I have finished up my summer classes so I am working on lots of little projects in my free time. With my new apartment that I will be moving into here in a week or two, it will be just me so the electricity bill wont be split four ways anymore :(. That being said, leaving my main computer (Pentium 4 3.0Ghz, 4GB ram, decent video card, lots of hard drives) on all night and day when I'm not around just to run bit torrent doesn't seem like a good idea.

I've read some of these tutorials on setting up a firewall as well as tutorials about setting up a bit torrent box, and I think this is something that would be good to do both for saving power and just making things safer and more organized.

I have two machines laying around that strike me as being good for this purpose:



1. Pentium III 733MHz, 256MB ram, 20GB & 40GB hdd
2. AMD 1.6GHz, 350MB ram, 30GB hdd



I have plenty of PCI network cards to use for this, so that's not an issue.

Now on computer number 2, I have 2 sticks leftover from upgrading another machine of 512MB DDR400 ram and computer 2 has DDR266 in it. Would the DDR400 work in there just at a slower speed?

Also, I have a 200GB and/or a 500GB drive that will be available to put in whichever machine I choose.

So with all that said, here's my main questions.



a.) Is it a good idea to run a firewall and a bit torrent box simultaneously or does the bit torrent side open up security issues in such a way that it would be suggested to run the two separately?

b.) Which machine should I use? I'm not sure if the faster is better mindset even applies here because I don't believe the load on this computer will be very heavy at all. Would the weaker machine still get the job done and consume less power?

c.) If I were to add a wireless network card to the machine, would there be a way to switch between the connections (I would also have my cable internet connection) as I saw fit?

d.) Which Linux distribution should I use? I know it seems as if Ubuntu is always recommended whenever Linux comes up anymore but maybe there is a smaller & faster distro I should use?

e.) How do I go about setting up the firewall? Programs, settings, etc?

f.) I've seen the Azerus client used for this project in tutorials for its ease of use and HTML interface, but is there any other options to look into? Also, I use PeerGuardian2 on my PC, is there a similar program that blocks IP lists for this particular setup?




Those are the main questions I have now. I'm sure there will be more to come once those are answered.

Thanks in advance to anyone who takes the time to read all this and help! :-)

Now on computer number 2, I have 2 sticks leftover from upgrading another machine of 512MB DDR400 ram and computer 2 has DDR266 in it. Would the DDR400 work in there just at a slower speed?

Depends on the motherboard, find the model number and look for the manual online.




a.) Is it a good idea to run a firewall and a bit torrent box simultaneously or does the bit torrent side open up security issues in such a way that it would be suggested to run the two separately?

Run them separately and put the torrent box on a different subnet and on a DMZ.




b.) Which machine should I use? I'm not sure if the faster is better mindset even applies here because I don't believe the load on this computer will be very heavy at all. Would the weaker machine still get the job done and consume less power?


Considering that these machine are old, they probably don't have great efficiency so you main machine might be actually cheaper to run 24/7 than the two older one. I'd keep the stronger one for the torrent and buy a machine such as the Soekris 4521.




c.) If I were to add a wireless network card to the machine, would there be a way to switch between the connections (I would also have my cable internet connection) as I saw fit?

Try to stay clear of wireless as much as possible, it's always the weakest link in a network. If you really want wireless, do not merge it with your router/firewall box, use an access point instead. If you put any form of networking, make sure it's on a different subnet than you wired (important machines) network



d.) Which Linux distribution should I use? I know it seems as if Ubuntu is always recommended whenever Linux comes up anymore but maybe there is a smaller & faster distro I should use?

DO NOT USE UBUNTU or any other mainstream linux distro for this project. Use smoothwall, IPCop, Pyramid, M0n0wall, Untangle, or any other specialized OS that you can find googling (these are the ones that I can list on top of my head).



e.) How do I go about setting up the firewall? Programs, settings, etc?

The distros listed above will provide the firewall and some basic services DHCP, SSH, etc. but I suggest you keep most services on a different server to avoid security issues. (Internal services inside the LAN and not accessible from the outside and External service on a DMZ and different subnet than your LAN)


f.) I've seen the Azerus client used for this project in tutorials for its ease of use and HTML interface, but is there any other options to look into? Also, I use PeerGuardian2 on my PC, is there a similar program that blocks IP lists for this particular setup?

I know uTorrent as a web interface that you can setup, not sure if that's what your asking.

-----

If most of what I said is gibberish, I suggest you read a lot on the subject before taking the dive in the project! If you want a good starting point, buy and read Linux networkin cookbook by Carla Schroder.

Also, before choosing one the distro, read a good part of the documentation to see if you understand enough to go through the whole process.

It's a big project but it's a very good way of learning basics of networking and security; and it's very rewarding when you're done setting up your ultra-secure ultra-fast enterprise-grade home network;)

Good luck and don't hesitate to ask questions

Actually, I understood pretty much everything you wrote. There's a couple things I didn't catch though.


Run them separately and put the torrent box on a different subnet and on a DMZ.

DMZ? I need a little acronym clarification here.


Considering that these machine are old, they probably don't have great efficiency so you main machine might be actually cheaper to run 24/7 than the two older one. I'd keep the stronger one for the torrent and buy a machine such as the Soekris 4521.

I looked at the Soekris and bookmarked the website, but I'm not sure if I want to spent $200 on this. I was hoping to just use the parts I had available or buy a minimal amount of supplies.


Try to stay clear of wireless as much as possible, it's always the weakest link in a network. If you really want wireless, do not merge it with your router/firewall box, use an access point instead. If you put any form of networking, make sure it's on a different subnet than you wired (important machines) network

It's not that I want to broadcast my own wireless network. I'm talking about connecting to the local library's network or my university's network to use the internet. In my current apartment, if I'm slowing down my cable connection with downloads, I have a homemade signal booster attached to my laptop to connect to the university WLAN down the street and use that for surfing.

I was wondering if I could set up whatever machine I use for a firewall to have a wireless card attached to the signal booster to connect to other wireless networks in the area and provide that connection to all computers on the network. That's what I meant when I said switch the connections as I please.



Thank you so much for reading all that and taking the time to reply, I really appreciate it! :)

DMZ? I need a little acronym clarification here.

Demilitarized zone: it's a section of your network that is not protected by any kind of filtering


I looked at the Soekris and bookmarked the website, but I'm not sure if I want to spent $200 on this. I was hoping to just use the parts I had available or buy a minimal amount of supplies.

You can but it will be more expensive in electricity (much more) and you also need to consider the life expectancy of your hardware


It's not that I want to broadcast my own wireless network. I'm talking about connecting to the local library's network or my university's network to use the internet. In my current apartment, if I'm slowing down my cable connection with downloads, I have a homemade signal booster attached to my laptop to connect to the university WLAN down the street and use that for surfing.

I was wondering if I could set up whatever machine I use for a firewall to have a wireless card attached to the signal booster to connect to other wireless networks in the area and provide that connection to all computers on the network. That's what I meant when I said switch the connections as I please.

You could set it up but you'll have to have something like below:
Cable internet modem -> port1 -> internet going out on port 2 [Torrent box?]
Wifi -> internet going out on port 3 [main pc?]

Note that:
1. Wifi is finicky (at best) on linux
2. You will have a ---- load of latency
3. You are opening yourself to all kinds of attacks if the network is insecure
4. You can't (to the extend of my knowledge), on Windows, say that you want all the traffic except the one coming from torrents to go to a link (port 3) and the torrent traffic to the other (port 2) assuming that both connections are plugged in your main pc.

So yes it's technically doable but it's not practical to do it this way. If you go that route, I wish you good luck (you'll need it) and I hope you have a good set of Voodoo techniques (as Carla Schroder said: telecomm is part engineering part voodoo or something like that).

A smarter way to do it would be to limit the bandwidth taken by you torrent box to, say, about half of your available bandwidth (so allocate 2 Mbps on a 4 Mbps link)


Thank you so much for reading all that and taking the time to reply, I really appreciate it! :)

My pleasure!

Well, I don't think this will end up saving me on electricity because I don't think I will be putting any money into this project right away. I'm still interested in having the "ultra-secure ultra-fast enterprise-grade home network" though, so I will just scratch the power saving off the list of benefits. For now that is.

I have read up on the distributions you recommended and Untangle seems like a great solution. However, it seems to want a decent computer to run on, so that doesn't seem like it is going to work for me. Maybe in the future.

I think I will be going with either IPcop or Smoothwall. I will end up testing both to see which I prefer.



You could set it up but you'll have to have something like below:
Cable internet modem -> port1 -> internet going out on port 2 [Torrent box?]
Wifi -> internet going out on port 3 [main pc?]

Note that:
1. Wifi is finicky (at best) on linux
2. You will have a ---- load of latency
3. You are opening yourself to all kinds of attacks if the network is insecure
4. You can't (to the extend of my knowledge), on Windows, say that you want all the traffic except the one coming from torrents to go to a link (port 3) and the torrent traffic to the other (port 2) assuming that both connections are plugged in your main pc.

So yes it's technically doable but it's not practical to do it this way. If you go that route, I wish you good luck (you'll need it) and I hope you have a good set of Voodoo techniques (as Carla Schroder said: telecomm is part engineering part voodoo or something like that).

A smarter way to do it would be to limit the bandwidth taken by you torrent box to, say, about half of your available bandwidth (so allocate 2 Mbps on a 4 Mbps link)

That does sound quite confusing and you make it sound like even if I were able to get it to work, it wouldn't always work or stay working.

Maybe I will just stick to using my laptop whenever I need to hop onto an open wifi network. Doesn't seem to be worth the trouble just to make the connection available to the entire apartment.

I think I will be going with either IPcop or Smoothwall. I will end up testing both to see which I prefer.

Both will do the job for what you're looking, at this point it's really which one you prefer.


That does sound quite confusing and you make it sound like even if I were able to get it to work, it wouldn't always work or stay working.

Maybe I will just stick to using my laptop whenever I need to hop onto an open wifi network. Doesn't seem to be worth the trouble just to make the connection available to the entire apartment.

I meant it to be read as it generally will not work. It sucks but your better off with just connecting your laptop directly to the wifi.