My friend Mat recently asked how difficult it is to build your own router. He’s living in a house with 4 or 5 other guys, and two Internet connections (one for work purposes, the other apparently comes with the house).
My immediate suggestion was to grab an old Sun Cobalt Raq server. My former router was based off a Qube3 picked up off ebay for less than $80.00. The things are great: low power consumption, two NICs, an LCD screen, a trippy green LED panel….
There’s numerous walkthroughs on how to turn these things into mailservers, etc… (google for them). The basic gest of what one needs to do is:
- Upgrade the ROM. This has fixes for 2.6 kernels as well as support to boot from an ext3 filesystem.
- Install the root filesystem on the drive(s). This can be done by mounting the IDE drives in another box, or using an nfs server to install from the Qube itself.
- Compile a kernel. While there are many patches out there, I’ve found that (possibly aside from the LCD screen, which I’ve never bothered with), a vanilla 2.6 kernel will work fine
As far as items to install: I’m personally using Quagga for static routing and OSPF (I use the Cobalt as a route server. Also Quagga has a nice Cisco-like CLI), OpenSwan for VPN access, VTUN for quick tunnel here and there (over which I run OSPF), Roaring Penguin L2TP for various layer 2 tunnels, etc, etc..
Iproute2 provides for the ability to properly handle multiple WAN connections via multiple routing tables. There are 255 tables available for routing and iproute2 makes the use of named tables easy – simply add the numeric value and tablename to /etc/iproute2/rt_tables.
When working with multiple WAN interfaces, I generally setup the second routing table and rules similar to this:
ip route add default via <gateway for this connection> dev <interface> table <tablename>
ip rule add from <WAN IP> table <tablename>
The above simply adds an interface into the table and adds a default gateway. To isolate a machine on the internal LAN to ONLY use the newly defined routing table, one can simply:
ip rule add from 192.168.32.10 table <tablename>
ip rule add to 192.168.32.10 table <tablename>
Depending on your default policy, you may need to make alterations to your iptables rules as well (especially to support forwarding and NAT masquerading) You can also hook into TOS flags (amongst other things) and route based on port numbers, etc. Basically the sky is the limit (you can do round-robin routing out interfaces, etc)
Next up is IPv6. IPv6 tunnels are easy to come by these days – Hurricane Electric and Sixxs.net are two of the more popular tunnel-brokers, MyBSD is a Malaysian broker I would personally recommend (good for IRC, latency is high, it goes down semi-frequently.. but I like Malaysia). Also be aware that some brokers block common IRC ports. (Luckily I’m currently testing IPv6 for the ISP I work for and am now working off our /32)
Quagga can handle IPv6 address auto-assignment on your LAN. By default, ipv6 nd suppress-ra is set on most all interfaces. Disable it on the LAN interface, slap an IPv6 address and subnet in that interface config – and voila – your IPv6 router is now handling IPv6 autoconfiguration.
I recently upgraded to using a small form-factor IBM ThinkCentre 8183B2U.
The power consumption is also fairly low (I believe), and wanting to do a little more with the router, I figured why not spend another $80. Of course, the downside to the ThinkCentre is having only 1 on-board NIC and 2 PCI slots. In the near future I plan on picking up a quad-port LINKX ethernet card, to consolidate cards (I presently have 2 PCI NICs added to the router for connections to the LAN and a monitoring tap). Hopefully I can find a quad port card that will fit in the small form-factor .
And excuse the mess, I’ve yet to make things “pretty” yet.