Robuis Posted November 3, 2011 Share Posted November 3, 2011 Hi I am wondering if someone could point me in the in the right direction for setting up a nix home router. My crappy blue box is failing surprise! So I was thinking I could ask if anyone has built, a pc as a router wifi and wired/ using OOS, I have a ubuntu box doing nothing, and have read a bit on how to set up some of it but, not sure where to start in the end I would like to ssh to my box and connect to it via http: so that I have the linux back end, with power, but a clean interface for quick tasks. Quote Link to comment Share on other sites More sharing options...
hexophrenic Posted November 3, 2011 Share Posted November 3, 2011 Untangle would be a reasonable place to start. Also might look into pfSense, m0n0wall, simple iptables for small needs, Astaro...lots of them out there. Quote Link to comment Share on other sites More sharing options...
MR. M Posted November 15, 2011 Share Posted November 15, 2011 Untangle would be a reasonable place to start. Also might look into pfSense, m0n0wall, simple iptables for small needs, Astaro...lots of them out there. Am also thinking about creating a X86 Router and of all the ones out their, I've only heard personal experience with Astaro Security Gateway. So try that one out. Quote Link to comment Share on other sites More sharing options...
flood Posted November 16, 2011 Share Posted November 16, 2011 I've thought about doing this.. but when you factor in power utilization and form factor. It just makes sense to use an off the shelf router with open/dd-wrt Quote Link to comment Share on other sites More sharing options...
95Blackz26 Posted November 17, 2011 Share Posted November 17, 2011 Actually rather than using a full blown pc for this i was thinking of picking up one of those tiny atom/apu based pc's. something you could throw a couple gigabit nic;s in. the only thing other than the old dfi board i got is some hot ass P4's. i was messing around with clear os the other day on a sff dell i got but being that it's got a P4 520 it acts more like a space heater. Quote Link to comment Share on other sites More sharing options...
flood Posted November 18, 2011 Share Posted November 18, 2011 have you checked out the netgate appliances? It's cheaper than a pc, smaller energy footprint. http://store.netgate.com/Desktop-Kits-C82.aspx Quote Link to comment Share on other sites More sharing options...
justapeon Posted November 18, 2011 Share Posted November 18, 2011 There were a lot of linksys routers that had both overheating problems and ps issues. There are a boatload of distributions that will do the job. Do forget to include bsd in that too. There is or was an x86 version of dd-wrt, but I never could get the free version to work right. I think I have openwrt on a machine but it sits in the closet unused for now. It worked great for what I used it for. Worked great n a virutal machine also. If you know how to use iptables, most any decent linux will do. Quote Link to comment Share on other sites More sharing options...
ewook Posted December 1, 2011 Share Posted December 1, 2011 IPcop, zeroshell m0n0wall pfsense etc etc. But turning a deb(based) dist into a fw isn't hard at all. Here's a extremely simple version: #!/bin/sh PATH=/usr/sbin:/sbin:/bin:/usr/bin # # delete all existing rules. # iptables -F iptables -t nat -F iptables -t mangle -F iptables -X # # Enable routing. echo 1 > /proc/sys/net/ipv4/ip_forward # and some good stuff to have enabled.. #no spoofing echo "net.ipv4.conf.default.rp.filter=1" >> /etc/sysconf.conf echo "net.ipv4.conf.all.rp_filter=1" >> /etc/sysconf.conf #no broadcasts #echo "net.ipv4.icmp_echo_ignore_broadcasts" = 1 >> /etc/sysconf.conf echo "net.ipv4.icmp_ignore_bogus_error_responses" = 1 >> /etc/sysconf.conf #more.. echo "net.ipv4.conf.all.secure_redirects = 1" >> /etc/sysconf.conf #echo "net.ipv4.conf.all.send_redirects = 1" >> /etc/sysconf.conf echo "net.ipv4.conf.all.accept_source_route = 1" >> /etc/sysconf.conf #echo "net.ipv6.conf.all.accept_source_route = 1" >> /etc/sysconf.conf # Always accept loopback traffic iptables -A INPUT -i lo -j ACCEPT #yes, you should have fail2ban ;) #/etc/init.d/./fail2ban restart #fix tap0 forwarding etc. #clarify - eth1 internet #clarify - eth0 lan # Allow established connections, and those not coming from the outside iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT iptables -A INPUT -i eth0 -j ACCEPT iptables -A INPUT -m state --state NEW -i eth1 -j REJECT iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow outgoing connections from the LAN side. iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT # Masquerade. iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE # Don't forward from the outside to the inside. iptables -A FORWARD -i eth1 -o eth1 -j REJECT # portforwarding-rules #iptables -t nat -A PREROUTING -i eth1 -p tcp --dport [port] -j DNAT --to [ip:port] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.