How to build a router based on Linux
27th Dec 2012 | 10:00
Turn your trusty Linux box into the world's most flexible router
The latest, most expensive routers include so many facilities you'd be forgiven for thinking they're more like PCs than tools for networking. This thought should lead you to wonder if you can use a regular PC to do the same thing. The answer, thanks to Linux, is that you can - and it's very easy.
There are many different Linux distributions designed specifically to turn your machine into a router or a gateway, complete with any number of enhancements.
Our favourite is called ClearOS. It's a fantastic choice of router for your network because it's relatively painless to configure, but it's also extendible, taking it far beyond even the most ambitious devices from manufacturers like Netgear.
You could use it to host your cloud documents, complete with editing, host and access your email, either through a web interface or server, as well as a powerful firewall and intrusion detection.
Raspberry Pi: Everything you need to know
ClearOS is unlike most Linux distributions because it offers both a free edition and a commercial edition that you have to pay for. Because some people do pay for it, ClearOS has one of the better user interfaces, and most of its facilities can be installed and configured through a web app.
It's also easy to install, and has a great support network. This is important, because all your network's data is going to go through the distribution, and you need to be able to trust both the integrity of the packages and services its running, and the source of those packages and the distribution itself.
Fortunately, ClearOS's heritage couldn't be any better, since it's based on the billion dollar Red Hat enterprise.
ClearOS uses Red Hat's graphical installer and asks you only a few questions. Boot your machine with the ClearOS DVD in the drive (a USB option is also available), and choose the first option from the boot menu: 'Install or upgrade an existing system'.
The graphical installer will appear after a few moments and you'll have to answer the usual questions about language and keyboard layout. After these are out of the way, choose 'Basic storage device' as your installation medium and step through the regular drive and partition options. The next few questions deal with the network and where you're located, before asking how you'd like to allocate space on your drives.
The default values will choose a drive and create an installation automatically, but be warned, this will remove all data from the drive it chooses.
The following two questions will confirm your choices before the installer goes off and does some installing. When this has finished, you get the chance to reboot into your new installation and removing the DVD would be advisable.
When your machine has booted, the first thing you'll notice is the lack of a desktop. In fact, the only thing you should see is a screen telling you the IP address of your machine and where to get further information. This is because, like any modern router, ClearOS is intended to be configured through a web browser.
After you've made a note of its IP address, you can disconnect any screen, keyboard and mouse and hide the machine away under the floorboards if you like. As long as it's connected to the network, you'll be able to change the settings.
Go to a browser on a machine on the same network and type in this IP address, using both the 'https' prefix and the port '81'. For our network, for example, we typed in https://192.168.1.21:81.
The page that appears asks you to log in, and you'll need to enter a username of 'root' followed by the password requested by the installer. You'll then be presented with the first page of the ClearOS startup wizard.
Click 'Next' and you'll be asked which network mode you want to configure. Which you choose will depend on how you want to use your new router.
The best option here is Gateway Mode, but this won't appear unless you have two network adaptors installed - one connected to the internet and the other to your LAN. If you'd rather experiment with ClearOS as a server, choose one of the two other options.
After selecting Gateway Mode, you need to tell the wizard which adaptor is which. The installer makes a pretty good guess at this, marking one adaptor as External and the other as LAN, but you can change the assignment if it's wrong using the 'Edit' button.
The next question asks for a DNS, and we'd recommend entering the IP address of either your ISP, Google (184.108.40.206) or OpenDNS (220.127.116.11). After this, make sure the free community edition is selected and click 'Next' to download and install any critical updates.
One of the best things about ClearOS is a package manager it calls the Marketplace, and the next step of the installation is to create an account to access this. You'll be asked for an email address, and be instructed to register your system with your new credentials.
You'll now be asked a couple of questions about domain names for your connection. If this is a home connection, you might not have one. We'd recommend using a free dynamic DNS service to get yourself one. Otherwise, you can always use a made-up name or the default values as a temporary fix.
We can now start installing applications. To start with, we'd recommend selecting the Windows file server, the bandwidth manager, port forwarding and the FTP server, but you can always come back at a later time and install more applications.
After making your selection, click on the 'Download and install' button. This will automatically grab and install all the packages you've selected. A few minutes later, depending on the speed of your connection, you'll be presented with the ClearOS dashboard and you'll be able to start using your new gateway.
A gateway with a firewall acts as a permissive barrier between two networks. In our case, that's between the internet and your local network. It's a necessary precaution because the internet is saturated with systems that constantly bombard every connection with random requests directed at ports with known vulnerabilities. Most of these vulnerabilities are found on non-updated versions of Windows, but they can also be found within almost any network-facing service, such as a web server or file server.
Within ClearOS, the firewall can be configured by clicking on the 'Network' menu on the left or top of the dashboard, followed by 'Incoming Firewall'. By default, there should already be a single defined rule called webconfig. This allows port 81 on the oncoming connection, which is the port you need to access the ClearOS web interface.
This rule means you can configure your gateway from the internet, and if you don't want this facility, click on 'disable' for the rule. To add your own rule, click 'Add'. You don't need to memorise most port numbers because the Add interface includes a list of the most common services. Select 'SSH', for example, and then click on 'Add' again. The rule list will now include SSH running on port 22, which is its default port.
If you need to add custom ports for your own services (or games) this can be done from the same interface.
ClearOS does run an SSH server, which is all you need if you want command-line access, but you may also want command line access to another machine in your network. To do this, you'll need to use port forwarding. This takes an incoming connection on one port - 22 in the case of SSH - and maps this to a different port on either a local machine, or another machine within your LAN.
Click on 'Port forwarding' then 'Add'. You'll be able to select a standard service in the same way you could for the firewall, but you'll also need to add a local IP address. This will be the destination for the port. You can forward custom ports, a range of ports and choose between UDP and TCP protocols by using the other options on the page.
The other feature you only find in advanced routers is the ability to limit connection bandwidth going through your router depending on what they're doing. This is often known as QoS, or Quality of Service, because it's often used to make sure time-sensitive data isn't affected by a torrent download, for example. Time-sensitive data could be streaming video or VoIP, where getting packets to the client is important. File downloads aren't normally affected by some delay.
When you select 'Bandwidth manager', you have two choices. The first of these deals with bandwidth limiting on an interface, while the second can be used to limit bandwidth by service. The first is useful if you have several subnets, such as a wireless host running on your gateway. You can use it to either restrict data coming into and out of this network, or restrict the other interfaces, so you can ensure there's always a decent amount of bandwidth.
The Basic Rules table is the most useful for the majority of networks, because it allows you to promote those first-class services while still allowing people to download large files. Click on 'Add' and you'll get the option to choose a service (like SIP or FTP), and specify whether you want the bandwidth limited or reserved, in which direction and at what rate.
To ensure SPI always gets 1Mbps, for example, choose 'Reserve', 'SIP', 'Flowing to the network' and set a rate of 1,000 (the rate is set in Kbps). If you have local users saturating your upstream bandwidth, change 'Flowing to the network' to 'Flowing from the network'. ClearOS will transparently limit the packets going through the network to ensure the services you depend upon will have the lion's share of your bandwidth.
And unlike some ISPs we could mention, you're in control of whether that's BitTorrent or HTTP, which is the best thing about running your own gateway.