DIY Routers

Discussion in 'all things UNIX' started by Uitlander, Jul 14, 2015.

  1. Uitlander

    Uitlander Registered Member

    Joined:
    May 16, 2010
    Posts:
    71
    Location:
    Albany, CA
    Various sites have reported that BigBro has placed a 'backdoor' in all name brand routers, and that a homemade router is the best countermeasure. I would like advice on buying a cheap used computer, wiping its OS (along with any nasties it may contain), installing a Linux router/firewall distro like Untangle, pfSense, Smoothwall, etc., and configuring it. Unfortunately I have no prior experience with any of this, so regret you're dealing with a total beginner. On the plus side, since I know nothing about this, I have no preconceptions.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,031
    I use pfSense. Any fairly recent mini-PC with a dual-core CPU and PCIe v2 bus should work well. You only need 2GB RAM, and also only 2GB disk space. But you do need two NICs, and pfSense works best with Intel server NICs. You could use a 30GB Kingston SSD[0] for $37 and an Intel dual-port 1Gbps NIC[1] for $28. I recommend getting gold support from pfSense. It costs $99 and includes a PDF of their book pfSense: The Definitive Guide.

    [0] http://www.amazon.com/Kingston-Notebooks-Ultrabooks-SMS200S3-30G/dp/B00DHWE3G0/
    [1] http://www.amazon.com/Intel-1000-Dual-Server-Adapter/dp/B000BMZHX2/
     
  3. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    Perhaps not what you are looking for, but decided on using a LinkSys router and replacing the firmware with DD-WRT

    What is DD-WRT? - DD-WRT Wiki
     
  4. Kobayashi maru

    Kobayashi maru Registered Member

    Joined:
    Nov 7, 2009
    Posts:
    124
    Location:
    Drivin' all night my hands wet on the wheel....
    If you don't need loads of throughput, Pfsense will do 50 Mbs on a P3 600EB with 512 megs of RAM, including the caching proxy function (3Gb hdd, Intel dual Nics).
     
  5. Uitlander

    Uitlander Registered Member

    Joined:
    May 16, 2010
    Posts:
    71
    Location:
    Albany, CA
    Can this be easily altered to work with wired routers? Regret I do not use anything wireless. Your link mentions "
    DD-WRT is a third party developed firmware released under the terms of the GPL for many IEEE 802.11a/b/g/h/n wireless routers based on a Broadcom or Atheros chip reference design."
     
  6. Uitlander

    Uitlander Registered Member

    Joined:
    May 16, 2010
    Posts:
    71
    Location:
    Albany, CA
    I was thinking more along the lines of buying a old cheap used PC, and just adding an extra Intel NIC, then reusing everything else (after wiping the HDD). Not sure just what sort of PC to look for. I was hoping for a small sort, but heard that to accommodate two NICs requires a mid to full-size tower. Its stuff like this I need to know. I'll put down "2GB RAM, and also only 2GB disk space" on my list of requirements. Thanks for the info. I already have the Intel NICs. Any other requirements for used PC? Am I correct to assume I can safely wipe and re-use the HDD or do I absolutely have to get a new hard disk?
     
  7. Uitlander

    Uitlander Registered Member

    Joined:
    May 16, 2010
    Posts:
    71
    Location:
    Albany, CA
    Sorry but I'm too inexperienced to understand much of this. I plan to use Sonic.net DSL. I assume this is gigabit ethernet speed...at least that is the sort of NICs I got. Can pfSense handle that? I've seen it said on other forums that pfSense is hard to install and configure for newbies. True or false?
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,031
    I recommend at least a dual-core CPU. Also, the PCIe bus and NIC need to match. PCIe v1 cards may not work on PCIe v2 bus, and vice versa.
    Yes, you can wipe the disk. I was just impressed that such small SSDs were so inexpensive. I doubt that disk throughput has much effect on network throughput.
     
  9. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    I have openBSD and a custom pf setting on a Pentium 4 1.8 GHz, 512 MB of RAM, and 80 GB of HD.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,031
    No, Sonic.net DSL is nowhere near gigabit: http://www.speedtest.net/isp/sonic-net

    But that only affects Internet access. Local traffic, between devices on LAN, is 1Gbps aka 1024Mbps, which is 75 times Sonic.net's average download speed.
    I've seen pfSense VMs running on one CPU core with ~300MB RAM handle ~30 Mbps OpenVPN traffic. OpenVPN adds encryption/decryption overhead. As I recall, some pfSense users reported ~1Gbps throughput with Goggle as ISP. I'm sure that there are speed threads on the pfSense forum.
    If you just want a basic router setup, it's trivial. By default, all outgoing traffic from LAN to WAN to the Internet is allowed, and only established traffic on WAN is allowed to LAN, with all new incoming blocked. The webGUI configuration menu is very extensive, but also well documented. I find it much less confusing than *WRT menus. But there is stuff in there that only enterprise networks would ever use, and you can ignore it all.
     
  11. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    The list of supported routers are all wireless ones.