Create Your Own Router and Firewall Solution
Bohs Hansen / 8 years ago
Over-the-counter routers are fine and work as they should, but they simply aren’t enough for some of us. Quite a few of the standard routers located around the homes of the world allow for an open source WRT-based firmware to be installed, but that might still not be enough. If that’s the case, you might want to look into the idea of building your router. Today, I’m going to take you through the basics and show just how easily you can get a router and firewall with any feature you could want on more powerful hardware than pre-built routers offer.
A standard router comes with an ARM-based processor of some kind that runs up to 1.2GHz when it comes high, but mostly the hang around the 800MHz mark. Memory wise you usually only get around 512MB and flash memory for your operating system is limited too. That sets some limitation in regards to performance, ability, and possible installations.
But what if I told you that you could run a router or firewall on standard PC components? And what if I said that it was so easy that everyone could do it? With standard PC hardware components at our disposal, we can build a more robust system that can handle any workload we throw at it, and are also able to build it with the features that we’re looking for in our setup.
For today’s test, I’m using one of Shuttle’s DH110 slim form factor barebone systems, and the DH110 is both compact and powerful. The DH110 uses a custom motherboard with an Intel H110 chipset and support for everything from Celeron to Core i7 processors with a max TDP of 65W. We can install up to 32GB DDR3 SO-DIMM memory in it and a standard 2.5-inch drive as well as expansion cards through the 2260 Type-M and 2230 Type A/E slots. There’s also a card reader that could be used to run the operating system from and plenty of USB ports.
The compact form factor does set some limitations in regards to expansion cards so that it might be a smarter choice for a firewall setup than your primary router. We can still build in wireless network cards in the M.2 slots and attach USB-based wireless adapters for that kind of coverage. You could also run the wired network to an access point or wireless mesh network to gain more coverage. The only limitation is your imagination and budget.
The Shuttle DH110 comes with two Intel Gigabit Ethernet ports, and that is the reason why we are using this system today. That allows us to use one as the WAN connection and the other as the LAN for a perfect firewall solution between our internet connection and our local network.
If you want a more flexible build with more add-in cards, then you could opt for something bigger like the XPC cube or take any other over-the-counter PC chassis and install your components into that. But, the smaller, the better. After all, this is a system that is meant to work, not to look at. However, if you opt for a bigger system, you can install extra network adapter cards, wireless cards, and yes, even 10 Gigabit Ethernet cards. With this kind of options, you get just the features you are looking for and require in your setup.
The hardware part of a do-it-yourself router and firewall solution might have been more or less obvious to you, but what about the software? That is most likely where your previous plans to do it yourself have failed. Yes, you could install some random Linux or BSD distribution and manually set it all up, but you might lack to necessary skills to do so, or you might simply be too lazy for this. Not to worry, some people have done all the hard work for you already.
That hard work is called pfSense, and it is an open-source project based on the FreeBSD operating system. It has been specially tuned for this kind of tasks and comes with an easy-to-use web interface for the configuration. The installation can be done with minimal user interaction too. We will take a look at both sides on the following pages.
The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality. pfSense software, with the help of the package system, is able to provide the same functionality or more of common commercial firewalls, without any of the artificial limitations. It has successfully replaced every big-name commercial firewall you can imagine in numerous installations around the world, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and more.
pfSense software includes a web interface for the configuration of all included components. There is no need for any UNIX knowledge, no need to use the command line for anything, and no need to ever manually edit any rule sets. Users familiar with commercial firewalls catch on to the web interface quickly, though there can be a learning curve for users not familiar with commercial-grade firewalls.