# Linux as a router

## electrofreak

My router is getting more and more out of date (D-Link DI-704P)and it's time for an upgrade. I'm considering building up a system out of old hardware to probably make a box with a Pentium-mmx 200 Mhz with... an old hard drive, but the hard drive space probably wont be an issue (I have plenty of drives I can throw in if needed). I guess it will also have about 64MB of RAM, but I'm not completely sure, it might have a bit more.

Anyway... I'm thinking I want to turn this box into a linux router. Obviously, I'll put in 2 or more NICs. I may also run a squid cache on it or something, but I dunno yet. But the thing is, I kinda would like it to be a low maintance box. This is why I'm thinking gentoo wouldn't be the best choice because it may not have enough RAM to do compiling all the time and the compiling would probably slow stuff down a bit anyway. I've read the router guide here on gentoo, and it seems easy enough and if nothing else, it can be a good learning experience for my already decent networking knowledge.

So, I'm looking for a good dsitro to use as a router. I checked out the various floppy disk router distros, but I don't want to run it off a floppy. It just seems lame that way. I considered debian, but I've lost my debian skills ever since switching to gentoo.

Gentoo would be a great choice if the system was a little more modern and wouldn't take a year to compile everything. But that just isn't a possibility right now.

I'm also looking for possible web interface to the router to make administration even easier of it. If it doesn't exist, I wouldn't be too upset. I might write a simple one later down the road when I have enough experience with running a router system and time. I just want it for easy port forwarding for any system, rather than needing to ssh to it to do it.

So, for people that don't feel like reading all of that, basically I'm looking for:

 Good router linux distro, but not on a floppy that will run well on an old system (200Mhz) without too much maintance.

 Some sort of web interface for easier administration of the services and forwarded ports and such (like on the router boxes you buy)

----------

## xtlosx

gentoo + shorewall, easier to use and powerful enough for yea i'm sure...

----------

## al

You checked out Smoothwall?

http://www.smoothwall.org/

I haven't used it for years (I have a Netgear adsl/router box now) but it worked like you want it to when i used it.

 :Very Happy: 

----------

## electrofreak

Oh... never heard of smoothwall, but it does look precisely like what I want.

I'll read up on it, thanks.

----------

## Lomendil

Devil linux (http://www.devil-linux.org), despite the odd name, is an excellent choice for a low maintenance firewall/router.

It is made to run entirely from a CD (no need for a hard drive at all).  I have used it several times and have been very satisfied.  I believe that it comes with a choice of firewall guis, but I'm not certain (I just edit the firewall.rules file).

----------

## guero61

I'm perfectly comfortable running a Gentoo box on my edge, but have had a great deal of success using pfSense.  Yes, it's *BSD based.  Yes, Linux-ers tend to boo and hiss.  I found it incredibly feature-rich and something I didn't have to deal with.

----------

## Lomendil

 *guero61 wrote:*   

> Yes, it's *BSD based.

 

Absolutely, if it didn't have a problem detecting UMASS devices at startup, I would be using an OpenBSD box (maybe that's fixed by now, I haven't checked in a while).  pf syntax is *much* better than iptables.

----------

## electrofreak

 *guero61 wrote:*   

> I'm perfectly comfortable running a Gentoo box on my edge, but have had a great deal of success using pfSense.  Yes, it's *BSD based.  Yes, Linux-ers tend to boo and hiss.  I found it incredibly feature-rich and something I didn't have to deal with.

 

Is that like this smoothwall thing, only BSD based? I wouldn't be against trying it if it were.

I've been trying smoothwall and have run into a few problems. I think I narrowed it down to one of my NICs being dead. I decided to deal with it later. 

But, smoothwall seems very nice. It seems to have everything I need, and if it doesn't then there are a bunch of mods for it.

----------

## electrofreak

 *Lomendil wrote:*   

> Devil linux (http://www.devil-linux.org), despite the odd name, is an excellent choice for a low maintenance firewall/router.
> 
> It is made to run entirely from a CD (no need for a hard drive at all).  I have used it several times and have been very satisfied.  I believe that it comes with a choice of firewall guis, but I'm not certain (I just edit the firewall.rules file).

 

Sorry, the system doesn't seem to be able to boot from CD at all. Not even with Smart Boot Manager floppy disk or whatever it's called. I had to install smoothwall using the floppy boot disks provided on the CD. Then I can use the CD.

----------

## guero61

 *electrofreak wrote:*   

> 
> 
> Is that like this smoothwall thing, only BSD based? I wouldn't be against trying it if it were.
> 
> 

 

Yes, but with more features and completely non-commercial.  I have a feeling Scott may some day (if he's not already on the side) sell support for it, but ATM it's just a *really* nice firewall/router/kitchen sink distro.  It's derived from m0n0wall (another really good firewall distro), but with all the tweaks (SMP, CARP, x509, etc.) that m0n0 didn't want to do in pursuit of remaining on embedded systems.

----------

## electrofreak

Ok... I'll look more into that then. I hear BSD tends to actually be more secure than linux (don't throw fish at me) when it comes to firewalling.

Edit: I can't get it to boot. The boot disk they provide doesn't seem to work. So, I'll just stick with smoothwall. I think I figured out my NIC issues. I stopped feeling like dealing with it again, so I'll pick it up later.

----------

## kg

I'd also mention IPCop.  Similar to Smoothwall (IPCop was forked off a few years back).

I had IPCop on my Pentium 66 with 32MB ram and it handled my needs fine--hassle free 

install/maintenance, port forwarding, plenty of options to do more (traffic shaping/QoS, VPN, etc).

Admittedly, the web based admin gui was a tad slow   :Wink:   but didn't need to do 

much once it was setup.

----------

## electrofreak

QoS is included with it?!?! Sweet, I'll look into it. Smoothwall had a mod to add QoS on.

QoS is basically the reason I'm getting rid of the old router. It doesn't have it, and we have VoIP, so QOS is kinda a need. We haven't experienced any major problems without the QoS, but I certainly think it would help.

I want to basically have 3 NICs... one for the internet input, one for the network, and one for the VoIP box, which would get all the traffic it needs unaffected by the rest of the network, but I'm having trouble telling the 3 cards apart at set up, heh.

----------

## kg

Sorry, no.  QoS is an add-on like Smoothwall.

----------

## dalek

I plan to do the same thing.  I was going to use OpenBSD for mine.  I installed it once a while ago on a 400MHz machine and it ran like a lightning bolt.  It only used about 24MBs of ram too.  I supose you can install Shorewall or use iptables one on BSD.  

It's just a thought.  I love Gentoo but compiling on a system that slow would take a while.  I was told by a lot of Linux users that BSD would be perfect for it.

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

## electrofreak

I'd be completely open to the BSD option, but I can't get it to boot.

But now I'm suspecting the floppy to be bad, so I don't know. I may try it again. It litterally only takes like 10 minutes, 15 minutes tops to install these things.

----------

## dalek

I used the CD.  It worked great.

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

## guero61

pfSense has QoS (wizards for it as well).  I'm still continually amazed at just how much it has.  And I like Linux better than BSD.Last edited by guero61 on Sun Jun 11, 2006 4:32 am; edited 1 time in total

----------

## dalek

 *guero61 wrote:*   

> pfSense has QoS (wizards for it as well).  I'm still continually amazed and just how much it has.  And I like Linux better than BSD.

 

I like Linux more too.  But after talking to a lot of people on different forums, BSD was a clear winner.  Almost everybody said BSD was the way to go on a old machine like I had and was very secure as well.  His is slower than what I had.

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

## electrofreak

I finially figured out the three NICs. I had a bunch of old card. Some of them I knew were not working, but I didn't know which ones, heh. Anyway, I just used process of elimination until I got 3 that worked. I think also some of them had caused conflicts when used with the other ones...

I got it working now. I applied all the updates to it, and applied the QOS mod, which I definitely needed. I tried hooking my VoIP box upto the "Orange" card, but no dice. It seems DHCP doesn't run on the "Orange" device by default. I looked into it, and there is a mod to add this easy functionallity, but again, I got tired with dealing with it, but I will deal with it tomorrow. At least now I can actually have the box closed up. I applied labels to each NIC so I know which is which and it's almost good to go.

It's a bit loud, unfortunately. I'm pretty sure it's mostly the hard drive that is loud. I may have to try to make that quieter, or possibly replace the drive (hopefully I can find one of that size or larger so I can just dd one to the other.) Or I could maybe put some foam in the box. I'm not really worried about it overheating or anything. One thing that makes me laugh is that I actually had a heatsink and fan from an old AMD Thunderbird 1.2Ghz chip. And I discovered that it actually fit on to socket 7. I put it on this old chip and... well... let's just say it definitely gets the job done, heh. (I used a weaker clip from an actual socket 7 heatsink because the AMD cooler clip seemed WAY to tight for the job.)

I wish I could get the BSD CD to boot, but still nothing. Smoothwall seems speedy enough, so I'm not too bothered with it. The load never gets too high and it never starts using the swap, but I still don't have it running full time yet.

----------

## dalek

 *electrofreak wrote:*   

> 
> 
> I wish I could get the BSD CD to boot, but still nothing. Smoothwall seems speedy enough, so I'm not too bothered with it. The load never gets too high and it never starts using the swap, but I still don't have it running full time yet.

 

Are you sure you burned it correctly?  I ordered mine so maybe it is something different about it.  I looked here also:

http://distrowatch.com/table.php?distribution=openbsd

Hope that helps.

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

## electrofreak

 *dalek wrote:*   

>  *electrofreak wrote:*   
> 
> I wish I could get the BSD CD to boot, but still nothing. Smoothwall seems speedy enough, so I'm not too bothered with it. The load never gets too high and it never starts using the swap, but I still don't have it running full time yet. 
> 
> Are you sure you burned it correctly?  I ordered mine so maybe it is something different about it.  I looked here also:
> ...

 

Yes, I burned it correctly. The computer just doesn't boot from CD, and the boot floppy they provide seems o just be the Smart Boot Manager floppy, which also doesn't allow the system to boot from CD  :Sad: .

----------

## dalek

I had a system like that once.  I told it to only boot the CD, it booted from the hard drive anyway.  I had to put the drive in another machine, install Linux then move it over.  Made me mad.  Stupid puter.   :Rolling Eyes: 

Well, work with what you got I guess.  Just have to keep the bad guys out.

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

## electrofreak

Heh, I don't feel like pulling it out to do that. To much work for an install that takes just minutes.

----------

## batistuta

I was wondering: how did you end up doing this? I'm on a similar boat. My parents have a cable modem+router that they use for the internet and I want to put a box in front of the router to filter stuff. I'm thinking about pfSense. I'm not 100% sure if the router could just work as a switch, disabling the maskerading, DHCP, and all that stuff. I can't trash the router because I need it for connecting WLAN machines.

My only requirements are: Firewall, web filtering (no exe downloads, no dlls, etc), spam filtering, ssh server for remote administration, and maybe virus scanning.

Thanks

----------

