Ask Slashdot: Can You Roll Your Own Home Router? 150
"My goal is to have a firewall that I trust," writes Slashdot reader eggegick, "not a firewall that comes from the manufacture that might have back doors."
I'm looking for a cheap mini PC I can turn into a headless Linux-based wireless and Ethernet router. The setup would be a cable modem on the Comcast side, Ethernet out from the modem to the router and Ethernet, and WiFi out to the home network.
Two long-time Slashdot readers had suggestions. johnnys believes "any old desktop or even a laptop will work.... as long as you have a way to get a couple of (fast or Gigabit) Ethernet ports and a good WiFi adapter... " Cable or any consumer-grade broadband doesn't need exotic levels of throughput: Gigabit Ethernet will not be saturated by any such connection...
You can also look at putting FOSS firewall software like DD-WRT or OpenWrt on consumer-grade "routers". Such hardware is usually set up with the right hardware and capabilities you are looking for. Note however that newer hardware may not work with such firmwares as the FCC rules about controlling RF have caused many manufacturers to lock down firmware images.
And you don't necessarily need to roll your own with iptables: There are several BSD or Linux-based FOSS distributions that do good firewall functionality. PFSense is very good and user-friendly, and there are others. OpenBSD provides an exceptionally capable enterprise-level firewall on a secure platform, but it's not designed to be user-friendly.
Long-time Slashdot reader Spazmania agrees the "best bet" is "one of those generic home wifi routers that are supported by DD-WRT or OpenWrt." It's not uncommon to find something used for $10-$20. And then install one or the other, giving a Linux box with full control. Add a USB stick so you have enough space for all the utilities.
I just went through the search for mini-PCs for a project at work. The main problem is that almost all of them cool poorly, and that significantly impairs their life span.I finally found a few at the $100 price point that cooled acceptably... and they disappeared from the market shortly after I bought the test units, replaced with newer models in the $250 ballpark.
Share your own thoughts and experiences in the comments.
Can you roll your own home router?
Two long-time Slashdot readers had suggestions. johnnys believes "any old desktop or even a laptop will work.... as long as you have a way to get a couple of (fast or Gigabit) Ethernet ports and a good WiFi adapter... " Cable or any consumer-grade broadband doesn't need exotic levels of throughput: Gigabit Ethernet will not be saturated by any such connection...
You can also look at putting FOSS firewall software like DD-WRT or OpenWrt on consumer-grade "routers". Such hardware is usually set up with the right hardware and capabilities you are looking for. Note however that newer hardware may not work with such firmwares as the FCC rules about controlling RF have caused many manufacturers to lock down firmware images.
And you don't necessarily need to roll your own with iptables: There are several BSD or Linux-based FOSS distributions that do good firewall functionality. PFSense is very good and user-friendly, and there are others. OpenBSD provides an exceptionally capable enterprise-level firewall on a secure platform, but it's not designed to be user-friendly.
Long-time Slashdot reader Spazmania agrees the "best bet" is "one of those generic home wifi routers that are supported by DD-WRT or OpenWrt." It's not uncommon to find something used for $10-$20. And then install one or the other, giving a Linux box with full control. Add a USB stick so you have enough space for all the utilities.
I just went through the search for mini-PCs for a project at work. The main problem is that almost all of them cool poorly, and that significantly impairs their life span.I finally found a few at the $100 price point that cooled acceptably... and they disappeared from the market shortly after I bought the test units, replaced with newer models in the $250 ballpark.
Share your own thoughts and experiences in the comments.
Can you roll your own home router?
pfsense/opnsense (Score:5, Informative)
pfsense/opnsense thats it discussion over next article please
Re: (Score:2)
Yes, second pfSense, have been using it for years now on an x86 SBC paired with a Ubiquiti access point. Best home network setup I have ever had.
Re: (Score:3)
m0n0wall --forked--> pfsense --forked--> opnsense
pfsense had been lagging on development of the free version so the opnsense fork was born.
Re: (Score:2)
yeah but m0n0wall (which i also used back in the day) is dead and pfSense is not.
CE went from 2.6 to 2.7 this year with two patches, I haven't seen any security holes in it, what am I losing out on with it?
Re: (Score:2, Insightful)
Living rent free in your head ?
Re:pfsense/opnsense (Score:5, Interesting)
pfsense also did some incredibly bizarre and shady stuff and ended up losing a lawsuit for it [opnsense.org].
Re: (Score:2)
I considered it but pfBlockerNG is a great feature and pfSense has been incredibly stable and effective for me, i don't have compelling a reason to switch, i need a little more than "principles"
Re: pfsense/opnsense (Score:2)
https://www.reddit.com/r/opnse... [reddit.com]
Re: (Score:2)
Thank you, I've gotten some good suggestions, I have a backup box I'm gonna try Opnsense on
Re: pfsense/opnsense (Score:2)
", i don't have compelling a reason to switch, i need a little more than "principles"
And so it goes.
And people wonder why things are fucked.
Re: (Score:2)
have been using it [pfSense] for years
Since pfSense 2.7 was released, my setup has been unstable. Even a reboot twice a day and it still locks up. Nothing in the logs at all.
Complete top to bottom hardware swap (same models of everything, different hardware) and still locks up two and three times every two days.
Moving to opnsense.
Re: (Score:2)
I'm using 2.7.2.
Re: (Score:2)
Yeah I mean if I am then I would switch to but I haven't even checked any of that, I am on hardware about 8 years old and I just checked my box
Uptime 435 Days 04 Hours 18 Minutes 18 Seconds
Re: (Score:2)
Or, Debian (or whatever your favorite distro is) and iptables. Works just fine and I can run other stuff on it if I want to.
Re: (Score:2)
RouterOS 7 works OK, as long as you do not need multicast routing (PIM-SM), v6 works great for that, but they managed to completely break it on v7.As far as I know, everything is better on v7, except that.
I have been using Debian and iptables as my home router and as office routers for some companies (and as core router of some ISPs). No Web UI, but I don't need it and I can run other stuff on it if I want to. Mikrotik's version of tcpdump is less convenient than the real one for example.
Re: (Score:3)
Yeah, who's still using ddwrt?
Re: pfsense/opnsense (Score:3)
Re: (Score:2)
DD-WRT still going strong too, as just updated the images.
A suggestion to those going the cheap route with DD-WRT or similar on compatible routers: buy a spare router, set up the first one and save the configuration settings. Then flash the second one and load the saved configuration settings. You now have an instant backup useable when you need it.
And don't forget to set up a wifi channel as guest, with access to WAN for internet but not the LAN.
Re: (Score:2)
I can connect the latest Wifi router to it, currently have a Wifi 6e router connected in "access point" mode, so it's just a wifi radio, DD-WRT does all the routing.
I also have several other wifi routers around my property all running DD-WRT.
The devs of DD-WRT are also very much active. New updates are released almost daily. I wanted to try a RTL
Re: (Score:2)
I've got a couple WRT54GLs w/Tomato around here somewhere...
And to the GP, I still run ddwrt, you insensitive clod!
Re: pfsense/opnsense (Score:5, Insightful)
Re: (Score:2)
It's not straightforward, and I'm gen X who did it back in the day with Buffalo routers and DD-WRT, and also with pfSense.
pfSense's free version is a bit iffy now, seems okay but hard to say long term. OpenSense is a good alternative.
Hardware wise, I would suggest a Chinese router board. They have low power Intel CPUs and 4-5 LAN ports, gigabit or 2.5G. You can get them on AliExpress, with or without an enclosure. The CPUs are decently powerful for most router uses, can struggle with gigabit speeds if you h
Re: (Score:3)
Re: (Score:2)
Problem with pfsense/opnsense is hardware support and BSD quirks (and toxic BSD fanboys).
For my hardware and configuration i was pretty much forced to use Linux based solution.
Re: (Score:2)
Runs modern hardware just fine, and you really don't need to go down to the BSD level very often, if at all.
Re: (Score:2)
Of course you can (Score:3)
Re: Of course you can (Score:3)
Did this several years ago, still running happily. Simple box with multiple gigabit ports and a minimal install of Debian. I think this is the one I've got, if not very similar: https://www.aliexpress.us/item... [aliexpress.us] Of course, you'll need to be fairly good with Linux config to go this way, and not fussed about gui admin, if you're not just install pfsense.
Re: Of course you can (Score:2)
way back in 256kbps ADSL days I was running an old 386 with two NE2000 clones booting from a floppy disk. running this: https://www.zelow.no/floppyfw/ [zelow.no]
Re:Of course you can (Score:5, Informative)
Actually you can do it with a single port if you have a managed switch, thanks to 802.1q support in Linux. On my switch I have the port going to the outside network assigned to a vlan. Then I have another vlan for my inside traffic on all the rest of the ports. On the port that my router is attached to, I have both vlans tagged onto that port. Linux decodes the tags and gives me two interfaces, which I can then firewalll and route as you normally would. You do lose bandwidth, but my upstream speed is less than 100 mbit anyway, so I haven't had any problems.
For my router I just run AlmaLinux with named doing DNS, dhcpd sending updates to named, and of course my normal firewall rules.
I strongly prefer non-Arm hardware for this application, so I'm running an older tiny PC to do all this with a small SSD. Works very well.
If I did it again I would probably use NixOS and make it stateless again.
Power consumption (Score:2)
Unfortunately, appliances tend to be slow. Features like Packet Inspection will impact routing throughput.
Re: (Score:3)
Yup. On all the time means 1W of continuous power is 8.7684 kWh per year. Our rates are crazy in Massachusetts, often over $0.25/kWh, so that's over $2/year for 1W. Keep that in mind when picking a solution.
I found a Raspberry Pi class box with two 2.5Gb ethernet ports for about $80 in a case, so that's what I use. I think it draws about 5W, and I doubt I would do better elsewhere.
there are always compromises (Score:3)
There's closed source binary blobs in any WiFi radio, either in on-board flash or packaged as part of the driver's initialization. You can't really trust these blobs, but there aren't a lot of alternative either.
Theoretically a naughty WiFi is less detrimental than a rooted firewall. But the amount of ill shit I've seen in commercial computing makes me suspect that we underestimate the risk. How long did we tolerate an entire UNIX-like OS buried inside of Intel motherboards? And as much as I love Minix 3 [slashdot.org], I don't love secret networking stacks hidden in my hardware. Especially when Intel was so lax about security updates, and was not very forthcoming with the issues it created.
Re: (Score:2)
Re: (Score:2)
Yeah, that's very true. The Ath9k chipsets (tensilca-based) have open drivers. I'm not sure what other WiFi chipsets are out there with decent open source firmware. I feel like they are few and far between, and getting a little long in the tooth. Probably not too many high performance chipsets (Wi-Fi 6 or better), but I'd take a slow plodding wireless connection that is trustworthy over a potentially compromised one. Hypothetically people could add DNS tracking and telemetry to a modern chipset's firmware a
Policy-based routing scripts? (Score:2)
Anyone know of recently working scripts for handling the maintenance tasks needed for policy-based routing when one line goes down?
The old LS scripts aren't being updated anymore.
I'm still using pfSense because it handles it well 90% of the time but would rather just have something easy to deploy from my devops.
Depends on your wifi needs (Score:3)
If you want wifi with advanced features like 4x4 (or 8x8!) MIMO you are probably better off with a dedicated wifi router running DD or OpenWRT. Or you could use such a device as a simple access point behind your dedicated firewall box.
Re: (Score:2)
I could (Score:3)
By why bother?
Re: (Score:2)
Re:I could (Score:5, Insightful)
When I was young, I'd likely have agreed with you (I can't say for sure, since wifi and home networking weren't really things for much of that timeframe).
But now - I'm already spending 8-9 hours a day running Linux servers and network infrastructure. The last thing I want to do when I get home is voluntarily take on more of the same, given there are turnkey solutions available.
Re: (Score:3)
I agree. If I was younger with more time to spare I'd do it though.
It can also be a task that is more or less involved. I've been using Debian for almost 25 years now and have enough accumulated knowledge that some things are easily and rapidly done. I recently stumbled on some IPv6 prefix delegation issue when trying to run my own router and gave up though, not worth my time. But it's on my list.
Re: (Score:3)
Re: (Score:2)
I audit the source code of the router I use.
That's good enough.
Re: (Score:2)
To have more control over what happens?
Why do you need more control? No I'm not being funny, this is a legitimate question. Sure there'll be the occasional edge case, but the internet has literally billions of people using it just fine without any routing control in the hands of the user what so ever. The core requirement is for something to work. If it doesn't work, I tell my ISP to shove their router up their arse and move on to someone who does know how to provide a service.
I used to play around with this. All it ultimately did was cause more
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
The problem in the modern world is the radio hardware : there is just no PC hardware that has modern radios at the level APs/Routers have. You'll be stuck running off 2x2 MU-MIMO which will severely diminish your Wifi bandwidth.
It's not like in the old days of dual Ethernet routers with some ipmasq, vs say a BEFSR41 from Linksys. Consumer APs/Routers do provide radios that are simply not available when building your own.
The key word is Trust (Score:5, Insightful)
While it isnt likely that the hardware is ignoring the firmware, its still (a) possible (b) cheap and trivial for the manufacturer
Re: (Score:3)
We're not talking about a CIA target here (I assume anyway), and no your consumer router doesn't magically have dedicated isolated hardware snooping your traffic for your secret dick picks, and if it did, that's what encryption is for. Most router manufacturers can barely code a frigging web interface that doesn't lock up when you change a setting. These companies optimise the cost of each component, they aren't paying departments to install carefully designed covert back doors on a router they have no idea
Wi-Fi isn't cheap anymore (Score:3)
Whenever I am helping people with their Wifi issues that is my answer.
Back in day of the glorious WRT54G and such it was easy to recommend DDWRT and such because you could get a lot of value out such a relatively cheap device.
Now though it really seems like those devices are harder and harder to come across, much less modern devices with high performance wifi and oftentimes it relies on a hobbyist developer to keep the specific firmware up to date.
There are dedicated vendors like gl.inet who have good stuff but to me if you want a good, modern home Internet setup you should be prepared to spend a couple hundred bucks at least.
9 times out of 10 also peoples issues are the absolute garbage the cable company gives people. If I have non-techie friends I tell them just get a mesh router like Googles or Eeros or Ubiquiti. If they have a bit of knowledge invest in a pfSense box, a switch and a "real" AP like Aruba or Ubiquiti or Ruckus (because as far as I can tell there are no comparable open source options to those)
Re:Wi-Fi isn't cheap anymore (Score:5, Informative)
Back in day of the glorious WRT54G and such it was easy to recommend DDWRT and such because you could get a lot of value out such a relatively cheap device.
Now though it really seems like those devices are harder and harder to come across, much less modern devices with high performance wifi and oftentimes it relies on a hobbyist developer to keep the specific firmware up to date.
I run Openwrt across three devices. One acting as a router/gateway, and two as WiFi Access points. I did run WiFi on the router, but the location meant the coverage wasn't great. You can still get pretty cheap compatible devices. The big issue (and has caught me out twice, despite being aware of it), is making sure the WiFi is supported. Unfortunately, manufacturers can change chip sets and even CPU architectures, without changing model numbers (or only very minor changes such as V3 to V4 which might not even be specified in the add).
If they have a bit of knowledge invest in a pfSense box, a switch and a "real" AP like Aruba or Ubiquiti or Ruckus (because as far as I can tell there are no comparable open source options to those)
"Real" APs and open source are not mutually exclusive. I run OpenWRT on my Ubiquiti access point.
Re: Wi-Fi isn't cheap anymore (Score:2)
I am running openwrt on a Linksys wrt1200ac. It's very reliable (whatever deficiencies the WiFi hardware has don't seem to be affecting me) and performance is good
ISTR that the openwrt project is developing their own hardware right now...
Before home routers were a thing thats what we did (Score:2)
Since 2000, there is fli4l [wikipedia.org], small enough to fit on a floppy disk and capable of running on anything from a Pentium processor upwards. OpenWRT, an alternative firmware for many wireless routers, which got its start on the iconic Linksys WRT54G, can also be used on standard PCs. You can even virtualize the whole thing, and you don't actually need multiple network interfaces if you have a VLAN-capable switch. Nowadays there is no shortage of ready-made software for spinning your own home router. Before all tha
Re: (Score:2)
I remember Dachstein, or some name like that. Booted off a floppy. It worked, it was in 2002.
Use added adapter for external side (Score:3)
OpenWrt has the best wifi (Score:3)
Opnsense (Score:3)
OpenWrt on X86 for the FW, Ath9k for wifi (Score:2)
I still use venerable WNDR3800s (15 years old now) as APs. (I had about 30 left over after the make-wifi-fast project ceased) They do 300Mbit, no binary blobs, have good range, stay up forever (I know of people with 3+years uptime), and are the best known fq_codel implementation across the board.
Elsewhere I kind of gave up on an all-in-one unit for gbit+ networking and went with the evenroute pro (sadly deceased, but the company was VERY good about upgrading their userbase to mainline OpenWrt) - but any x86
Rolled my own in the 90s. (Score:2)
Back in the late 90s I put together some clunker PC running freebsd and ran my own firewall software on it. Was a total necessity as we were only allowed one ip address to the real world.. i think its because I didnt want to pay for multiple IP addresses, so the firewall was the best option. It did everything I need, including protecting us from stupid "drops" attacks (Ive forgotten what theyre called), that people used to perpetrate on each other.
Router Separate from WiFi (Score:5, Informative)
Connected directly to your outside ethernet (cable modem or, if you're lucky and have fiber, ONT), get a lightweight router/firewall.
I got a Nanopi R5C, which is equivalent to a Raspberry Pi with a pair of 2.5Gb ethernet ports (and PCI, not USB). It came with router software, but I just installed my own Linux because I like doing that and already knew what I was doing. This is the firewall and router for the whole house. Every IP address in the house is handed out by the DHCP server on this box. It consumes something like 5W when running, though I haven't measured it.
Connected to that, I have an ethernet switch running cables to various things that are directly wired.
For WiFi, you can often connect the switch to a LAN port instead of a WAN port and turn off the DHCP server on the WiFi router, and it will just bridge the ethernet network. In my case, I got two Unifi access points and installed them on opposite ends of the house, configuring them to just connect the ethernet to the WiFi after handling the encryption.
You could combine the firewall/router, switch, and WiFi into fewer devices, but I really like isolating the functionality, and the system has been incredibly stable.
Costs:
NanoPi with case: $80-ish
Switch with PoE: $65-ish (8-port TP-Link with 4 PoE ports)
Unifi Lite access points: $120-ish each
And electricity here is expensive, so every 1W of continuous power costs me over $2/year, so the above keeps the power consumption low.
OpenWrt and Banana Pi (Score:5, Interesting)
The Banana Pi BPI-R3 [banana-pi.org] is a fantastic piece of hardware (there are a thousand reviews and articles on it, so just google it), and in conjunction with OpenWrt becomes a great roll-your-own router. Technically it is a development board, but this actually is a benefit since they throw in a lot of extras. For example, for storage it can use any one of its built in 8gb emmc, NAND flash, NOR flash, or a microSD card slot. It has USB 3 and PCI (m.2 or can be adapted to use mini PCIe) for expansion.
You can get BPI-R3 board in complete kits with board, case, antennae, cables, and power supply on Ali Express, or you can do any combination of your own premium pieces. The SoC and networking is all Mediatek, which works very well with OpenWrt and Linux. Mediatek offers a lot of hardware offloading capability in their chipsets and OpenWrt can take advantage of that. Not that the board needs it, since it has quite a bit of horsepower. In addition to being my router, it is a full home server. DMCA media server, Syncthing file sharing server, VPN server, VPN client so I can put my whole home network on a commercial VPN when desired (or any piece of it), and it's half of a custom tcpip-over-http tunnel server so I can access anything I want from work (where I live behind a draconian firewall/proxy).
I have been using Banana Pi router boards since the original. Once or twice they made poor decisions, but for the most part they have been fantastic and I have a BPI-R2, BPI-R64, and BPI-R3 all in current use for different things. Before the R3 I wouldn't have recommended them for general use - they were experimenter's and hacker boards and needed extra bits (wifi PCIe board from AsiaRF, for example). But the R3 is a very mature and complete system and very easy to assemble and use. I can't say enough positive things about it.
Uhm . . . (Score:2, Informative)
If you're going to a bunch of trouble to get something you want, getting it from Red China where every company has to be at least an indirect, if not direct, puppet of the communist party, doesn't seem a good starting place.
I got a banana 4 to build a mythtv due to the unavailability of raspberry pis a while back.
I'm certainly not going to let something on my network with a ChiCom approved release, so their own was out of the question.
I couldn't get Raspberry pi os to boot at all, but I could get Armbian ru
Re: (Score:2)
I'm having a hard time (Poe's law and all) telling if you're a serious idiot, or a troll. I suppose the answer is the same in either case.
I'm not sure where exactly to start - usually I start with the richest "oh my God he can't be serious" statement and go from there, but there are so many to pick from.
#1) "I'm not bothering to try to finish; I'm simply going to get a raspberry."
You do realize that many Raspberry Pi's are made in China? And so are a lot of the chips on the board.
#2) "If you're going to a
It depends on your definition of "trust" (Score:5, Insightful)
Open source software, running on a linux box, is well respected and trusted by many. But like all software, it's imperfect.
High end industrial grade routers are trusted by companies with a lot to lose if things go wrong. But like all software, it's imperfect.
The term "roll your own" implies writing the software yourself. While this might be a fun hobby, it's definitely not easy, and the result will most definitely be imperfect
Yes, obviously (Score:2)
Easy way: pfSense or OpenWRT.
Harder way (I use that): Full Linux PC with 2 or more network cards and native firewall. I also have an incoming and outgoing email relay (postfix) on that box, a subversion server (this is a pre-git setup and only I use it) and some RAID6 storage. The box is a pretty much historic Phenom II, but it is entirely enough for gigabit Internet and the only thing that broke so far was one network card.
The nice thing about pfSense or OpenWRT is that you do not need to know a lot and do
You Have a Number of Options (Score:2)
Re: (Score:2)
I am using a similar box and it works great. I am running FreeBSD and I use powerd to keep the CPU throttled down and thus reduce the power consumption. Mine has a quad core Atom chip so the wattage is already pretty low. Maybe not as low as an ARM or something like that but I have plenty of horsepower to spare for named, dhcpd, ntpd, and any number of live monitors running on the screen for my entertainment.
Yes, I agree that an Atom-powered CPU is adequate, if you don't need WiFi in the router (based on my own experience).
Perhaps the biggest load on my homebrew router might be the added 3rd party OSS monitoring software (based on loads of Python & Perl scripts with a Web frontend) that I run to monitor system performance. In my case, a quad core Pentium-based SoC (Intel 3710 series) that never gets above 1 percent.
Only benefit of that SoC over Atom might be the implementation of Intel RAPL power use featur
Google Wifi (Score:2)
I have a Google Wifi router. It comes in the shape of a circle, so I literally can roll my own router.
Re: Google Wifi (Score:2)
iptables (Score:3)
Personally I've always used a standard linux distro and kept a handful of tc/iptables commands for masq and some port forwarding in rc.local. pfSense is good if you want something more turnkey /w a UI to manage it. The ability to export/import configuration backup files is nice if you ever need to replace the storage storage/system but with something like that can't really use it for much else.
If control is your only goal it is easy (Score:2)
Yes you can get a mini PC with a WiFi adapter and an extra Ethernet port to build your own home router. PFsense or OPSense will work. However there are caveats. That setup will require more power and space. The WiFi part of it is not very robust. Sure you can connect a few devices with it but if you start needing more devices on your WiFi that adapter was designed to be a client not a server. Unfortunately WiFi router support is weaker than Ethernet when it comes to open source.
PFSense for example has many
Use a NUC? (Score:2)
Add a USB LAN dongle, load Linux, and you are good.
Re: (Score:2)
2012 or 2014 Mac mini, same thing, load Linux and USB Ethernet dongle or even USB wi-fi.
That might be the best use for one of the 1.4 GHz 2014 minis.
Re: (Score:2)
I use a NUC-like PC for my firewall. I also have a managed switch that everything plugs into. Thanks to Linux support for 802.1q trunking, I can do both the wan and lan side of the equation with one ethernet port. No need for a USB LAN dongle in this case, and the shared gigabit ethernet cable is still way faster than the internet is here, so I don't notice any bandwidth hit.
Re: (Score:2)
I use a NUC-like PC for my firewall. I also have a managed switch that everything plugs into. Thanks to Linux support for 802.1q trunking, I can do both the wan and lan side of the equation with one ethernet port. No need for a USB LAN dongle in this case, and the shared gigabit ethernet cable is still way faster than the internet is here, so I don't notice any bandwidth hit.
So a "firewall on a sticker" eh? As an ex-pro router jock & security dude I remember or even encountered the downsides to "lollypop routers".
What happens when you need to suddenly pull that Ethernet connection to the Internet? Dig through the cables on the switch?
Most NUC-like devices now come with 2 Ethernet ports. Some are even 2.5 Gbps ports.
I still like to separate out the Internet physical port from other ports on my homebrew router. The Internet cable is a totally different color than house cables
Re: (Score:2)
Shrug. Just saying that a single port can work pretty well in many instances. Network trunking and VLANs are definitely worth learning about in a home network and very useful in other situations as well.
This firewall will fail and be replaced long before gigabit internet arrives here. It's a distant dream, really. We've only recently hit 100-150 mbit mark. Maybe we'll get gigabit within the decade. I think starlink will be at 150 mbit for a while yet. Besides that if you think a commercial home router
Can he? Yes. Will he? No. (Score:2)
If the concern is *ACTUALLY* that there are back doors then he can't trust any existing product our there, proprietary or open source binaries. So everyone that's suggesting existing products wasn't paying attention.
A person *COULD* use an open source product. But again, if the concern is back doors then they need to download and inspect the code and then compile from the inspected code. Or a person could build from the ground up.
But if a person's concern is that their firewall has back doors, then are t
Silicon Spies (Score:2)
"My goal is to have a firewall that I trust," writes Slashdot reader eggegick, "not a firewall that comes from the manufacture that might have back doors."
Do you plan to fly to China and review the chip blueprints and supervise the manufacturing of the hardware, too?
Raspberry Pi (Score:3)
This is a perfect project for a Raspberry Pi. You can run OpenWRT [openwrt.org] and Gargoyle [gargoyle-router.com] on the device. It's also possible to extend the functionality of the router by including squid cache [squid-cache.org] and pihole [pi-hole.net].
Trust for *what*? (Score:2)
Holy shit yes! (Score:2)
Take that, "Betteridge's law of headlines," hahaha!
Duh (Score:3)
A consumer router is just a crappy computer built to cost. Any computer can be a router.
SmoothWall 3 (Score:2)
I used to have a heck of fun running SmoothWall 3 (aka "Express"). ;(
Their website is still up but last release appears to be 10 years ago.
Easy enough (Score:2)
I did exactly that for a long time until decent ready-built hardware came out that'd take DD-WRT or equivalent with no fuss. The main requirement is a motherboard with 2 Ethernet ports and Wi-Fi built in, or one with enough slots to bring it up to 3 Ethernet ports: 1 for the WAN connection, 1 for wired LAN, 1 to plug an access point into. Any mITX or mSTX board should do. Small cases are easy to find, lots of them for media center PCs are perfect. The annoying part is that most of them aren't designed to do
Re: (Score:2)
OpenBSD (Score:2)
I've used OpenBSD for many years and it works great. The box is an old core2 duo and uses 30 watts of idle power with an ssd. For wifi I bought an old Ubiquiti access point because ebay is flooded with them when official support ends. It acts as a bridge and my dhcp server handles the rest. It runs on power over ethernet so you can place several around the house if you have signal issues.
Linux Router Project? (Score:2)
I'm surprised no one has mentioned David Cinege's Linux Router Project yet (LRP [linuxjournal.com]), as it would be ideal for this task.
It fits on a single floppy and will run like a champ on any Pentium class machine with 12-16MB of RAM. If your mobo has PCI slots, I would splurge on a couple of 3c905-TX (one of WAN, one for LAN, rock solid 2.0.36 module) and you're all set! I even run the Junkbuster proxy on mine.
Take Control of Your Network (:-)) (Score:2)
Quoting straight from bufferbloat.net at https://www.bufferbloat.net/pr... [bufferbloat.net]
When you're fiercely independent you use... (Score:2)
I've been using pfSense for right at 19 years now, since version 1.2. That said, the project is now "owned" by Netgate and they're doing "okay" providing a community edition whilst also commercializing the product. I think they've done some good and some bad overall. That said, pfSense is the firewall/router you really do want to use. They make it easy. The FreeBSD core OS makes it solid and bulletproof. Yes, even better than Palo Alto, Checkpoint, DEFINITELY Fortinet, and Crisco (which I will not use
What's a good mini PC to do it? (Score:2)
Re: (Score:2)
This was Google-able almost 25 years ago... (Score:2)
In 1999, wanting to share my 1.5 Mbit DSL line among 10 friends coming over for a LAN party, I cobbled together a router from a cast-off Pentium 100 with 32 MB of RAM, two $20 16-bit NIC cards and a 10-Mbit 16-port Netgear hub bought at Fry's, and Debian LINUX. And I followed instructions found with this new Google search engine. It worked for 2 years before replacing it with a "real" router.
Isn't this a Jr High School computer project now?
Re: (Score:3)
The one thing that decided pfsense for me over opnsense was the availability of onboard adblocker in the form of pfBlockerNG which there wasn't an equivalent to at the time, I should check if that changed as I did like opnsenses overall interface better.
Re: (Score:2)
Re: (Score:2)
Sure but from my pov why bother with 2 devices and two interfaces and have to handle all the routing and firewall between them (which isn't difficult to be sure) when I can have an all in one solution that does the same thing. It's not like pfSense is some obscure unmaintained thing, I am not really sacrificing anything sticking with it.
Especially considering that even though my SBC is an older i5 CPU that means it is barely breaking a sweat being a router, it has plenty of headroom for other tasks.
Re: (Score:2)
Re: (Score:2)
Sure I might look into it and try setting it up on a second device because I am not as confident with virtualization but it's still more complicated.
I did pfSense on bare metal because it was dirt simple and that fits my level.
Re: (Score:2)
Re: (Score:2)
Seconded for the Mikrotik recomendation, though I prefer Ubiquiti APs and MT switches (just stay away from SwOS). OTOH, Mikrotik routers work great too. Not as flexible as Linux used as a router, but pretty good.