Looking for comments on homemade router

Since I’m having some trouble with my current router and its software (3Com made a very good hardware to keep on the load, but sucky software that is not configurable), I’ve decided to replace it with something more customizable. After rejecting all the options I found at my usual supplier, since most are not configurable at all, I’ve decided that the solution is to build my own, using Gentoo. While hacking the WRT54GL is still in my TODO list, it’ll take too much time, especially given the mipsel architecture not be supported, so I wanted to move to something easier to manage.

I might be overly needy, but my list of requirement is actually a bit long: I want something whose operating system can be loaded on an inexpensive replaceable flash memory (so I can keep a “stable” safe backup, and an experimental one to work on), it has to run Gentoo (obviously), has to be able to work as wireless access point, with a mac address access list (I don’t care if the format does not allow comments, since I can just use a script to update it), and have at least three Ethernet ports for the LAN, and one for the WAN. Power consumption is a major problem, but even more so is noise: it has to stay in the minuscule hall we have and if it’s too noisy my mother would kick me out of the house (and I cannot move the connection anywhere else because of the bad tubing connecting the house).

I already looked around at MIPS based RouterBoards, and Soekris cards, it seems like they more or less go on with what I want, the former with microSD cards and the latter with CompactFlash, but the price tag actually scared me off; with Soekris boards, with wireless, would cost me around €300, without a chassis, a MIPS-based board would probably go down to €300 with case, but both are pretty much embedded hardware. With due consequences.

Tonight I looked into the most obvious thing: a standard PC in a small case with a passive heatsink for the CPU. A Celeron D based system and an HTPC chassis would cost me around €300, with three Realtek network cards (and another one integrated) and an Asus WL-130N card (based on rt25k chip). I already have a CF-IDE adapter, so that I don’t have to get. This would look like a good choice I guess, I would be able to use CF cards for keeping the gateway updated, I’d have the power of standard x86 at hand, with Gentoo and the ability to manage it similarly to the vservers.

And here I’m asking for lazyweb’s help: can somebody tell me about the status of the rt25k chipsets on Linux? In-kernel or externally? How do they work in AP mode? (hostapd I suppose is the software to use) Does the AP software have a mac access control list? Are there passive PSUs that don’t cost as much as the whole system? Are there better alternatives?

I’m currently of the idea that for the sake of maintaining it, having a standard PC as a router is the way to go for me; I have way too complex needs for the standard routers it seems (indeed being able to just configure everything as I want is probably my main requirement), and even OpenWRT and the like don’t really look like the good choice for me.

Can somebody help me with comments?

36 thoughts on “Looking for comments on homemade router

  1. Soekris boards are rock stable and extendable through (mini-)pci cards. Older releases (45xx or 48xx) are not that expensive (<200€ including chasis and wlan card).They have a very low power consumption and are noise free (no moving parts at all).hth

    Like

  2. I’d be wary of a Celeron D going passive. Even if they are relatively low end CPUs, they’re still Netburst based, and hot. I’d try a low end AMD. You’ll probably still need an exhaust fan to be safe, but it can be fairly slow. You could try looking for an old quad-port NIC on ebay to save on PCI slots (would allow you to go micro-ATX).The RT2500 is supported in-kernel by rt2500pci, including AP mode, although I’ve not tested it (I have one laying around I can try if you like). hostapd supports MAC blacklists and whitelists. APs running off the average PCI card are a far cry from a dedicated AP, however. I’d suggest using your WRT54GL in AP mode instead, it’s easily done with dd-wrt. As for passive PSUs, they’re always expensive. I’d go for a decent fan cooled PSU, some are very, very quiet. Nexus do an excellent one if you can find it.

    Like

  3. Soekris for sure. Others may compare in features, but none I have seen match the quality.As for software, you should take a look at PFSense (http://www.pfsense.org/). Being FreeBSD/PF based, it is at least on par with Linux filtering tools but where it really shines is the management interface, CF images, and package system.

    Like

  4. http://www.pcengines.ch/ali… with mini-pci-wlan. uses <<10w power. i have one running ubuntu-server. you should get a case, wlan-card, power-adapter, serial-cable and a flash-card for ~200 Euro. it will run gentoo fine, but 500mhz/256mb are just not that fast :)

    Like

  5. I’ve used m0n0wall for a long time on my home router. It is an old 1GHz P3 that I picked up at a swap meet. I’ve got a CF to IDE adapter for the firmware, so the only moving parts are fans. It has been super reliable. The power consumption is pretty bad, though.I’ve also got a Buffalo WHR-G125 running DD-WRT. I’m pretty sure you can use any of the ports as seperate VLAN’s, plus it has built in wireless. It has been extremely reliable as well. It only cost me about $50 a few years ago.

    Like

  6. I understand that you want something to hack on, but if you can leave that requirement a WRT54GL running DD-WRT is hard to beat. It’s very configurable and reliable.

    Like

  7. regarding hostapd and mac ACL – yes, it supports it, but it not really any usefull security, since mac’s can be changed.

    Like

  8. When my last router died, I got it RMA’d but while it was gone, I realised I didn’t want it anymore anyway. I hate maintaining too many machines and this machine is already a server for tons of things so I just set it up as the new router. I’m sure plenty of people would criticise me for running everything on one box for security reasons but bleh, I’m not hiding anything too important. It’s worked very well so far. I have USB adapters for wireless and bluetooth so that both machines and phones can connect.

    Like

  9. @Monketh thanks for the heads up on the Celeron D heat, I’ll see if I can find something non-passive in case; as for the PCI wireless AP, well, most routers use miniPCI cards so it doesn’t seem like a huge difference to me; to be honest I just have an handful of clients usually enabled, since all my office/bedroom segment is up by a single wireless bridge.@gurligebis yes I know it’s no security; the security is the fact that I live _around nothing at all_ so I cannot really be wardriven (from the street you cannot sense my wlan); the mac address list is just to avoid the casual person to come in here; if anybody with some skill arrives this near my house, I really want to meet him/her.@Kevin suggesting pfSense and the others suggesting DD-WRT; it’s not really something to hack that I’m looking for but something I can easily put software on; OpenWRT/DD-WRT are inherently bad to package for.Soekris and Alix seems to be interesting, the problem is that I can’t seem to find an European store that carry both boards and accessories (and I really need an European supplier for VAT reasons).I’d set up Yamato myself but the problem is that it’s way too far from where the phone line is :/

    Like

  10. Most routers use dual antennas and are capable of greater transmit power than most PCI wireless cards (A WRT54GL for example is good for over 200mW). If you’ve got a dedicated AP there, use it. It will perform better.

    Like

  11. The Asus WL-130N has a three-antennas system, which is why I considered that one :) Unfortunately Asus does not seem to declare how much power it can bring out… on the other hand, I really don’t think I need extreme amount of power in the wireless side of it; on the other hand, if it fails I can always move the card to Yamato and get an external dedicated access point…Norman, I’ve been looking at the RB/433AH… but the problem is with the OS; I really want something I can manage myself.I’m still unsure on the road to take, but at this point I’m just sure I want to run Gentoo on it: any other router I’ve seen solves part of my problems, but only a system I can tweak myself as much as I want will solve all of them, and still be extensible.

    Like

  12. Having just looked up the WL-130N, that is not an RT2500. That’s an RT2800, which afaik has no AP support for Linux. It also has a maximum transmit power of 25mW for 802.11g mode, and most likely only uses 3 antennas for n mode. I’m not even sure that would work on Linux either.

    Like

  13. Actually, there seems to be no in-kernel support for the RT2800 PCI chips at all. I wouldn’t bet on a vendor driver (if one exists) being any use, they certainly weren’t for the 2500s.

    Like

  14. Diego ran across this…thought you fit.http://blog.sbnation.com/20…As for the router I’d just get a hub and some pci cards…put the cards on say an old PIII board. I had a old Gateway was passive cooling. Did a setup like that long ago but before wireless.The other option might be a slinglink those things are interesting to me since they run on your residential electric wiring….think they were around max 56M ..was gonna find a link to one…instead some others…sunno how the 50 vs 60 Hz thing plays you’ll need the EU bersion of coursehttp://www.newegg.com/Store…——————————————Box is much better now without the “test” and “debug” heh…but amd64 arch has no flash support….so my child needs winblows for youtube. sigh …oh well so it dual boots.

    Like

  15. I’d also go the Alix road.Got some older Wraps and they’re good enough as homerouter/firewall without problems.As you need a EU-based shop: tronico.net (located in DE, sells Alix+Soekris+acc.)

    Like

  16. @Monkeh now _that_ fucks me up my plan :D glad I asked first then, will have to go with a different plan then, thanks!@user99 flash support is present in ~arch; relatively stable to… as for the networking, I do have a powerline couple at home that links my bedroom and my office; it does not work behind UPSes though (so when – not if – power goes down it will disrupt the connection), nor between “RCDs”:http://en.wikipedia.org/wik… (which obviously I have at home), so I cannot use it instead of the main wireless bridge :(

    Like

  17. i’ve been looking to do something simmilar. My WRT-54G v8.0 just can’t handle streaming videos over the wireless.Anyways, as far as the wired protion goes, http://www.mini-itx.com/sto…with the 3x Lan expansion card. The board it’s self is fanless and has 1 IDE connector on it for your IDE-cf adaptor. and supports 1 gig of ram. I don’t own this board/expension card combo so i have no idea how well it works with linux. There is a PCI slot that could be filled with a wireless card.The whole lot should fit in a number of mini-itx cases. I have yet to see one witha passive power supply. There are some that have an external power brick, so i guess that would be fanless. Using something like the pico PSU may be an option. http://www.mini-itx.com/sto… It is a DC-DC ATX powersupply, i’ve seen from 150W-60WAt the moment though i’m having the same problem finding a wireless card to act as the AP. That would have enough gain to be useful through a few walls. I could always see if my WRT would handle more traffic in bridge mode.P.S. I have never ordered anything from the website linked above, so i can not attest to the reputation of the site. I have been following Mini-itx news from them for a number of years now. I think they are based in the UK which may or may not help with the VAT issue you mentioned.

    Like

  18. @Monkehyea, I should have looked harder when I bought it for the GL, i unfortinitly got the the WRT54G V8.0 so micro DDwrt on it. Also are you doing WPA2-PSK on while streaming or for that matter doing anything like running bittorrent on the wired network at the same time? It just felt like the router ran out of memory/cpu while trying to handle it.I’m following this in hopes of finding a good wireless card to use in linux (desktop).

    Like

  19. My wired network is always busy, but it’s on a seperate switch and I use a Gentoo router myself ;)And yes, I use WPA2-PSK.

    Like

  20. We use the Net4801 a lot (http://www.yawarra.com.au/h…. They come with various options – IDE or flash, mini PCI slots (with linux compatible aDSL and wireless cards), 3 network ports, and more! They’re quiet, small, low power… They also provide some free distro’s for various uses.You might be able to buy from a different supplier since Yawarra is in Aust.

    Like

  21. I’d say Soekris is, in some circles, the de facto standard solution for the tasks you outlined.Price is indeed a turnoff, but you can get those pretty easily from eBay or from similar local reseller.

    Like

  22. I appreciate your intentions to run Gentoo on your router, but futile though it may be, I feel I must suggest you consider OpenBSD for this particular task. Being a full-blown OS (rather than targetted at a specific use-case) it should be flexible enough for anything you wish to do with it. And fond as I am of Gentoo in pretty much any other role, I have never felt the networking tools available in linux to be as elegant or polished as PF, primarily from a network admin point-of-view.I’m not certain about hardware (I use old P3s myself), but the soekris and equivalents should work nicely if you’re after something small. I have no doubt it’d be easier to get it running happily on less powerful hardware than would be true of Gentoo, but perhaps you’re partly after the challenge? Admittedly it doesn’t sound like you’re too concerned about HA for your home router, which is where CARP and PFSync would really shine if you had a pair of these devices…

    Like

  23. Hi Diego,If you are interested in an European reseller for Soekris boards, I found Wim (at http://kd85.com/) who sells these boards.I knew him during OpenCON in Venice (in my neighbours) where he showed his magic goods. :)I don’t know where you live, but if you want save delivery expenses, you can contact him asking for items you like.Ah, I’m plannig to retire my old P200 and substitute it (him? :D) with a Soekris board equipped with OpenBSD (Soekris wiki is full of information http://wiki.soekris.info/Ma… , so I can experiment on my own).About WLAN card, I’m using a Netgear (I don’t remember the commercial name, but lspci says “Atheros Communications Inc. AR5212/AR5213 Multiprotocol MAC/baseband processor (rev 01)”) in host mode and it works well on Gentoo; it should work also under OpenBSD.I think I’ll use it on Soekris board (I’ll need some customization on case, so I’ll enjoy more! :D), perhaps with a better antenna.About Wi-Fi security (even thoe isn’t an issue for you), IPSec over WEP could be a good choice.Let me know and enjoy (not too much).Dany :-)

    Like

  24. What really bothers me about Soekris boards is the price, and the fact that they are _really_ some barebone systems. I could probably get to use one for what I need, but it feels to me like it’s going to be a lot of money just to achieve the form factor.For now I decided on getting the Celeron to test; in the worst case, I’m going to re-use it for some other task (thin client for Yamato – especially if I can move it to an office – or computer for my sister, or testing rig, whatever I need), in the best case that will be enough for me. At the end the price for either that or the Soekris was around the same, but the risk of having a pointless piece of hardware was higher on the Soekris, if it proved too limited for what I needed. Still I’m interested in anybody having comments, both for what concerns software and eventual hardware, since I don’t know if this will be final (and also, once I get a real office, the home gateway will be scaled down a lot, so I could go with WRT54GL or something else entirely).@Dany I’m in Mestre myself, but I have quite a few itches with OpenBSD… and I don’t say that without knowing what I speak of, since I actually have met (although I admit not in a while) Fabio… I always avoided OpenCON though.

    Like

  25. I have a 1.2Ghz Celeron D that I used for my router box/network file server/source code server/anything I wanted to keep running while my desktop was off system. It works great especially when put into 64bit mode. But keeping a 32bit desktop and a 64bit server up got to be a bit to time consuming so I just moved the extra NIC into my desktop. The only real glitch was a very picky cpu frequency scaling driver.

    Like

  26. IMHO best way is using PS3 without “e-motion engine”: 3.2GHz dualcore 64 bit PPC, 3 (three) GBe ports, Wi-Fi.PC-based router in small-outline case is another good variant. I am compelled to make regularly them in view of absence PS3 under the reasonable price in. The standard case, standard motherboard, standard all rest too. As consequence – high maintainability. From Cyrix 6×86 to k10-series.To the right of me in metre there is a 300x350x89mm box with 1,2GHz Celeron, 512MB RAM, 4 NICs (3+1 onboard) and Wi-Fi (ath5k). Expenses have made $50 (brand new PSU and WiFi, rest from my scrapbox).

    Like

  27. I would’ve gone for the Alix boards given the choice, they’ve got all sorts of nice little features to play with. Seems they’re hard to get hold of though.I got myself a mini-ITX Atom about a month ago and loaded it up with hostapd (using a p54usb) and a billion other things. It’s running all that plus the occasional game server, and it’s stable as a rock. The only problem I had was that it refused to boot with a specific one of my USB drives plugged in.Also it’s mostly silent, runs in under 40W, and has all the usual ports so I could turn it into a makeshift desktop. The only downside was it being overpriced (£370!) because I was lazy and got a prebuilt. :)(before that, I had all the above running on a P3 from the trash heap. The power supply started gradually fading away recently so it had to go)

    Like

  28. PS3s do not have dual core CPUs, nor do they have more than one gigabit interface. They also aren’t capable of master mode on the wireless interface, as far as I’m aware..

    Like

  29. Hi FlameeyesI had exactly the same problem as you a few months ago. Finally i made a try with a cheap second hand VIA C3 mini-ITX board, a mentioned Ralink-based wireless adapter and a cheap SD-Card with PATA adapter for storage. Since the CPU is really slow, i decided to use Debian with a custom kernel. Already to build the kernel takes about 1.5h. So maybe you better cross-compile your Gentoo on your Tinderbox in such a case :-)In my point of view it perfectly fits my and probably also your needs. Fully configurable Linux system on standard x86 architecture. AP mode for rt2x00-based adapters is in vanilla kernel since 2.6.29 (for some configuration hints, see: http://ganto.no-ip.org/trac… ).I was also thinking of maybe even embedding the basic system into a initramfs that no flash-card access is needed for normal operation. But since normal flash cards are so cheap in the meantime, i don’t care to replace it in a while…The only issue i found so far is, that my MacBook has some troubles with the access point. Every few seconds there are small lags up to one second duration. This makes it kind of painful to work over SSH for example. So far I couldn’t fully nail down the problem… Since the OS X MacBook wireless operation is known to be kind of buggy, i’ll put the blame on this for the moment… :-PKind regards and thanks a lot for your very interesting blog,ganto

    Like

  30. The “OpenRD-Client OpenRD-Client Board with Enclosure”, and ARM-based system, could also be interesting. It has 2 ethernet ports and no internal extension abilities but more than enough USB ports for USB-Ethernel/USB-Wlan converters and multiple ways to connect storage (SD/SDHC, eSata and internal SATA disk in addition to 512MB Flash and 512MB RAM)Fully supported with recent kernel.org kernels. The ARM CPU is pretty powerful (1.2GHz) and should thus be able to handle most loads.It’s not really cheap (250$, same amount of € inside of EU) but you have full software freedom.http://www.globalscaletechn

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s