1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Building my own router?

Discussion in 'Networking & Security' started by Kantastic, Jun 2, 2012.

  1. Mindweaver

    Mindweaver Moderato®™ Staff Member

    Joined:
    Apr 16, 2009
    Messages:
    5,270 (2.60/day)
    Thanks Received:
    2,748
    Location:
    Statesville, NC
    I like my atom boards, but why not use something like Raspberry Pi? :toast: you could use 1 usb network adapters and onboard for both connections. :toast:
     
    Kantastic says thanks.
    Crunching for Team TPU
  2. acerace

    acerace

    Joined:
    Sep 13, 2011
    Messages:
    252 (0.22/day)
    Thanks Received:
    57
    Location:
    Malaysia
    Honestly, I kinda like this project. :D
     
    remixedcat and Kantastic say thanks.
  3. Aquinus

    Aquinus Resident Wat-man

    Joined:
    Jan 28, 2012
    Messages:
    6,501 (6.45/day)
    Thanks Received:
    2,200
    Location:
    Concord, NH
    That is actually what I wanted to do with my RaspberryPi once Newark gets their ducks in a row and ships it. :mad:

    A clean Ubuntu server install along with netfilter/iptables, dhcp, and bind you should be able to setup a router fairly quickly if you have some experience configuring dhcp and bind on linux, and even bind isn't necessary unless you want to run DNS locally but I would start with DHCP and netfilter.
     
    Kantastic says thanks.
  4. bpgt64

    bpgt64

    Joined:
    Oct 5, 2008
    Messages:
    1,451 (0.65/day)
    Thanks Received:
    193
    Location:
    ATL, GA
    I would check out pfsense, its a freebsd off chute that is incredbly customizable. The qos feature set is pretty incredible..
     
    Kantastic says thanks.
  5. v12dock

    v12dock

    Joined:
    Dec 18, 2008
    Messages:
    1,595 (0.74/day)
    Thanks Received:
    319
    +1 for pfSense its a rock solid OS I prefer it over my old DDWrt router

    I am using a P4 @ 1.5 Ghz with 384mb of ram. I have no problems routing with those specs.

    I also have two 10/100 nics for WAN and LAN
     
    Kantastic says thanks.
  6. Kantastic

    Kantastic

    Joined:
    May 12, 2009
    Messages:
    5,156 (2.58/day)
    Thanks Received:
    993
    Sorry guys, this project is officially put on hold unless limiting the upload speed doesn't solve the lag issues, or the almost-5-years-old WRT160N I'm currently using dies. I've limited the upload speed of the 2 computers already, so I'm giving it 3-5 days to see how things are.

    Thanks for all the help & advice.
     
  7. Zen_

    Zen_

    Joined:
    Apr 18, 2010
    Messages:
    494 (0.30/day)
    Thanks Received:
    112
    Here's that MSI Geode board...

    I think this is pretty cool because it has a CompactFlash interface and 2x gbit NICs, and of course mini-ITX is a standard size so you can use readily available cases and PSU's. This seems ideal for use with pfSense or Zeroshell. I know that Zeroshell can also be used as a wireless AP with an Atheros based wireless card.
     
    Kantastic says thanks.
  8. bpgt64

    bpgt64

    Joined:
    Oct 5, 2008
    Messages:
    1,451 (0.65/day)
    Thanks Received:
    193
    Location:
    ATL, GA
    The same for Pfsense. I am running a 801.11g network using a 20 dollar Atheros card from amazon.com. My build's a little more industrial though. I use a 8gb SSD with 2 Gbs of ram, in this kit...

    SUPERMICRO SYS-5015A-H 1U Intel Atom 330 Dual-Core...
     
  9. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,400 (11.53/day)
    Thanks Received:
    9,698
    i used to run PFsense actually, then i got my router with its bandwidth controls and gave up. PFsense is nice, but for the scale of most home users its not worth it.
     
  10. Zen_

    Zen_

    Joined:
    Apr 18, 2010
    Messages:
    494 (0.30/day)
    Thanks Received:
    112
    It's a nice toy for people interested in networking, and I think as home networks grow there is a need for more sophisticated resource management and security than a $50 wi-fi AP offers.
     
    remixedcat says thanks.
  11. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,294 (5.14/day)
    Thanks Received:
    3,616
    Location:
    Florida
    i was going to actually going to advise maybe a SOC setup like VIA but the geode line as mentioned is a good idea. I honestly forgot it existed. if you feel like wating you could even blow the $30 and try raspberry pi and a switch.
     
  12. Aquinus

    Aquinus Resident Wat-man

    Joined:
    Jan 28, 2012
    Messages:
    6,501 (6.45/day)
    Thanks Received:
    2,200
    Location:
    Concord, NH
    My Pi is on the way, and I was thinking of trying to use it as a router. It's certainly powerful enough to do it (it is more powerful than most routers.)
     
  13. <<Onafets>>

    <<Onafets>>

    Joined:
    Nov 8, 2008
    Messages:
    779 (0.36/day)
    Thanks Received:
    77
    Location:
    Sydney, Australia
    I use Untangled on my P4 box but I'm migrating my config to Smoothwall :) Works excellently and I refuse to touch another home router at my place unless I have a very good reason to do so.
     
  14. digibucc

    digibucc

    Joined:
    May 21, 2009
    Messages:
    4,927 (2.48/day)
    Thanks Received:
    1,495
    exactly
     
  15. Aquinus

    Aquinus Resident Wat-man

    Joined:
    Jan 28, 2012
    Messages:
    6,501 (6.45/day)
    Thanks Received:
    2,200
    Location:
    Concord, NH
    One? If it is acting as a gateway and you want all internet traffic to go through it wouldn't you need two network adapters? One for the external connection to the interwebs and another to your switch and maybe a wireless adapter if you want to broadcast Wi-Fi off of your gateway. If you're only connected to your network with one interface, then the device isn't a gateway, you still need the internet to come in from somewhere.
     
  16. Dippyskoodlez

    Joined:
    Jul 1, 2005
    Messages:
    5,097 (1.49/day)
    Thanks Received:
    238
    Location:
    Kansas City, KS
    Not if you are utilizing NAT(Which may not even be necessary..). All traffic goes through the gateway and is translated out. OS's can handle multiple networks on the same interface. (So very handy when you connect directly to a device and everything is static.)
    i.e.
    IN -> 192.x.x.x:XXYY
    router magic
    OUT-> 24.x.x.x:XXZZ

    (This actually just modifies the IP and MAC headers, using a port table to determine what to replace the MAC with on the LAN.)

    so when a packet comes in it does this: INTERNET-> 24.24.24.24:25505 GW MAC -> Switch -> GW -> GW looks up what port 25505 forwards to -> Changes destination headers -> Switch-> Destination

    Bonus points for guessing the port!
     
    Last edited: Jun 10, 2012
  17. Aquinus

    Aquinus Resident Wat-man

    Joined:
    Jan 28, 2012
    Messages:
    6,501 (6.45/day)
    Thanks Received:
    2,200
    Location:
    Concord, NH
    That doesn't work though because now you have your modem and gateway on the same network. The point of having a gateway is to be able to restrict and redirect traffic to different machines, that defeats the purpose if they can just connect directly to the modem. Also as a system admin, that is a security hole the size of the moon because any traffic that enters you network will already be in your network because your gateway doesn't segregate the two networks.

    So all in all, yeah, you can make it work but if you actually did this in production...
    [​IMG]

    You should never setup a real network like that, it is one thing if you have multiple subnets on the same interface, it is another when you're connecting to a completely different network on the same interface which I'm not convinced will work well if you do get it working to begin with. You really need that 2nd interface dedicated to the internet.
     
  18. Dippyskoodlez

    Joined:
    Jul 1, 2005
    Messages:
    5,097 (1.49/day)
    Thanks Received:
    238
    Location:
    Kansas City, KS
    Really? Have you ever actually configured a switch? I'm talking a real switch, not a hub. The switch sees all traffic from the modem (which will often times only give 1 IP, not multiple) and sends it to the gateway (usually a router for folks), and the gateway sends it out. There won't be any "packet confusion" because you're using a layer 2 switch, not a hub.

    Otherwise, my single switch thats sitting next to me running a whole collection of networks must clearly not be working.

    (You DO have to use an internal network IP, such as 10.10.x.x or 192.168.x.x, because they are not routable over the internet, hence why its not really a security issue. you cannot ping 192.168.34.1 over the internet.)

    The big catch with this configuration would be your router needs to not give out DHCP to anyone but the server, and all your clients have to be directly pointed to the gateway manually. The bigger security threat would actually lie from within your network, not from the internet. For home use, its not really an issue. For a business LAN, you would obviously want to configure it differently, but it would certainly work. Worst case at home would be a laptop connecting and be set to DHCP, and just conflict with your gateway causing your internet to stop working until you fix it.

    Its not ideal, but it would certainly work. Worst case, the ISP's first in line router will start filtering your broadcasts. You would want a switch you can tell not to FWD broadcasts through that specific port.
    [​IMG]

    A second NIC to flow traffic through would only change your available bandwidth (if everything is gigabit, you still have plenty with a single), and you would have the computer filtering broadcasts instead of the switch. The cable modem/DSL modem will never even know a computer is on the same physical network.

    If you were to custom format your IP headers, you could potentially attack the computer from the outside network, by changing the MAC address in the header to that of the client; but discovering it wouldn't be easy, and the computer would just be like "oh this packet isn't for me /trash because it has the wrong IP address." (The internal network IP would negate your ability to traverse the internet for this type of attack.)

    This statement contradicts itself. A different subnet is a completely different network.
     
    Last edited: Jun 10, 2012
  19. Aquinus

    Aquinus Resident Wat-man

    Joined:
    Jan 28, 2012
    Messages:
    6,501 (6.45/day)
    Thanks Received:
    2,200
    Location:
    Concord, NH
    ...and all of this could be avoided by adding a second network device. It just over complicates it. A subnet is just division of IP ranges to determine what hosts can talk to what, where the router handles communication between subnets, I know all of this and I applogize for not explaining myself better, I'm a programmer not an journalist damn it! :p

    The point I'm trying to make is that for the average user, having two interfaces is ideal because unless you really need to forwards ports to a particular machine or do some special routing, sticking with DHCP and having a network that is plug and play is much more preferable to having one where you have to manually configure each host.

    I'm just saying it's not practical unless you're aware of every computer that is going to exist on the network.

    Personally, I prefer to let DHCP manage my static IPs. That way if I have a machine that dual boots, I still get the same IP regardless of the OS or configuration. I like having one place that impacts everything, at least for network management.
     
  20. Dippyskoodlez

    Joined:
    Jul 1, 2005
    Messages:
    5,097 (1.49/day)
    Thanks Received:
    238
    Location:
    Kansas City, KS
    You can* still run DHCP on this network. This is actually how I have my network here set up (for my personal use). My router acts as a wireless extension of my wired network. (I also have some Cisco routers sitting around with a single ethernet port. How do you explain this? :p )

    Every computer on my network is still DHCP. I jsut manually assigned my MAC's in the router to be given X ip address. My minecraft server is still the same IP address even if I boot over into Debian.

    The only real gotchya is making sure you don't get broadcast storms. If you're to the point of having a software router running, it really isn't any more complex. If you can barely handle plugging in a linksys router and getting the defaults running, a software solution is NOT for you regardless of # of NIC's used.

    *with a consumer modem, you just have to restrict it broadcasting its own DHCP.
     
    Last edited: Jun 10, 2012
  21. v12dock

    v12dock

    Joined:
    Dec 18, 2008
    Messages:
    1,595 (0.74/day)
    Thanks Received:
    319
    oh god not packet tracer...
     
  22. Aquinus

    Aquinus Resident Wat-man

    Joined:
    Jan 28, 2012
    Messages:
    6,501 (6.45/day)
    Thanks Received:
    2,200
    Location:
    Concord, NH
    I don't know about your internet, but mine is dynamic and requires DHCP, using static won't work once the DHCP lease times out, because the ISP will try to assign it to someone else. I also don't have a Cisco switch laying around to use and neither do most people. :p
     
  23. Dippyskoodlez

    Joined:
    Jul 1, 2005
    Messages:
    5,097 (1.49/day)
    Thanks Received:
    238
    Location:
    Kansas City, KS
    mid-range switches are configurable. I have a little 26 port NetGear 10/100 with 2 gigabit ports that I can webcfg into. You don't have to have a $1000 catalyst for basic networking configurability. Most people don't have switches laying around at all unless they do networking, though(So you wont be using a soft router anyways..). Old routers can provide this functionality (especially if you can put DD-WRT on it )

    Technically you could also use a hub(with a dual NIC config), but... just no...



    The latest version of Packet Tracer (5.3) is actually really good for learning and planning.
     
    Last edited: Jun 11, 2012
  24. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,294 (5.14/day)
    Thanks Received:
    3,616
    Location:
    Florida
    i do i have a fiber and ethernet switch lying around...............
     
  25. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    2,965 (1.82/day)
    Thanks Received:
    651
    Layer 3 switches
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page