Benefits of a Homebrew Router

An anonymous reader writes: Jim Salter has posted an article explaining why it can be a good idea to build your own router, and how he put his together. Quoting: "In the consumer world, routers mostly have itty-bitty little MIPS CPUs under the hood without a whole lot of RAM (to put it mildly). These routers largely differentiate themselves from one another based on the interface: How shiny is it? ... I wanted to go a different route. A lot of interesting and reasonably inexpensive little x86-64 fanless machines have started showing up on the market lately. The trick for building a router is finding one with multiple NICs." Once assembled, the homebrew router blows away even high-end SOHO routers for throughput and performance. "Given that nobody's offering any Internet connections over 200mbps in my area yet, that makes my inner crypto nerd dance with glee. I could literally encrypt every single byte of my Internet traffic, in either direction, without a performance penalty." Of course, it won't do wireless, but you can get separate wireless access points to handle that.

net6501

If you build one out of a Soekris net6501 it'll be the last router you'll ever need. You also have your own choice of wireless cards.

Re:net6501

[alantus]

Overall I've had a positive experience with Soekris devices. However, let me tell you why I won't be buying any more of them:

1. Cases badly designed for cooling. Unless you add a fan, you will have to put the case vertically in summer.

2. Disregard for OS support/integration. These things are supposed to work on Linux and BSD, but when something goes wrong (ie: the device hangs) or the hardware doesn't work as well as it should, they just blame the OS and don't even investigate. They might offer an RMA if its under warranty, but the issues will continue for sure.

3. As soon as their latest device comes out, support for the older ones stops. For example, they promised to add USB boot support for the net5501, but as soon as the net6501 came out, they just forgot about it.

Other minor ones: closed BIOS and the price is not great.

Re:net6501

[ArmoredDragon]

The last router I'd need would be an actual enterprise grade equivalent gigabit layer 3 switch that is fanless and doesn't cost more than about $200. Because of those last two requirements, I don't think I'll ever find one.

Re:net6501

[Kokuyo]

The summary said something about pitiful CPU and memory configurations in router hardware. I just went to the Soekris website... For that kind of money one builds passable gaming rigs not 1.6 GHz with 2 gigs of RAM.

Re: net6501

Ubnt edgerouter

Re: net6501

[iamgnat]

Ubnt edgerouter

I'm a fan of their stuff so I recently picked one up to play with and use as a backup to my Juniper.

While the features are there actually configuring and using them is a PITA that is wrought with frustration if you have any experience with real enterprise level gear.

The biggest frustration for me was it's inability to load full structured (e.g. not a list of set commands) config files from a default configuration. The problem is that rather than wipe the existing config and apply the new one, it does it sequentially and not in a transaction. This causes problems when it realizes that you've deleted the default firewall, but it fails to remove it because an existing interface is still referencing it even though later in your config you change the settings for the interface and remove said reference. In such cases it also leaves the configuration in an odd state as some things get applied and other (even unrelated to errors) aren't.

After 2 months of fighting with it and still not being able to replicate my Juniper config I ended up dropping another $400 on a new Juniper to be my backup/dev router.

I like the idea of the Edgerouters, but they just aren't there yet. At least I'm only out $50 for it though. It certainly has a lot for $50!

Re: net6501

Net6501 is crap.
I have a 5501 and it was already crap. And here is why:
It is largely overpriced.
It has only 1 core and low frequency, and no special functions from good i5 or i7.
Ram is always low for a x86.
Every ethernet is its own device.. So, vlan and bridging happens on the kernel side AKA cpu.

You can easly buy 2 or 3 arm based custom routers for its price, all 4 cores and all with switch chip with vlan support.

Re: net6501

[joao.cordeiro]

Net6501 is crap. I have a 5501 and it was already crap. And here is why: It is largely overpriced. It has only 1 core and low frequency, and no special functions from good i5 or i7. Ram is always low for a x86. Every ethernet is its own device.. So, vlan and bridging happens on the kernel side AKA cpu. You can easly buy 2 or 3 arm based custom routers for its price, all 4 cores and all with switch chip with vlan support.

Re:net6501

[Billly+Gates]

For home use??

Linksys has updated it's WRT54 and does do alot for $200. I have emulators for training myself for a home lab which by 2016 are very decent with pfsense and GNS3 in a VM.

Re: net6501

[UberLord]

So what stops you from putting your own OS in then, as it seems that is where your beef is?
EdgeRouter uses a removeable USB flash stick for storage.

I put NetBSD on mine and updating the config is just like any other NetBSD machine. The NPF firewall is also quick to configure and works well enough for my needs.

Re:net6501

[pnutjam]

I think the procurve 1920-16g meets your needs. I see it on Amazon for less then $200, slightly more on newegg.

raspberry pi about 50$ does just fine.

[anon+mouse-cow-aard]

raspberry pi, usb ethernet dongle, power supply... about 40$. does 30 mbps with full iptables, NAT, dual stack ipv4 and ipv6, speed test is 30 mbps flat out. my isp rate is 30 mbps ... If you have access to > 100mbps great, but outside of google cities isn't that kind of rare? Don't see the point of a 300$ homebrew router. been using a pi for years. have two spares. no moving parts, no fan, low power consumption...

Re: raspberry pi about 50$ does just fine.

I have 100mbps with Comcast.

Re:raspberry pi about 50$ does just fine.

100Mbps at home isn't that rare if you don't live in some backwater country.

Re:raspberry pi about 50$ does just fine.

Our cable ISP just upgraded us to 150/20. I had an old desktop lying around, and power isn't *that* expensive here, so I bought a two-port intel NIC and tried to remember how routing and firewalls worked in FreeBSD. (I'm sure Linux or OpenBSD would be as good, it's just what I happen to know best). It took a few days to get everything working (e.g. getting dhcpd to register the dynamic hostnames with named, not to mention the strange new world of IPv6 delegations), but it was kind of fun.

Re:raspberry pi about 50$ does just fine.

What brand of SD card are you using? Are you doing anything exotic with the logfiles (disabled syslog, redirecting writes to ramdisk?) I've had one Pi run continuously for a year, but it's increasingly looking like an anomaly. I have a depressingly large pile of dead SD cards.

Re:raspberry pi about 50$ does just fine.

I live in a third world country, AKA the USA. Good luck getting 100Mbps, or with such a low cap that you would want to go to something 1/3 of the speed, just so you can watch more then a few HD movies a month.

Re: raspberry pi about 50$ does just fine.

[DuckDodgers]

yeah, me too

Re:raspberry pi about 50$ does just fine.

[gmack]

Not in a Google city but I have 120 mbps down and 20 mbps up. I ended up buying a couple of giabit cards for an HP Pentium 4 desktop with 4 gb ram I had laying around and it manages to easily keep up with the abuse I throw at it.

Having said that, sometime in the future I will replace it with a $100 Chinese Atom mini desktop with 2 ethernet ports just to eliminate the fan noise in my livingroom.

Re:raspberry pi about 50$ does just fine.

Quad Core RasPi, 1 Gb RAM : $35.00 - $25.00 on SALE
Power Supply: Scavenged : FREE 5V @ 2A
100Mbps USB NIC : $5.00
Wireless b/g/n USB Dongle: $10.00
USB Hard Drive @ 750Gb: $45.00
8 Port unmanaged Switch: $15.00

OpenWRT: FREE / DDWRT: FREE

So, I have a router, a NAS, an FTP server, bittorrent, SSH Server, WEB Server, WiFiAP, TimeMachine, RSYNC, all running on a single box, with a power consumption of less than 10W under FULL LOAD.

I've got 4 CPUs, 1 Gb of RAM, a 30Mbps/6Mbps uncapped network connection, a hatred of Comcast, and tons of legal torrents to seed, and the Pi is hardly breaking a sweat.

Sure, it doesn't come in a nice pretty case, but I can replace individual failed components, and even upgrade.

Re:raspberry pi about 50$ does just fine.

[jarablue]

I have fios and live in New England? I can get 300mb with my FIOS app in 2 seconds. Not everywhere is hamstrung by slow speeds.

Re:raspberry pi about 50$ does just fine.

[110010001000]

I live in the US and have had 300Mbps for years, uncapped. Not sure what backwater you live in.

Re:raspberry pi about 50$ does just fine.

Armstrong Cable set us up with a 100 / 10 package over coax, so Google not necessary.

Re:raspberry pi about 50$ does just fine.

[ArmoredDragon]

Pretty much anywhere you get cable you can get at least (but probably more than) 100mbps. Considering that cable is almost everywhere, it's not that rare.

Now if you're stuck with DSL, I'm sorry.

Re:raspberry pi about 50$ does just fine.

[AmiMoJo]

The only issue with the Pi is that some USB ethernet adapters really suck. They suck so much that 30Mb/sec is going to hammer the CPU. Also, BT offers up to 70Mb/sec, and Virgin offers up to 200Mb/sec.

I'd suggest a cheap router. I like Buffalo ones because they are well supported by DD-WRT etc. and even ones that are 5 years old can easily handle routing 100+Mb/sec with QoS and other niceties, as well as being low power. They are designed for the Japanese market where 100Mb was pretty passé these days in 2008. Gigabit switches and WAN ports, meaty processor, plenty of RAM etc and very robust. Probably cheaper than a Pi once you include a case, power supply and two good quality USB gigabit NICs.

Re:raspberry pi about 50$ does just fine.

[alantus]

Sounds wonderful.
Do you count your uptime in minutes or hours?

Re:raspberry pi about 50$ does just fine.

Not sure what backwater you live in.

I can't speak for the other AC... but for me... Michigan. They don't even have > 3Mbps where I live, 10min from the city.

Re:raspberry pi about 50$ does just fine.

Even with DSL you can get high speeds. I get around 70mbps (the connection is only sold for 30mbps which they guarantee, but if your line is good you can get much more). It is much cheaper than cable here so I am happy.

Re:raspberry pi about 50$ does just fine.

If you're 10 minutes from Detroit or Flint, or even Lansing, I'm shocked you can get > 28.8K dialup.

Re:raspberry pi about 50$ does just fine.

[ArmoredDragon]

It's extremely rare to see anything above 40 on DSL though; you have to be lucky enough to live really close to the DSLAM.

I used to live in a somewhat remote area, and was able to get 300mbit on cable for about $80 a month.

Re:raspberry pi about 50$ does just fine.

Nice anecdotal evidence. In Michigan I can get 300Mbps from one cable company, or 2Gb from Comcast.

Re:raspberry pi about 50$ does just fine.

[bonehead]

I live in a tiny, little hick town. It's a 45 minute drive to the nearest town with a population over 1000.

My cable Internet gives me 100Mbps with a 2TB monthly cap,

Re:raspberry pi about 50$ does just fine.

I have a Pi2 as a 24x7 server and in my experience the main problem with this setup is the power supply.

A fully loaded Pi2 will really push it, and the common 5V 2A power supply won't tolerate it 24x7 for too long.

Re:raspberry pi about 50$ does just fine.

[MouseTheLuckyDog]

Except for when you are using your LAN. For example, a NAS.

Re:raspberry pi about 50$ does just fine.

When Raspberry Pi supports PCIE modules I'm all for it.

Everything is on the USB bus on the PI, which kills bandwidth.

UP SoC shows promise, now delayed until April.

Re:raspberry pi about 50$ does just fine.

[vux984]

Ugh... a pentium 4 is a space heater. :)

Re:raspberry pi about 50$ does just fine.

[gwolf]

The main problem with using an old desktop as a router will be the ongoing, always-on electricity costs. You could have a system with a 300W one. How long until it pays for itself?

Re:raspberry pi about 50$ does just fine.

[gwolf]

What is your experience with such gear?

I have several ARM boards, ranging from the well-known Raspberries (Pi B, Pi 2), Bananas (M1 and M3), Beaglebone Black, a nice packaged computer (CuBox-i), a SmartTV UG007 HDMI stick, even a MIPS Creator CI20. I don't have them all always-on (just three of them), but (barring underpowered power sources, which really suck) don't have any stability issues.

Re:raspberry pi about 50$ does just fine.

> does 30 mbps with full iptables

That's only one big for every 33.3 seconds (1 / (30 / 1000)). There's no way it's that slow. The first modem I used 51 years ago was 110 bps. You're way off on your numbers.

Re: raspberry pi about 50$ does just fine.

You exposed a troll. The Rapberry Ou hatred constantly lie.

Re: raspberry pi about 50$ does just fine.

That mouse cow moron is a long time troll that hates home brew. He constantly spews lies to support Microsoft. I think they are paying him.

Re: raspberry pi about 50$ does just fine.

You have to be a real piece of shit to claim it takes Pi over 30 seconds to transmit a bit, and dumb to think people will believe you.

Re:raspberry pi about 50$ does just fine.

Months. I'm not running Windows, and don't have to reboot every 49.7 days, if it can even reach that long.

The PI is on a UPS, and so far has logged 123 days uptime, 450Gb transfer, backed up my other computers, without any effort from me.

Re:raspberry pi about 50$ does just fine.

get a GOOD 5V @ 2A power supply. I test my supplies with a programmable load to make SURE that 5V @ 2A, is REALLY 5V @ 2A, not 4.35V @ 2A.

1A for the DISK @ max inrush current - motor start/stop , conservative
350mA - 500mA for the PI - idle/full load, no GPU - conservative
300mA for the network adapter, conservative

So, using these numbers, I've got 350mA to spare, more than enough headroom.

I can also simply use a 5V @ 4A adapter which comes with an old USB hub I have.

Re:raspberry pi about 50$ does just fine.

[mlw4428]

What's the internal throughput? Are you still limited to 30mbps?

Re:raspberry pi about 50$ does just fine.

And the result is an equally underpowered system as a stupid NetGear, D-Link or whatever else bullshit. This is the one important device in your whole network. Give it some real hardware!

Re:raspberry pi about 50$ does just fine.

[Blaskowicz]

You may use an underclocked Core 2 Duo or AMD, that'd be much better than a Pentium 4.
Not hard at all to replace the motherboard later but keeping case, power supply, hard drive, (PCIe) network cards.

300W is also not really possible unless you do GPU grid computing, or CPU grid computing on a really overclocked and hot CPU.

Re: raspberry pi about 50$ does just fine.

Linux is attacking Micrisoft from the top with servers and by far leading the way from the bottom end in embedded systems. The only thing they have left is the desktop, so they getting desperate with astroturfing.

Re:raspberry pi about 50$ does just fine.

read only filesystems.

Also, a small SSD HD is used for the "heavy lifting". 60GB on sale for $30, could not resist.

Re:raspberry pi about 50$ does just fine.

4 Cores and 1Gb is under-powered?

Show me a under $200 that has half the ram, even half the cores and a USB port.

I'll wait.

You could use a intel system, and I could just give free money to the electricity company.

Re:raspberry pi about 50$ does just fine.

I live in a large urban center in a city of 170,000 that is attached to other cities which constitute a 10 million person metropolitan landscape.

My cable internet gives me 5Mbps with no cap. Fastest cable internet in town.

Re:raspberry pi about 50$ does just fine.

[Joe_Dragon]

and pci-33 can't do gigabit much less more then 1 card at the same time shared bus.

Re:raspberry pi about 50$ does just fine.

Those things are pretty decent, or too slow (take your pick). But this /is/ a Linux-oriented site, surely the answer is to pick a POS out of the dumpster and put *nix on it... iptables/ipf/pf/whatever ain't that hard to figure out, plus you can use the HD space for backups.

Re:raspberry pi about 50$ does just fine.

[gmack]

Thankfully it doesn't need to do the full gigabit. I managed 126mbps downstream and 20.4 mbps upstream so my connection is maxed so that was all I cared about at the time.

Re:raspberry pi about 50$ does just fine.

[drinkypoo]

and pci-33 can't do gigabit much less more then 1 card at the same time shared bus.

That's OK, he only has to be able to reach 120 Mbps, which shouldn't be a problem. Wikipedia suggests that no P4 chipset had PCI 66 MHz support, which is optional since PCI 2.1 (even in non-PCI-X systems.) The only PCI-X system I've owned was AMD-based, and it also had GigE on 32-bit 66 MHz PCI internally. But maybe Wikipedia is wrong, and it's possible to get double-speed PCI out of a P4. Probably not, though. Using a P4 is a bit insane. I chose a used C2D because it was almost as cheap as a used P4, but came with much lower power requirements — and also with much more RAM. Since even a P4 would have been overkill for the job, a C2D was much moreso, and I wanted to be able to make use of it in other ways which would benefit from additional memory.

Re:raspberry pi about 50$ does just fine.

[boggin4fun]

I couldn't agree more. I use the Pi 2 with a USB wireless adapter (check for compatibility with hostapd before you buy) along with the ethernet dongle as well and I've got all the quiet hardware I need to run my home network. I locked Raspbian down, removed all the X11 GUI related crap, and configured a few other things as well (DNS/DHCP) and now have a rock solid router that has only crashed when I did something stupid. The best part is... it's updated on a regular basics! I started doing this years ago when I finally got sick of having to buy a new router/firewall/nat when a firmware bug came out and the manufacturers didn't want to put out a firmware update. As for bandwidth, I like the low-end packages from an ISP. Living in the US, we are getting surrounded by ISP's that have a bandwidth cap. I think of the upper tiers of Internet packages as a faster way to hit my cap. Lets be realistic though, I want to be able to stream video from Netflix/Hulu/Amazon Prime without buffering at a minimum.

Re:raspberry pi about 50$ does just fine.

[Coren22]

http://www.aliexpress.com/item...

1.8Ghz Celeron with 2 GB ram for 162, should have plenty of room there to throw on a USB flash key for the storage. It also has dual gigabit on board, and is the subject of this story.

Re:raspberry pi about 50$ does just fine.

[Joe_Dragon]

pair bonded dsl, vectoring , g.fast are pushing it up.

Re: raspberry pi about 50$ does just fine.

[jonnyj]

I've run a Raspberry Pi as a server (DNS, DHCP, LDAP, Kerberos, SMTP/IMAP, webmail, MediaWiki) for 3 years with only one restart necessitated by stability issues, when my DHCP server inexplicably stopped dishing out IP addresses and refused to play until the box was restarted.

That's much better stability than our ops guys ever seem to manage in the office.

Re:raspberry pi about 50$ does just fine.

I get 150mbps here at my house, and I live 50 miles to the west of Minneapolis, Minnesota. And for about $100 per month when bundled, and it's not capped.

Re:raspberry pi about 50$ does just fine.

If you don't live in a major city like Chicago or Indianapolis, it's a chore to even get 5 Mbps down anywhere in the Rust Belt - even in towns with populations over 50,000. Beyond the basic package you're looking at some very expensive service.

Re:raspberry pi about 50$ does just fine.

Cox does 100 and 150mbps service here in phoenix. Temporarily boosts to 188mbps... That's not even counting the gigablast which is gigabit service.
https://www.cox.com/aboutus/policies/speeds-and-data-plans.html

Re:raspberry pi about 50$ does just fine.

[Billly+Gates]

Shoot I pay $80 for a 6 meg connection pipe. I hate DSL but Cable forced into a TV package I will not use and a 20 gig cap because they lobbied my local governments to prevent competition.

Re:raspberry pi about 50$ does just fine.

[Billly+Gates]

I live in Houston have get 6 megs a second. It is the only one that does not force an expensive TV package bundled agaisn't my will and a 20 gig cap for an ultra low price at $179 a month. Pfft

Re: raspberry pi about 50$ does just fine.

Go with an older refurbished dual-core (Core 2 Duo) box, you can get them with 90 day or 1 year warranties from NewEgg for about $80, add in a cheap gigabit PCI NIC for the second interface. They'll use about 40-50W idle and 50-60W under load and are fast enough for 500-1000 Mbps with pfSense (more if you don't do a lot of packet inspection).

Nice part about pfSense is that backup is a simple XML file, so if the box dies, you can easily put it on a different PC.

You could spend more to get something that runs in the 10-20W range and still handles 1Gbps of traffic, but the power savings aren't enough to be worth it.

Re:raspberry pi about 50$ does just fine.

Just because the PSU is rated at 300W, doesn't mean the PC is going to draw 300W.

I have an older Core2Duo that uses about 40W idle and 55W under full load. And I got it for $80. It can do 1Gbps of traffic (unless you do a lot of packet inspection rules). Refurbished PCs are cheap and plenty fast enough for home / small business routing / firewall duties.

Re:raspberry pi about 50$ does just fine.

[Gr8Apes]

Well, I had several fun experiences in the US, across multiple states. In one, uverse fiber finally showed, offered 3Mbps up max, went to 5 Mbps for about a year, and today you can maybe get 1 Mbps max up no matter what tier you pay for. People less than a mile away are in FiOS land with 50/50 links. Cable has actually moved to 5 Mbps up max. You get about the same max up on LTE (wireless). A second state has a max 1Mbps up on cable only. A third has max 5Mbps up cable. Uverse hybrid fiber claims a max of 5 Mbps up, but refuses to guarantee it. A third state has TW only with unknown up, although speed tests suggest it is 5 Mbps. A fourth location has up to 500/500 (FiOS again - seems like the thing to have). A fifth has cable at a max of 5Mbps up. Most of these are major metro areas in 4 different states spread throughout the US. So essentially it is luck of the draw of your specific residence as to whether you're in 3rd world connectivity vs 1st world, or just somewhere semi-average barely better than third world and maybe can watch a sub-dvd quality video stream but can't carry on a video call.

My last move considered internet quality as part of the criteria..

Re:raspberry pi about 50$ does just fine.

100Mbps at home isn't that rare if you don't live in some backwater country.

However, in the USA, it is rare...

Re:raspberry pi about 50$ does just fine.

[Dynedain]

So what if the CPU is hit hard? It's a computing device is being used dedicated as a router. It's not like you'd be browsing or compiling on it.

Unless the CPU is a performance bottleneck, then it really doesn't matter if it's under heavy load.

Re:raspberry pi about 50$ does just fine.

FIOS isn't exactly available everywhere in the US. I live in one of the ten biggest cities in the USA and it's not available here.

Re:raspberry pi about 50$ does just fine.

[xQx]

If you're going to do that, you may aswell buy a Banana Pi R1. (Just google it)

Inbuilt wifi, 2x Gig E interfaces, ARM7 processor.

Re:raspberry pi about 50$ does just fine.

[anon+mouse-cow-aard]

As the ISP limits me to 30 mbps, it handles the maximum the link will tolerate, I don't have an easy way to test properly beyond that. During such tests, the pi answers at the command line readily enough, I think I recall doing a top and it wasn't suffering. I did not put a hard disk on it, specifically to reserve USB bandwidth for the ethernet dongle. just the SDCARD. As others have mentioned, you need to be careful with the power supply, and some USB ethernet dongles are crap, but once you get properly equipped it's very reliable. Every couple of months I reboot the cable modem (not the pi..) and my dlink router that is the wifi thing has to get rebooted every few weeks when throughput slows to a crawl. The pi is better than either of them. I'm using the original model B. only 512 MB of RAM, but it's always idle... it is a very internet centric house, we run half-a-terabyte a month through it in a typical month, lots of netflix and gaming for a whole family.

Re:raspberry pi about 50$ does just fine.

[toddestan]

With the right hardware, you're looking at about 30-50W or so if you're going to use an old desktop. The key is to get something new enough that it doesn't draw a lot of power, or something old enough that it doesn't draw a lot of power either. Avoid anything from the P4/Athlon XP era. As someone else mentioned, early Core 2 systems are a good choice. Another one that works well is the Coppermine P3's, some of which were under 10W, though I don't know if a P3 can push through 150Mbps, even more so with only PCI NICs.

Re:raspberry pi about 50$ does just fine.

[dsmatthews9379]

For the same price you can get better network performance from the LinkSprite pcDuino3 Nano,

http://www.linksprite.com/link...

http://store.linksprite.com/pc...

Re:raspberry pi about 50$ does just fine.

[toddestan]

The fact he's got 4GB of ram crammed into suggests that it's one of the later P4's that was LGA775, as it's difficult to get that much ram into a 478 system (and even if you did, I'm not aware of any chipset that let you use more than about 3GB of it). With LGA775, you've got PCI Express, and likely have a gigabit NIC on the motherboard you can use too. While not officially supported by Intel, some of the later Core 2 motherboards would still accept the LGA775 processors. It's actually possible to have a P4 running with DDR3 and a PCI Express x16 2.0 slot.

Unfortunately, the LGA775 P4's are some of the biggest power hogs.

Re:raspberry pi about 50$ does just fine.

Yes, I use linux image from http://www.armbian.com/download/. ramlog defaultly enabled, so a SD/TF-card is enough. Also plug into a 1Gbps hub. Sorry for my English though.

Re:raspberry pi about 50$ does just fine.

[anon+mouse-cow-aard]

duino? How do I run iptables and 6RD on that sucker? Pi is normal Debian, piece of cake.

Re:raspberry pi about 50$ does just fine.

The real power usage of a near-idle desktop computer with a gbit NIC as the only add-on card and a small SSD is not likely to be 300W; at a guess it's more like 30W.

I guess I could rewire a bit and put it on the powerstrip with the Wattmeter...

Re:raspberry pi about 50$ does just fine.

20 gig cap as in twenty gigabytes per month?

Re:raspberry pi about 50$ does just fine.

I live in redding ca. Approx 100,000. Way up north. I have 100mbit cable at my house and it's great. Not even that expensive.

Re:raspberry pi about 50$ does just fine.

[anon+mouse-cow-aard]

Thats about the same thing I do, and my uptime is beter than with the craptastic appliances you can get at your local tech store... and I actually understand what is happenning when it breaks, I can get decent log messages, etc... also my ISP gateway is in a chimney renovated into a closet... brick walls, so the wifi in there does not make much sense, got the house wired for ethernet, and have WIFI APs else where... used normal store bought boxes for those, and those fail a lot... (honey... my tablet is slow!... reboot the consumer crap box... thank! honey...) they are just in bridge mode, and they still get confused after they are up a while. So totally over the packaged all in one junk with the most functionality possible crammed into one box, where a lot of it is done badly, it doesnt really get patched, and the error messages are terrible. What I would like for wifi is something that just bridges wifi to my copper network, just do that right and forget everything else. The other stuff makes it unreliable.

Re:raspberry pi about 50$ does just fine.

[thejynxed]

That is just it though, the RAM and CPU are pretty much ==always== the bottleneck in a routing device. It's one of the few cases outside of hardcore gaming or running data simulations of some sort where the phrase "more is always better" is very apt.

Re:raspberry pi about 50$ does just fine.

[Dynedain]

Depends entirely on the load. If after USB load on CPU and the normal routing load on the CPU are combined and the total CPU load still has room to spare, then load it up and be done with it.

In my experience building routers using X86 hardware in the past, the CPU and RAM were so many orders of magnitude greater than a hardware router that neither was a bottleneck to performance. Even with crappy old hardware useless for any desktop use.

I haven't played with a Raspberry PI, but I wouldn't be surprised to find out it's more than adequate for the task, even with the extra performance cost of USB (gp was warning against the Pi because of the USB hit). It sure is cheap enough to play with and find out :) If it's not up to the task, at least you have a Pi to play with for some other project!

Re:raspberry pi about 50$ does just fine.

[anon+mouse-cow-aard]

banana pi R... 279$ at newegg, I probably would buy it, but at that price... its hard to decide between it and a nuc, or the thing the guy at ars started with... its no longer 5x cheaper, its equal cost for 4 more ethernet ports... but yeah, Id go for that to have a truly open small ethernet switch.

Homebrew used to be about doing better.

Homebrew used to be about doing better than what you could could get off-the-shelf.

In this case it sounds like it's better in some small, useless way, while being far worse in so many others. Now he's got throughput he can't actually use, but is missing critical functionality like wireless support.

I think this decline in the quality of homebrew reflects what has happened to the Linux community as a whole lately. The quality has dropped like a rock. So much Linux software has gotten worse. GNOME 3 looks awful. Systemd and PulseAudio still have caused me nothing but trouble. Firefox gets worse with each release. Wayland is nowhere to be found.

We need to restore the glory of homebrew projects. We need our homebrew projects to be better than the commercial off-the-shelf offerings. We need to not build something that's slightly better, but also far worse. We need to build something that's better in every way.

We need to restore the glory of homebrew projects!

Re:Homebrew used to be about doing better.

[PvtVoid]

I think this decline in the quality of homebrew reflects what has happened to the Linux community as a whole lately. The quality has dropped like a rock. So much Linux software has gotten worse. GNOME 3 looks awful. Systemd and PulseAudio still have caused me nothing but trouble. Firefox gets worse with each release. Wayland is nowhere to be found.

Yeah, Dude. I would never build a homebrew router because GNOME 3 / PulseAudio / Firefox. Those things make Linux routers totally worthless.

Re:Homebrew used to be about doing better.

[rmdingler]

Home grown used to be a reference to some substandard pipe filler. How the times have changed.

Re:Homebrew used to be about doing better.

[LordKronos]

Now he's got throughput he can't actually use, but is missing critical functionality like wireless support.

I personally gave up on wireless support in my router. First problem I was always having was finding a router that had all the features I want. DDWRT is a priority for me, but finding a single device that
1) supports DDWRT easily (ie: doesn't rely on me finding a specific outdated revision of the hardware)
2) is cheap
3) has gigabit ethernet
4) good wireless
5) has a good amount of memory

Getting all of these in one device is difficult. The next problem is that I'd periodically end up with wifi issues. I had issues now and then with different device. Then I got my OnePlus One and the problems got worse. For some reason that device always has connection issues. It would continually get disconnected (so often that I couldn't even backup the videos from my phone via smb...it would always lose connection in the middle and I'd have to start over. It might take 10 tries before a video successfully copied over). I tried 4 different DDWRT routers I had access to (4 different device models from 3 different brands) and had the same issues

The last issue is dealing with power outages. All of my networking equipment is in the basement on a battery backup. When power goes down, I'm able to maintain connectivity and continue working from a laptop without issue. However, locating everything in the basement means I have OK signal on the first floor, and terrible to no signal on the 2nd floor and front/back porch. To resolve this issue I put a 2nd DDWRT device (running as a wireless access point) on the first floor, but unfortunately it has no battery backup.

About a year ago, I decided to change my strategy. I ditched the 2nd device, turned off wireless on the router itself, and bought myself a Ubiquiti wireless access point. This solves a lot of issues
1) Wireless is now one less feature I need to concern myself with on a router
2) It's reliability has been impeccable. In 1 year, it has been rock solid, not requiring a single reset, and it's worked flawlessly (and performed well) with every device I connected it to
3) It's designed to use power over ethernet. It's power supply is plugged in to the UPS in the basement, then the ethernet is patched between the powersupply and my patch panel and through the regular house networking.
4) It looks really nice, so I can actually put it in a very central place in the house without it looking ugly. And at this location, the one device provides exceptional coverage for my entire house and the front/back yard.

Re:Homebrew used to be about doing better.

[DuckDodgers]

I don't think the problem there is the free software community and homebrew, the problem is sucky PC wireless cards and poor Linux drivers. Fixing that isn't trivial.

It would be interesting to try, though. In my area, Comcast's pricing for 150 Mbps down is only $14 per month more than 25 Mbps down. I upgraded my service, then realized my router only has a 100 Mbps port on the WAN side. That's not a huge problem, I lived with 25 Mbps down for ten years. But now I'm looking at upgrades, and I would prefer to do something like this author - but with 802.11ac wireless, too.

Re:Homebrew used to be about doing better.

[ComputerGeek01]

The reason that homebrew projects were so awesome is that they were developed by talented people looking to build out their CV's and earn recognition. Those talented people have now been hired into soul-crushing monotony while their projects have been handed down to those of a more mediocre ability by comparison. Things will stagnate until the next generation of talent hits the labor market and then it will all start over again. Don't worry, your exploitation of those with drive and ambition can resume in another year or two. Until then, you'll just have to find another way to look smart in front of your friends.

Re:Homebrew used to be about doing better.

Holy crap did you even read the article? (Yes - I know - it's slashdot, it's almost required that people not read the articles...).

Wireless gets talked about. 'Critical Fuctionality' - I LOL'ed. Wireless in all-in-one routers is shite 99% of the time without open source firmware.

Re:Homebrew used to be about doing better.

[chispito]

Well, at least he has a reasonable expectation that it won't be completely full of security holes and that he can easily update it when a vulnerability does turn up.

Re:Homebrew used to be about doing better.

DDWRT is not what it used to be. Move on to a OpenWRT, or like what the article[and you have already done to an extent] to a mini-PC running ubuntu server and roll your own iptables FW. Ubuntu SERVER is very lean, fast, flexible as all get out...and it will get security patches VERY quickly. You can install unattended upgrades and set a cron job for it to reboot once a week at midnight to have minimal impact on workflow.

It really is the best value, the best performance, and the most flexible solution out there. As you've seen, it allows for much better wireless devices.[Ubiquity]

Re:Homebrew used to be about doing better.

[DarkTempes]

How was this modded up? I actually thought it was a troll.
A router != a wireless router or even a wireless access point and wireless support is not "critical functionality" for the device.

Anyway, he mentions that he used the much hyped Ubiquiti WAPs to cover the wireless functionality that he lost from the Nighthawk.
Assuming those live up to the hype then he gave himself a) better routing functionality than the previous solution b) better wireless functionality than the previous solution.
I call that homebrew success.

And then you go into a rant about the quality drop of Linux on the desktop which is kind of bullshit to be honest. I don't know if you remember how bad things were 10-15 years ago but it was definitely much worse than it is now.

Firefox has its ups and downs but it generally increases in performance. The only glaring issue I see with Firefox is not one of it getting worse but that it still doesn't compare favorably to Chrome in terms of multi-tab performance. Hopefully one day e10s will fix that.
And no one is forcing you to use gnome, systemd, or pulseaudio.

You want to restore the "glory" of homebrew projects but you don't even care enough to customize your systems to fit you?

Re:Homebrew used to be about doing better.

[KGIII]

I designed and even helped build my home. It's a little embarrassing so I shan't share the size (it's huge) but it's an open ceiling, two floor, with basement, envelope house in salt-box style. I ran conduit in all the wall (PVC pipe) but I wish I'd run an overhead channel - it'd save some fishing. At any rate, even though my home is way out in the middle of nowhere, I still don't use wireless much.

Re:Homebrew used to be about doing better.

Built in wireless is a critical feature? Have you never heard of an access point?

Re:Homebrew used to be about doing better.

[fnj]

Now he's got throughput he can't actually use, but is missing critical functionality like wireless support.

Don't be obtuse, anonymous idiot. Wireless has absolutely nothing to do with routing. Nada. Make each piece do one job well. Limit single points of failure to taking out one function only. The cable modem, router, and wireless access point should each be completely independent items.

Re:Homebrew used to be about doing better.

[DidgetMaster]

Or...maybe those talented people decided that they actually wanted to earn some money from their hard work and not just build out their CV or earn recognition. Paying jobs are not all 'soul-crushing monotony'. I like to work for things like food, clothes, vacations, house, car, etc..

Re:Homebrew used to be about doing better.

[maestroX]

no decline in the homebrew here *hips*

Re:Homebrew used to be about doing better.

Why not just re-purpose an old laptop with a minimal Linux distro on it ? Comes with a built in battery ( even if its only good for a few minutes that will handle >99.9 % of power failures ) and wireless. You can easily add a second nic or an up to date wireless adapter if you need the latest, via usb, and if the display is toast, you can plug an external one in for setting it up.

Re:Homebrew used to be about doing better.

[aaarrrgggh]

Integrating wireless isn't really ideal in many situations-- large house, apartments with high noise floor, etc. The access points can do much better in these situations.

Personally, I switched to Ubiquity EdgeRouters; you can make it just a plain Linux router if you wish, managing packages individually as needed. If you are sufficiently paranoid, it makes a lot of sense, and there are options from $60-350 on the router side all with the same software, but giving you up to gigabit port speeds.

Re:Homebrew used to be about doing better.

[pak9rabid]

I'm currently running this setup:

• System: PCEngines APU system
• Wireless adapter: COMPEX WLE900V5-23 miniPCIe 802.11ac adapter
• OS: Voyage Linux

I've been running witht his setup for about a year with excellent results. Although, if I had to do it over, I would go with a discrete 802.11ac AP instead of running it on the router, as Linux wireless support for master (AP) mode is pretty shitty.

Re:Homebrew used to be about doing better.

And they should take up half your living room in the process.

( that's why us grownups use the integrated router/modem/wifi-access-point that our ISP supplies, now they actually work )

Re: Homebrew used to be about doing better.

Thanks for your input, this is the route I am going as well. Except I am installing openbsd and using pf. Instead of installing a wifi adapter I chose to turn my Netgear wifi router into a dumb wifi access point like you mentioned. So I am running DHCP, NTP, firewall/router, and DNS all running on the APU1D.

Re: Homebrew used to be about doing better.

LOL I feel sorry for you. You are a pro computer user living like a normal user. You have all the power but rather be lazy and give it away for ease of use. It's people like you that cause the exploit and backdoor infested shit that gets foisted upon us in the name of ease of use.

Re:Homebrew used to be about doing better.

[DuckDodgers]

Thanks for the info, I appreciate it. In what way is master (AP) mode shitty? No snark intended - what went wrong?

Re:Homebrew used to be about doing better.

[Coren22]

I love my Ubiquiti WAP, I set it up once and haven't done anything to it since. It sits on the ceiling pumping out the wifi for all the tablets/phones/laptops in my house without any issues.

Re:Homebrew used to be about doing better.

[Coren22]

That is a small living room that you have where it can't fit two items the size of your typical home router in it.

Re:Homebrew used to be about doing better.

I second this. I've had MUCH better experiences with reliability and stability of WAP's as opposed to trying off the shelf routers or DDWRT. This gives you flexibiliity of using pfsense without sacrificing actual good wireless functionality. Not only that but upgrading is easier.

Re:Homebrew used to be about doing better.

[Grishnakh]

The problem is that for the most part, there isn't going to be a "next generation". The next generation can't do anything like that stuff, and their tech talents involve writing crap like Gnome3.

Re:Homebrew used to be about doing better.

[Grishnakh]

And then you go into a rant about the quality drop of Linux on the desktop which is kind of bullshit to be honest. I don't know if you remember how bad things were 10-15 years ago but it was definitely much worse than it is now.

In some ways, not in others.

You're right, the infrastructure stuff Is mostly better. Installing Linux is much easier than it was 15 years ago for instance; most hardware is supported well and installers have gotten really good. Sound support seems to work well these days (except for the people who still complain about PA, but I've never had any trouble with it). Dealing with Nvidia drivers isn't such a PITA any more. You can plug in external monitors and have them auto-configure; that wasn't possible before.

However, the GUIs have gotten worse, much worse. Gnome3 is a POS. KDE (4 at least, haven't tried 5 yet) has gotten pretty good, but no one uses it, they all use Gnome3 and Unity. This echoes GUIs everywhere: they've all gotten universally much worse. Just look at the horror show that is Windows 8+, or Apple's stupid anti-skeumorphism trend with text buttons with no indicators that they're buttons.

Re:Homebrew used to be about doing better.

Don't put a full Linux distro on the firewall/router, go with a dedicated firewall/router distro instead. The former is a PITA to deal with, the latter works much better. Personally, I gave up and jumped to pfSense, which is BSD. Web UI, single XML file for backup, easy enough for my less technical co-worker to deal with for minor issues (adding/removing users, checking traffic graphs, etc).

Go with a refurb/used PC from the last 7-8 years (anything that is dual-core or better). They're cheap and don't use much power (30-40W idle is common, maybe 50-60W under load).

Definitely go with a separate WiFi AP, no point in cluttering up the firewall with that, and you might want multiple APs.

Re:Homebrew used to be about doing better.

Not everyone needs a wifi access point in their router. My router is in my basement and I have two access points upstairs. Also, I prefer having separate devices for wifi access and routing. In no way is wifi access on a router a "critical" feature.

Re: Homebrew used to be about doing better.

LOL grow up kiddo.

There are issues with this...

[mellon]

More memory doesn't necessarily make things faster if you have multiple streams and limited bandwidth. You can wind up with a situation where you have a lot of data queued in the buffer, and this botches TCP congestion control so that you wind up getting really poor throughput. Google "bufferbloat" for details. Using a crappy external wireless AP makes this worse. You really do want the wireless card to be treated as a first-class network interface on your router. Unfortunately, wireless drivers are usually closed-source, often have internal bufferbloat problems and other bugs, and can't be updated.

The article's main point, that a faster CPU in the router is wicked awesome, is completely true, of course. You just want to make sure you're running a recent Linux kernel that does a good job of queuing in the presence of a congested link. :)

Re:There are issues with this...

[gmack]

It has been ages since the Linux kernel maintainers modified the kernel to avoid excessive buffering so that's not really a problem anymore. With small amount of ram typical of most home routers, you end up with a NAT table overflow where the device can't keep track of all of the connection and either expires old connections early, refuses to allow new ones, or in Cisco's case hard crashes. It doesn't take much to run into the limits, I have seen bittorrent bring a home router to it's knees.

Re:There are issues with this...

Nice try, but try again. The memory on the router is not to "buffer" anything, but to run apps.

Re:There are issues with this...

[acoustix]

You really do want the wireless card to be treated as a first-class network interface on your router.

I respectfully disagree. I think most people's PoP in their homes isn't necessarily ideal for their only AP (yes, I know some need multiple AP's). It's probably better to have the AP separate so it can be centrally located in the house for best coverage.

My setup has the AP centrally located in the house in a closet with PoE, which is far away from where my service enters the house.

Re:There are issues with this...

[Agripa]

The memory is not needed for buffering although practically any PC hardware is going to have way more memory than needed. Where many embedded routers fail is that they lack enough space for state tables to support the number of connections commensurate with their throughput. Last time I checked, on FreeBSD this amounted to 1000 connections per megabyte of memory which may seem like a lot but manufacturers are surprisingly parsimonious with consumer networking equipment so this is a problem. On my AT&T U-Verse modem/router thing, I had to configure the UDP and TCP state timeouts to their minimum values to prevent filling the state table.

I have been roling my own for years

[mmiscool]

I have been using a PC with 2 Ethernet cards running a Linux distro specifically for this kind of thing for years. It has antivirus and add blocking at the router level and handles some other important things. Would never go back to before.

Re:I have been roling my own for years

[rayray14]

What do you do / use as wireless solution? Do you have wifi APs without traditional routing capabilities?

Re:I have been roling my own for years

[PvtVoid]

What do you do / use as wireless solution? Do you have wifi APs without traditional routing capabilities?

Just hook a wireless access point to your router and configure it as an ethernet switch. Done and done.

Re:I have been roling my own for years

[WhiteKnight07]

I have a pfSense router built on a C2758 Atom CPU (specifically this board: http://www.supermicro.com/prod...) paired to a couple of Unifi APs (http://www.amazon.com/Ubiquiti-Networks-Enterprise-Unifi-UAP/dp/B00HXT8R2O). Its the best home network I have ever had. And that is including some DD-WRT stuff that I used to use for wifi in conjunction with some actual Cisco gear that I used to use. (ASA 5505 firewall, 3745 router, ect...) I can't see myself ever going back to a consumer grade wifi router. Sure its total overkill. But being able to set up a Site to Site VPN to my friend's place and an OpenVPN server for remote access without having to worry about CPU usage is pretty nice. Being able to have separate SSIDs and corresponding VLANs for guests and my kids and such is also nice. The Unifi APs give better wifi than any consumer grade device I have ever used. I am seriously considering upgrading to dual band AC models.

Re:I have been roling my own for years

[gmack]

Asus has some inexpensive wireless routers that come with "AP mode" where NAT etc get disable and the device only authenticates Wifi and acts as a bridge.

Re: I have been roling my own for years

[davidshewitt]

I was waiting for someone to mention pfSense. I used to run iptables / packet forwarding on my server but I've replaced it with pfSense running in a VM. I've since spun up a second pfSense VM on my other server and configured CARP. Last time I tested it I got close to gigabit routing between my subnets. pfSense (pfSense.org) is an enterprise grade firewall / router that is based on FreeBSD. It is completely free and open source (no community vs. commercial edition). If you plan to do anything advanced with your home network, I highly recommend it!

Re:I have been roling my own for years

[mrun4982]

That's the same board I use in m pfSense router. It's a great setup although, to be fair, not exactly the cheapest option. For me though it was worth it because I wanted something that was more enterprise grade. pfSense is definitely the way to go for a home-brew router. I use my old consumer grade router, running OpenWRT, as my wireless access point. I also like having my router and WAP be separate devices since I keep my router in my basement and that's not the most optimal location for my WAP in my house.

Re:I have been roling my own for years

[gmack]

Not all wireless access points can do that. The newer Linksys wifi routers for instance, comes with "cloud config" where you setup your basic connection and it gets the rest from their servers. The upshot of this, is that if it cannot connect to their servers from the uplink port, it will reset it's config and do nothing until someone logs in and re configures it.

pfSense

In my test lab I use pfSense on spare PC hardware and have had great luck with it. I've also learned quite a bit by playing with the ips/ids add-on software.

Seriously

[ArchieBunker]

Around 2001 I bought an Alpha PC164 board and it ran NetBSD for nearly a decade as my home router/firewall/server. Never once had a freeze up or other hardware issue. As a bonus feature I picked out the correct NIC/video/SCSI cards so it could run OpenVMS and Tru64.

Re: Seriously

And the 164 worked nicely to toast bread on too. ;) man, that chip ran hot!

another way...

[sithlord2]

I have a managed switch, and an Intel NUC with one network interface. Luckily, the NIC supports VLAN. I installed the free VMWare ESXi on the NUC, and attached it to the managed switch (port configured as "trunk"). I created two VLANS: one for the incoming internet connection, and one for local network. Then, I created a virtual machine with two virtual NIC's for each VLAN. Then I Installed VyOS router on it. The ESXi software is installed on a cheap usb-stick which is plugged into the intel NUC, and I use my Synology NAS for storage for the virtual machines (using NFS). So, no internal hard disk required for the NUC.


So now, I have a single machine with only one NIC, acting as a router :-) This was just for testing purposes, but it worked quite nice. I'm sure you can also plug a usb wifi-dongle in the NUC, and assign it to one the VM's you want to act as a wifi hotspot.

EdgeRouter is exactly this!

[UberLord]

Ubiqiti EdgeRouter is exactly this: dual core MIPS64 @ 1Ghz, 512Mb memory and a removable USB flash stick for storage.
https://www.ubnt.com/edgemax/e...
This is ample for my needs. I bought the 3 port version about a year ago for £80.

https://blog.netbsd.org/tnf/en...

As of today, NetBSD-current has an uptime of about 6 months - which is when I made the last kernel modifications to support the NPF firewall.
This is more uptime than any other SOHO gear I have and the performance of the unit is exceptional.

Re:EdgeRouter is exactly this!

This is more uptime than any other SOHO gear I have and the performance of the unit is exceptional.

What are you doing to your SOHO gear? I still have a Linksys WRT54G running Tomato. It deals with 300 GB a month of traffic from video games to Netflix, all over VPN without a hiccup for longer than 6 months at a time. It usually succumbs to a power outage that lasts longer than the UPS rather than some need to reboot.

Re:EdgeRouter is exactly this!

I have about a 60-day window between reboots of my Netgear FVS336Gv2. It tends to be DHCP that falls over and dies, so later that week when the address leases expire, the network grinds to a halt.

I set up an EdgeRouter Lite (3-port) for a friend of mine, and I kinda wish I had one for myself. He's had no trouble with it at all. And it's half the price of the Netgear.

But my next router is going to be an old Core 2 Duo on a micro ATX board that I salvaged. 4GB of DDR2. Not good enough to keep as a desktop, but more than capable as a pfSense box for my home.

Re:EdgeRouter is exactly this!

I'm not sure why, but all the new SOHO 5GHz wifi gear seems to lack some polish. We've got an Asus RT-AC87U, and while the wifi coverage is good, the software is horribly unstable (even after a whole lot of firmware updates, including a few 3rd-party ones).

I don't think the problem is (just) the wifi part, though; the routing/QoS functionality seems broken enough on its own.

Re:EdgeRouter is exactly this!

[UberLord]

One TP-Link TL-WR841N/ND v9 wireless hub needs a reboot after watching a few movies over it.
My main TP-Link TL-WA901N/ND v2 wireless AP needs a reboot every few months.
Both run OpenWRT Barrier Breaker - I should try upgrading them to Chaos Calmer.

My TP-Link 200Mbs Ethernet over Power freeze every few days, my ASUS ones fair better but still freeze once in a while.

I used to run a few DrayTek ADSL routers which also froze, but since upgrading to fiber I have plugged my OpenReach modem into the EdgeRouter.

Basically, all the above, freezes at various frequencies.
The EdgeRouter does not, never has and hopefully never will.

Maybe I shouldn't buy TP link gear, but I can't easily find similar priced and soft modable gear.

Re:EdgeRouter is exactly this!

[jatencio]

I recently made the switch to the 3 port version as well and could not be happier. I am pretty good at the cli but the GUI is sufficient for the initial setup and configuration as well. It can also offload vlans and routing to hardware so the performance is phenomenal as well.

Re:EdgeRouter is exactly this!

[larkost]

I recently bought their EdgeRouter X, which is a small 5-port router for about $50. I am very happy with it. There were a couple of bugs in the interface as I set it up, but they were easy to get around on the command line. Most important to me is that it is small enough that I could put it in my apartment's network box along with my cable modem. Two less pieces of hardware for my wife to have to see.

https://www.ubnt.com/edgemax/edgerouter-x/

Re:EdgeRouter is exactly this!

[klui]

Not really. Edgerouter has custom code to make full hardware offloading using the Cavium chip driving those appliances. pfSense should support Edgerouters now but not with hardware offloading support--which will probably trickle in slowly.

If the OP is building a homebrew router, he needs to pay attention to what kind of NICs are embedded. Without the right ones the device will be limited in throughput for VPN functionality.

Re:EdgeRouter is exactly this!

[Agripa]

My 18+ year old Celeron 300A with 384M of ECC RAM has been running various incarnations of m0n0wall and pfsense for 10+ years and the only downtime has been to replace fans, make hardware upgrades, the one time the ice machine upstairs sprung a leak and dripped into the chassis. I have to restart my God forsaken AT&T U-Verse modem/router thing every few weeks.

OpenWRT for $25

[GlobalEcho]

These guys sell a tiny "travel router" (or just the board if you like) that goes for $25 on Amazon. Crucially it has 2 ethernet ports (albeit only 100Mbits), along with Wifi. It ships with their modified version of OpenWRT but takes only a couple minutes to flash to the latest fully open-source version. From there, going further into homebrew is trivially easy. I find it a better starting point than a raw Linux distro, and the low power consumption just cannot be beat. If you want to go Linux and don't have a fat pipe, I recommend it.

Re:OpenWRT for $25

[karnal]

Do you have the amazon link? I tried searching for a few different variations of gli and gl inet and domino... not finding this specific device.

Re:OpenWRT for $25

This is the latest version. You can get an external antenna instead of an internal one, and it can be powered with POE (although the description isn't clear whether the module is included). This is last year's version.

These routers are indeed awesome. They have twice the RAM compared to most low end routers and enough flash to add more OpenWRT packages. With the USB port, you can add more on ext-root if the internal flash is still too small. They have freely usable GPIOs as through-holes on the board and a populated 3.3v serial port on a pin header. The one thing they do not have is a faster processor: You still only get a lowly MIPS core, so forget about line speed encryption. Without USB devices attached, these routers get by on one 1W. You can power them from a small USB power bank for hours.

Note that there is some confusion about flash memory size: There are two versions of the old model at least: 6408 and 6416, which come with 8MB and 16MB of flash respectively, but the customers who complain about getting a router with the wrong flash size mistake the size of data partition for the total flash size. If you have roughly 8MB free, then you have the 16MB version. The firmware needs room too.

Re:OpenWRT for $25

[gmack]

This is not as good as it appears. Their "Enterprise router" has 128 mb ram and there is no way that's going to hold up to a significant amount of simultaneous (connections let alone the 64 mb ram that most of the devices have,

Re:OpenWRT for $25

[GlobalEcho]

This is not as good as it appears. Their "Enterprise router" has 128 mb ram and there is no way that's going to hold up to a significant amount of simultaneous (connections let alone the 64 mb ram that most of the devices have,

Is that really an issue? According to this, each NAT entry needs <200Bytes, in which case 2000 simultaneous connections (plenty for most any single dwelling) require less than 1MB RAM.

It wasn't that long ago that even enterprise-class routers got by on 32MB or less of RAM.

Re:OpenWRT for $25

[gmack]

That's from 2002 and I wonder if that's even true of Cisco anymore. I have watched Cisco firewalls hard crash with too many connections on 256 mb ram.

This site seems to indicate 16 KB per connection, which doesn't leave much once you've subtracted the memory needed for OS/daemons etc..

Re:OpenWRT for $25

Those are default values for the configurable connection tracking limit which take into account that you will need RAM for other things as well. On a router, these connections only pass through, so there is very little overhead on top of the connection tracking. I've seen numbers between 200 bytes and 1KB per connection for tracking. The OpenWRT default limit for the number of tracked connections is 16384, which in conclusion would need somewhere between 3 and 16 megabytes of RAM. On a router with 64MB of RAM, the configurable limit should kick in first, well before the router runs out of RAM. The technical report for the traffic classification algorithm presented here lists a 32MB OpenWRT router which is technically similar to the ones we're talking about as capable of maintaining tracking of 32000 connections with OpenWRT and 15 of free RAM after boot.

You might run into problems if you have applications with many simultaneous connections on devices which don't disconnect cleanly and thus leave the connections orphaned. The default values for the tracking timeouts keep orphaned connections in the tracking table for hours or even days. Torrent users might want to lower the timeouts and use keepalives to prevent long lived connections from being dropped.

Re:OpenWRT for $25

[GlobalEcho]

That's from 2002 and I wonder if that's even true of Cisco anymore. I have watched Cisco firewalls hard crash with too many connections on 256 mb ram.

This site seems to indicate 16 KB per connection, which doesn't leave much once you've subtracted the memory needed for OS/daemons etc..

That would be bad. However, I see that later in that document there's a section entitled Ideal case: firewalling-only machine where it says:

sizeof(struct ip_conntrack) is around 300 bytes on i386 for 2.6.5, but heavy development around 2.6.10 make it vary between 352 and 192 bytes!

For safety we might want to assume recent kernels have doubled that again, perhaps to 800 bytes. That still puts us under 2MB of RAM for 2000 connections. For greater certainty, I tried to check the kernel v4.3 source and sizeof(), but NAT has changed drastically in the 4.x series kernels.

I am using a Core 2 Duo

[drinkypoo]

Yes, that has higher power consumption than buying something brand spanking new. However, it was $50 with 4GB RAM and a 500GB disk. I have a separate AP, currently a WRT54g running OpenWRT. It was $10 or less, yard sale. I have a Phobos quad-intel card, I think I paid $5 for that. The savings cover the power budget delta for some time nicely, and eventually I'll get something else when it's cheap. The problem was, I couldn't find a cheap SFF with both dual ethernet and a PCI slot for my quad-ether card. They all cost a hell of a lot more than just buying a cheap used machine. This machine has enough horsepower and RAM left over to run servers as well, so I installed webvirtmgr on it and I have KVM-based VMs.

using POT (Personal Open Terminal) improves i/o

put our flimsy routers near windows & turn off the 'security' password? now we're communicating effectively.... imagine a neighborhood full of these things?

You confused "homebrew" with "home grown".

What the hell are you talking about? "Homebrew" is different from "home grown". The term "homebrew" originated from people crafting their own beer at home, and evolved into its more general meaning of people crafting any commercial-available product on their own. "Home grown" referred to produce people grew in their own home gardens. The similar term "roll your own" came from people who'd roll their own tobacco cigarettes. None of them have anything to do with "substandard pipe filler".

Re:You confused "homebrew" with "home grown".

His reference to "home grown" as substandard pipe filler is to marijuana.

The Unifi USG ain't bad either

[zerofoo]

For those of us who want quality, but don't want the hassle of complicated configs, the Unifi USG is pretty nice as well - and it's cheap.

https://www.ubnt.com/unifi-swi...

So far, I'm a big fan of what Ubiquiti is doing these days.

Easily done.

[Lumpy]

Mini ITX motherboard, case and power supply. All done if you buy one with two ethernet ports, or just add a ethernet adapter for the second.
I use a gigabyte H77N-WIFI it has dual ethernet and absolutely rocks with a small SSD and only 2 gig of ram. Blows out of the water absolutely every bit of "router" hardware with even a very low price processor.

Run IP-COP, Momowall, pfsense or Smoothwall and you are done in less than a couple of hours with a device that makes Cisco enterprise stuff look like a toy.

Re:Easily done.

Run IP-COP, Momowall, pfsense or Smoothwall and you are done in less than a couple of hours with a device that makes Cisco enterprise stuff look like a toy.

No one would deny that Cisco is overpriced but objectively comparing IOS 15's abilities in the hands of even a marginal CCNA with pfsense and the usual DIY entourage has the demonstrably opposite effect. There is a reason why large IT organizations choose Cisco or Juniper. The open source options you list are the tinker toys unfit for corporate infrastructure needs.

1Gbps FTTH router

Ubiquiti EdgeRouter Lite does 1Gbps w/ NAT, DPI, OSPF, BFD, MPLS, GRE, etc. Around $99 at most retailers. Oh yeah, ipsec hardware offloading as well.

Re: We aren't talking just about routers, fuckface

[jofas]

Calm yourself. Homebrew is alive and well, you just have to bust out of whatever caused that outburst and read up on your topic of choice. I mean, Homebrew aviation is dead? Have you missed how we can build a 30 minute airtime drone with 300$ of parts from Amazon? With an HD camera on board?

PC Engines gets it all done for around $200

[GWXerog]

I've been using this PC Engines board for over a year now and it's been the best router I've ever owned. Has 3 Gigabit Interfaces, SD Card, USB, RS232, M.SATA, Mini PCIe, SATA, and GPIO. Packs a 1Ghz Dual Core and 4 or 2 GB of RAM. It's case is also designed to mount antennas for the WiFi card so it looks sleek while doing it.

Re:PC Engines gets it all done for around $200

[GWXerog]

Forgot to link http://pcengines.ch/apu.htm

Re:PC Engines gets it all done for around $200

Forgot to link http://pcengines.ch/apu.htm

I can highly recommend apu1d based system with pfSense. I've had it about 6 months now and it's been great.

I bought mine from UK based vendor LinITX.

Before that I had about 10 years Soekris net1408, which was fine until pfSense 2.00 came out since then it still worked but when you needeg to access WebGUI then it was dog-slow.

Re:PC Engines gets it all done for around $200

[pak9rabid]

I second this. I did a lot of research into embedded x86 systems, specifically to act as a router/AP and ended up with the PCengines APU running Voyage Linux (I originally wanted the Soekris net6501, but they're just too damn expensive for what I was looking for). I upgraded from a previous PCengines system (ALIX). The ALIX was great, but it couldn't keep up with my 100 Mbit connection...the APU handles it with no problems.

I paired it with an Atheros-based (ath10k) mini PCIe wireless adapter and it acts as my 802.11ac AP (running hostapd). However, if I were to do it again, I wouldn't combine AP functionality into my firewall/router, and would instead make it a discrete device. Speaking of, once I got the APU to replace my old ALIX system, I turned the ALIX into a discrete AP to handle my 2.4 GHz-only devices (it has an ath9k-based wireless adapter). Simply bridge all ethernet ports together with the wireless interface & it's idiot proof.

tl;dr: PCengines makes good shit

Re:PC Engines gets it all done for around $200

[hypermeta]

Another great feature of the PC Engines APU is that it runs coreboot.

ClearOS is the way to go for an x86 router

[Varka]

www.clearfoundation.com It's a super nice piece of software.

one legged firewalls are great.

[emj]

I've never really understood why Firewalls with just one interface is an issue, been running that in different ways since 2000.

Re:one legged firewalls are great.

[drinkypoo]

I've never really understood why Firewalls with just one interface is an issue, been running that in different ways since 2000.

In theory, who cares, for a home network? In principle, do you trust your ISP? In practice, do you trust your CPE not to simply choke? I'd rather keep any traffic not destined for the internet away from mine, because my ISP is a semi-local WISP that is using absolute-cheapest hardware, and the CPE devices are garbage that has to be replaced every few years already.

Re:one legged firewalls are great.

I've always preferred to use a PCI/PCIe card for the public side for the simple reason that it's safer (harder to leak your LAN traffic by accident because your VLANs got jostled) and in vain hope that a power strike from the provider side will take out just the ethernet card and not the motherboard.

Plus it's not that much more these days to pickup a gigabit card. Or you can pickup a refurbished Intel PRO/1000 dual-port NIC for pocket change and have even more options.

Power

Why do nerds inevitably ignore their use of resources when comparing options. Show me a home router build that idles at under 5W and then we'll talk.

Re:Power

[Anaerin]

Okay. http://www.fit-pc.com/web/prod...

Re:Power

[mattventura]

Because it's negligible past a certain point. Who cares if it uses 25w instead of 5w, that's a whole $2 a month for me.

Re:We aren't talking just about routers, fuckface.

"Homebrew metalworking has died out. Homebrew carpentry has died out. Homebrew aviation has died out. The same goes for homebrew electronic gadgetry, or we get a really halfassed attempt like described in the summary."

Or more likely you just don't hear about it beause you don;t pay any attention to it. 1) Homebrew beer - sorry for the somewhat old numbers. but in 2013 there was a 24% growth in homebrew sales, a similar growth was seen in 2010. So according to actual metrics the idea that homebrewing beer is dying is laughable. As for the rest, well I am at work and don;t have time to show you why your little world view is wrong but no, these things are not dying at all, you just donlt hear.

Use case

[silas_moeckel]

Ok so you're going to fiddle with making your own firewall.

You use a dedicated bit of hardware, $240 for a useless fixed config box. I can get a more powerfull laptop that is also silent and can run multiple VM's for the same to less. It also has a built in UPS and wifi that may be able to used as an AP a usb3 to gigabit dongle takes care of the second port.

You install ubuntu and throw a few iptable rules in, because obviously years of getting to a sane default with pfsence etc means nothing.

You still need a wifi AP and generally the standalone AP's cost more than a router.

If you're doing this would assume you allready have a VM hosts in the house that you could just run pfsence on. I did this for a decade. You can get 40+ mbs of vpn traffic out of a high end wifi router. Mind you routers used to come with bits like the BCM5365P that could do 75 mbs in hardware (and that is an ancient 2005 ish chip).

Re:Use case

[KGIII]

Thank you for putting it so succinctly, I was having issues figuring out if he thought he'd done something new, or even novel. :/ Fortunately, everyone left for the morning so I can sneak out and get some computer time. (Pneumonia.)

Re:Use case

[mattventura]

What's wrong with "fixed config" here? It's not like network technology is going to change significantly soon. If you've got two gigabit interfaces and enough horsepower to route between them at line speeds, you'll be set for a long time. Sure, if you start feature creeping it might become an issue, but I'd rather use the right tool for the job.

Re:Use case

It's not new or novel, but it is arguably timely: Traditionally, internet connection bandwidth at home has been the limiting factor, not router performance. That's changing, so it seems reasonable to write about how limiting (or not) different consumer routers are, and to compare it to building your own.

Re:Use case

[hankwang]

"a more powerfull laptop ... has a built in UPS"

I once tried running an old netbook as server (dns and files, not routing) with UPS. When the power outage came, half a year later, it shut off immediately. Moreover, it didn't boot on its own when the power came back. With the lud closed, it was always kind of hot.

Apparently, Li-ion batteries need to be discharged every now and then to keep their calibration. The charging hardware seemed to think that the battery was fully charged while it was really empty. I've seen this happen as well with another laptop and a tablet.

Re:Use case

[silas_moeckel]

For the same to less $$ you can get a laptop also silent also has wifi. Fixed config desktops are pretty useless it's all the disadvantages of a laptop with none of the advantages and generally for more money.

Re:Use case

[silas_moeckel]

Get a charge controller and bios thats not brain dead. Pretty much all my corp laptops now got smart and will charge to 60% so the battery does not die when it's plugged in all the time. Getting it to autoboot on power is a simple bios setting. That does mean you need to tell it to charge up to full before getting on plane etc not realy that hard.

Re:Use case

[Ryan+McLaughlin]

You use a dedicated bit of hardware, $240 for a useless fixed config box. I can get a more powerfull laptop that is also silent and can run multiple VM's for the same to less. It also has a built in UPS and wifi that may be able to used as an AP a usb3 to gigabit dongle takes care of the second port."

A laptop that can run multiple vm's for less than $240? I think this is B.S. Also are you running your entire network off that one laptops WiFi? It seems that the only way to wire it into your network would be to get a usb to ethernet adapter since most laptops don't have dual NICs.

Re:Use case

[hankwang]

Well, a business laptop of EUR 1000 doesn't really count as a cheap DIY solution. And my employer-supplied laptop always charges to 100% when docked, as far as I can tell. Corporate IT has blocked user access to BIOS/UEFI, so I don't know what it can do.

Re:Use case

[silas_moeckel]

Funny newegg has several hundred laptops in the sub 300 range. Were talking about running pfsence at sub 100mbs speeds. As I said usb3 gigabit. Point is he is throwing a lot of $$$ and getting a far from optimal solution. If your serious about running something like this you probably have a box running VM's anyways.

Mind you loading up dd-wrt or similar on a nighthawk or what have you is a better idea.

Re:Use case

[silas_moeckel]

Odd all our recent as in last 4-5 years thinkpads have that as a software feature.

Re:Use case

[hankwang]

My corporate laptop is an HP, not a Thinkpad; . My private laptop is a Thinkpad X131e and it doesn't have this feature in BIOS/UEFI. I use Linux exclusively; it seems that this feature requires one to run a Windows program; there doesn't seem to be a Linux equivalent. I'll boot Windows some time and see if a change of battery-charging settings will carry over after a reboot into Linux, but I doubt it.

Re:Use case

[silas_moeckel]

Easy enough thinkpads and others have a kernel mod that exposes this it should go something like this:

sudo apt-get install tp-smapi-dkms
sudo modprobe tp_smapi

echo 50 | sudo tee /sys/devices/platform/smapi/BAT0/start_charge_thresh
echo 60 | sudo tee /sys/devices/platform/smapi/BAT0/stop_charge_thresh

That would cut off charging at 60% and not start till it's under 50%.

Re:Use case

[hankwang]

Follow-up: Lenovo made this feature (battery charging not up to 100%) a hidden feature in their drivers and settings panel for Windows 8; it's only accessible by manual registry tweaking. Fortunately, setting the a new maximum charge state to 85% is persistent across reboots to Linux.

Re: We aren't talking just about routers, fuckface

No, I will not calm myself. I will fight to the end in order to restore the glory of homebrew projects!

It is not homebrew when you buy an assemble-it-yourself drone kit. All that does is convert the assembly effort from some Chinese peasant toiling in a factory to you. You did not craft the product yourself. And your end product is no different than that of anyone else who used the same kit.

By its very nature, each homebrew project will inherently be unique. It will have been built with what the builder has at hand. Some of the parts will be fabricated from others. They won't just be bought from Amazon and glued or screwed together, for crying out loud!

What you're talking about is a purified and refined misunderstanding of homebrew. I don't even want to call it homebrew, it's so far from the idea of homebrew. You're talking about self-assembly. We're talking about homebrew.

We need to restore the glory of homebrew projects!

Loving my pfSense

[QuaylEggs]

I run pfSense in a VM on ESXi and can do snapshots before upgrades or before I want to tinker with my config. I have 3 separate VPN configs (site to site, remote access for others to a DMZ on my network which also lives in the ESXi virtual network switch, and a path for my mail to flow in from a VPS hosting my inbound SMTP gateway) and there are many interesting plugins available to do things like live graphical traffic monitoring if you are curious what is using your bandwidth. pfSense is also regularly patched. The idea of my router staying up for years at a time in this day and age makes me question how you are getting security updates on that device. Or perhaps people are just referring to the hardware staying up for that long. At one point I even had pfSense load balancing two internet connections but that idea died when budget cuts were mandated by the household council.

Re:Loving my pfSense

[swb]

I concur. Virtualizing a router firewall makes a ton of sense. It frees you from the hardware constraints of a separate box (you can have as many ethernet ports as the software will support) and the power consumption as well, along with all the usual benefits of virtualization features like snapshots, clones, etc.

I suppose there might be some paranoia about this if you believe the underlying virtualization system was vulnerable or you were sharing host NICs via tagged VLANs and believed there was underlying risk in those VLANs or switching vulnerable.

The only thing it doesn't generally get you is wifi, but frankly, wifi is sensitive to location and placement of APs for best coverage, so I don't mind having standalone APs.

Re:Loving my pfSense

[mrun4982]

I agree with using pfSense but I prefer dedicated hardware; I use a SuperMicro 8 core atom mini-itx board. I much prefer it to any consumer off-the-shelf router, DD-WRT and OpenWRT. I switched to it because my old off-the-shelf router running OpenWRT wasn't up to the task of handling my new 1Gb/S internet connection and I like that it's FreeBSD based (which is what I use in my server).

Re:Loving my pfSense

[Billly+Gates]

I downloaded the ISO but not have not installed it yet. I see lots of youtube and reddits on setitng up a homelab and everyone says buy used switches etc.

With Hyper-V and GNS3 with a virtual switch I can accomplish much of the same thing.

Right now I have a Server2003 VM where I have a simple NAT and add connections for internet access mixed with the Hyper-V switch. If it doesn't meet my needs anymore as I add more networks I will fire up the pfSense VM and replace the server2003 box.

Re:Loving my pfSense

[Billly+Gates]

For a home network or lab to learn like alot of us geeks I only use virtual routers. I do own an expensive LinkSys 54RT (hte new one) which does do VLANs. But really for a home network that is not needed.

For lab or training a virtual one makes hte most sense as you can change things so rapidly ... unless you are studying for a Cisco exam :-). There is GNS3 which is a whole older version of IOS with an emulated switch you can run in a VM too for the 1st CCNA exam and even most of the CCIE without creating a mess. 32 gigs of ram is inexpensive and so is another SSD for some vms to do on a host computer

Re:Loving my pfSense

[somenickname]

You should be able to do wifi too if you are using something like Xen for virtualization. You can use PCI-passthrough on an Atheros based wifi card and the VM will see it as the real hardware. Then you just need to run hostapd in the VM and you are all set.

Re:Loving my pfSense

[swb]

I'm using VMware, not Xen, and I don't know if there are any supported wifi adapters or drivers for them.

Even if there were, it's the worst place in my house for an access point -- concrete block on 3 sides, wire mesh lathe and plaster ceiling behind the drywall (it's an old tuck-under garage).

It reminds, me though, I need to find an AP that will work as a wireless bridge so that if the cable modem takes a shit I can turn on my LTE hotspot and backhaul my home LAN through it.

Re:We aren't talking just about routers, fuckface.

[PvtVoid]

Jesus Murphy, the term "homebrew" came from people who used to brew their own beer at home. We rarely see this done these days, and even those who do it make a shitty lager or a pissy ale.

That's almost certainly because most mash tuns run systemd now. The best systemd can do is a shitty lager or a pissy ale.

A proper IPA can only be done with Sys V init.

Yep

[koan]

Bought a dual NIC fanless MITXPC never looked back, I love the machine it's quiet reliable and small.
You can get them with more than 2 NIC's as well (I suggest you do for versatility reasons) there are a few builds you can run on these things PFSense, Smoothwall, etc.
http://www.mitxpc.com/
http://www.smoothwall.org/
https://www.pfsense.org/
http://suricata-ids.org/downlo...

One legged firewalls are weak.

Because I can jump your wall. All I have to do is get one person on the inside to open an infected email, and you're done; I'll map your internal network and then set up a tunnel that bypasses your firewall.

When there's no direct electrical connection between the inside and outside networks, you can't walk around the wall, you have to go through.

In case you think I'm theorizing, I'll point out that this happened at one of my employers; the network admin set up the DMZ so that it was physically on the same network switch as the red zone. An IIS server in the DMZ got hacked and the hackers completely invalidated the firewall right away, so that all the criminal traffic was unmonitored and invisible to the company. It only got noticed because the Internet connection became very slow.

Posting anon to avoid disclosure penalties.

Re:One legged firewalls are weak.

They didn't at least use VLANs or something to logically separate the two networks? If the one legged firewall is simply network configuration it is not worth a lot...

Re:One legged firewalls are weak.

[drinkypoo]

They didn't at least use VLANs or something to logically separate the two networks? If the one legged firewall is simply network configuration it is not worth a lot...

But therein lies an inherent problem, when the border device doesn't even support VLANs. You can put your LAN traffic in a VLAN all day, but if a host on the network gets owned then it can sniff all traffic, incoming and outgoing, doing a little switch spoofing if necessary. VLANs are not a security measure. They are only for convenience.

iptables fail en masse

iptables -dash-this -dash-that -dash-mistake -dash-confusion -dash-error -dash-didnt-load-this-time -dash-skipped-important-critical-rule -dash-allowed-malicious-traffic -dash-never-again-dash

IPTables users are almost worse than Gentoo users.

Re:iptables fail en masse

While it would be great to have your own router, most people including those that have worked with computers a lot, are not network experts enough to configure it properly. They can easily leave or create holes that they are completely unaware of. They can copy some configs they found on the internet, but who is to say they are secure? Risky

Mikrotik routers

I just solved this problem with mikotik's boards. ( mikrotik.com ; routerboard.com ). They are extremely cheap and the software, RouterOS is far more approachable than dealing with iptables. Includes a GUI tool as well called WinBox.

DSL

It would be nice to have an opensource DSL modem.

How about a nettop or intel NUC?

[coder111]

I have a small nettop with AMD E-350, and it works fine as:

* ADSL/Wifi Router. Does IPv6 like a champ as well.

* File server

* Media box- it's connected to the TV & speakers.

* Backup device

* 2nd machine for some software experiments.

* Whatever else I want it to be.

I tried looking into getting some ARM SOC or off-the-shelf router, but decided it's not worth the hassle. The only thing I would gain is lower power usage, for much weaker CPU/GPU/memory/storage, and much more problems dealing with exotic hardware.

--Coder

I've been running one for 10 years

Mini-ITX x86 motherboard with 128MB RAM and 32MB Compact Flash. 2x100Mbps. Runs OpenWRT. Not fanless but the original low-RPM fans haven't failed (yet). All I've had to replace is a CMOS battery, twice.

Wifi is an off-the-shelf router configured as an access point (bridge). I originally planned to integrate wifi into the router, somehow, then decided it wasn't in my best interests--placing the router in the basement was best for home wiring, while the access point works best upstairs or even in the attic for wifi coverage.

One of these years I'll get bored with it and replace it with something, but for now it Just Works.

Re: We aren't talking just about routers, fuckface

Are you sure you're not thinking of commercial microbrewing? Home-brewed beer is typically made in small batches, usually well under 100 pints. It typically isn't sold, either. It's consumed by the brewer, or shared freely with friends and family. What you're talking about sounds like microbreweries, which are different. They brew much bigger batches intended for commercial sale. They are just small, local versions of the massive international brewers.

Been doing this since 1996

Was a decent fanless CPU back then, but these days just take your old PC, add a couple of cheap ethernet cards, install Linux and put whatever firewall and/or proxy (content filtering) software you want on there. The hardest part is getting the Linux kernel configured correctly. Then route/firewall/proxy/NAT as you desire! Put a WAP on it's own DMZ and that gives wireless access without exposing the buggy device to the Internet. With the pathetic broadband speeds in the US, this has worked great for me and I've only bothered to change out the hardware every ~10 years (2 or 3 times).

can someone explain

with Verizon fios I have a router that needs coaxial connection on the wan side. how do I build a diy router to replace this? or is the idea to just use the fios router as a bridge and have my diy router sit between that and my internal network?

Re:can someone explain

[aaarrrgggh]

Either use it as a bridge/modem, or run Ethernet to the ONT (box outside). If you do the latter, you have to call Verizon to let them enable that port.

refurb Cisco Liquid-8

[raymorris]

I don't pay any attention to fanless, but refurb Cisco and other high-end gear can often be had for a song.
Liquid-8 Technology has some deals. http://stores.ebay.com/Liquid-...

Re:refurb Cisco Liquid-8

The problem with older Cisco hardware is that you need to get a support agreement for IOS updates.

As Cisco disclose their vulnerabilities publically, the older the vulnerability the more likely that someone has the ability to leverage it. Firewalls and edge devices with obsolete IOS are a major security vulnerability and only provide a false sense of security.

You are better off buying something that you can get ongoing updates for than obsolete hardware that was once useful to someone else

Netgate sells a perfect Atom based 2 nic box.

http://store.netgate.com/ADI/RCC-DFF-2220.aspx It's not cheap but it meets all the criteria.

Re:Netgate sells a perfect Atom based 2 nic box.

Bah, $275 for that tiny thing that you can't expand or customize? No thanks. I would recommend a small mobo with a Celeron j1800 or similar. Those things destroy any Atom and still use only 10 watts, and should cost you more like $27.50, not $275.00. Granted, you will need some sort of second NIC, but that's why you have a PCI-e port.

Re:Use case : Not home to restart it

Here is why I went away from homebrew for this: power outages. Particularly ones where I am not at home.

The last PC that I converted for firewall use required someone to push a button to start it. After a power outage that outlasted the UPS, while I was away I had a call from my wife about not being able to get on the Internet. Irritation grew as I tried to explain where the power button is. Of course, there was the UPS sitting there, wireless router, internet router, NAS, and the SFF PC that to a non-techie, all looked pretty similar and intimidating.

It saves *me* a headache if Internet connectivity comes back up automatically in cases where I come back home. The off-the-shelf solutions tend to come back online automatically.

(And more recently, I am trying to down-size this stuff. I could buy a larger UPS, but the size of UPS + homebrew is of off-the-shelf router with no (or a small) UPS, since it should come back up automatically)

Re:Use case : Not home to restart it

A lot of BIOSs have a power restore feature "ON/OFF/LAST STATE". I just set my to ON and that works well if the UPS can't last.

If not, you could probably cobble together a $0.25 mosfet circuit to turn it on using the standy voltage of the PSU.

Re: We aren't talking just about routers, fuckface

[PvtVoid]

Are you sure you're not thinking of commercial microbrewing?

He's thinking of home brewing:

https://www.brewersassociation...

If you're the GGP, then in addition to being a completely insane person, you definitely haven't tasted what homebrewers are making.

Sophos UTM

[Ryan+McLaughlin]

I have been running my own router/firewall for years, and I will never go back. Mainly I run it on an old dell desktop I picked up online for $75. I used Untangle as the OS for a couple years, but they don't offer many features in the free version, and their paid version is way too expensive. Then I found Sophos UTM and in there free version they offer everything, just limit the number of devices to 50. So far I have had no problem with that limit. I am really happy with the performance even on my old desktop. I will probably upgrade it to use newer, more power conserving hardware, but that is not a huge priority because power is cheap when I am.

For wireless I run a couple of access points around the house and I have never had any problems.

Re:Use case : Not home to restart it

[Anaerin]

Most (If not all) PC Bios' have a "Power State on AC" option, with the choices typically being "Off", "On", or "Last State". Switch this to "On" and the PC will automatically start up when the power comes back.

Re: We aren't talking just about routers, fuckface

[SScorpio]

It's likely not beer sales, but the equipment and ingredients to make beer. I've only been brewing for two years, but I've noticed an large uptick of people in my local home brew store every time I'm there.

Re: We aren't talking just about routers, fuckface

[bonehead]

Home brewing beer is most definitely growing, as evidenced by the much larger variety of gear and vendors to choose from today vs when I started 10 years ago.

I brew in 5 or 10 gallon batches. Most definitely not a commercial operation. And I would never waste time brewing "a shitty lager or a pissy ale". If I want that stuff, I can buy it off the shelf for less money than what I typically spend on ingredients for a batch. (not to mention time and effort.)

how come no one talks about alix/apu's

[dbizzle]

http://www.pcengines.ch/apu.htm these things are great. more expansion options and purpose built than the little boxes you might find on amazon or similar in the same category. really just more capable in general. passive cooling, runs anything you want to put on it, dedicated serial port.. GPIO, mPCIe expansion its perfect for this 'homebrew' stuff, especially a firewall/network appliance.

Apples to Apple

Then again, that's why one just bites the bullet and buys an Apple Airport router, refurbished for a lower price.

Tired of going through routers every year or so, I finally asked my colleagues about how reliable their routers had been. I found out in the responses that only one brand had provided reliable service measured in years, many years: Apple. I haven't had to replace, or even merely restart, mine since.

PS: no Apple zealot here.

PCEngines APU

[ashpool7]

I dug into building my own when I wanted more control over DNS servers but didn't want to run that in a VM or have a large dedicated machine. I eventually had it take over DHCP services too.

http://www.pcengines.ch/apu.ht...

US Vendor

http://www.mini-box.com/

Works real well with BSD and it even has WiFi in the box I built.

Re: We aren't talking just about routers, fuckface

[footNipple]

No, I will not calm myself. I will fight to the end in order to restore the glory of homebrew projects!

Uh, can I use this as a sig?

Use a spare laptop

Any laptop is a good router/firewall. Old laptops are abundantly available in any company.
Good performance even if you run hundreds of IPSec VPNs on it.
Built-in keyboard and monitor: you really appreciate that when you have a network problem and don't need to mess with serial consoles or a web interface!
Battery backed.
Quiet.
Cheap off-the shelf hardware. OK you have to add the time you spend for setup and maintenance. But I bet it pays off in the end.
Add as many physical network interfaces as you want with 5$ USB Ethernet ports (some sticky tape helps!).
Plaintext configuration. Manageable with git. Commentable.
Scriptable.
We use a Gentoo system because it's easy to install only what you need and it has a rolling release scheme (no major upgrades, only small-risk updates each time).

This is for a corporate infrastructure. We have never looked back!

Re: Use a spare laptop

Except those usb LAN dongles are going to kill your performance. Some of us like utilizing our 100+Mbps connections.

If you have a slow connection then by all means use an old laptop.

Tried that...

Replaced it with a laptop quickly.
Alix is the same underpowered shit than the commercial routers. Plus it has only serial console. Not what you want when you have a network problem...

USB Ethernet limits network

[Joe_Dragon]

USB Ethernet limits network and any disk is also on the same bus.

Most cable systems are pushing 50-100+ for most. XDSL2 45-75 (some areas 100).

gigapower 300/300 or 1G / 1G

Re:USB Ethernet limits network

And let's also not forgot how using a Pi for a router will negative affect latency.

Re: We aren't talking just about routers, fuckface

[Robert+Goatse]

Have you missed how we can build a 30 minute airtime drone with 300$ of parts from Amazon? With an HD camera on board?

I must have missed it. As a beginner quad aviator, do you have any more information on this $300 super drone?

and the that usb bus limts you

[Joe_Dragon]

and the that usb bus limits you to about 35-40MB max the hard disk also eats into that on the pi.

But why?

[thegarbz]

No really why?

Performance? I have a 200/40 connection at home. The cheap nasty ISP provided piece of shit all in one modem, wifi router, gigabit switch in a sexy looking package has absolutely no issue with performance.

I also have a nice server with multiple gigabit NICs in them. All unused. I wouldn't think of using it as a router. There is just really no point.

Re:Use case : Not home to restart it

[drinkypoo]

The last PC that I converted for firewall use required someone to push a button to start it.

5 volt cap across the power button leads. Or so I have read. Value of the cap and... Vth? of the transistor the power button is connected to collectively determine the on-delay. Google for more. My problem with PC hardware is what happens when the CMOS battery dies. Guess what? We have time sync support in our operating systems these days. If the RTC is wrong, I don't care.

A nice board with which to start

I recently did something similar and used a GigaByte J1900N-D3V motherboard. It includes a quad-core celeron and dual Gigabit NICs. It also has a PCI slot and mini PCIe slot where one might add a third NIC or a wi-fi module.

(Sorry if it sounds like an ad. I have no commercial interest and am simply a satisfied customer.)

Re:A nice board with which to start

I think it's a good call. The j1900 and similar celerons are perfect for this kind of thing. If motherboard manufacturers were smarter, they would make mobos specifically targeted home router/server use. It won't be Asus, because they don't want to cannibalize their router market, but Foxconn, Acer and Gigabyte could easily make small and cheap "ready to serve" systems, where all you have to add is a wireless card, storage and your own Linux. For that it should have at least four hard-wired NICs right off the motherboard - not hard to do.

My cobble

[elistan]

I already had a server, so when I got gigabit fiber Internet and my old router would only give me ~300 mbps with NAT, I fired up a VM, gave that a couple network ports, and installed the free-for-home-use Sophos UTM. I then repurposed my old router to be simply a wifi AP. The Sophos is giving me high 800s, low 900s throughput just doing NAT and firewall, and dips down to 300 mbps or so if I enable IPS (Intrusion Prevention System.) The interface and documentation aren't the best, but work well enough I suppose. The main issue I've found going the VM route is that kicking off a server backup was causing the VM to snapshot which paused its processing for a few moments, dropping some network connections.

Netgear R7000 NightHawk Router + Custom Firmware

[foxalopex]

My home router is a NetGear R7000 NightHawk Router with TomatoUSB firmware by Shibby. Tomato firmware is notoriously stable on most of the platforms it supports and it's feature loaded with VPN and a huge number of other features. It also features an extremely nice front end GUI interface and is more than powerful enough for fast Internet applications. I originally ran my Router as a piece of software on my VM Server but eventually found it much nicer to have a dedicated piece of hardware handling it. Besides, if you're not a fan of Tomato then there's also OpenWRT and DD-WRT. Thou I've found DD-WRT to be unstable on some hardware. Regardless, this is probably the cheaper and simpler way of doing it.

Re:We aren't talking just about routers, fuckface.

[Pseudonymous+Powers]

We aren't just talking about homebrew routers here, fuckface.

I nominate that sentence for consideration as the Most Slashdot Thing Anyone Has Ever Said.

load balancing?

[inicom]

I was reading the article earlier, and I used to do this with a mandrake distribution on an old PC via iptables. I'd do it again, but I don't see any of these mini PC's that have 3 or more gigabit LAN ports so that I can preserve the load balancing setup I have with the cisco RV320 i'm currently have.

Anyone seen any of the low cost boxes with 3 or 4 gigabit ports? I realize that potentially a USB ethernet dongle might be possible, but I doubt any USB-based solution would be robust enough.

OpenWRT

[elmer+at+web-axis]

Just grab a cheap piece if hardware compatible with an openWRT firmware and flash it. All the customization you'll need. And you get wireless support.

So, now we have re-defined "homebrew"...

to include mass-produced hardware imported from China with who-knows-how-much pre-loaded malware and spyware and backdoors, with a bunch of other hardware and code produced by others slapped-on?

Traditionally, the term "homebrewed" in the computer world meant the hardware was home-made and the code home-written and so the result was fully-understood by its owner. I see no advantage in this new version of "homebrewed" over "purchased from a fly-by-night vendor in China via Amazon"

Open source router

There is interesting Indiegogo project in progress: "Turris Omnia: hi-performance & open-source router" see https://www.indiegogo.com/projects/turris-omnia-hi-performance-open-source-router

Pfsense

[whitebread_mike]

Built a system using an Intel d2500cce board in an Antec ISK case. Its been running pfsense for about 9 months now with no hiccups. Paired that with a Ubiquiti wireless access point and its been smooth sailing. Much better than the Comcast router modem they gave me to start with.

Cheap Low Power PC Hardware

[Agripa]

I have been using a repurposed Celeron 300A as my main router running FreeBSD for years without problems. It has ECC memory, boots from Compact Flash attached to an IDE port, and I can alter the number of ethernet ports as needed.

If I were to do this today, I would use one of the cheap AM1 motherboards which support ECC memory and PCI or PCIe network cards as needed. If that does not allow enough ethernet ports, then a VLAN switch can be used as a port expanded. The AM1 CPUs are much faster than necessary for this kind of application so they can be forced to operate at a lower clock speed and core voltage to reduce power. With some cleverness, passive cooling can be used except perhaps for the power supply fan.

Re:Cheap Low Power PC Hardware

[drinkypoo]

With some cleverness, passive cooling can be used except perhaps for the power supply fan.

If you connect the power supply fan to the 5V supply instead of to the 12V, or even connect across the 5V and 12V rails to get 7V, you can make the fan much quieter. If you're only putting a small draw on the supply, no harm done. I did this for a GEODE system, back when that was worth using.

Started with homebrew, switched to MikroTik

[feaglin]

I wanted better control of my home network. Mostly filtering the internet for the kids and later scheduled blocking of their devices overnight, plus some playing on the side. I got a refurb Core2 desktop, snagged a leftover dual port NIC from work, and ran ethernet from the basement to the first floor to an AP. First I used pfsense and then Ipfire. It worked great. After a couple of years I started to think of the power usage of a full desktop running at 3%-5% utilization. So I went looking for an alternative. The RouterOS in the MikroTik boards had everything I needed as a drop in replacement for the PC. I got the model in the link below for ~$50. It doesn't have wifi but I already have the AP setup. It uses so little power the power adapter is similar to what you use to charge your phone. It can even run on PoE. I've been using it for about a month with no problems. Now I'm considering adding in one of their 802.11ac APs for $45 because the RouterOS is the same on both devices and the router can manage the AP. Assuming I'm understanding the manual correctly.

http://www.balticnetworks.com/...