SSDs are known for awesome reads and slow writes and the obvious advantage of not having any moving parts, so they are ideal for housing an OS and applications (any flavor of OS).  SSD’s are also dropping in price every single day, but they still can’t compete with the massive storage of regular old spinning hard drives (any computer geek will tell you this), so regular spinning hard drives are ideal for just storage. And you can buy 1TB worth of hard drive space for about $100.

Hint, hint, computer makers, start offering computers (laptops or desktops) with dual hard drives, a fast 32 GB SSD for the OS and app, and a huge spinning drive for data (music, pictures, movies, etc). This would also simplify the idea of backups, where one could run two different backup sets, which would be clearly differentiated; one is stuff and the other is apps (counting the OS as an app). Hint hint laptop makers, offer a hybrid drive in your next round of high-end laptops, people will gobble that up.

I hate to use caps in a title, but this time I’m forced to. Whatever you do, avoid AVG 8.0 which was released yesterday (2/28/08) . For that matter, avoid AVG altogether. I installed AVG Antivirus Network Edition on all the workstations at a clients’ and everything started to crash. EVERYTHING! Servers and workstations. I can only blame myself for installing a brand new version without testing (bad, bad mistake). I’ve used AVG extensively in the past, and I’ve never encountered any problems. As a matter of fact, I prefered using AVG because of its easy to administrate (install, monitor and update all the clients from the server) and because of its small footprint on the systems. My second choise has always been Bitdefender, and only because it costs about twice as much as AVG, but now it is my only choice.

Again, avoid AVG 8.0, at least until they get their act together. I believe they rushed version 8.0 out the door and therefor delivered an extremely buggy program. I can’t trust company like this anymore. It was nice to know you, AVG.

My new favorite antivirus is Avast. They offer a free version, but it really shines when you buy it. It is unintrussive, effective, and lightweight (it won’t bog down your computer). It scans fast and so far I haven’t had any issues, anywhere. Check them out by clicking here!

EDIT #1 – Check out my followup article

• Installing a motherboard and CPU
• Installing RAM
• Installing a hard drive

The original intention for this article was to demonstrate that you didn’t need an expensive computer to run Vista in its full glory (more specifically with Aero effects enabled). I will try to bust this misconception by demonstrating that you can have a Vista-worthy system and that you don’t even need a separate video card to run Aero for about $500. All parts for this build are from Mwave because they’ve got good prices and shipping is fast and cheap, but you could also go with NewEgg if you wish to.

1. Motherboard: I’ll be using a Gigabyte GA-73VM-S2 board for $56.75. It supports the latest Core 2 Quad processors (we’ll be using a Core 2 Duo for this build, so this is just for expandability). It also features an nVidia 610i chipset and a Geforce 7030 graphics chipset that fully supports Aero.

2. Processor: Intel Core 2 Duo e4600 2.4 GHz, the perfect balance of price and performance. At $141.75, you get 2 cores, low power consumption and a clock speed of 2.4 Ghz. Ideal for this build.

3. RAM: Crucial 2 GB ( 1 GB x 2) DDR2, PC2-5400 (677 mhz) $47. Crucial has proven to be dependable and low cost. Also, 2 GB of RAM is plenty for every days tasks and if you want to double the RAM, just double this on your order, the motherboard supports up to 4GB of RAM.

4. Case: I chose the Cooler Master Elite 330 case for its value, quality construction and durability. It goes for $48.50 and it includes a 350 watt power supply which is plenty of power for our machine.

5. Hard drive: Western Digital Cavia WD3200ks. 320 GB for $86.64. Also a good balance of value and performance, spinning at 7200 rpm, featuring SATA 3.0.

6. Optical drive: I chose the Samsung SH-S203B drive for $27.99 because it is the lowest priced SATA DVD-burning drive. Featuring burning speeds of up to 20X and support for burning dual layered discs.

7. OS: Microsoft Windows Vista Home Premium 32bit for $99.84.

The total comes to $504.72 (as of 02/02/08) not including tax or shipping. I just finished building 4 of these same exact machines for different clients, and they are very happy with the performance and the price. Again, this specific machine is to be used for basic, every day computing such as surfing the web, checking email, word processing and perhaps some light gaming. I am not claiming that this machine is a high performer, but I consider it to be the “best bang for the buck” PC that one can build.

If you are looking into getting a new monitor for your new system, I would recommend this Viewsonic 22″ monitor, featuring a 1000:1 contrast ratio, 1680 x 1050 resolution, and 5ms response time. Also, in my opinion, the “best bang for your buck” monitor-wise, for just $229 (or $199 after a $30 MIR).

As for input devices (keyboard and mouse) I would recommend the Logitech Cordless Desktop EX110 for $33, which includes a wireless optical mouse and a wireless keyboard that is very comfortable, and the necessary batteries. Also, a very good value. For speakers, I would chose the Logitech R-10 speakers, for $7.

I do realize that many people aren’t precisely fascinated with Vista (I went back to XP myself a long time ago), but seeing as Windows XP won’t be offered after the second half of this year (2008), this might be the better option for general consumer. As for tech-savvy individual, Ubuntu (or any other Linux flavored distro) is always an option, and for the daring individual out there there is always turning this machine into a “Hackintosh” with OS X Leopard (read more here from Lifehacker).

So there you have it, a complete system with Windows Vista for about $800, with a beautiful 22” monitor. Try to get anything close to that from any big manufacturer (yes, Dell, HP, Acer, I’m looking at you!). Compare specs for yourself.

At that time I decided to go with a server-based solution because my laptop (my main computer at the time) was running out of space and I also wanted to access my files from anywhere. The first thing I did when I got this server was to wipe and reinstall the OS. Originally this server had NT 4.0 but I decided to go with Windows XP Pro. After installing the OS, I added a 160 GB hard drive and an 80 GB hard drive. I then configured an internal static IP, added a strong password for the administrator, enabled Remote Desktop and made sure I could access it via RDC before placing the server outside in the closet.

(this is the actual location of my server)

Data sharing and accessing:

On the 80 GB drive, there’s a folder called “music”, and there is where…ummm…all my music goes. On the 160 GB drive there is a folder called “documents”, and you can imagine what I’ve got in that folder. Those folders are shared, with a strong password. On my workstations I’ve mapped the music folder to the M: drive and the documents folder to the Z: drive. My “My Documents” folder is redirected to the Z: drive also. I’ve setup identical usernames and passwords on the server and on all the other PCs, that way the My Documents folder has the same contents everywhere and I can run iTunes on any computer with access to all my music/rating/playlists.

Accessing the server/data remotely:

My server can be accessed via RDC and VNC from the outside. I changed the default ports of RDC to a random number instead of 3389, the same for VNC, for security reasons. I also forwarded the ports on my firewall to the server. I signed up for a dynamic DNS with No-ip.com and installed the updating client on the server to ensure that my address remains mapped to my dynamic IP at home. To access my data remotely I can either log into the server via RDC or VNC, where I can work from the server’s desktop to view/documents, surf the web, etc. or I can access my documents directly via Hamachi (a simple to use VPN program). To listen to my music from my laptop remotely, I simply start Hamachi and I’m able to stream (via iTunes library sharing) all my music.

Managing torrents/downloads:

I also use my server to handle all my torrent downloads. I use uTorrent with the webclient installed, which allows me to manage my download from anywhere using my No-ip address and a random port.

Data isolation/protection:

In the past year, I’ve installed several OS on my main PC (Vista, Ubuntu, XP) and I haven’t had to worry about my files, since they’re in my server. Also, to ensure my server stays up through power failures/surges, it’s protected with an inexpensive UPS. For data backups I use Mozy home, which is an internet backup service that costs $5 a month. Mozy runs every night on the server and I am currently backing up about 200 GB of data. I used to run my own backups via FTP but Mozy is painless and automatic. Installation took about 5 minutes and it took about 2 weeks for the initial backup (it had to upload about 150 GB of data). In case my sever dies, explodes or gets stolen, my data is safe with Mozy. HIGHLY RECOMENDED!

This setup is ideal for me, since I need to access my data from any computer in my apartment and also outside my network such as at a client’s office or on the road on my laptop. I tried installed Linux (Ubuntu flavored) but I ran into too many driver related issues (since this is a very old server) so I decided to go with XP. This setup can be easily replicated using an old PC lying around at your house and some work. Hamachi, RDC/VNC, Mozy and folder sharing are your best friends for data protection and access. Thanks to this server and the way its setup I can sleep well at night knowing my data is safe.

Stay tuned for part III where I discuss my main PC setup and an overview of my desk.

I got a call last week from the owner a real estate company, who was referred to me by my largest and oldest client. I had a meeting with the him last week, where he gave me quick tour of the office, introduced me to his employees and showed me his (quite frankly, chaotic) network. I explained the services I offer and he then committed to a service plan where they will get a scheduled weekly visit, unlimited phone/remote support and one unscheduled emergency visits for a reasonable (in my opinion) monthly fee, which is the way all my contractual clients are setup.

As usual, with any new network I get in to, I found it not being up to my standards. To be more specific, the physical wiring is messy, the servers are not physically locked down (they are simply next to the copiers), passwords are weak, there is no network diagrams or documentation, the equipment is old, dusty and not up to date (regarding security patches and AV definitions). Most workstations are Pentium 4 Dells and the servers are Windows 2000.

All these substandard conditions, as I said, are pretty much common when dealing with a new client, who has really never paid attention to their IT or has had IT consultants that get paid on an emergency basis. Therefor, it isn’t unusual that I spend lots of time at the clients office the first couple of weeks to straighten things out to my standards.

Today, on my first scheduled visit to their office, where I expected spend most of the time getting to know the network infrastructure, I encountered a serious issue that I had never run into before; they did not know the domain controller administrator’s password. In the past, when exploring a new network, only a select few (usually the office manager and the owner) have the admin password, so I assumed, when signing this client, that they knew the password. I should’ve asked for this information before committing to the maintenance of this network, so that at least I could’ve researched domain password recovery and prepared a plan of action for my first visit.

The last person who worked on their network was not an IT professional. He was an employee that happened to have some computer knowledge and that left the company to start his own business. He probably changed the password before leaving, and he is now unreachable/unavailable. Naturally.

On my limited time there today I researched and tried two methods of resetting the DC admin password, but these methods not longer work on Windows Server 2000 SP4. The first method was to modify the registry (after gaining local administrative access to the machine) to make the screen saver (changed to cmd.exe) run after 15 seconds. After a reboot and waiting 15 seconds at the login screen, a DOS prompt cames up where the active directory console is brought up with MMC DSA.MSC. No luck there since cmd.exe isn’t allowed to run with sufficient rights (after SP3). The second method was a variant of this. (more information of these useless procedures here and here).

After doing quite a bit more research I came across OPHCRACK, an open source project:

Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.

I burned the live cd and will test it tomorrow. According to what I’ve read, Ophcrack on that CD can crack Windows 2003 domain passwords, if they don’t use weird characters (I’m hoping the password is something stupid like “mustang” or “american”). I’ll report on my findings here. Stay tuned!

[image credit]

I want to share the way my home network is setup because it works for me, and I might give you ideas as to how to set up yours. My data is very valuable to me and I will also share with you how I protect and access it from (almost) anywhere. A hard drive failed on me about 5 years ago and my data (music, documents, videos, photos…etc) was lost forever. I did manage to get a few files back from online/CD backups, but for the most part, I lost the files and I couldn’t afford thousands of $$ on professional recovery. First, I will list the devices I have running and their roles:

ii. Internet. I chose Charter as my ISP because they have proven to be reliable and they offer the fastest internet connection in the area (10/1 mbs). But as soon as FIOS starts laying down that sweet optic goodness in my area, I’m giving Charter the boot.

i. Router. I have a cheap wireless Belkin router for my internet sharing/networking duties. The wireless portion of it is off (I don’t use my laptop at home very often). I make sure to keep the firmware up to date and the wireless connection encrypted when its on. It works great for basic port forwarding and it has a small footprint. One thing that isn’t set by default on this router are the DNS servers; I use OpenDNS, my ISP’s suck!

1. Server. An old (very, very old) HP Proliant LC3 I got from a client that was getting rid of it a couple years ago. Featuring a Pentium III 500 MHz, 512 Mb of RAM and two 36 GB SCSI drives. I added an 80 GB IDE hard drive (the music drive), and a 150 GB IDE hard drive (the document drive). It runs Windows XP Pro and it permanently lives in a closet, out in my balcony. All my documents are on this server, where backups are performed every night, and thanks to the magic of RDC & VNC, I can access my server from anywhere! More details on I set up this server coming up on part II.

2. Desktop PC. Core 2 Duo 2.4 Ghz, 2 GB RAM, Nvidia 7300 video card, Windows XP (switched back from Vista about 8 months ago, but I’ll leave that for another blog post). Most importantly, dual monitors. This is my every-day computer, which I use to blog, design and work in general. I am not a gamer, so an extremely fast processor or high-end video card is not necessary for me, but the mid-range Core 2 Duo and the 2 GB of RAM are more than enough to have iTunes playing music, Firefox with a million tabs open, Photoshop CS3 and Illustrator CS3 running at the same time with no lag. More details on how my desktop is setup, how I can configure it to pull documents from the server and a picture of my desk/entertainment system setup coming up on part III.

3. Workbench/Secondary PC. Old Pentium 4 2.4 Ghz, 1 GB RAM. This runs various OS’ (Ubuntu, XP, OSX…) and I use it for data recovery (hooking up old drives and retrieving data) and general experimentation. I don’t like to use my work computer for experimentation or testing out different operating systems and this rather old system is well suited for these tasks.

4. Soft-modded original XBOX. I include this in my home network because I use it to stream movies from the my server to my HDTV (where the XBOX does a decent job of “upscaling” DivX movies). Not to mention it does NES games, pictures, Youtube and music. The soft-mod process was simple and only cost about $25 (not to mention I didn’t have to crack open the case or solder anything). More details on how it did it can be found here. Also, when modding, use Filezilla as your FTP program (open source) and 7-zip as your decompressing programs (also open source).

5. Secondary stuff connected to my network

a. Slingbox: for out-of-home TV viewing. Hooked up to my Moxi DVR and the network, I can watch TV from my Pantech Duo smartphone or my EEE, anywhere, anytime (provided I have access to the cloud).

b. VoIP via Broadvoice: as my office number and free international calls for about $20 a month. I use my Broadvoice number as my business line, which simultaneous rings at my desk and at my cellphone. I also instantly get an email on my phone notifying me of the time and the caller ID of the call.

c. Printer: Brother laser printer connected to a printer server on my network so that any PC connected to network can print. I’ve had it for about a year and a half and haven’t replaced the toner cartridge yet. Granted, I don’t print a lot, but I bet I would’ve changed ink cartridges at least a couple of times if my main printer was an inkjet. For color prints, I’ve had the same cheap HP printer/scanner for 3 years.

To conclude this pillar aticle (thanks, Ades), my home/home office setup is ideal for me, and it has been working great for the past 2 years and I am confident that my data is safe (backed up). I depend on my network for work and for entertainment so I’ve designed it as simple as possible, but always expecting the worse. It may sound like a bunch or wires go all around the house but I did a nice job of keeping the wiring clean and simple so no one knows that I’ve got such a complicated setup all around my apartment. Stay tunes for part II where I discuss how my server was set up.

How’s your network setup at home for work/play?

At home, I've got an old server, that was given to me by an client, which permanently lies in a closet. It runs Windows XP and has all my files (music, pictures, videos, apps, etc). I have Hamachi running on it, and I share my music using iTunes, so that my girlfriend and I can listen to my music (80+ gb) from anywhere, using Hamachi and iTunes. I also have Orb installed so I can stream all my media to my phone.

- BAM! -

 Thats when I got the idea. Doesn't the iPhone run a stripped down version of OSX? Couldn't there be an application that does some sort of "VPNing" so that I could potentially stream any of my songs (or photos, videos, etc) to my iPhone from my iTunes at home?

I already do this on my smartphone, that runs over Cingular's Edge network (with an unlimited data plan). I've got a Cingular 3125 and I've got Orb on my server at home. Now, streaming media to a phone drains its battery pretty quickly, I can get about 2 hours of streaming before my phone dies, but since the iPhone will have 8 gb (or 4 gb for $100 less) of storage, I could use it to sporadically view pictures or stream a video to conserve battery.

Another issue with this is that not everyone can just leave a PC on 24/7 (for so many reasons), but what if instead of streaming directly from a user-owned PC, a specialized service could stream from their servers. That service could gather a list of mp3's on my computer, and since I own them legally (hopefully), and stream these files, using their servers and bandwidth.

OK…maybe I'm just going way beyond…but hey…services like Lala.com already exist out there that do something similar.  Any comments?

• Fixing a computer problem in less than a minute in front of a client, and him/her telling you that they've tried for hours.
• Making people feel stupid, when the reason why they can’t log into their computer is the NUM LOCK key.
• Being able to navigate around in any OS.
• Making clients' work easier by writing a small script.
• Reading about a new gadget, application or website, and knowing about it waaaaay before.
• Assembling a computer, and it firing up the first time (no missing connections of bad parts)
• Knowing that a computer is about to die, just by hearing the clicking of a bad hard drive.
• Saving a company time/money because of good backups and a successful restoration of files.
• Clients treating you like a savior when you enter their building, because they know we can fix their computer issue, somehow.

Why it sucks:

• When you make the mistake of telling the client that you know exactly what the problem is and you'll be able to fix it in no-time, and taking forever the fix the issue. I’ve learned now that its best to give very vague timelines if you're not 200% sure of what the problem is.
• Explaining to a client why they must by 20 licenses of MS Office for 20 computers, and that for legal reasons I just can't install one copy on all the machines.
• When a client asks the details of a fix, when you know they're lost at "operating system".
• Even worse, coming up with a stupid analogy to explaining the cause of a problem, because the client won't understand.
• When people start telling you all their non-computer related issues. There’s something about being an IT professional that makes people feel comfortable with you, and before you know it, you know a little too much about a clients life.
• Assembling a computer and it not firing up the first time (missing connection or bad part)
• When your own computer starts acting out. After a day of fixing everyone else's issues, the last thing you want to do is troubleshoot your own machine.
• Spam. Its unavoidable and everyone expects you to get rid of it with a couple of clicks.
• Clients only come to you when they have an issue. Sometimes being the IT guy can feel very unrewarding. 
• When people give you very vague description of their computer problem, and when they get mad when you ask them what the error message said. (Reminds me of this one time when the very annoying assistant of a client wanted me to fix an email issue, demanding me to find the error messages and to fix the problem ASAP, since I was in charge of computers. I explained to her that I didn’t know WHAT to fix and that I needed a better description of the problem. She then told me that I had to research the problem . Then I said to her: “OK…you need to tell me exactly what kind of problem you have…its like going to the doctor and expecting him to cure you without you telling him where it hurts. Think of me as the Computer Doctor. Now, what were you doing and what when wrong?” She then proceeded to explain the issue.
• Friends / Family / Random people expect you to fix their computers.
• I also hate it when a friend you haven’t spoken to in a while calls, and finding out the only reason for their call is a virus/no internet/random computer question.
• When computers decide to behave extremely unpredictable.

This is the last part of my article on how to make a linux router/firewall, and it will focus on software installation and configuration as well as possible ways to expand this appliance, such as turning it into a file server, email server, spam filter, AV filter, wireless access point, etc. 

This box is going to be Ubuntu powered – although you can install any distro you'd like -  I recommend using Dapper Drake, 6.06, because of LTS (long term support)  – it will be supported for 5 years. Go ahead and download the Ubuntu ISO of your choice here. Burn the ISO and install Ubuntu server ed (I'm not going to go into details of installing the OS, there are plenty of guides out there). We are going to be using Webman, Shorewall Firewall and the DHCP daemon.

After you've installed the OS, give root a password

• sudo passwd root

Type a password twice (don't forget it now, and make it complex). Then, use su to become root.

• su

Type the password to get in as root

Now, configure the NIC cards. Identify (via trial and error) which on is your eth0 and eth1. You want the gigabyte one to be on your LAN side. It is also time to determine what your internal subnet is going to be, I'm going to use 192.168.1.x. So, type

• nano -w /etc/network/interfaces

 Delete everything on this file and start from scratch. This is assuming your eth0 card is your WAN (the one connected to your dsl or cable modem) and your IP is dynamic, and your eth1 card is your LAN card and your subnet is 192.168.1.x.

auto lo
iface lo inet lookback

auto eth0
iface eth0 inet dynamic

auto eth1
iface eht1 inet static
address 192.168.1.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

If your you have a static IP, insert the correct values under eth0, following the same syntax as eth1.

To save the file in nano (the text editor), Ctrl-O and then Ctrl-X to exit nano.

Restart your networking interfaces with the following command:

• /etc/init.d/networking restart

Next step is to edit the sources file, by enabling the additional online ones and commenting out the cd-rom sources.

• nano -w /etc/apt/sources.list

If every step is followed, you should be able to surf the net on this box, and we can verify this by running update and upgrade

• apt-get update
• apt-get upgrade

DO NOT CONTINUE UNLESS YOU CAN SURF THE NET.

Now, install an SSH server so we can connect to this box via SSH (using PuTTY under Windows, download here)

• apt-get install ssh openssh-server

Now from another computer, start PuTTY and type 192.168.1.1 into the Host name box and hit connect. Ignore the waring and login (as root) when promted. If this is successful, shutdown the computer using the following command

• shutdown 0

Next step is to make sure that the computer can be run headless, so turn it on, get into the BIOS and disable all error reporting on startup. This is because the router/firewall is not going to have a keyboard, mouse or monitor hooked up to it (there is no need for that). Now, shut down again, disconnect everything but power and ethernet, wait for about 5 minutes and get into with via PuTTY.

Once you're in again, we need to configure hosts (using our trusty text editor Nano)

• nano -w /etc/hosts

Erase everything and type (or copy/paste). Modify as necesary

127.0.0.1        localhost.localdomain      localhost
192.168.1.1     server1.example.com      server1

Save and exit nano (ctrl O and ctrl X)

Install additional packages

• apt-get install libmd5-perl libnet-ssleay-perl libauthen-pam-perl libio-pty-perl shorewall dnsmasq openssl

Download Webmin (check for latest version, latest one as of writing of this article is 1.330)

• wget http://surfnet.dl.sourceforge.net/sourceforge/webadmin/webmin_1.330_all.deb

Install Webmin

• dpkg -i webmin_1.310_all.deb

Configure Shorewall. I recommend you read up on Shorewall's documentation, here or here. We are going to use basic rules, so make sure you have a good understanding of the firewall before deployment.

• cp /usr/share/doc/shorewall/examples/two-interfaces/* /etc/shorewall/ cd /etc/shorewall
• gunzip interfaces.gz masq.gz rules.gz

Edit Shorewal's config files, change "IP_FORWARDING=Keep" to "IP_FORWARDING=On" (without quotes)

• nano –w /etc/shorewall.conf

Save and exit nano (ctrl O and ctrl X)

Edit the shorewall policy

• nano –w /etc/shorewall/policy

##################################################

#SOURCE           DEST        POLICY            LOG LEVEL   LIMIT:BURST loc         net         ACCEPT
loc   $FW   ACCEPT
loc         all         REJECT            info
#
# Policies for traffic originating from the firewall ($FW)
#
# If you want open access to the Internet from your firewall, change the
# $FW to net policy to ACCEPT and remove the 'info' LOG LEVEL.
# This may be useful if you run a proxy server on the firewall.
$FW   net   ACCEPT
$FW   loc   ACCEPT
$FW         all         REJECT            info
#
# Policies for traffic originating from the Internet zone (net)
#
net         $FW         DROP        info
net         loc         DROP        info
net         all         DROP        info
# THE FOLLOWING POLICY MUST BE LAST
all         all         REJECT      &
nbsp;     info
#LAST LINE — ADD YOUR ENTRIES ABOVE THIS LINE — DO NOT REMOVE

Start Shorewall Firewall

• /etc/init.d/shorewall start

Get into Webmin, using another computer and a browser (ignore certificate warning). Username as root, and password is whatever you set the root password to be). Webmin is very useful to configure pretty much every aspect of this machine, so play around with it.

Now, inside Webmin, go to Server, then DHCP server, and EditConfig file. Copy and paste the following.

# Local Network
subnet 192.168.1.0 netmask 255.255.255.0 {
option netbios-name-servers 192.168.1.1;
option domain-name-servers 192.168.1.1;
option domain-name "your.domain.here";
option broadcast-address 192.168.1.255;
option routers 192.168.1.1;
range 192.168.1.100 192.168.1.130;
}

zone ABC. {
primary 192.168.1.1;
}

host clem {
fixed-address 192.168.1.1;
}

Then, save the config file, and hit the Start Server button. Now you'll have a fully functional router with a built-in DHCP server. You should be able to connect to the internet via another computer on the subnet. Restart the firewall a couple of times, get a feel of using PuTTY. Also, try adding a firewall policy for the firewall that will allow you to connect to it from the outside.

Bonus  (If you are on a dynamic IP)

Configure the NO-IP Client.

Go to no-ip.org and open a free account with them. Add a new dynamic host. Once that is done, you'll have an address (which is easier to remember than an IP) such as myrouter.redirectme.net. If (and when) your IP changes the No-ip client will handle it. 

•  apt-get install no-ip
•  no-ip -C

Enter you credentials (the ones you've created in the last step) and you done. 

 Now, thanks to Webmin magic, set up a Samba server for file sharing (you might want to get a big hard drive), go wild and make it RAID. Configure and install a PROXY server, to limit internet access. Explore and configure. Test. 

Credits and where I got most of my info:

Howtoforge.com

Ubuntu.com

As usual, all the parts I'm going to use have links to Mwave, my favorite supplier (on a separate note, Mwave is my fav because they are local for me; I can go pick up parts directly, but you can probably find better prices thru NewEgg or your own favorite supplier). I'm going to use a CF card (with an IDE converter) for main storage instead of a regular hard drive. It will take a bit longer to boot up, but you'll have no moving parts (except for the PSU fans). Less wear and tear and less noise.

Parts List

Motherboard : Gigabyte GA-8VM800PMD-77. $45.50. Reliable board. Can take fron Celeron Ds up to a Core 2 Duo for expandability. SATA if you want to turn this into a file server. Built in VGA. 

Processor: Intel Celeron D 331. 2.66 Ghz.  $37.95. Sufficient power for a simple router/firewall. 3 year manufacturer warranty just in case. 

RAM. 256 Mb Kingston DDR2 533 mhz.  $19.00. Sufficient RAM for a simple router/firewall. On my last build, the firewall was using 42 mb of RAM.

HDD: 1 GB Transcend 80x high-speed CF ($13.50) with a CF to IDE Converter ($9.50 that plugs directly in the motherboard). Ubuntu server plus upgrades and Webmin uses about 600 MB of space. So thats about 400 MB for logs and expandability. A  2 GB card goes for $22.68

Case: Dynapower Titan with a 430 watt power supply $29. Small and conpact case but still fits full size PCI cards. Low noise. (Does anyone have other suggestions? Leave a comment).

Additional NIC. Trendnet Gigabyte NIC $12.26. For the LAN side of this.  

Optical Drive: LG DVD-ROM $16.50. I'm adding this because the whole idea is that you have no spare parts sitting around. But if you do have an optical drive, you can obviously skip this. Also, you are only going to use this drive for about 1/2 hour, for the main OS install. You can remove it later. Although, tutorials on how to install over a network, here and here.

So…there you have it. Nice hardware for an Enterprise-Class router/firewall for $165.87 (just add shipping and tax). Compare to a Dlink DFL-200 $201.90, Sonicwall TZ 150 $253.48 . Netgear SSL312 $348.18  (and these are low-end routers) that don't have half the capabilities and expandability that the mine does. Also, remember that all the software that is used to run mine is open-source. 

Now, on part II; Ubuntu Installation, Configuration and deployment. Also, some great ideas on how to expand and make it more powerful or feature-full. Hint, start downloading the Ubuntu 6.06 Server ISO. Part II will come out at the end of this week. Stay tuned.