Build your own powerful router...many fun linux distros

[YeOldeStonecat]

Tired of overwhelming your home grade broadband router with heavy traffic?
Need better quality of service features?
Want something you don't have to reboot often?
Better performance for some of those faster internet connection these days...such as those past 10 or 20 megs that many home grade routers can't keep up with
Add some business/enterprise grade features like VPN, DMZ zones, UTM features such as antivirus scanning and spam removal, web/content filtering, some have blocking of protocols for IM and peer to peer traffic.

You don't need to know linux to built these routers, or manage them..they are all managed through web interfaces just like your typical Linksys/Netgear/DLink router. Download an ISO..burn to CD...take a computer that has 2x network cards...boot from the CD..and they have an install wizard that holds your hand through the whole process. If you're somewhat comfortable setting up and managing your home grade router..you can built and manage one of these.

There are many of them out there...some stronger in certain areas than others, and a growing number that bring full UTM features (Unified Threat Management). These UTM features are the ones I'm really interesting in..and using at a few clients with good success. The UTM distros add antivirus scanning of all web, mail, and ftp traffic, as well as spam removal of web traffic. Some add ad/spyware blocking of browser traffic as well. And beefier intrusion detection via Snort.

Some of the basic *nix router distros....

IPCop...one of the more popular ones, has a big development/support community with lots of add-on packages.
http://www.ipcop.org/
You can add UTM functionality to it with the add-on called Copfilter
http://www.copfilter.org/

m0n0wall
http://m0n0.ch/wall/

Smoothwall
http://www.smoothwall.org/

pfSense...originally built on m0n0wall...with stronger QoS features
http://www.pfsense.com/

Clark Connect is a cool distro for a small business, sort of an open source *nix version of Microsoft Small Business Server
http://www.clarkconnect.com/

ClearOS a further developed fork of Clark Connect....another open source version of Microsoft Small Business Server, UTM, file/print server, e-mail, web, myphp. Very nicely developed.
http://www.clearfoundation.com

Zentyal another open source "all in one" version of Microsoft Small Business Server.
http://www.zentyal.org/

BlueOnyx..another sort of all in one, web/mail included
http://www.blueonyx.it/

vyatta
http://www.vyatta.com/

Zeroshell
http://www.zeroshell.net/eng/

For some of the UTM distros....in addition to the Copfilter build of IPCop listed above....

Endian...one of my favorites..built on top of IPCop..with the features of Copfilter...bundled into one tight package
http://www.endian.com/en/community/

Comixwall (Project terminated Dec '09 after dispute with BSD)
http://comixwall.org/

Astaro
http://www.astaro.com/
A very nice UTM package, recently released a full free version for home use.

Untangle...this one is fantastic...I've built a few...using them in production...very powerful. Lots of features...even blocking of IM traffic and peer to peer traffic.
http://www.untangle.com/

eBox
http://ebox-platform.com/
Similar to ClarkConnect...quasi server duties

Gibraltar
http://www.gibraltar.at/
A UTM appliance, aimed at businesses but they have a free open source community version for home users.

IPFire
http://www.ipfire.org/en/index
A basic firewall aimed at new users, easy setup, etc.

GnatBox Lite ..free for 2 users
http://www.gta.com/products/gblight/



On the basic distros...all you need is an older PC...P2 or so, moderate RAM, a pair of NICs..and you're good to go. For the UTM distros..you want a bit more power...mid range or higher P3, 512 megs of RAM...Untangle likes to go above 1.0GHz and a gig of RAM.

Fun stuff..and put your retired older PC to work!

http://en.wikipedia.org/wiki/List_of_Li ... s?c6b0b560

A short article I found mentioning a few distros...with a brief blurb of each
http://www.fsckin.com/2007/11/14/7-diff ... -reviewed/

[Philip]

I've been thinking about building a linux router on one of those new 1.6GHz Intel Atom barebones, quiet, fast, low-power, $140 barebone:
http://www.newegg.com/Product/Product.a ... 6856167032

[bilbus]

I have a pfsense box, works fine with a 1.6p4 with 1.5gb ram .. ntop is flaky it seems with less then 4gb ram.

[hoov]

Hello.

I really value your opinion on here. I know you have used many of the linux firewalls- pfsense, endian etc in the past.

I now have growing kids and am currently using my comcasts free mcafee security suite which I do like but has to be configured on each pc.

I saw your thread and it looks like you really think endian was pretty good. Do you think it would be good for watching/protecting kids on the net?

My thought would be that I could put an endian server right after my cablemodem. I would like to have a wireless zone then a protected wired zone that would be blocked from that wireless for security. Is that possible also.

Thank you in advance for any input!

[YeOldeStonecat]

Endian is good, there's a newer UTM distro out called Untangle, which has better antivirus and antispyware protection. Needs a bit more horsepower to run on though.

A UTM appliance is not a substitute for a good desktop antivirus, but it's a great added layer of protection.

Yes you can created added zones for wireless...although many of todays access points can do that themselves.

[hoov]

Thanks for the info !

[YeOldeStonecat]

And some 3rd party firmwares for some popular home routers which add features and performance.

http://www.dd-wrt.com/dd-wrtv3/index.php
Adds many features such as ability to crank up wireless output power, traffic graphing, QoS, wireless features, VPN, increased stability.

http://www.polarcloud.com/tomato
A very lightweight firmware, less features than DD-WRT, but lighter and snappier. Great stability.

http://www.packetprotector.org/
A distro that adds some UTM features, antivirus scanning, content filtering, OpenDNS integration.

[CableDude]

Funny that you mention DD-WRT because I was thinking of trying it again.

[YeOldeStonecat]

Ahh yes...no v6 even.

Doh!

[routik]

Hi, i developed personal interest in this post when i saw it. i am using untangle server in my office but i have question to ask concerning wireless.
i have tow network cards already installed in my untangle, but now we just bought a new wireless radio that can distribute wireless service around our area (protected wireless). now what i want to ask is if it is possible to add another network card in the untangle which i can use to give service to the wireless radio and configure something like hotspot on it for users to login through their browsers.
hope you understan my question clearly?

thanks

Collins

[YeOldeStonecat]

Untangle doesn't support wireless cards....I don't believe they have it planned in their roadmap either. Since it's designed more for larger SMB and medium/small enterprise business networks, where dedicated access points are utilized.

I have a few clients of mine using Untangle..and wireless, and their setups are similar to if I have regular routers. I use dedicated access points, or..if I have a wireless router, I reconfigure it to run in access point mode (disable DHCP on it, change it's LAN IP to something like 192.168.1.245 instead of 192.168.1.1..since Untangle would be 192.168.1.1..and then uplink it to the main switch using a LAN port of the wireless, router, the internet/WAN port of the wireless router isn't used)

[routik]

you know, i really like something like hotspot login page, how can i achieve this using linux?

[routik]

i think i have seen what am looking for, untangle server has 'Captive Portal' which i can use for what am looking for. or what do think?

[Shinobi]

I might install IPFire this weekend, as a extra layer of security on my LAN. .. seems pretty good.

[routik]

Untangle...this one is fantastic...I've built a few...using them in production...very powerful. Lots of features...even blocking of IM traffic and peer to peer traffic.
http://www.untangle.com/

have been using untangle for some time but i really want to know how to integrate hotspot billing system into untangle.

thanks.

[YeOldeStonecat]

have been using untangle for some time but i really want to know how to integrate hotspot billing system into untangle.

thanks.

You're far better off going with a separate dedicated billing system, there are many hot spot/internet cafe management packages out there. Nobody would integrate a billing system into an edge device..that goes against the best practices of security.

[routik]

@YeOldeStonecat
thanks for your reply.
based on this post, i have contemplating and visiting PFsense official site, am considering using it very soon.
what do you think?

[YeOldeStonecat]

I love PFSense...great VPN abilities, and the best QoS/Traffic Shaping I've come across. I love using it at home because I can crank up QoS and ensure that I have a great online gaming experience regardless of what the other users of my household are doing on their PCs.

[routik]

but does it have addons or third party softwares that has UTM features like web antivirus, antispam, filtering, ad blocker just like untangle?

thanks for your replies.

[Dado9]

hi, i am looking for a router program which is the easy to develop and possible to make changes to the source codes, pls help me. i am doing a project of these router programs. but i stacked which router i will choose????

[eunicesanchez]

Making your own router gives you flexibility that you can't get from the purchased router. Your own router can be upgraded with just a simple download and new features are being added as time goes on. Once you have bought a router you are stuck with the functionality you got when you bought it, until you buy a newer one of course! So for me, making my own router is more beneficial...

[mountain-man]

Hi, new here. I am responsible for a wifi network for a summer camp, looking for maybe a linux firewall/router on an old PC to replace our existing firewall/router. Free or cheap is good. The system is strictly for internet and email access, no local networking, basically just a hotspot. The wifi aspect is probably not relevant here, but I do need a firewall and access control. The main thing is to only allow access to paid users, and to monitor / log bandwidth usage for each user since the satellite internet is bandwidth limited. Can't just use wifi security as sooner or later everybody, including non members, knows the password. Also need a website blacklist, so we can block high bandwidth websites like youtube, porn sites, etc.

There are about 50 users, and on average each user has several devices. Typically a one or two dozen users are active at any one time.

Currently, we're using a Sonicwall TZ170 router, assigning a fixed IP address (assigned by the router, not at the user's computer) to each MAC address, and no DHCP. This is tedious to administer but doable, but the Sonicwall is flaky and, I presume, slower hardware than something like a linux router distro on an x86 box.

A system where a user has to log on with a username and password to get access each session would be even better, as we wouldn't have to mess with MAC addresses.

Ideally, I'd like to ignore bandwidth logging during a "free" period between midnight and 6am, but that's not necessary, we're not doing it now. I'd also like to be able to remotely administer it from the internet, but that's again not necessary.

I'm not a network professional, not since the MSDOS days anyway, but I'm fairly saavy for a non pro.

Can anybody offer suggestions on which of the many linux packages would work best for us?

[Philip]

You may want to check out pfsense: http://www.pfsense.org/index.php?option ... &Itemid=43

[fastcar23]

This is such a great help! Thanks

[spert]

Funny that you mention DD-WRT