bit-tech.net

Build your own Router

Foreword

by Brett Thomas

Here at bit-tech, it's easy to get lost in the shuffle of bigger, faster, better hardware. Upgrading is great and all, but it leaves us with one very big problem - what do we do with all those spare parts?!

Months ago, we gave our resident Linux zealot supporter Ken Gypen a spotlight to show you how your old hardware could be turned into a low-power and high-utility home server. Since that point, we've had numerous ways to expand the use of both the server and Linux in general in your home, and it's really come down to what we wanted to cover next.

Now, we've covered tweaking, we've covered the command line and we've even covered wireless. But we've ignored one of the top selling points of Linux - security. After all, if you already have a full-fledged Linux server, you can easily replace that hardware router cluttering up your desk!

Of course, setting up a home router is not everyone's cup of tea - but it's not just about this project. Today, Ken is going to introduce some of the most powerful security and networking tools to allow you to start building an entire home or SOHO (Small Office / Home Office) network from the ground up with security in mind.

Some of this gets very, very complex. Parts of it, for the sake of getting you a working project to aim towards, have to be condensed to the point that they're almost "cut and paste this into your terminal." Consider this the Linux Wired Networking 201 - we're going to use this as the building block to some pretty advanced concepts in the future, including building an entire house-wide media network. We'll also cover (in a separate article) parts of what the more "glossed over" parts really do. Of course, you're always welcome to ask in the forums and get an edge on the next set of tutorials!

All set? Then strap in and get ready to learn about networking as we build a home router from scratch that will put "out of the box" networking to shame. Get to it, Ken!

Introduction

A lot of people have been building their own home servers based upon Ubuntu, a user friendly Linux distribution. The brave souls among them even tweaked some bits on their completed builds. Now, it's time to take it a step further.

Does this look complex?  It's not!

Does this look complex? It's not!

In this next article we'll be adding a bit of functionality to our server, transforming it into a router with an integrated firewall. But of course you can also build a entirely new box for it, like I did. I used a minimal Debian install so I could start with a fresh system.

Due to the complex nature of iptables, the package that controls all the routing and filtering goodness, it will be required to have some basic knowledge about all the CLI capabilities on offer in Linux. Because all the iptables rules and settings will be entered through commands, a BASH script will be used to define the configuration.

Aren't you glad we covered all of that previously?

Hardware and network configuration

Before we can start coding our own router, we need to build it hardware-wise. If you already have the home server built from our first article, you're most of the way there and you can ignore the next paragraph.

The requirements for the system are next to none. Linux based routers have been running on (passive) 80486 or the first generation of Pentium 120 processors for ages. Memory requirements are equally minuscule, requiring next to nothing for RAM. If the system is able to boot the OS, it'll be able to perform the routing duties. This is because routing and filtering is a part of the kernel, the core of the system.

Because we will be routing between two networks, we'll require two different network interface cards (NICs) in the system. One card will be connected to your cable modem and will be attached to the external network. The other one will be connected to the internal network through a switch or hub.

For the convenience of the LAN users, we'll also add a DHCP and a DNS server to the router. With this handy little addition, you won't be required to remember all of the IP addresses of your internal systems in the future - just their host names. There's also an added advantage when you go to add more systems in the future.