Why build your own?
Note: You can click on any image on this page to see an enlarged view.When I first got broadband at home, I got DSL. Paid about $150 per month for 1.5 Mb/s download and 768 Kb/s upload. That's pathetic by todays standards, but it was near the top of the line at the time. (Circa 1999). With DSL, I was also given 4 static IP addresses, which was more than enough for my computer needs at the time. And with 4 public IP addresses, I didn't need a router for NAT (Network Address Translation) purposes. (A firewall is a different story...)
When I moved, I couldn't get DSL, only cable. I was only given 1 IP address, unless I paid extra for additional IP addresses. I decided to try my hand at using NAT by providing my own router/firewall to go between the cable modem and my computers.
The first router that I bought was a Linksys EtherFast Cable/DSL Router, model BEFSR41. It was easy to setup and use, and it seemed to work fine for years. It was also relatively inexpensive. I think it was maybe around $70. I really can't remember. All was fine and good until my Internet connection speed started to increase (which is not a bad thing, BTW.)
This is what the old Linksys looked like. This picture is slightly different than my router because I had the original version before Linksys was bought by Cisco Systems. But they do look very similar. Many of you probably had this one or something like it.
With the Linksys router, the fastest I was able to download was about 6-7 Mb/s. At the beginning, this was much more bandwidth than I was getting from the cable connection. (When I first got cable, I think I was getting something like 1-2 Mb/s download. Clearly, much less than the maximum throughput that the Linksys router would support.)
A few years later, as my ISP was increasing the bandwidth they provided, I started to notice something. If I removed the router and connected the computer directly to the cable modem, I was able to download around 12 Mb/s! That's quite a difference from the 6-7 Mb/s I was getting when going through the router. It seemed that the Linksys router was not able to handle connections much faster than about 6 Mb/s.
Well, it was time to upgrade my "consumer grade" router for something that could handle a little more bandwidth. I didn't really think that any of the other consumer grade routers were going to cut it, so I was going to have to step up. A friend of mine told me about how he had just built his own router and was running free software on it. I did a little research and this is what I found.
There are two parts to a router (this is an over-simplification):
Note:
To construct the router and install software needed to get up and running requires no
expertise at all (it's true!). However, configuring the firewall portion
(optional, but highly recommended) of the software does require a little skill. This
is not unique to this Do-It-Yourself router/firewall. Even the consumer routers/firewalls
that you might purchase in a store will require some understanding of what a firewall is and how it works.
The Hardware
The device I chose to use was a router board from Soekris Engineering. The model is the net4801:
Scary looking, huh? You're thinking, "How am I going to be able to build a router from this thing?" Well, like the note above said, it's actually very simple once you know what to do. (And that's what I'm going to show you.)
You might not know from looking at the picture, but there are 3 network (RJ45) ports, a serial (COM) port, a USB port, a CompactFlash slot, a hard drive controller, and several other controllers on that board. It can be much more than a simple router/firewall, if you want it to be. But, we're only focused on the network ports and CompactFlash slot as that's all we're going to need.
The circuit board is just the guts of the router. We need to put that into a case (just like you do with computer parts). This is what the finished product looks like:
Admittedly, it's not as slick looking as the Linksys device, which focuses on form over function, and is just made out of plastic. This device stresses function over form (and the case is made of metal). You could probably stand on it and it wouldn't break. You can certainly craft your own custom case, if you want.
Front Back
Installing the Software (m0n0wall)
Before you assemble the hardware, you need to install the software. Since the hardware doesn't come with any kind of hard drive or storage device, you need to provide one. Specifically, you need to provide a CompactFlash card, just like the ones that older digital cameras use. In fact, the CompactFlash cards I use (and show) are all from my Canon point-and-shoot camera from 2002. Depending on the version of the software you are going to use, you will need either an 8 MB card or a 16 MB card. (Good luck finding one that small these days.) The 8 MB card below came with my camera and was pretty much useless as it held about 8 photos at 1600x1200. I immediately went out and bought a couple of (big at the time) 256 MB cards for the camera, leaving the 8 MB card in the closet for years (until I needed it for this router!)
CompactFlash Cards USB CompactFlash Card Reader
The software that runs on the device has to include some kind of operating system so that the router/firewall software can run. Fortunately, the software we'll be using contains everything you need in one single file. The file is an image file, which is kind of like an .ISO file that you might create for burning onto a CD or DVD. Except we'll be "burning" the image onto the CompactFlash card with a very simple command.
The software that I'm using is called m0n0wall. It's written by a guy named Manuel Kasper and it's completely free, although he does accept donations, which I encourage. (It's excellent software like his that makes the Internet a safer place for everyone.) One really refreshing thing about m0n0wall is that there is a lot of good documentation about it at the site. There's a really good QuickStart Guide that shows a lot of detail about how to install it on different hardware. (More technical details than I'm describing here.)
At the time of this writing (August 2009), there are two versions available: a stable version (ver. 1.235) and a beta version (ver. 1.3b16). The names and sizes of the image files are:
The first thing that you'll have to do is to go to the website's downloads and grab the version of the image file that you want to install. The image we're using is the net48xx image and the file will be called net48xx-VERSION.img, with VERSION replaced by the version number that is posted there. I would suggest taking the posted version because it's the latest stable version. If you don't mind using beta versions, you can grab the latest beta. The steps to install either version are the same.
Once you've downloaded the image, you need to "install" it onto the CompactFlash card. Note that you can't just copy the image, because it is a fully bootable image, complete with a boot sector and an operating system. Fortunately, getting it onto the card is trivial. I'm a Linux user, so I'm going to show you how to do it with Linux. I also assume that if you are trying to get the most out of your network and computers that you are likely running Linux (which, by definition, is what Linux is for.) Note that you can do this in Windows (as the m0n0wall website says), but I've never tried it so I can't confirm how it works.
After you connect your CompactFlash card reader to a USB port and insert the CompactFlash card, you need to issue a command to install the image. In this tutorial, I'm going to assume that the image file is named net48xx-1.235.img and that the CompactFlash drive is recognized by the system as /dev/sdh. You'll have to change these names depending on the image file you downloaded and how Linux recognized your CompactFlash card. (To see what device the CompactFlash card has been recognized as, you can run the dmesg command and it should indicate this.)
This is the console command that will install the image onto the flash card:
The obligatory warning:gunzip -c net48xx-1.235.img | dd of=/dev/sdh bs=16k
This is the result of running the command on my system:WARNING: BE VERY CAREFUL WITH THE dd COMMAND SHOWN ABOVE. USING THE WRONG OUTPUT FILE (of) CAN TOTALLY SCREW UP YOUR SYSTEM!!! MAKE SURE YOU ARE ABSOLUTELY SURE WHICH DEVICE LINUX HAS ASSIGNED TO YOUR FLASH CARD. YOU HAVE BEEN WARNED!!
You can ignore the message about the trailing garbage.
Congratulations! You've successfully installed the software! I told you it was simple. Now you can move on to assembling the board, flash card, and case, which is equally trivial.
Assembling the Hardware
If you bought the board and case at the same time, chances are that when you received it, it was already put together. If not, putting it together is simple. Even if it was pre-assembled for you, you're still going to have to open it up so that you can insert the CompactFlash card. When I put the board, flash card, and case together, I took a lot of pictures. That's pretty much what this section is going to show. Pictures. Lots of them. (Click on a picture to show a larger version.)
This is the net4801 board:
The net4801 board The chip used in this model
Front Back
Bottom, showing the screws holding it together Inside, showing the 4 mounting posts With the board, showing the 4 screw positions
Don't forget the hex bolts for the serial (COM) port.
Align card with slots Press it firmly into place Secure with retaining screw
Slide completed chassis back into case.
Connecting the Router to your Network
There are 3 ethernet ports on the back of the device, but you'll probably only need two of them. Port 0 (eth0), will connect to your internal network and port 1 (eth1), will connect to the Internet (i.e your cable modem, DSL, whatever you have). If you only have one computer on your network, you can just plug that computer into eth0. If you have multiple computers, they will all be plugged into a switch, and that switch will be plugged into eth0 on the router.Configuring the Router/Firewall
Ok, so now the real work begins: configuring the router/firewall. By default, the IP address of the router is 192.168.1.1. All you have to do is to point your browser at that address and you'll see the opening configuration page. Incidentally, the default username is admin and the password is mono. You shouldIf your internal network isn't configured as 192.168.1.1, then you will have to do a little more work. Either configure it that way (temporarily) so you can change the IP address of the router to something that works on your network, or, you'll have to change the IP address on the router using the serial port. I'm not going to show that here because the m0n0wall documentation online is very extensive and does a much better job of explaining how to configure using the serial port.
DISCLAIMER I am not affiliated with Soekris Engineering or the m0n0wall Project in any way. I have not been paid by either, nor have I been given any compensation for this article. I purchased the Soekris hardware through normal channels like everybody else. My motivation for writing this article is simply to educate Internet users. Over the years, I've had many people ask me how I built my own routers and so I wanted to document the process in the hopes that others may learn from it.
Last update: August, 2009