What's new

The Ars guide to building a Linux router from scratch

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

BreakingDad

Very Senior Member
Last edited:
that router is for embedded so while you cant upgrade the CPU it does have SFP which is what every consumer router should have but lacks. Even VDSL has been fitted into SFP so it means you can do away with a modem.

A full linux router is great because you can have all the benefits of pfsense but install all the stuff you want and even make it into a NAS, For a desktop PC you can buy quad port network cards and SFP cards and even wifi cards but wifi is best left to APs or wifi routers. What i particularly like about using linux server as a router is that you can implement firewall, UTM (including anti virus such as clamav), advanced routing features and also have all the other things like NAS or even video streaming server all from the same box with good performance. The only bad thing is that it uses more power than embedded but for the performance and all in one so you dont need another device it could outweigh electrical cost. Linux also has cups and xsane which means driverless print and scan so it is less of a hassle compared to using a router with usb port for print and scanner sharing but it can be complicated to setup with linux being as it is. I did the same thing on a raspberry pi as it runs linux but you cant do that with pfsense.

it is important to note that going down the path of using linux as a router you will have a lot of configuration to do to protect it, make sure to learn IPTables at least.
 
that router is for embedded so while you cant upgrade the CPU it does have SFP which is what every consumer router should have but lacks. Even VDSL has been fitted into SFP so it means you can do away with a modem.

A full linux router is great because you can have all the benefits of pfsense but install all the stuff you want and even make it into a NAS, For a desktop PC you can buy quad port network cards and SFP cards and even wifi cards but wifi is best left to APs or wifi routers. What i particularly like about using linux server as a router is that you can implement firewall, UTM (including anti virus such as clamav), advanced routing features and also have all the other things like NAS or even video streaming server all from the same box with good performance. The only bad thing is that it uses more power than embedded but for the performance and all in one so you dont need another device it could outweigh electrical cost. Linux also has cups and xsane which means driverless print and scan so it is less of a hassle compared to using a router with usb port for print and scanner sharing but it can be complicated to setup with linux being as it is. I did the same thing on a raspberry pi as it runs linux but you cant do that with pfsense.

it is important to note that going down the path of using linux as a router you will have a lot of configuration to do to protect it, make sure to learn IPTables at least.

VDSL SFP modules? Where can I find such a thing?
 
I'd recommend Shorewall as an alternative to manually configuring iptables. It will give you more power and flexibility than a dedicated distro, yet remain easy to manage.

It's what I use on virtually all the Linux servers I manage (aside from a few hosting servers where I use CSF, for its enhanced intrusion management).
 
I'd recommend Shorewall as an alternative to manually configuring iptables. It will give you more power and flexibility than a dedicated distro, yet remain easy to manage.

It's what I use on virtually all the Linux servers I manage (aside from a few hosting servers where I use CSF, for its enhanced intrusion management).

I completely agree. Anyone who needs the guide, really should not be manually configuring an internet accessible router themselves.

The article should clearly state that router security is perhaps the most important aspect of a normal consumer's network.
 
I'd recommend Shorewall as an alternative to manually configuring iptables. It will give you more power and flexibility than a dedicated distro, yet remain easy to manage.

It's what I use on virtually all the Linux servers I manage (aside from a few hosting servers where I use CSF, for its enhanced intrusion management).

Completely agree here - Shorewall, VyOS are good alternatives, and they offer things that his basic setup cannot do... (and of course, there's always pfSense, OpnSense, SophosUTM, etc...)
 
Been looking into this matter just a trying to find good hardware the software part is easy
want something similar to this: https://www.solid-run.com/product/clearfog-pro/

but with an Intel Soc instead of a ARM Soc been looking at barebones but none of em have the number of rj45 connectors that the clearfog has nor mSATA and mPCIe expansions slots
 
Last edited:
Been looking into this matter just a trying to find good hardware the software part is easy
want something similar to this: https://www.solid-run.com/product/clearfog-pro/

but with an Intel Soc instead of a ARM Soc been looking at barebones but none of em have the number of rj45 connectors that the clearfog has nor mSATA and mPCIe expansions slots

Anandtech recently had a review for a small form factor that had four Ethernet interfaces. Unfortunately, the thermals of the device weren't too impressive (passively-cooled, so it ran quite hot under load), and it wasn't cheap either (being an industrial design).
 
Anandtech recently had a review for a small form factor that had four Ethernet interfaces. Unfortunately, the thermals of the device weren't too impressive (passively-cooled, so it ran quite hot under load), and it wasn't cheap either (being an industrial design).

Was that the little AMD powered fitlet from CompuLab?
 
seems like it not that good compared too the clearfog :/

It'll outpeform the Clearfog by about 2x - Fitlet's run warm, but they're designed to... and being x86 based, you'll have more options with regards to software...

If you're interested in the clearfog, pick up a WRT1900ac, and run OpenWRT on it, basically same specs...

I'm pretty happy with my Netgate 2440...
 
@sfx2000 Thing is i rather run a Intel SoC with Pfsense or Ipfire but the barebones suck in most cases for customizing or atleast what i found the clearfog is the best ive found so far looking for a similar board but Intel

that Netgate RCC-VE 2440 System looks nice not what searching for too bad i couldnt just replace the Soc on the clearfog ;) to a braswell soc then it would be exactly what im looking for
 
@sfx2000 Thing is i rather run a Intel SoC with Pfsense or Ipfire but the barebones suck in most cases for customizing or atleast what i found the clearfog is the best ive found so far looking for a similar board but Intel

that Netgate RCC-VE 2440 System looks nice not what searching for too bad i couldnt just replace the Soc on the clearfog ;) to a braswell soc then it would be exactly what im looking for

They are intending to do an Intel variant of the clearfog - not shipping yet, I don't believe, but it's been promised...
 
If you're buying embedded x86 both intel and AMD do have similar performance if SSE is not used. As long as the NICs are not realtek CPU load isnt much a worry but i am not too keen on running a router on intel atoms/celerons and AMD equivalents if you plan on using features like proxy caching and encryption, anti virus and other things that would require more complication. Proxy encryption isnt the same as VPN encryption although some intel atoms actually have AES acceleration. I do wish the embedded x86 would at least be cheaper because price/performance wise the standard desktops beat it by a lot though the NICs make a lot of difference but getting 2nd hand datacenter NICs is an option. If buying embedded x86 cost around $200 with 1 wifi card and 4 or 5 ethernet ports than other network SoC manufacturers would've used better CPUs and broadcom would've used ARM A15 instead of A9.

The lower power x86 CPUs like intel ATOMs do the same tasks that ARM and MIPS do well but also dont do tasks that the other architectures dont do well because of their much simpler pipelines. Memory bandwidth is important for some situations too depending on network bandwidth or applications you run on it.

While pfsense and untangle offer a lot you cant run a NAS off them which is what makes using a standard distribution linux server a choice as you can run anything linux can from it only that you would have to make sure that it is properly configured to be secure. you cant install plex on pfsense but you can do it on a normal linux distribution if you need encoding to save bandwidth. For 1Gb/s of NAT throughput even DDR2 should be sufficient inclusive of processing. I think even openWRT has an x86 option.

With AMD having APUs and intel IGPs supporting compute its disappointing that this isnt included as a basis of hardware acceleration for x86 for networking. I know most of the world is still on DSL/cable but the extra CPU gives you more options of things you can run like more firewall, more QoS and so on.
 
The lower power x86 CPUs like intel ATOMs do the same tasks that ARM and MIPS do well but also dont do tasks that the other architectures dont do well because of their much simpler pipelines. Memory bandwidth is important for some situations too depending on network bandwidth or applications you run on it.

For routers - believe it or not, most of the ARMv7's and Intel x86-64's actually perform quite well - at least the recent ones do...

Need to get off that CPU architecture track - MicroTik is pretty awesome, but the Tilera chip is a PITA to code for, and I'm guessing that there's about 5 guys that know how to make the most of it - and one of them works for MicroTik...

If you compare a high-end ARMv7, let's say Armada 388, against an Intel C2358, they're going to be pretty close - depends on compilers and options, but the ARM might be faster in one way, and the Intel has 64-Bit headroom and AES-NI, which for some purposes will be a bit faster...

The Tilera, while interesting - under Linux, most of the cores are wasted - mostly due to poor thread scheduling in Linux, and also how to massively take serial tasks parallel - many cores are nice to process certain things - like OpenGL and graphics primitives - look at CPGPU/OpenCL/Cuda - fantastic numbers until one tries to do general work - and AMD has tried to do some interesting things with their APU's and HSA...

But Tilera and MicroTik ain't there - and likely not going to be...
 
Thing is i rather run a Intel SoC with Pfsense or Ipfire but the barebones suck in most cases for customizing or atleast what i found the clearfog is the best ive found so far looking for a similar board but Intel

When you get into these little boxes - a lot of good performance to be found - ARM/Intel/MIPS, whatever - but it also involves getting deeper into the guts of the OS, along with Routing, and one still needs to deal with peripheral services that one might expect from a turn-key vendor - not just for setting up, but also to sustain...

It's a fun path to go down - but not everyone has the time to deal with things - esp. if one has a house full of folks that depend on those services and one is trying to sort out things on a learning curve...

There are dragons out there - just be aware of it - once you get away from the Asus/NetGear/DLInk/Linksys/Apple/etc world... scary world out there - be an explorer - just watch out for fellow travellers that think they know the absolute right path, and that path be a short cut - might not be good...

https://en.wikipedia.org/wiki/Here_be_dragons
 
Similar threads
Thread starter Title Forum Replies Date
D [Ars] Kremlin-backed hackers are infecting Ubiquity EdgeRouters Routers 8

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top