Benefits of a Homebrew Router

An anonymous reader writes: Jim Salter has posted an article explaining why it can be a good idea to build your own router, and how he put his together. Quoting: "In the consumer world, routers mostly have itty-bitty little MIPS CPUs under the hood without a whole lot of RAM (to put it mildly). These routers largely differentiate themselves from one another based on the interface: How shiny is it? ... I wanted to go a different route. A lot of interesting and reasonably inexpensive little x86-64 fanless machines have started showing up on the market lately. The trick for building a router is finding one with multiple NICs." Once assembled, the homebrew router blows away even high-end SOHO routers for throughput and performance. "Given that nobody's offering any Internet connections over 200mbps in my area yet, that makes my inner crypto nerd dance with glee. I could literally encrypt every single byte of my Internet traffic, in either direction, without a performance penalty." Of course, it won't do wireless, but you can get separate wireless access points to handle that.

raspberry pi about 50$ does just fine.

[anon mouse-cow-aard]

raspberry pi, usb ethernet dongle, power supply... about 40$. does 30 mbps with full iptables, NAT, dual stack ipv4 and ipv6, speed test is 30 mbps flat out. my isp rate is 30 mbps ... If you have access to > 100mbps great, but outside of google cities isn't that kind of rare? Don't see the point of a 300$ homebrew router. been using a pi for years. have two spares. no moving parts, no fan, low power consumption...

Re:raspberry pi about 50$ does just fine.

[Anonymous Coward]

100Mbps at home isn't that rare if you don't live in some backwater country.

Re:

[bonehead]

I live in a tiny, little hick town. It's a 45 minute drive to the nearest town with a population over 1000.

My cable Internet gives me 100Mbps with a 2TB monthly cap,

Re:

[Billly Gates]

Shoot I pay $80 for a 6 meg connection pipe. I hate DSL but Cable forced into a TV package I will not use and a 20 gig cap because they lobbied my local governments to prevent competition.

Re:

[jarablue]

I have fios and live in New England? I can get 300mb with my FIOS app in 2 seconds. Not everywhere is hamstrung by slow speeds.

Re:

[110010001000]

I live in the US and have had 300Mbps for years, uncapped. Not sure what backwater you live in.

Re:

[Billly Gates]

I live in Houston have get 6 megs a second. It is the only one that does not force an expensive TV package bundled agaisn't my will and a 20 gig cap for an ultra low price at $179 a month. Pfft

Re:

[Anonymous Coward]

Our cable ISP just upgraded us to 150/20. I had an old desktop lying around, and power isn't *that* expensive here, so I bought a two-port intel NIC and tried to remember how routing and firewalls worked in FreeBSD. (I'm sure Linux or OpenBSD would be as good, it's just what I happen to know best). It took a few days to get everything working (e.g. getting dhcpd to register the dynamic hostnames with named, not to mention the strange new world of IPv6 delegations), but it was kind of fun.

Re:

[gwolf]

The main problem with using an old desktop as a router will be the ongoing, always-on electricity costs. You could have a system with a 300W one. How long until it pays for itself?

Re:

[Blaskowicz]

You may use an underclocked Core 2 Duo or AMD, that'd be much better than a Pentium 4.
Not hard at all to replace the motherboard later but keeping case, power supply, hard drive, (PCIe) network cards.

300W is also not really possible unless you do GPU grid computing, or CPU grid computing on a really overclocked and hot CPU.

Re:

[gmack]

Not in a Google city but I have 120 mbps down and 20 mbps up. I ended up buying a couple of giabit cards for an HP Pentium 4 desktop with 4 gb ram I had laying around and it manages to easily keep up with the abuse I throw at it.

Having said that, sometime in the future I will replace it with a $100 Chinese Atom mini desktop with 2 ethernet ports just to eliminate the fan noise in my livingroom.

Re:

[vux984]

Ugh... a pentium 4 is a space heater. :)

Re:

[Joe_Dragon]

and pci-33 can't do gigabit much less more then 1 card at the same time shared bus.

Re:

[gmack]

Thankfully it doesn't need to do the full gigabit. I managed 126mbps downstream and 20.4 mbps upstream so my connection is maxed so that was all I cared about at the time.

Re:

[drinkypoo]

and pci-33 can't do gigabit much less more then 1 card at the same time shared bus.

That's OK, he only has to be able to reach 120 Mbps, which shouldn't be a problem. Wikipedia suggests that no P4 chipset had PCI 66 MHz support, which is optional since PCI 2.1 (even in non-PCI-X systems.) The only PCI-X system I've owned was AMD-based, and it also had GigE on 32-bit 66 MHz PCI internally. But maybe Wikipedia is wrong, and it's possible to get double-speed PCI out of a P4. Probably not, though. Using a P4 is a bit insane. I chose a used C2D because it was almost as cheap as a used P4, but c

Re:

[Anonymous Coward]

Quad Core RasPi, 1 Gb RAM : $35.00 - $25.00 on SALE
Power Supply: Scavenged : FREE 5V @ 2A
100Mbps USB NIC : $5.00
Wireless b/g/n USB Dongle: $10.00
USB Hard Drive @ 750Gb: $45.00
8 Port unmanaged Switch: $15.00

OpenWRT: FREE / DDWRT: FREE

So, I have a router, a NAS, an FTP server, bittorrent, SSH Server, WEB Server, WiFiAP, TimeMachine, RSYNC, all running on a single box, with a power consumption of less than 10W under FULL LOAD.

I've got 4 CPUs, 1 Gb of RAM, a 30Mbps/6Mbps uncapped network connection, a hatred of

Re:

[alantus]

Sounds wonderful.
Do you count your uptime in minutes or hours?

Re:

[gwolf]

What is your experience with such gear?

I have several ARM boards, ranging from the well-known Raspberries (Pi B, Pi 2), Bananas (M1 and M3), Beaglebone Black, a nice packaged computer (CuBox-i), a SmartTV UG007 HDMI stick, even a MIPS Creator CI20. I don't have them all always-on (just three of them), but (barring underpowered power sources, which really suck) don't have any stability issues.

Re: raspberry pi about 50$ does just fine.

[jonnyj]

I've run a Raspberry Pi as a server (DNS, DHCP, LDAP, Kerberos, SMTP/IMAP, webmail, MediaWiki) for 3 years with only one restart necessitated by stability issues, when my DHCP server inexplicably stopped dishing out IP addresses and refused to play until the box was restarted.

That's much better stability than our ops guys ever seem to manage in the office.

and the that usb bus limts you

[Joe_Dragon]

and the that usb bus limits you to about 35-40MB max the hard disk also eats into that on the pi.

Re:

[ArmoredDragon]

Pretty much anywhere you get cable you can get at least (but probably more than) 100mbps. Considering that cable is almost everywhere, it's not that rare.

Now if you're stuck with DSL, I'm sorry.

Re:

[ArmoredDragon]

It's extremely rare to see anything above 40 on DSL though; you have to be lucky enough to live really close to the DSLAM.

I used to live in a somewhat remote area, and was able to get 300mbit on cable for about $80 a month.

Re:

[Joe_Dragon]

pair bonded dsl, vectoring , g.fast are pushing it up.

Re:

[AmiMoJo]

The only issue with the Pi is that some USB ethernet adapters really suck. They suck so much that 30Mb/sec is going to hammer the CPU. Also, BT offers up to 70Mb/sec, and Virgin offers up to 200Mb/sec.

I'd suggest a cheap router. I like Buffalo ones because they are well supported by DD-WRT etc. and even ones that are 5 years old can easily handle routing 100+Mb/sec with QoS and other niceties, as well as being low power. They are designed for the Japanese market where 100Mb was pretty passé these

Re:

[MouseTheLuckyDog]

Except for when you are using your LAN. For example, a NAS.

Re:

[mlw4428]

What's the internal throughput? Are you still limited to 30mbps?

USB Ethernet limits network

[Joe_Dragon]

USB Ethernet limits network and any disk is also on the same bus.

Most cable systems are pushing 50-100+ for most. XDSL2 45-75 (some areas 100).

gigapower 300/300 or 1G / 1G

Re: raspberry pi about 50$ does just fine.

[DuckDodgers]

yeah, me too

Re:

[Coren22]

http://www.aliexpress.com/item... [aliexpress.com]

1.8Ghz Celeron with 2 GB ram for 162, should have plenty of room there to throw on a USB flash key for the storage. It also has dual gigabit on board, and is the subject of this story.

Homebrew used to be about doing better.

[Anonymous Coward]

Homebrew used to be about doing better than what you could could get off-the-shelf.

In this case it sounds like it's better in some small, useless way, while being far worse in so many others. Now he's got throughput he can't actually use, but is missing critical functionality like wireless support.

I think this decline in the quality of homebrew reflects what has happened to the Linux community as a whole lately. The quality has dropped like a rock. So much Linux software has gotten worse. GNOME 3 looks awful. Systemd and PulseAudio still have caused me nothing but trouble. Firefox gets worse with each release. Wayland is nowhere to be found.

We need to restore the glory of homebrew projects. We need our homebrew projects to be better than the commercial off-the-shelf offerings. We need to not build something that's slightly better, but also far worse. We need to build something that's better in every way.

We need to restore the glory of homebrew projects!

Re:Homebrew used to be about doing better.

[PvtVoid]

I think this decline in the quality of homebrew reflects what has happened to the Linux community as a whole lately. The quality has dropped like a rock. So much Linux software has gotten worse. GNOME 3 looks awful. Systemd and PulseAudio still have caused me nothing but trouble. Firefox gets worse with each release. Wayland is nowhere to be found.

Yeah, Dude. I would never build a homebrew router because GNOME 3 / PulseAudio / Firefox. Those things make Linux routers totally worthless.

Re:

[PvtVoid]

Jesus Murphy, the term "homebrew" came from people who used to brew their own beer at home. We rarely see this done these days, and even those who do it make a shitty lager or a pissy ale.

That's almost certainly because most mash tuns run systemd now. The best systemd can do is a shitty lager or a pissy ale.

A proper IPA can only be done with Sys V init.

Re:

[Pseudonymous Powers]

We aren't just talking about homebrew routers here, fuckface.

I nominate that sentence for consideration as the Most Slashdot Thing Anyone Has Ever Said.

Re:

[PvtVoid]

Are you sure you're not thinking of commercial microbrewing?

He's thinking of home brewing:

https://www.brewersassociation... [brewersassociation.org]

If you're the GGP, then in addition to being a completely insane person, you definitely haven't tasted what homebrewers are making.

Re:

[SScorpio]

It's likely not beer sales, but the equipment and ingredients to make beer. I've only been brewing for two years, but I've noticed an large uptick of people in my local home brew store every time I'm there.

Re:

[bonehead]

Home brewing beer is most definitely growing, as evidenced by the much larger variety of gear and vendors to choose from today vs when I started 10 years ago.

I brew in 5 or 10 gallon batches. Most definitely not a commercial operation. And I would never waste time brewing "a shitty lager or a pissy ale". If I want that stuff, I can buy it off the shelf for less money than what I typically spend on ingredients for a batch. (not to mention time and effort.)

Re:

[rmdingler]

Home grown used to be a reference to some substandard pipe filler. How the times have changed.

Re:Homebrew used to be about doing better.

[LordKronos]

Now he's got throughput he can't actually use, but is missing critical functionality like wireless support.

I personally gave up on wireless support in my router. First problem I was always having was finding a router that had all the features I want. DDWRT is a priority for me, but finding a single device that
1) supports DDWRT easily (ie: doesn't rely on me finding a specific outdated revision of the hardware)
2) is cheap
3) has gigabit ethernet
4) good wireless
5) has a good amount of memory

Getting all of these in one device is difficult. The next problem is that I'd periodically end up with wifi issues. I had issues now and then with different device. Then I got my OnePlus One and the problems got worse. For some reason that device always has connection issues. It would continually get disconnected (so often that I couldn't even backup the videos from my phone via smb...it would always lose connection in the middle and I'd have to start over. It might take 10 tries before a video successfully copied over). I tried 4 different DDWRT routers I had access to (4 different device models from 3 different brands) and had the same issues

The last issue is dealing with power outages. All of my networking equipment is in the basement on a battery backup. When power goes down, I'm able to maintain connectivity and continue working from a laptop without issue. However, locating everything in the basement means I have OK signal on the first floor, and terrible to no signal on the 2nd floor and front/back porch. To resolve this issue I put a 2nd DDWRT device (running as a wireless access point) on the first floor, but unfortunately it has no battery backup.

About a year ago, I decided to change my strategy. I ditched the 2nd device, turned off wireless on the router itself, and bought myself a Ubiquiti wireless access point. This solves a lot of issues
1) Wireless is now one less feature I need to concern myself with on a router
2) It's reliability has been impeccable. In 1 year, it has been rock solid, not requiring a single reset, and it's worked flawlessly (and performed well) with every device I connected it to
3) It's designed to use power over ethernet. It's power supply is plugged in to the UPS in the basement, then the ethernet is patched between the powersupply and my patch panel and through the regular house networking.
4) It looks really nice, so I can actually put it in a very central place in the house without it looking ugly. And at this location, the one device provides exceptional coverage for my entire house and the front/back yard.

How about a nettop or intel NUC?

[coder111]

I have a small nettop with AMD E-350, and it works fine as:

* ADSL/Wifi Router. Does IPv6 like a champ as well.

* File server

* Media box- it's connected to the TV & speakers.

* Backup device

* 2nd machine for some software experiments.

* Whatever else I want it to be.

I tried looking into getting some ARM SOC or off-the-shelf router, but decided it's not worth the hassle. The only thing I would gain is lower power usage, for much weaker CPU/GPU/memory/storage, and much more problems deali

Re:

[DuckDodgers]

I don't think the problem there is the free software community and homebrew, the problem is sucky PC wireless cards and poor Linux drivers. Fixing that isn't trivial.

It would be interesting to try, though. In my area, Comcast's pricing for 150 Mbps down is only $14 per month more than 25 Mbps down. I upgraded my service, then realized my router only has a 100 Mbps port on the WAN side. That's not a huge problem, I lived with 25 Mbps down for ten years. But now I'm looking at upgrades, and I would p

Re:

[pak9rabid]

I'm currently running this setup:

• System: PCEngines APU system [pcengines.ch]
• Wireless adapter: COMPEX WLE900V5-23 miniPCIe 802.11ac adapter [compexshop.com]
• OS: Voyage Linux [voyage.hk]

I've been running witht his setup for about a year with excellent results. Although, if I had to do it over, I would go with a discrete 802.11ac AP instead of running it on the router, as Linux wireless support for master (AP) mode is pretty shitty.

Re:

[DuckDodgers]

Thanks for the info, I appreciate it. In what way is master (AP) mode shitty? No snark intended - what went wrong?

Re:

[ComputerGeek01]

The reason that homebrew projects were so awesome is that they were developed by talented people looking to build out their CV's and earn recognition. Those talented people have now been hired into soul-crushing monotony while their projects have been handed down to those of a more mediocre ability by comparison. Things will stagnate until the next generation of talent hits the labor market and then it will all start over again. Don't worry, your exploitation of those with drive and ambition can resume in a

Re:

[Grishnakh]

The problem is that for the most part, there isn't going to be a "next generation". The next generation can't do anything like that stuff, and their tech talents involve writing crap like Gnome3.

Re:

[chispito]

Well, at least he has a reasonable expectation that it won't be completely full of security holes and that he can easily update it when a vulnerability does turn up.

Re:

[DarkTempes]

How was this modded up? I actually thought it was a troll.
A router != a wireless router or even a wireless access point and wireless support is not "critical functionality" for the device.

Anyway, he mentions that he used the much hyped Ubiquiti WAPs to cover the wireless functionality that he lost from the Nighthawk.
Assuming those live up to the hype then he gave himself a) better routing functionality than the previous solution b) better wireless functionality than the previous solution.
I call that homebre

Re:

[Coren22]

I love my Ubiquiti WAP, I set it up once and haven't done anything to it since. It sits on the ceiling pumping out the wifi for all the tablets/phones/laptops in my house without any issues.

Re:

[Grishnakh]

And then you go into a rant about the quality drop of Linux on the desktop which is kind of bullshit to be honest. I don't know if you remember how bad things were 10-15 years ago but it was definitely much worse than it is now.

In some ways, not in others.

You're right, the infrastructure stuff Is mostly better. Installing Linux is much easier than it was 15 years ago for instance; most hardware is supported well and installers have gotten really good. Sound support seems to work well these days (except fo

Re:

[fnj]

Now he's got throughput he can't actually use, but is missing critical functionality like wireless support.

Don't be obtuse, anonymous idiot. Wireless has absolutely nothing to do with routing. Nada. Make each piece do one job well. Limit single points of failure to taking out one function only. The cable modem, router, and wireless access point should each be completely independent items.

Re:

[Coren22]

That is a small living room that you have where it can't fit two items the size of your typical home router in it.

Re:

[maestroX]

no decline in the homebrew here *hips*

Re:

[aaarrrgggh]

Integrating wireless isn't really ideal in many situations-- large house, apartments with high noise floor, etc. The access points can do much better in these situations.

Personally, I switched to Ubiquity EdgeRouters; you can make it just a plain Linux router if you wish, managing packages individually as needed. If you are sufficiently paranoid, it makes a lot of sense, and there are options from $60-350 on the router side all with the same software, but giving you up to gigabit port speeds.

There are issues with this...

[mellon]

More memory doesn't necessarily make things faster if you have multiple streams and limited bandwidth. You can wind up with a situation where you have a lot of data queued in the buffer, and this botches TCP congestion control so that you wind up getting really poor throughput. Google "bufferbloat" for details. Using a crappy external wireless AP makes this worse. You really do want the wireless card to be treated as a first-class network interface on your router. Unfortunately, wireless drivers are usually closed-source, often have internal bufferbloat problems and other bugs, and can't be updated.

The article's main point, that a faster CPU in the router is wicked awesome, is completely true, of course. You just want to make sure you're running a recent Linux kernel that does a good job of queuing in the presence of a congested link. :)

Re:

[gmack]

It has been ages since the Linux kernel maintainers modified the kernel to avoid excessive buffering [kernelnewbies.org] so that's not really a problem anymore. With small amount of ram typical of most home routers, you end up with a NAT table overflow where the device can't keep track of all of the connection and either expires old connections early, refuses to allow new ones, or in Cisco's case hard crashes. It doesn't take much to run into the limits, I have seen bittorrent bring a home router to it's knees.

Re:

[acoustix]

You really do want the wireless card to be treated as a first-class network interface on your router.

I respectfully disagree. I think most people's PoP in their homes isn't necessarily ideal for their only AP (yes, I know some need multiple AP's). It's probably better to have the AP separate so it can be centrally located in the house for best coverage.

My setup has the AP centrally located in the house in a closet with PoE, which is far away from where my service enters the house.

EdgeRouter is exactly this!

[UberLord]

Ubiqiti EdgeRouter is exactly this: dual core MIPS64 @ 1Ghz, 512Mb memory and a removable USB flash stick for storage.
https://www.ubnt.com/edgemax/e... [ubnt.com]
This is ample for my needs. I bought the 3 port version about a year ago for £80.

https://blog.netbsd.org/tnf/en... [netbsd.org]

As of today, NetBSD-current has an uptime of about 6 months - which is when I made the last kernel modifications to support the NPF firewall.
This is more uptime than any other SOHO gear I have and the performance of the unit is exceptional.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[larkost]

I recently bought their EdgeRouter X, which is a small 5-port router for about $50. I am very happy with it. There were a couple of bugs in the interface as I set it up, but they were easy to get around on the command line. Most important to me is that it is small enough that I could put it in my apartment's network box along with my cable modem. Two less pieces of hardware for my wife to have to see.

https://www.ubnt.com/edgemax/edgerouter-x/

Re:

[UberLord]

One TP-Link TL-WR841N/ND v9 wireless hub needs a reboot after watching a few movies over it.
My main TP-Link TL-WA901N/ND v2 wireless AP needs a reboot every few months.
Both run OpenWRT Barrier Breaker - I should try upgrading them to Chaos Calmer.

My TP-Link 200Mbs Ethernet over Power freeze every few days, my ASUS ones fair better but still freeze once in a while.

I used to run a few DrayTek ADSL routers which also froze, but since upgrading to fiber I have plugged my OpenReach modem into the EdgeRouter.

Bas

OpenWRT for $25

[GlobalEcho]

These guys [gl-inet.com] sell a tiny "travel router" (or just the board if you like) that goes for $25 on Amazon. Crucially it has 2 ethernet ports (albeit only 100Mbits), along with Wifi. It ships with their modified version of OpenWRT [openwrt.org] but takes only a couple minutes to flash to the latest fully open-source version. From there, going further into homebrew is trivially easy. I find it a better starting point than a raw Linux distro, and the low power consumption just cannot be beat. If you want to go Linux and don't have a fat pipe, I recommend it.

Re:

[karnal]

Do you have the amazon link? I tried searching for a few different variations of gli and gl inet and domino... not finding this specific device.

Re:

[gmack]

This is not as good as it appears. Their "Enterprise router" has 128 mb ram and there is no way that's going to hold up to a significant amount of simultaneous (connections let alone the 64 mb ram that most of the devices have,

Re:

[GlobalEcho]

This is not as good as it appears. Their "Enterprise router" has 128 mb ram and there is no way that's going to hold up to a significant amount of simultaneous (connections let alone the 64 mb ram that most of the devices have,

Is that really an issue? According to this [informit.com], each NAT entry needs <200Bytes, in which case 2000 simultaneous connections (plenty for most any single dwelling) require less than 1MB RAM.

It wasn't that long ago that even enterprise-class routers got by on 32MB or less of RAM.

Re:

[gmack]

That's from 2002 and I wonder if that's even true of Cisco anymore. I have watched Cisco firewalls hard crash with too many connections on 256 mb ram.

This site [khnet.info] seems to indicate 16 KB per connection, which doesn't leave much once you've subtracted the memory needed for OS/daemons etc..

I am using a Core 2 Duo

[drinkypoo]

Yes, that has higher power consumption than buying something brand spanking new. However, it was $50 with 4GB RAM and a 500GB disk. I have a separate AP, currently a WRT54g running OpenWRT. It was $10 or less, yard sale. I have a Phobos quad-intel card, I think I paid $5 for that. The savings cover the power budget delta for some time nicely, and eventually I'll get something else when it's cheap. The problem was, I couldn't find a cheap SFF with both dual ethernet and a PCI slot for my quad-ether card. The

one legged firewalls are great.

[emj]

I've never really understood why Firewalls with just one interface is an issue, been running that in different ways since 2000.

Re:

[drinkypoo]

I've never really understood why Firewalls with just one interface is an issue, been running that in different ways since 2000.

In theory, who cares, for a home network? In principle, do you trust your ISP? In practice, do you trust your CPE not to simply choke? I'd rather keep any traffic not destined for the internet away from mine, because my ISP is a semi-local WISP that is using absolute-cheapest hardware, and the CPE devices are garbage that has to be replaced every few years already.

Easily done.

[Lumpy]

Mini ITX motherboard, case and power supply. All done if you buy one with two ethernet ports, or just add a ethernet adapter for the second.
I use a gigabyte H77N-WIFI it has dual ethernet and absolutely rocks with a small SSD and only 2 gig of ram. Blows out of the water absolutely every bit of "router" hardware with even a very low price processor.

Run IP-COP, Momowall, pfsense or Smoothwall and you are done in less than a couple of hours with a device that makes Cisco enterprise stuff look like a toy.

ClearOS is the way to go for an x86 router

[Varka]

www.clearfoundation.com It's a super nice piece of software.

Use case

[silas_moeckel]

Ok so you're going to fiddle with making your own firewall.

You use a dedicated bit of hardware, $240 for a useless fixed config box. I can get a more powerfull laptop that is also silent and can run multiple VM's for the same to less. It also has a built in UPS and wifi that may be able to used as an AP a usb3 to gigabit dongle takes care of the second port.

You install ubuntu and throw a few iptable rules in, because obviously years of getting to a sane default with pfsence etc means nothing.

You still need a wifi AP and generally the standalone AP's cost more than a router.

If you're doing this would assume you allready have a VM hosts in the house that you could just run pfsence on. I did this for a decade. You can get 40+ mbs of vpn traffic out of a high end wifi router. Mind you routers used to come with bits like the BCM5365P that could do 75 mbs in hardware (and that is an ancient 2005 ish chip).

Re:

[mattventura]

What's wrong with "fixed config" here? It's not like network technology is going to change significantly soon. If you've got two gigabit interfaces and enough horsepower to route between them at line speeds, you'll be set for a long time. Sure, if you start feature creeping it might become an issue, but I'd rather use the right tool for the job.

Re:

[hankwang]

"a more powerfull laptop ... has a built in UPS"

I once tried running an old netbook as server (dns and files, not routing) with UPS. When the power outage came, half a year later, it shut off immediately. Moreover, it didn't boot on its own when the power came back. With the lud closed, it was always kind of hot.

Apparently, Li-ion batteries need to be discharged every now and then to keep their calibration. The charging hardware seemed to think that the battery was fully charged while it was really empty. I

Re:

[Anaerin]

Most (If not all) PC Bios' have a "Power State on AC" option, with the choices typically being "Off", "On", or "Last State". Switch this to "On" and the PC will automatically start up when the power comes back.

Re:

[drinkypoo]

The last PC that I converted for firewall use required someone to push a button to start it.

5 volt cap across the power button leads. Or so I have read. Value of the cap and... Vth? of the transistor the power button is connected to collectively determine the on-delay. Google for more. My problem with PC hardware is what happens when the CMOS battery dies. Guess what? We have time sync support in our operating systems these days. If the RTC is wrong, I don't care.

Yep

[koan]

Bought a dual NIC fanless MITXPC never looked back, I love the machine it's quiet reliable and small.
You can get them with more than 2 NIC's as well (I suggest you do for versatility reasons) there are a few builds you can run on these things PFSense, Smoothwall, etc.
http://www.mitxpc.com/ [mitxpc.com]
http://www.smoothwall.org/ [smoothwall.org]
https://www.pfsense.org/ [pfsense.org]
http://suricata-ids.org/downlo... [suricata-ids.org]

But why?

[thegarbz]

No really why?

Performance? I have a 200/40 connection at home. The cheap nasty ISP provided piece of shit all in one modem, wifi router, gigabit switch in a sexy looking package has absolutely no issue with performance.

I also have a nice server with multiple gigabit NICs in them. All unused. I wouldn't think of using it as a router. There is just really no point.

My cobble

[elistan]

I already had a server, so when I got gigabit fiber Internet and my old router would only give me ~300 mbps with NAT, I fired up a VM, gave that a couple network ports, and installed the free-for-home-use Sophos UTM. I then repurposed my old router to be simply a wifi AP. The Sophos is giving me high 800s, low 900s throughput just doing NAT and firewall, and dips down to 300 mbps or so if I enable IPS (Intrusion Prevention System.) The interface and documentation aren't the best, but work well enough I s

Netgear R7000 NightHawk Router + Custom Firmware

[foxalopex]

My home router is a NetGear R7000 NightHawk Router with TomatoUSB firmware by Shibby. Tomato firmware is notoriously stable on most of the platforms it supports and it's feature loaded with VPN and a huge number of other features. It also features an extremely nice front end GUI interface and is more than powerful enough for fast Internet applications. I originally ran my Router as a piece of software on my VM Server but eventually found it much nicer to have a dedicated piece of hardware handling it. Besides, if you're not a fan of Tomato then there's also OpenWRT and DD-WRT. Thou I've found DD-WRT to be unstable on some hardware. Regardless, this is probably the cheaper and simpler way of doing it.

load balancing?

[inicom]

I was reading the article earlier, and I used to do this with a mandrake distribution on an old PC via iptables. I'd do it again, but I don't see any of these mini PC's that have 3 or more gigabit LAN ports so that I can preserve the load balancing setup I have with the cisco RV320 i'm currently have.

Anyone seen any of the low cost boxes with 3 or 4 gigabit ports? I realize that potentially a USB ethernet dongle might be possible, but I doubt any USB-based solution would be robust enough.

Seriously

[ArchieBunker]

Around 2001 I bought an Alpha PC164 board and it ran NetBSD for nearly a decade as my home router/firewall/server. Never once had a freeze up or other hardware issue. As a bonus feature I picked out the correct NIC/video/SCSI cards so it could run OpenVMS and Tru64.

Re:

[PvtVoid]

What do you do / use as wireless solution? Do you have wifi APs without traditional routing capabilities?

Just hook a wireless access point to your router and configure it as an ethernet switch. Done and done.

Re:

[gmack]

Not all wireless access points can do that. The newer Linksys wifi routers for instance, comes with "cloud config" where you setup your basic connection and it gets the rest from their servers. The upshot of this, is that if it cannot connect to their servers from the uplink port, it will reset it's config and do nothing until someone logs in and re configures it.

Re:

[WhiteKnight07]

I have a pfSense router built on a C2758 Atom CPU (specifically this board: http://www.supermicro.com/prod... [supermicro.com]) paired to a couple of Unifi APs (http://www.amazon.com/Ubiquiti-Networks-Enterprise-Unifi-UAP/dp/B00HXT8R2O). Its the best home network I have ever had. And that is including some DD-WRT stuff that I used to use for wifi in conjunction with some actual Cisco gear that I used to use. (ASA 5505 firewall, 3745 router, ect...) I can't see myself ever going back to a consumer grade wifi router. Sure it

Re: I have been roling my own for years

[davidshewitt]

I was waiting for someone to mention pfSense. I used to run iptables / packet forwarding on my server but I've replaced it with pfSense running in a VM. I've since spun up a second pfSense VM on my other server and configured CARP. Last time I tested it I got close to gigabit routing between my subnets. pfSense (pfSense.org) is an enterprise grade firewall / router that is based on FreeBSD. It is completely free and open source (no community vs. commercial edition). If you plan to do anything advanced

Re:

[gmack]

Asus has some inexpensive wireless routers that come with "AP mode" where NAT etc get disable and the device only authenticates Wifi and acts as a bridge.

Re:net6501

[alantus]

Overall I've had a positive experience with Soekris devices. However, let me tell you why I won't be buying any more of them:

1. Cases badly designed for cooling. Unless you add a fan, you will have to put the case vertically in summer.

2. Disregard for OS support/integration. These things are supposed to work on Linux and BSD, but when something goes wrong (ie: the device hangs) or the hardware doesn't work as well as it should, they just blame the OS and don't even investigate. They might offer an RMA if its under warranty, but the issues will continue for sure.

3. As soon as their latest device comes out, support for the older ones stops. For example, they promised to add USB boot support for the net5501, but as soon as the net6501 came out, they just forgot about it.

Other minor ones: closed BIOS and the price is not great.

Re: net6501

[Joao Cordeiro]

Net6501 is crap. I have a 5501 and it was already crap. And here is why: It is largely overpriced. It has only 1 core and low frequency, and no special functions from good i5 or i7. Ram is always low for a x86. Every ethernet is its own device.. So, vlan and bridging happens on the kernel side AKA cpu. You can easly buy 2 or 3 arm based custom routers for its price, all 4 cores and all with switch chip with vlan support.

Re:

[ArmoredDragon]

The last router I'd need would be an actual enterprise grade equivalent gigabit layer 3 switch that is fanless and doesn't cost more than about $200. Because of those last two requirements, I don't think I'll ever find one.

refurb Cisco Liquid-8

[raymorris]

I don't pay any attention to fanless, but refurb Cisco and other high-end gear can often be had for a song.
Liquid-8 Technology has some deals. http://stores.ebay.com/Liquid-... [ebay.com]

Re:

[Billly Gates]

For home use??

Linksys has updated it's WRT54 and does do alot for $200. I have emulators for training myself for a home lab which by 2016 are very decent with pfsense and GNS3 in a VM.

Re:

[iamgnat]

Ubnt edgerouter

I'm a fan of their stuff so I recently picked one up to play with and use as a backup to my Juniper.

While the features are there actually configuring and using them is a PITA that is wrought with frustration if you have any experience with real enterprise level gear.

The biggest frustration for me was it's inability to load full structured (e.g. not a list of set commands) config files from a default configuration. The problem is that rather than wipe the existing config and apply the new one, it does it seq

Re:

[Kokuyo]

The summary said something about pitiful CPU and memory configurations in router hardware. I just went to the Soekris website... For that kind of money one builds passable gaming rigs not 1.6 GHz with 2 gigs of RAM.

Re:

[swb]

I concur. Virtualizing a router firewall makes a ton of sense. It frees you from the hardware constraints of a separate box (you can have as many ethernet ports as the software will support) and the power consumption as well, along with all the usual benefits of virtualization features like snapshots, clones, etc.

I suppose there might be some paranoia about this if you believe the underlying virtualization system was vulnerable or you were sharing host NICs via tagged VLANs and believed there was underlyin

Re:

[Billly Gates]

For a home network or lab to learn like alot of us geeks I only use virtual routers. I do own an expensive LinkSys 54RT (hte new one) which does do VLANs. But really for a home network that is not needed.

For lab or training a virtual one makes hte most sense as you can change things so rapidly ... unless you are studying for a Cisco exam :-). There is GNS3 which is a whole older version of IOS with an emulated switch you can run in a VM too for the 1st CCNA exam and even most of the CCIE without creating a

Re:

[somenickname]

You should be able to do wifi too if you are using something like Xen for virtualization. You can use PCI-passthrough on an Atheros based wifi card and the VM will see it as the real hardware. Then you just need to run hostapd in the VM and you are all set.

Re:

[Billly Gates]

I downloaded the ISO but not have not installed it yet. I see lots of youtube and reddits on setitng up a homelab and everyone says buy used switches etc.

With Hyper-V and GNS3 with a virtual switch I can accomplish much of the same thing.

Right now I have a Server2003 VM where I have a simple NAT and add connections for internet access mixed with the Hyper-V switch. If it doesn't meet my needs anymore as I add more networks I will fire up the pfSense VM and replace the server2003 box.

Re:

[pak9rabid]

I second this. I did a lot of research into embedded x86 systems, specifically to act as a router/AP and ended up with the PCengines APU running Voyage Linux [voyage.hk] (I originally wanted the Soekris net6501, but they're just too damn expensive for what I was looking for). I upgraded from a previous PCengines system (ALIX). The ALIX was great, but it couldn't keep up with my 100 Mbit connection...the APU handles it with no problems.

I paired it with an Atheros-based (ath10k) mini PCIe wireless adapter and it ac

Re:

[Anaerin]

Okay. http://www.fit-pc.com/web/prod... [fit-pc.com]

Re:

[mattventura]

Because it's negligible past a certain point. Who cares if it uses 25w instead of 5w, that's a whole $2 a month for me.

Re:

[aaarrrgggh]

Either use it as a bridge/modem, or run Ethernet to the ONT (box outside). If you do the latter, you have to call Verizon to let them enable that port.