No Gravatar

At one point I was supporting a chat server for a group of people, and just about every week I'd get an email from someone saying they were unable to connect to the server. Others started chiming in, saying that when the server reached 10 people, that no one else could get in. I tried it myself and was able to log in many more than 10 times, so whatever the problem was certainly wasn't the server.

Turned out it was the router. I was using a "small business class" router, with some features not usually found on home setups (VPN support for one, a very nice feature for getting into your network remotely and safely). I only found this out by taking the network off-line, and putting the router right in front of the server – with the rest of the internal network on the other side. In that configuration, I could only connect 10 times. That was not a fun troubleshoot! Nowhere in any documentation could I find a 10 connection limit, but it was pretty obvious that I had one.

So I needed a better router. There are a lot of them available, but I didn't feel like shelling out big dollars for a Cisco or other commercial grade router. So instead, I built one.

This isn't anywhere near as hard as it sounds. All you really need is an old PC (you must have one lying around, or maybe one of your Windows friends does – and old machine maybe not fit for anything newer than Windows 98?). I had a few lying around, from my pre-Mac days.  So I scavenged up an old Dell 800 Mhz Pentium III with 512 MB of memory and a 20 GB hard drive. This, as it turns out, is overkill for the router – so you can use much older hardware if that's all you have. The main thing is you need two network cards (so I needed one more, since the Dell had one).

Now, you can use Linux or one of the free BSD Unix distributions to build your router, by why go to all that work? There's a great open source firewall/router,built on FreeBSD, called pfSense. It's pretty small – you can run it on a 100 Mhz Pentium with 1 GB of disk, 128 MB of memory,  and a floppy if necessary (although I'd recommend a bit more of everything). The pfSense web site has guidelines for sizing a machine

Setup is very easy. Pop in a CD (download it and burn it), run the installer (it's text based but very easy), then answer a few questions, like the IP address you want on the inside of your firewall/router. You don't even have to know which ethernet connection to connect to your network and which to your modem – go into "auto" mode, plug in the cable you're told to (either the outside one or the inside one) and pfSense will set that interface up. 

Once you're up, you get a web console to configure anything you want – VPN access, port forwarding, etc. You have pretty much any option that any other router/firewall has, even the high-end ones. You can add in extra interfaces if you need them, and even put in a wireless card to turn it into a wireless access point. You can report on bandwidth used, hand out DHCP addresses, have a second machine set up for failover, and do pretty much anything you need to do with a firewall/router. But if you just want a simple firewall/router, you can do that very easily. You can even run it as a virtual machine if you need to.

If you run into trouble, there are forums and even commercial support available (although, of course, you'll pay for that).  There are add-on packages for running proxy servers, VOIP servers, and utilities (like tracing out your network). 

My router typically runs at 1-3% CPU utilization. The disk is almost never touched, and the memory sits at about 13% used. So it's a pretty efficient system.

No, it's not for everyone. Many folks will get along just fine with a $25 router. But if you have a need for something a bit more high-end, and you have the majority of the hardware either lying about or available pretty cheap, you can build yourself a very nice router quickly. Mine is usually up for 6 months or more at a time – it only came own the other day because the 14 year old fan was failing and needed to be replaced.

httpv://www.youtube.com/watch?v=dCYApJtsyd0

Share →
  • Calvin

    This sounds groovy with the exception that you have to keep a PC running and it burns a little more juice than a router appliance. I wonder if I could do this with a Virtual PC running in one of my Mac’s that run all of the time?

    No Video …. Right …. tease and then cut em off.

  • Yes, as I mentioned, you can run in a virtual machine, at least with VMWare or Parallels. I don’t see why it wouldn’t work in VirtualPC as well.

    And just for you, Calvin, I’ve updated the post…

  • Calvin

    Nice …… Very Nice.

  • Eric

    This sounds very similar to freesco. I used to run freesco, which was floppy based, on a 100mhz system. It worked great. Your post is making me nostalgic. I may have to check out pfsense.

  • Vivek

    Thanks this was pretty useful. I’ve wanted to set up VPN for a while now, but the options seemed expensive.