 1440-eth_PPP.floppy 1743-basic.floppy 1743-eth_PPP.floppy 1743-eth_PPP_QoS.floppy
Binary Kernel Modules	Modmaker tool on web site 2.0.36pre15-1.tar.gz	2.2.11-1.tar.gz
Packages Provided	bind.lrp, boa.lrp, dhcp.lrp, dhttpd.lrp, gated.lrp, ppp.lrp, proftpd.lrp, pslave.lrp, snmp.lrp, sshd.lrp, thttpd.lrp, wanpipe.lrp, xserver.lrp	bwidth22.lrp, ftpbkup.lrp, gated22.lrp, gated22o.lrp, gated22r.lrp, mgetty.lrp, minicom.lrp, netacct.lrp, pmap22.lrp, ppp22.lrp, snmp.lrp, wnpipe22.lrp (in addition, most LRP 2.9.4 packages will also work with Kilimanjaro)
Source Code	2.9.4-sourcesnapshot.tar.gz (27 meg)	linux-2.2-LRP_2.9.4.source.tar.gz (51 meg)
Documentation	web site provides basic documentation, LRP-FAQ, LRP-Package-HOWTO, information about booting higher density formatted disks, and access to the LRP mailing list archives	release announcement (buried in LRP mailing list archives), README files, individual documentation for some packages
Available From	main LRP site & mirrors	sites in New Zealand and USA

LRP Theory of Operation and Diskette Structure

http://www.linuxrouter.org/docs.shtml

LRP Packages & Addons

http://www.linuxrouter.org/LRP-Package-HOWTO.shtml

Booting Linux with higher density floppy disks

http://www.linuxrouter.org/floppy.shtml

Adding Kernel Modules to an LRP Diskette

http://lrp.c0wz.com/dox/module.txt

Procedure for Building an LRP Firewall

http://www.geocities.com/Athens/Ithaca/9660/lrphowto.html

LRP Special Commands

ae - text editor
lrcfg - menu system

One TCLUGer's Story (autobiography?)

A while ago, there was a TCLUGer who got a cheap PC. This prompted him to finally get DSL. He originally planned to create a firewall using a minimal RedHat setup, with a custom 2.2.13 kernel. Then, a friend mentioned LRP. He checked it out and was immediately hooked by the fact that LRP boots from a diskette and runs completely in RAM. Eventually he learned about Kilimanjaro and other dark secrets of the LRP. Then, he did a presentation for TCLUG.

A Working Example - Kilimanjaro and ADSL

Create the LRP Boot Disk

Format 1743K diskette: superformat /dev/fd0 sect=21 cyl=83
Copy image: dd if=1743-eth_PPP_QoS.floppy of=/dev/fd0 bs=1024
Add the minicom.lrp package
Add the lance.o kernel module

Configure the Cisco 675 ADSL Router

Configure minicom: Serial device /dev/ttyS0, Bps/Par/Bits 38400 8N1, Hardware Flow Control = No, Init string = (blank), Reset string = (blank), Save setup as dfl

Clear the router configuration

        log in
        cbos>en
        Password: [hit enter]
        cbos#set nvram erase
        cbos#write
        cbos#reboot

Set router configuration for ppp

        log in
        cbos>en
        Password: [hit enter]
        cbos#set interface eth0 address 10.0.0.254
        cbos#set nat enabled
        cbos#set ppp wan0-0 ipcp 0.0.0.0
        cbos#set ppp wan0-0 login mylogin
        cbos#set ppp wan0-0 password mypassword
        cbos#set ppp restart enabled
        cbos#set password exec mypassword
        cbos#set rip disabled
        cbos#set web disabled
        cbos#set telnet disabled
        cbos#write
        cbos#reboot

Use ping, show & traceroute to verify configuration

Configure /etc/network.conf

Edit /etc/network.conf
Use ping, traceroute, tcpdump, etc. to verify configuration
Set default route for machines on internal network: route add default gw 192.168.1.254

Firewall 101

Packet filtering firewall provides protection against low level networking attacks but not against application level attacks (e.g. sendmail, quake, NFS!!!, ...)

Terminology to Know

packet filtering
IP masquerading
port forwarding

Links