Here’s a review for the savvy reader.
Are you frustrated with the off the shelf routers you can buy in the store? Does your hardware crash on you at the worst possible moment? Does your Best Buy router not have the option to stop your room mates downloads from slowing down your internet? Well, one way to avoid the limits of off the shelf routers is to build your own.
Technically, you can build a router out of any old desktop or laptop computer that you have lying around by adding some routing software. This is often done with Linux and there are specific builds of Linux and OpenBSD that are written for this purpose. Examples include m0n0wall and pfSense.
If you want to keep the size still as small and unobtrusive as one of the off the shelf routers, you need to buy a router board. A router board is smaller than a regular computer and uses less power. The PC Engines Alix2 board that I’m looking at in this article is only 6″ x 6″ and powers off a small power supply or can be powered off an Ethernet wire.
The Alix2 is the replacement for PC Engines WRAP boards. The Wrap is a small networking-optimized board — basically a small computer.
The entire system is less than 1″ tall. The Alix comes with either 433 or 500MHz AMD CPU and either 128 or 256MB of ram. This may not seem like a lot compared to modern desktops, but it’s actually quite powerful for what we’re using it for. Remember, we’re going for low power, low heat.
The main operating system is stored on a CompactFlash card on most models. There is one model that has a IDE port to plug a in laptop hard drive if you really want to go nuts. A hard disk will use more heat, space and power, however.
These systems are very customizable considering their size and power usage. They can be purchased with two USB ports, up to three Ethernet ports, a miniPCI slot, and some models have a full size PCI slot.
The BIOS that these systems run on is set to automatically forward video to the serial port. This is very nice for building headless systems, so a monitor isn’t needed to check on the machine, only a computer with a serial port. They also support power over Ethernet, so the machine could be installed as a wireless access point with only a single Ethernet wire going to it.
As a power user, I wasn’t satisfied with the configuration on the store built router systems. If you know a little about networking and don’t mind playing around there are a few options for alternate systems to run that offer far more customizations. The router can be installed with OpenBSD for those that are die hard security fanatics and don’t mind a little work setting it up, or with a program called Monowall that aims to replicate Cisco routers — it also can be installed with your favorite version of Linux.
This is not for the faint of computer knowledge.
Using the PC Engines a board, a Mini PCI wireless card, a wire to adapt from the card to a standard antenna, the antenna and a box to put it all in.
The box comes with the baud rate for its serial port set to 38400. The baud rate will determine how fast the screen updates when you type commands in from your computer. pfSense uses 9600, and since I do not need the screen to update frequently I went into the BIO and changed it 9600 to match. If you don’t have the right settings on your computer for the device plugged in the screen will display random, unreadable text, and typing anything won’t work. So if the operating system is running at a different speed than the BIOS, you won’t see one or the other, without changing the settings on your computer each time.
With them both at 9600, I’m able to just set my computer to 9600 and be done with it. Most serial devices seem to use either 9600 or 38400, or what’s reffered to as 8N1 — 8 data bits, No parity and 1 stop bit. These settings should also be again matched to what your doing.
To enter the BIOS menu just type S when the system is running though the Memory Test. It will print a menu as below:
(9) 9600 baud (2) 19200 baud *3* 38400 baud (5) 57600 baud (1) 115200 baud
*C* CHS mode (L) LBA mode (W) HDD wait (V) HDD slave (U) UDMA enable
(M) MFGPT workaround
(P) late PCI init
*R* Serial console enable
(E) PXE boot enable
(X) Xmodem upload
Just type the letter of the setting you want. Then Q to quit.
After setting the BIOS, I prepared the CF for pfSense. The developers officially support the WRAP, and now the ALIX systems, so getting an image to flash to the card was very easy.
Flashing the card was easy, depending on your operating system, in Unix/Linux or OSX dd works fine — in a terminal “dd if=filename of=/dev/usbdevicename”
Once the image is on the CompactFlash, stick it into the ALIX board, plug your internet into one port and your laptop, or your local network into another, and turn on the system. The ports are all labeled 1-3 on the board. When pfSense comes up the first time, it will ask through the serial port which Ethernet port is which and default settings. Just use the defaults on the settings if you’re unsure, and it can autodetect the proper Ethernet port.
Once the network is setup you can safely disconnect the serial port and do all further work through pfSense’s web interface. Just open the browser to the IP address you assigned to the box. often 192.168.1.1.
The pfSense website has a tutorial on Installing to the WRAP.
pfSense has a basic setup wizard that is run the first time it’s started. This can be run again at any time by going to system setup wizard. Once the setup has been run the basic LAN to WAN routing should work, and all your computers should be able to get to the internet. This is where all the fun stuff starts.
pfSense takes the powerful, yet east to understand (compared to other filtering systems) OpenBSD packet filter and puts a GUI on it.
It asks for the IP address or addresses involved, the port numbers involved, the protocols involved, which interface it is going through, which means whether this is traffic going to the Internet on the LAN port, or coming in on the Wan port destined for a computer inside. The rules can then block the packets, log the packets or allow them to pass. It can also do special actions on the packets, such as wait for all pieces to a packet that got broken up, and reconstruct it on the server before passing it on, or changing the “random” id in an outgoing packet, so others can’t intercept the packets as easy. Some OS’s use predictable numbers when it’s supposed to be random.
This allows you to say “I don’t want my kid accessing this particular game I don’t like so I block that computer from talking on the port the game uses.”
Under the same menu there is also traffic shaping. This is very useful, but a little tricky to setup and understand at first. This can be setup to, for instance, only allow downloads to take up a portion of your internet and prioritize web access or make access to a favorite web site highest priority at the expense of all other connections.
I found the ALIX suitable for my needs on a Verizon FIOS network. I haven’t had any speed issues or the random crashes.
Learning Curve: [rating:2.5]