Chances are the words you're reading right now had to pass through your home's router on their way to your screen. If your home is anything like mine it has dozens of devices in it, each depending on the same little router to keep their internet thirst satisfied. If you've ever had your router go down, you know what a tragic experience it can be. You can't read the news, like your friends selfies, swipe left, or even swipe right. Worst of all, you have to get up, unplug the router, and plug it back in. We've all had to do it one time or another and it seems like we've come to accept it as part of life. But why do these things continually fail? Well, consumer grade commercial routers are generally shit. They're adding antennas to these things faster than Gillette is adding blades to its razors and yet you still get no signal upstairs.
Like seriously, WTF is this thing? It wasn't getting good enough performance with 7 antennas so some genius thought "we must need another antenna".
Even when the commercial routers do work they offer very little control over your network. Things like blocking ads or monitoring network traffic are downright impossible. With just a bit of technical know how though it's possible to escape this commercial router hell. For less than the price of a commercial router you can have a fast, reliable, feature packed replacement. You don't even need one of those fancy Linux router distributions. Pretty much any distro you're comfortable with will do.
In this guide I'll walk through what it takes to build a basic router using cheap hardware and a stock version of Ubuntu. It will be cheaper, faster, and more reliable than a commercial router. If you're looking for more, I'll also show how to add some additional features like blocking ads on your whole network, accessing your network remotely, generating pretty graphs of network traffic, and more.
OK, so here's what we're going for:
WAN traffic (public internet) on one side, router magic in the middle, and LAN traffic on the other side. The WAN side connects to your modem and the LAN side connects to an ethernet switch, a wireless access point, or both. Of course, if you're feeling adventurous it's always possible to add more interfaces later.
What you'll need
You're going to need a few things to create the router, but you probably already have most of them lying around:
A machine running Ubuntu. This guide will use Ubuntu 16.04 but any Ubuntu version should do if you're willing to Google the differences. Likewise pretty much any machine will be powerful enough to handle the job. I've been using a Pine64 board and highly recommend you do the same. Its small, low power, cheap, and powerful. It's basically a Raspberry Pi on steroids for less money than a Raspberry Pi.
At least two network interfaces. One for the LAN and one for the WAN. Chances are your machine will already have at least one ethernet port. If you need more I recommend some cheap USB to ethernet adapters like these. Its also possible to use a wireless adapter, but I don't recommend it. Its far less reliable and makes things more complicated. Go with ethernet for now and I'll explain how to add easy, reliable wireless a bit later.
Ethernet cables. You'll need a couple of these for hooking everything up.
Depending on how you want to connect things to your LAN you may need the following:
- An ethernet switch. If you're going to have multiple wired connections to your LAN you're going to want one of these. If all you want is a wireless access point though you won't need one.
- A wireless access point. If you have a wireless router lying around it will be your best bet for adding wireless to your network. Its much simpler than using a wireless network adapter and running access point software on the machine.
- A wireless network adapter. Instead of an old wireless router you can use PCI(e) or USB wireless adapters to add wireless to your network. But like I've said before, this is more complicated and less reliable. Do so at your own peril.
Step 0: Pre-work
Since literally all your internet traffic will be passing through this machine its probably best you lock it down. The "First 5 minutes on a server guide" is a good explanation of what you should do. At the very least, disable root SSH access, disable password based SSH, and enable automatic updates. Once your box is safe from haxors it's time to start setting things up.
Step 1: Configuring the Interfaces
The first thing you'll need to do is configure the network interfaces you will be using. Add a loopback interface by editing
/etc/network/interfaces and adding this:
# /etc/network/interfaces # loopback auto lo iface lo inet loopback
Next you'll need to add the WAN and LAN interfaces. To find which interfaces you have available run
$> ip link. You will get something that looks like this:
$> ip link 1: lo: <LOOPBACK,UP,LOWER_UP> ... link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> ... link/ether 11:22:33:44:55:66 brd ff:ff:ff:ff:ff:ff 3: enx0050b617c34f: <BROADCAST,MULTICAST,UP,LOWER_UP> ... link/ether 11:22:33:44:55:66 brd ff:ff:ff:ff:ff:ff
Here you can see I have an
eth0 interface and an
enx0050b617c34f interface. The
eth0 one is the ethernet port built into the Pine64 I'm using and the
enx0050b617c34f interface is from a USB to Ethernet adapter. The names of yours may be different. Just substitute the names for yours in the rest of the configuration files.
To set up the WAN you'll need to configure a DHCP interface. Your modem runs a DHCP server so that when a cable is plugged into it the router can ask for an IP address and other network configuration values. Add another block to
/etc/network/interfaces (substituting your interface name if it is something other than
# WAN interface auto eth0 iface eth0 inet dhcp
Simple enough. Now for the LAN side. For the LAN you will need to configure a static IP address as well as a few other network parameters. Add one more block to
/etc/network/interfaces that looks like this:
# LAN interface auto enx0050b617c34f iface enx0050b617c34f inet static address 192.168.0.1 network 192.168.0.0 netmask 255.255.255.0 broadcast 192.168.0.255
OK so what exactly do these things mean? The first two lines are similar to the other blocks. They say "automatically bring up the
enx0050b617c34f interface" and "configure it with a static IP address". The
address line specifies what the static IP address will be. This is the IP address of the router on the LAN. The
netmask lines define what range of IP address are available on this interface. With the configuration above any traffic to an IP address that starts with
192.168.0 will be sent over this interface. Finally the
broadcast line specifies the address to use for sending messages that all hosts on the network can receive. Putting it all together your
/etc/network/interfaces file should look something like this:
# /etc/network/interfaces # loopback auto lo iface lo inet loopback # WAN interface auto eth0 iface eth0 inet dhcp # LAN interface auto enx0050b617c34f iface enx0050b617c34f inet static address 192.168.0.1 network 192.168.0.0 netmask 255.255.255.0 broadcast 192.168.0.255
For the new configuration to take effect you can reboot or just restart the networking service with:
$> sudo systemctl restart networking
With that done you should have your network interfaces up and running. If you know how to configure a static IP you could plug a cable into the LAN port and starting getting internet access. Configuring static IPs gets old pretty quick though, so to get the same sort of network autoconfiguration a commerical router gives you, you'll need to set up a DHCP service. That'll be up next in part 2.