Custom Built Home Router

The network is the forum.

Moderators: Steel, notfred

Custom Built Home Router

Postposted on Sat Nov 26, 2011 9:39 pm

Hello Gerbils,

I'm upgrading my home network setup to gigabit speed and while searching for a new gigabit router I've been considering several options. I've used a WRT54GL with Tomato for quite some time and have enjoyed the rock solid performance and the ability to tweak the configuration to suit my needs. In searching for a similarly inexpensive router with wireless N, gigabit LAN, and custom firmware support I found this for 70$, which seems like a good replacement.

But I've been thinking about putting together a more sophisticated solution in order to run something like Smoothwall, Monowall, IPCop, or pfSense. I'd like a small form factor setup but I've been having trouble finding much with enough Ethernet ports. Here's some of what I've found so far...

Supermicro X7SPA-L - Intel Atom Mini ITX board with 2 GigE ports. (Build I'm considering below...)
-Case - Antec ISK 300-150 - $80
-Motherboard - Supermicro X7SPA-L - $200
-RAM - Crucial 2 GB module - $25
-Storage - Kingston 8 GB SSD - $40 (Or appropriate mechanical drive when prices return to normal.
-Gigabit Card - Additional GigE port - $28 (For guest VLAN)
Total $373

MitxPC EKJAD5254LM350 - Complete Intel Atom system with 4 GigE ports - $323
-Normally this costs $270 but I added additional RAM, switched to Intel ethernet over Realtek (I read that it's better, can anyone confirm?), and added a case fan. I'll still need something for storage. Hopefully HDD prices will go back down. With pfSense I could also use a USB drive or a CF card.

Any suggestions are welcome. Anyone built something like this or used any of the operating systems I mentioned? Should I bother with something this complex or just get the Asus router mentioned earlier? Thoughts?
Lonewolf08
Gerbil First Class
 
Posts: 185
Joined: Fri Jan 18, 2008 12:03 pm

Re: Custom Built Home Router

Postposted on Sun Nov 27, 2011 9:52 pm

Can't help with specific parts recommendations, but I can help with a couple of points.

- You definitely want to run with 2 ports, an external and an internal. I've seen various crazy configurations where people try to do it on 1 port either through subnetting (breakable by just changing IP addresses) or different VLANs (breakable by hacking the switch). I would say though don't worry about more than 2, just go with a GigE switch for the internal LAN to increase the port count.

- Intel NICs are definitely better than Realtek ones. First of all they are (and have been for ages) very well supported by any OS you run whilst the more recent Realteks tend to get support added late. Secondly they support all kinds of CPU offload functions and they do work, anything from various interrupt moderation strategies to TSO and such, compare this with the Realteks which have various comments in the Linux source about brain-dead design. Finally they are pretty much bullet proof whilst you tend to get flakiness on Realteks.
notfred
Grand Gerbil Poohbah
 
Posts: 3775
Joined: Tue Aug 10, 2004 10:10 am
Location: Ottawa, Canada

Re: Custom Built Home Router

Postposted on Sun Nov 27, 2011 10:15 pm

Have you considered a Soekris device + m0n0wall?

I've been running m0n0wall on a net5501-70 (which has 100 Mbit/s ports) for about 3-4 years now and it's been rock solid. The net5501 uses only a few watts at the plug. I've got m0n0wall installed on flash, so there are no moving parts at all. If you really want gigabit ports, the new net6501 has those. I think you could easily get by with the cheapest net6501 (the -30 model) which is $346. Yeah, it seems a bit pricey for what you're getting, but it's just solid purpose built hardware. If you're just using it on your broadband connection and don't need the gigabit ports to the outside world, you could easily get by with the 5501-60 for $253.

I'm a huge fan of the Soekris hardware. Small, fanless, and rock solid.
Home: 650D, X750, Sabertooth Z77, 3770k, H100, 16G, 840 EVO 500G, 830 256G, GTX 780ti, U3011, Linux, Windows 7
Work: Arc Midi, 650TX, P8Z77-V LK, 3770, 32G, 830 128G, 2x1TB, NVS 295, 2xU3007, Linux
esc_in_ks
Gerbil
Gold subscriber
 
 
Posts: 58
Joined: Sun Nov 08, 2009 4:55 pm
Location: Kansas

Re: Custom Built Home Router

Postposted on Sun Nov 27, 2011 11:50 pm

I wouldn't bother unless the router-PC has additional functionality like downloading/torrent seeding/file serving/email/web server. Otherwise imo you spend way too much for what you get versus a regular old router.
MadManOriginal
Graphmaster Gerbil
 
Posts: 1463
Joined: Wed Jan 30, 2002 7:00 pm
Location: In my head...

Re: Custom Built Home Router

Postposted on Mon Nov 28, 2011 9:10 am

notfred wrote:- You definitely want to run with 2 ports...
- Intel NICs are definitely better than Realtek ones...

I do security as my day job, so I definitely won't be making that mistake ;). And thank you for the confirmation about the Intel NICs.

esc_in_ks wrote:Have you considered a Soekris device + m0n0wall?

I hadn't, didn't know about them actually. Thanks, I'll take a look at their products.

MadManOriginal wrote:I wouldn't bother unless the router-PC has additional functionality like downloading/torrent seeding/file serving/email/web server. Otherwise imo you spend way too much for what you get versus a regular old router.

If I go with pfSense I'd be planning to add IDS and VPN setups to the device, but what you're saying is probably still true. I guess I'm mostly looking for a fun new project and to try out some of the operating systems I mentioned. I may end up spending the money on a workstation refresh and going with the ASUS instead though.

Thanks everyone for the input.
Lonewolf08
Gerbil First Class
 
Posts: 185
Joined: Fri Jan 18, 2008 12:03 pm

Re: Custom Built Home Router

Postposted on Mon Nov 28, 2011 9:25 am

Lonewolf08 wrote:
MadManOriginal wrote:I wouldn't bother unless the router-PC has additional functionality like downloading/torrent seeding/file serving/email/web server. Otherwise imo you spend way too much for what you get versus a regular old router.

If I go with pfSense I'd be planning to add IDS and VPN setups to the device, but what you're saying is probably still true. I guess I'm mostly looking for a fun new project and to try out some of the operating systems I mentioned. I may end up spending the money on a workstation refresh and going with the ASUS instead though.


MadMan got me thinking about this too, and I have a question for all you networking security types. There are allot of off the shelf routers with firewalls which you can configure (somewhat) but don't offer too many options. Is it possible to set up iptables on Linux or pfSense on one of the BSDs and get better protection than what you get from those commodity routers?

Not to confuse things, is there any foreseeable problem with running a router which is say 3 or 4 years old and no longer updated by the manufacturer?

Sorry Lonewolf08, not trying to thread-jack you. Some of this information might prove useful in justifying your build.
FDISK /MBR
Dirge
Gerbil Jedi
 
Posts: 1554
Joined: Thu Feb 19, 2004 3:08 am
Location: New Zealand

Re: Custom Built Home Router

Postposted on Mon Nov 28, 2011 9:44 am

You might also want to consider running Untangle. There is a free version and I love it. It's requirements are a little steeper than some of the others like Smoothwall. However, it is the general consensus on the Untangle forums that a dual-core Atom with proper (Intel) NICs is perfect for a home user. So, if you do want to consider Untangle you are going to want to step up from that D410 to a D510.
Fun: 3.333GHz Ci7-980X EE 6C/12T | 24GB | 2xEVGA GTX 480 SLi 1.5GB
Fun 2: 3.60GHz Ci5-680 2C/4T | 12GB | EVGA GTX 460 SC 1GB
Work: Dual 2.0GHz Xeon E5-2650 16C/32T | 32GB | PNY Quadro 600 1GB
Work-M: 3.066GHz C2DM T9900 2C/2T | 8GB | Quadro NVS 160M 256MB
P4Power
Gerbil
 
Posts: 85
Joined: Fri Oct 01, 2004 8:28 am

Re: Custom Built Home Router

Postposted on Mon Nov 28, 2011 9:45 am

No worries Dirge. Lots of people use custom firmware in place of the vendor supplied firmware for exactly that purpose. For example, I know Tomato allows you access to the IPTables rules so you can configure them to your liking and is updated more often than the stock Linksys firmware. This won't necessarily make you more secure, see next paragraph, but it does allow for more customization. I'm a beginner when it comes to IPTables, but I know you can configure some pretty sophisticated rules like connection attempt limits within a certain time limit or, with cron, time based rule-sets.

Consumer grade routers almost always (AFAIK) operate in a deny by default posture and only allow inbound traffic to your designated port forwards or established session traffic. This is usually enough for most home users. Upgrading to something like pfSense allows you to add Intrusion Detection functionality which allows the router to recognize attack patterns based on an attack signature database and block offending IP addresses accordingly.

pfSense also has plugins for things like content filtering, proxy services, and other security services allowing you to build an open source, low cost UTM appliance. At the end of the day , I'm still talking about 300$ though so I'll need to confirm it with the lady. Like MadMan said it may be better to spend the money on another tech upgrade and keep fiddling with Tomato.
Lonewolf08
Gerbil First Class
 
Posts: 185
Joined: Fri Jan 18, 2008 12:03 pm

Re: Custom Built Home Router

Postposted on Mon Nov 28, 2011 9:47 am

P4Power wrote:You might also want to consider running Untangle.

Nice, I'll check this out too.
Lonewolf08
Gerbil First Class
 
Posts: 185
Joined: Fri Jan 18, 2008 12:03 pm

Re: Custom Built Home Router

Postposted on Mon Nov 28, 2011 10:03 am

Hey Lonewolf08 thanks for that info. You seem to like pfSense, is it what you are used to working with or more configurable?
FDISK /MBR
Dirge
Gerbil Jedi
 
Posts: 1554
Joined: Thu Feb 19, 2004 3:08 am
Location: New Zealand

Re: Custom Built Home Router

Postposted on Mon Nov 28, 2011 10:19 am

No, just what I've done the most reading about lately while considering building my own router. This guide gave me the idea. I have enjoyed tweaking my current setup and have been thinking about something that would let me do even more.
Lonewolf08
Gerbil First Class
 
Posts: 185
Joined: Fri Jan 18, 2008 12:03 pm

Re: Custom Built Home Router

Postposted on Mon Nov 28, 2011 6:56 pm

I just realized I didn't mention that I'm using that exact SuperMicro motherboard in my other dedicated machine, a FreeNAS storage server. I've been happy with it, too, been running 24x7 for around a year or so. One nice feature is the USB slot on the motherboard that you can directly plug a USB stick into. I have FreeNAS installed on that. With a small 80 Plus power supply and three WD Green drives, it's pulling around 25W at the outlet which isn't too shabby at all.

(Plus a WRT54GL running dd-wrt, a few desktop machines, a couple of laptops, multiple switches, ... I'm starting to think I may have a problem/addiction. I promise I'll stop when I have to start hiring contractors to help me.)
Home: 650D, X750, Sabertooth Z77, 3770k, H100, 16G, 840 EVO 500G, 830 256G, GTX 780ti, U3011, Linux, Windows 7
Work: Arc Midi, 650TX, P8Z77-V LK, 3770, 32G, 830 128G, 2x1TB, NVS 295, 2xU3007, Linux
esc_in_ks
Gerbil
Gold subscriber
 
 
Posts: 58
Joined: Sun Nov 08, 2009 4:55 pm
Location: Kansas

Re: Custom Built Home Router

Postposted on Mon Nov 28, 2011 7:25 pm

i'd go with the supermicro build the prebuilt system you have linked uses a jetway motherboard. i work at a system builder and when we're used them in the past we had a 70% failure rate of the box on Jetway products. Supermicro is rock soild we use their products for our High Performance Compute Clusters.
MCP MCDST MCSA MCTS MCITP
A+ Net+
Intel Core i7-950 Intel DX58SO Mobo 6GB Corsair XMS3 Tri-Channel BFG Geforce 260 GTX
2x 160GB Seagate HDs RAID 0 2x 500GB WD RE3 HDs RAID 0
Built 40K+ systems and still counting
EV42TMAN
Gerbil
 
Posts: 39
Joined: Fri Jun 10, 2011 11:50 am

Re: Custom Built Home Router

Postposted on Mon Nov 28, 2011 8:23 pm

As Madman points out dropping all that money on something that's going to be a router for just a tiny network is a bit crazy unless you're going to get it to do a lot more than just IDS and VPNs. Not that this is difficult as there are linux distros like Zentyal and Clarkconnect that offer all the firewall stuff as well as file sharing, web, email, ftp, voip, IM, proxy etc etc.

Of course the drawback with these distros is that they can sometimes be fiddly to modify outside what their makers intended as they don't always do things the "standard" linux way.

You've also got to ask yourself just how interested you are in all this other stuff too.

One other thing to consider is that you're proposed machine is WAY more powerful than it needs to be even though it's pretty much the slowest new machine you can find. You could use virtually any old PC dating back to Pentium II days. And I'm only drawing the line there because any older and you might well need an AT keyboard or some other exotic bit of kit. What you saved in build money would eventually be spent on extra electric, but who's to say you won't get bored of fiddling with iptables after a couple of years and go back to a normal router :wink:

I think that for a hobbyist part of the beauty of the linux firewalls is bringing dusty old hardware back to life, that could just be me though :oops:
Fernando!
Your mother ate my dog!
cheesyking
Minister of Gerbil Affairs
 
Posts: 2284
Joined: Sun Jan 25, 2004 7:52 am
Location: That London (or so I'm told)

Re: Custom Built Home Router

Postposted on Mon Nov 28, 2011 10:24 pm

I just installed a WR1043ND which I flashed with OpenWRT. I think it would be appropriate for your purpose. Lots of performance to run Snort. USB port for extra storage to dump log files to. I also have a WL-520gu kicking around which I ran for years so I think you'd be happy with an ASUS unit as well.

If you want to go more DIY, then Soekris or Alix boards are good. Concerning software, Zeroshell might be interesting to you.

http://soekris.com/
http://pcengines.ch/index.htm
http://www.zeroshell.net/eng/
A novice asked the master: "What is the true meaning of programming?"
The master replied: "Eat when you are hungry, sleep when you are fatigued, program when the moment is right."
-- The Tao of Programming
bigfootape
Gerbil
 
Posts: 12
Joined: Wed Jun 18, 2003 12:43 pm


Return to Networking

Who is online

Users browsing this forum: Yahoo [Bot] and 1 guest