Everything that's old is new again. Raise your hand if this is how you first got into Linux.
I needed to share a spectacularly slow DSL line with my college roommates. Soultion? Cobble together a router out of a cheap Pentium box, a PCI DSL modem, a 10mbit ISA nic, and Debian. Oh, and a couple of days of tinkering.
> Raise your hand if this is how you first got into Linux.
_raises hand_
In my case, I had my existing desktop PC and acquired another (used) one. Broadband hadn't yet made it to the rural area I lived and I got tired of moving the phone line back and forth between the two PCs.
I was able to find a pair of (very well supported) 3c509s and a crossover cable and managed to build my first network and get both machines online at the same time.
20+ years later, I'm still doing pretty much the same thing, progressing from ipfwadm to ipchains to iptables (on Linux) to pf (on OpenBSD). And, of course, the little dedicated machine flinging my packets nowadays is much faster than I could have ever imagined back then.
Oh man, ipfwadm, I completely forgot about that. I also now remember an ipmasq command, which google reminds me was kind of a wrapper around ipfwadm or ipchains, and I remember rebuilding my kernel over and over again (overnight!) to get the right combination of networking options. I also remember being very frustrated when I had to drop ipfwadm and learn ipchains for kernel 2.2, and drop ipchains and learn iptables for kernel 2.4!
Yup, had a 486 running Slackware and a Pentium running Windows (FWG? 95?) and wanted to be able to share a single, always-on dial-up connection between them. I asked for a hub (with a 10Base2 BNC hookup and four 10BaseT ports) for my 15th or 16th birthday and found a 10Base2 ISA card for the 486 and a 10BaseT PCI card for the Pentium and went to town with ipchains, ppp, the whole nine yards. Good times.
In retrospect, I was very fortunate to have access to not only one but two computers, dial-up Internet, and a second phone line. It didn't seem like it at the time because my friends were getting ISDN lines. So many hours spent on IRC learning about Linux...
We were a Mac household, so to share the 56K dialup modem over our home LocalTalk network, I dusted off my Centris 660AV and configured the Mac's IP stack to do the routing using IPNetRouter[0] and wrote a couple of remote command AppleScripts so you could tell the modem to dial, hang up or return status.
The Macs of those days had RAM Disk support in the ROM so I copied the whole OS onto a RAM disk and unplugged the SCSI drive when it rebooted to create a nice solid-state router.
I decided I should use OpenBSD as I'd heard it was really secure. This was 2000. The old machine it was going on had an unsupported NIC, so my first experience of OpenBSD was trying to install drivers from CD. It then literally took a week to compile everything. Happy days. I was so pleased with myself that I bought pufferfish stickers to put on it.
I scratch-built a minimal linux distro that had NE2000 support and ipchains. It fit on a single bootable floppy. Through high school, I sold the discs for $100 each, with the promise that it'd take whatever old junk computer you had kicking around and turn it into a reliable router. Paid for my first computer that way!
I remember setting up nat/firewall/routers for my office using cast off desktop machines, a linux on a floppy distro, and a couple of 3com network cards. They may have even been 486 machines, since I was taking what I could get. The IT people were impressed with the security of being able to flip the write protect on the floppy. And the speed, once it was running completely from memory. Less so on the process to make a change.
At the time, they were running out of ip addresses because every desktop was allocated a public ip.
I started with a Linux, but eventually moved on to FreeBSD. I learned more about network technologies mucking around with an edge router then I ever did in my CS networking class.
This article has motivated me to do this for my parents. They are plagued by wireless reliability problems. I added another WiFi router at the other end of the house and bridged over Ethernet (it was a PITA to configure bridging in the extension router's firmware). I'm not even sure if it helps, though I did ensure that the two APs are operating on the two least-noisy channels. I regularly have connectivity problems when I visit, and feel bad that they have to deal with it on a regular basis. Updating to newer consumer routers has only offered marginal improvements.
Their house actually has acquired quite a bit of CAT 5E runs to the far corners, so I'm thinking about getting them a router (small x64 machine as described in the blog post), a gigabit Ethernet switch, and some Ethernet-connected WiFi APs around the house.
Does anyone have experience with Ubiquiti APs? They seem to understand that they exist primarily to bridge WiFi and Ethernet, not solve every networking related problem on Earth. I have to say, my WiFi experience at the office improved dramatically after the AirPorts and Cisco APs were tossed for Ubiquiti...
- we use a Unifi AP Pro at work, and it has been superbly reliable (no weird connection dropouts or resets, unlike various expensive consumer routers we previously tried).
- you need the Controller software installed somewhere permanent (it contains a db of configuration settings for the APs). On Windows the software has an ugly dependency upon Java (ouch) and I couldn't quickly get it to run on Windows 7 (wouldn't start) or Windows 10 (crashed) so ended up installing it on OSX.
> - you need the Controller software installed somewhere permanent (it contains a db of configuration settings for the APs). On Windows the software has an ugly dependency upon Java (ouch) and I couldn't quickly get it to run on Windows 7 (wouldn't start) or Windows 10 (crashed) so ended up installing it on OSX.
Just a small correction: you don't need the controller software running permanently. Unless you're running a paid hotspot, you only need it for changing configuration or performing firmware updates. Once the configuration is applied to the APs, they retain it in flash and you can shut down the controller until next time.
> I'm not even sure if it helps, though I did ensure that the two APs are operating on the two least-noisy channels.
It may help in noisy neighborhood, though your post sounds like you may not be aware that WiFi channels partially overlap. Which they do, see Wikipedia or something for details if unsure.
Can't speak to the APs as I was waiting for a month for them to come back in stock (the AC Pro variant) but I really like my little EdgeRouter X. Doesn't fully cover fair QoS to prevent bufferbloat since it can only handle about 200Mbps in software and the hardware doesn't kick in unless QoS is disabled, afaik. But you practically have to pay a thousand bucks or build your own router to get that these days, I just wanted something simple, fast, secure and cheap and the EdgeRouter X fit the bill. Attached a Google OnHub when those went on sale back in December. Edit: By simple I mean advanced but with um, guided templates. Unlike Ubiquiti, the OnHub is actually simple.
Just a quick shout-out for pfSense as an excellent router OS. I've been playing around with ClearOS, DD-WRT, m0n0wall, Smoothwall, Shorewall, etc. (as well as many of my own home-grown solutions) for years and nothing even comes close to the features and performance offered by pfSense. DD-WRT is close but you're extremely limited in terms of the hardware it will run on (think WRT54G/L units with ancient processors and 16MB RAM). Not to dismiss all those other efforts but pfSense is at least worth a try. The writer of this article seems to disregard it off the bat but it's worth the time investment if you're looking for something secure and stable with features like Snort, VPN, traffic shaping, country blocking, DNSBL... the list goes on and on! Plus, it gave me an excuse to finally get my feet wet with FreeBSD. :-)
I helped make a list[0] (which is still kept current) of OpenWrt and dd-wrt hardware a while back. You might want to give OpenWrt another chance, it may not be as outdated as it might seem.
I used to run my customized build of OpenWRT on an old, passively-cooled Pentium II box. It ran completely from ramdisk and had all configuration baked into this ramdisk image so that the noisy HDD could be powered down immediately after bootup. This was before the era of cheap small SSDs.
The official builds support installation on disk partition just like any other Linux distribution.
I would have liked to see a comparison between Ubuntu and pfSense on the same hardware. It would have also been useful to subject each of the routers to at least a basic pentest.
pfSense is a good operating system and provides a nice pointy-clicky interface for configuration. I'll give it that.
I was a bit turned off by how they yanked the pfsense-tools repository and then put in some restrictions on access to it.
(Jim: There's no need to reply and have the same conversation yet again. I'm well aware of what your reasons for doing so were and you are well within your rights to do it; we don't have to agree with it or like it, though.)
pfSense is FreeBSD with a clunky web interface that does some "magic" with PHP using XML. now, that characterization won't be as accurate in the future (I'm genuinely curious to see what happens with python, dpdk, and other things they've mentioned/hinted at) but let's be entirely honest here: it's FreeBSD with a web interface and a support company behind it.
I think your info on DD-WRT's hardware support is a bit outdated. When I bought my last router, an Asus AC68, full support was one of my mandatory criteria.
Yes, you're correct, DD-WRT runs on modern consumer AP/router hardware. But the processing power* of that Asus (a quick google tells me 800MHz x 2 cores with 256 MB RAM) pales in comparison to e.g. an Atom C2358 (1.7 GHz x 2 cores) with 4 GB RAM. You can't run DD-WRT on the latter, or at least not last I checked, which is the point I was trying to make (albeit poorly). And when it comes to running things like Snort, VPN, etc., you're going to want that extra memory and processing power. Granted, it's probably overkill for most people, but one might say the same about the Homebrew/Ubuntu solution described in the OP. The whole point of the OP was moving away from MIPS-based consumer AP/router hardware with small memory footprints.
* And yes, the Asus has silicon dedicated to networking features, but so does the C2358.
Just as a PSA, there are zillions of _very_ nice $300-$350 15w TDP Broadwell x86 boxes, with 4-8GB RAM, 64/128GB SSD, bundled WiFi, and dual gigabit ethernet ports on aliexpress. I don't know why there are so many broadwell boxes on offer, but these are a stellar deal for the price, and are fully solid state, super flexible, extremely fast anything x86 boxes.
Oh wow, nice. I've been buying quite a lot of stuff from AliExpress recently, it's great. But for some reason I've never noticed these. I imagine they would make pretty great media servers/homebrew set-top boxes. Does anyone have any idea what those connectors hanging about on the inside (last image) might be?
Great, so could fire a (multi-)terabyte drive in there and use it as a set-top box. Thanks for posting, yet another project to go on the unending list.. :)
> As far as the routers are concerned, there's no difference between maintaining connections to thousands of individual IP addresses or just to thousands of ports on the same IP address.
Has anyone tested this? It makes intuitive sense, but things are often surprising in the performance/optimization world.
As far as routers are concerned, that's mostly true. If the router has a big routing table and packets are coming from different sources, it may have to spend some time looking up those routes, but that's one of its core competences anyway :)
There are going to be, however, many people out there throttling 10k simultaneous connections from the same host, while they wouldn't bat an eye for 20k simultaneous connections coming from 2k different hosts in total.
I don't want a 17W Celeron on all day, every day. I want something like an ARM Cortex-A57. Powerful (and possibly well beyond 17W) but with "big.little" cores that just turn off in low load situations.
When is the ARM universe going to get serious about desktop-style construction? The chips are getting fast enough for anything now so they're going to have to end this ridiculous throwaway culture soon.
How about standard memory and accessory slots for starters. Something I can upgrade when I want faster network.
Fair point. That is of course probably the bit I want most. Massive mass production to the point where it competes with the current integrated (throwaway) market.
I thought about building a new router myself, but I decided against it.
Two reasons: i could not hit the price point of a off-the-shelf-solution and I was worried about energy efficiency.
However I switched from consumer gear to a more professional stuff, using Unifi APs as wireless APs and a n EdgeRouter X as router - the four available gigabit-ports are enough to support the network.
This article has spawned a few questions. My apartment building is hooked up to a fiber optics line, and it enters my living room through a coax cable. I'm still using the stock router, and the performance has been absolutely abysmal. In short, my connection gets dropped entirely for minutes at a time. I'll usually get 20 minutes of internet, and then 2-5 minutes of outage.
Here's the rub: I have more devices than the normal person:
- 1x home-built NAS, via ethernet
- 1x desktop, via ethernet
- 1x laptop, again via wifi
- 1x mobile phone, via wifi
Could the outages be due to having an under-powered router? Are there any simple tests I could run to diagnose the problem further?
Off the top of my head, the usual internet speed-test battery indicates that my performance behaves as advertised, so it would seem that the problem isn't with the fiber line per se.
A related question: the article here left me a bit confused. Did the author end up finding a router that could take a coaxial input?
Apparently (this is second hand knowledge), the thermal design of cheap consumer routers is really poor (because a sleek package + no fans is a priority, along with low cost), and this somehow causes the device to degrade over time. It's beyond my understanding exactly how this degradation works (I thought digital things either worked or not), but it appears to be a thing.
FWIW, four devices might be slight more than a normal single person has, but it's definitely less than an average modern family reasonably has: 1 smartphone + 1 tablet per person, a smart TV (and/or AppleTV/Chromecast/Fire), a Sonos or two, a couple of laptops etc, plus whatever guests bring along.
Afaik the primary mechanisms behind hardware degradation are electromigration in semiconductors and evaporation of electrolyte from capacitors. Both of these are temperature dependent, and a golden rule is that an increase of 10deg C halves the lifetime of a component (at least for caps).
A device may still work most of the time, but the analog electronics that implement the Boolean logic your digital device depends on are running outside design-spec, and the probability of a transient failure is increased.
One can further fantasize of secondary effects for example caused by unclean voltage rails due to bad filtering on switching regulators, perhaps increasing the probability of transistors latching up, frying controllers, or directly injecting strong noise typically in the 100kHz range into IO devices fucking with touchscreens, Ethernet, WiFi, you name it.
Take all of this with a grain of salt, I'm merely a university dropout struggling to make my boss understand why the 100's of decade old kiosks I service for a living don't work good like they used to.
Edit: Apparently my mind-dump above merely scratches the surface.
You won't find any router that takes coax, that portion is handled by a DOCSIS modem. In your case, you're unlucky enough to have been given a combined modem/router by your ISP.
You have 2 options to improve performance -
1. Use a third party DOCSIS modem, if allowed by your ISP, along with a seperate, dedicated router.
2. Put the modem/router abomination into gateway mode, and get yourself a seperate router. If the modem does not have a gateway mode, you can often use PPPoE to bypass the modems routing function.
This often resolves the connectivity issues introduced by these devices.
First thing's first, your router's firmware is probably total shit. Flash DD-WRT or Tomato onto it if you can.
If you want to really nail the problem down you can buy a router based on the processor and memory specs and flash the firmware or go the route from the article.
Again, because most people have no idea how bad it really is, your router's firmware is probably absolute trash. It isn't an Asus is it?
That was my first thought as well, but no such luck...
It's a Netgear CG3700B, an EU DOCSIS model.
EDIT: actually, I may have been wrong about DD-WRT (https://www.dd-wrt.com/wiki/index.php/Netgear_WNDR3700). What's the relationship between the WNDR3700 and the CG3700B, I wonder... they certainly look the same, so I'm hoping that A) mine is the EU version of the above router and B) it uses a compatible firmware.
I use separate devices and, personally, I'm much happier this way. Like the author, I could put a mini-PCI Wi-Fi card in my router, but I like my current setup (a RouterMaxx 1106 [0] running OpenBSD from CompactFlash and Aerohive AP330 [1] for wireless) the way that it is. I also have a Ubiquiti NanoStation [2] that connects to the AP330 (as a regular wireless client) and provides Internet access out in the garage.
I think investing in faster non-wireless router is better with wireless technology changing every few years where you can simply add on wireless only solutions like Ubiquiti's Unifi for only $69.
Assuming you have wired connections to begin with.
I live in an older apartment complex which was build in early 70s and there is only very poor copper connection, so I can get at most 8Mbs in through that. Slow speeds have forced me to look for alternative solutions and 4G LTE is the way to go here, it costs just shy of twice my old setup, but I get 80-100Mbs in and out, which is 10 times as fast, but being on 4G means I can need my router/modem/thing to be 4G enabled and while my main PC is connected to that router via Ethernet most of my devices use WLAN (things like chromecasts, phones, tables, and laptops).
Maybe I'm in very tiny minority here, but just saying things aren't always as simple.
Well I'm not sure if you're the minority but you're not the target for this article or those that require a fast router for broadband speeds going beyond 100Mbit/sec along with several open connections at the same time.
What are your usage caps? A lot of ISPs in Europe offer mobile broadband for home (as LTE is usually a lot faster than wired), but have ridiculously low caps. I'm currently staying in a place in Italy which has Tre (Hutchinson), who have a cap of 30GB/month.
I have no usage caps, but it does get congested during evening hours, at times dropping to ~20Mbs, but during day (working hours) and nights/early mornings it's blazingly fast
A common pattern across networking is the incorrect belief that only bundled products are possible.
So the only product is a combination router+wifiAP. Or the only way to have a stateful firewall in ipv6 is to have stateful firewall+NAT like in ipv4.
Its generally pretty easy to buy a stand alone WAP and configure it to be a very simple bridge to the existing network and call it done.
If you have kids, buy two, connect the kids devices to the second AP, and control its power via various methods (timer, home automation, whatever). This is a trivial way to enforce "homework first, toys like ipad second", or enforced bedtimes or whatever.
Note that this kind of misconception is limited solely to the networking world. The fact that TV+VCR combo devices exist made no one think its impossible to have stand alone TV and stand alone VCR.
You could add WiFi if you wanted to. As the article points out, good wireless chips are hard to come by, but (also as pointed out in the article), you could still buy consumer wireless access points and use those.
11 days ago, I bought a new $200 ADSL2/Wifi router. 10 days ago I was moved on to a fibre connection (yay!). This has removed the need for the very specific Broadcom ADSL chip/DAC that I needed to maintain a stable connection.
The particular router I'm using has a 2.6.36 based kernel and some of the worst web UI work I've seen, not to mention a very unstable version of udhcpd.
With my new net connection all I need is something that has an Ethernet card and can do a PPPoE handshake - now to find an ARM box with 4+ gigabit NICs...
So, I have a circa-2012, dual core atom machine with 2GB of RAM. It has two ethernet ports and six SATA. I was using it as a NAS, but apparently one of the SATA controllers went bust.
The author mentions that he was specifically looking for the newer celerons. Any specific reason? Just because of OpenVPN? Wouldn't such an atom machine be able to handle this load?
What about if I set it up to have the VPN only for torrents, for example?
>Just because of OpenVPN? Wouldn't such an atom machine be able to handle this load?
Newer processors will have hardware to do AES, you can look it up on ark.intel.com where it is called Intel AES New Instructions. You probably want this on a slower processor such as a Celeron if you're planning to do OpenVPN.
I have a similar box with OpenBSD which I've been running for about five years now. No hiccups or pain. Added the Ubiquiti APs last year when I started wanting wireless.
I could possibly replace the hardware to cover the next five years of power consumption difference though. That's not so much an issue with the new little Celerons though.
It sure is easy to throw lots of CPU processing power at the problem and get a fast router.
But for $40 less, the Nighthawk additionally includes 2 WiFi chips, a whole lot of software engineering and a probably much lower power consumption due to specialized hardware e.g. for NAT offloading.
swapping in new gear because an old router could no longer keep up with increasing Internet speeds available in the area
upgraded from 1.5-9mbps traditional T1 connections to 50mbps coax (cable)
Is there anyway to make a router using just a single port ethernet? I'd like to have an Intel NUC to act as the main router, but it has only a single ethernet port.
Netgear has a cheap 5 port switch (GS105e, IIRC) that can do VLANs and trunking. There also have larger models.
You'd configure the switch port that the router is plugged into as a trunk, and then configure the other 4 switch ports as untagged in different VLANs (say, 101 for port 1, 102 for port 2, and so on).
On the router side, you can use vconfig to create VLAN subinterfaces for each VLAN. You'd end up with eth0.101, eth0.102, and so on.
You then just ignore eth0 on the router, and use eth0.# interfaces as stand-ins for the various switch ports. You can put them in Linux bridges, route to and from them, and so on.
This is internally how most cheap wireless routers work. The CPU has only 1 or 2 ethernet interfaces, and an small onboard switch chip.
Link level things like LLDP and STP may or may not work right with this config, depending on exactly how the switch chip (on board on a cheap wireless router, in the netgear switch for this DIY version). But most home and small business routers don't support LLDP and STP anyway.
There are some dual-LAN mini-PCs available, although I'm not sure if Intel makes one. You have several options. I use one of these[0] flashed to FreeBSD (pfSense), but it will run Linux if that's what you prefer.
How would performance stack up versus the consumer routers if you just used a Raspberry Pi B+ / Zero, with additional network interfaces added via USB?
I needed to share a spectacularly slow DSL line with my college roommates. Soultion? Cobble together a router out of a cheap Pentium box, a PCI DSL modem, a 10mbit ISA nic, and Debian. Oh, and a couple of days of tinkering.
Ah ipchains. Those were the days.