Ultimate DIY Router

Computer, Linux, TTOS, Tutorials, Tutorials

There are many reasons you might want a DIY router.  For the sake of argument, the device used for testing during writing this article is for performance of an exotic network setup on a budget.  In this guide, the ultimate diy router, we are going to go throught the steps in seting up an easy to use enterprise grade linux router, and install Webmin for easy administration.  For this guide, you will need the following….

1.) a somewhat modern x86-64 computer with at least 512MB RAM (1GB or more with multicore CPU recomended)

2.) a blank DVD-R

3.) This is optional, but a rackmount chasis is recomended so that expansion of the setup can be kept neatly organized.

4.) Intel 7260HMWDTX1 PCIe x1 Dual Band Wireless-AC 7260 for Desktop

5.) additional NIC card (almost any are linux compatible, but my mother board has two built in so i do not require this)

6.) A network switch (plan to get one with as many ports as you need, and a rackmount switch can help keep things organized)

Server-Rack

To start, I will be using an ISO of TTOS Linux Version 1.0 (based on Debian Jessie 64 bit).  I sugguest downlaoding the latest debian stable ISO from their website for this guide and burn it to a DVD.  For our setup hard drive, we are not to worried about space usage since it will not be running user programs or hosting files, so hard drive size can be minimum, and hardware can be moderately old.  I’m using a dual core 1.6GHz AMD Athlon X2 with 2GB RAM for my setup.

Install the OS and follow the prompts.

The first thing we want to do is configure a static network IP address for our first network interface card.  Issue the following command to edit your network configuration..

sudo nano /etc/network/interfaces

And make sure the following are the contents…

 

auto lo
iface lo inet loopback
allow-hotplug eth0
iface eth0 inet dhcp
allow-hotplug eth1
iface eth0 inet static
 address 192.168.1.1
 netmask 255.255.255.0
 gateway 192.168.11.1
 dns-nameservers 8.8.8.8, 8.8.4.4
 
The first section of the configuration file is for the local loop back.  If you aren't versed in networking concepts, just ignore it as I won't be getting into this in this article.  The second states that your card labeled as "eth0" will be assigned an IP address from your Internet Service Provider using the DHCP protocol, and it gives the system permission to auto connect when the cable is inserted.  This is where your cable modem connects directly to your computer.  The last section states that a static IP address of 192.168.1.1 is set for network card with label "eth1".  This is where the switch is connected.
 
Next thing we want to do is set up the computer in order to work with it remotely from our home computers.  And we also want to disable any GUI services.
sudo systemctl set-default multi-user.target
What this does is boot the system to command line by default on your next boot.  But don't reboot yet.  We want to setup ssh remote login capabilities to the system...
sudo apt-get update
sudo apt-get upgrade
apt-get install openssh-server
rm /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
sudo init 6
After all of this is input, your server will restart.  After this, we can configure it remotely from another computer connected to the network.  From here, we will use a desktop connected to the serverou to finish the configuration.  All my desktops and laptops run TTOS Linux.  So if yours runs Windows, you will need to download an SSH client such as putty.  Since ssh client is built into all my systems configuration, i just open up a terminal window and connect with ssh username@192.168.1.1
(To make this easier, if you have a linux system, add   "192.168.1.1   router" into the file /etc/hosts and you can connect with the command ssh username@router)
Now, we install Webmin for our diy router web GUI.
First, we make sure our dependencies are installed...

apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python ssh openssh-server

Now we move on to downloading and installing webmin

wget http://prdownloads.sourceforge.net/webadmin/webmin_1.801_all.deb

dpkg --install webmin_1.801_all.deb

In my experience, I have had trouble with port forwarding of port 10000, so we are going to choose a new port for webmin.  And also, if you would like to access any other server on your network through port forwarding of the same IP address, having separate port settings on each computer makes this much easier.  We do this by editing the config file, and finding the port 10000 and change it to 8888 and save.  (I chose this number because it's easier for me to remember as google public dns is also 8.8.8.8 but you can chose whatever one you like)

nano /etc/webmin/miniserv.conf

Now, any other servers can use port 8889 and 8890 and so on.  We will get to port forwarding in this tutorial later.

What is it that every router we purchase in the store does?  It offers a WiFi access point of course!  To accomplish this, I chose the Intel 7260HMWDTX1 PCIe x1 Dual Band Wireless-AC 7260 mainly because I searched on google and found that this card is known to work.  But which ever card you choose, follow the instructions on setting up the firmware and kernel modules with your server.

Next we need to configure the access point.  First we download and install all needed files and dependencies...

wget -c http://github.com/pjz/webmin-modules/releases/download/v1.0/hostap.wbm.gz

apt-get install hostapd

nano /etc/default/hostapd

Set the pathname for the daemon config file

DAEMON_CONF="/etc/hostapd/hostapd.conf"

Next, open the config file with

nano /etc/hostapd/hostapd.conf

and add the following to it..

interface=wlan0       # the interface used by the AP
bridge=br0            # the wireless bridge 
driver=iwlwifi        # the wifi kernel module and driver for my card
hw_mode=a             # a simply means 5GHz
channel=0             # the channel to use, 0 means the AP will search for the channel with the least interferences 
ieee80211d=1          # limit the frequencies used to those allowed in the country
country_code=FR       # the country code
ieee80211n=1          # 802.11n support
ieee80211ac=1         # 802.11ac support
wmm_enabled=1         # QoS support

ssid=mydiyrouter         # the name of the AP
auth_algs=1           # 1=wpa, 2=wep, 3=both
wpa=2                 # WPA2 only
wpa_key_mgmt=WPA-PSK 
rsn_pairwise=CCMP
wpa_passphrase=password

Save and exit the config file… now open up a browser and navigate to “https://192.168.1.1:8888”

login using your root user account and password.  Once logged in, navigate to

Webmin Configuration -> webmin modules ->

Then click on the field for install from URL and enter the following

http://github.com/pjz/webmin-modules/releases/download/v1.0/hostap.wbm.gz

Select no to ignore dependencies, and allow only root to use the module.  This will give you a GUI to edit your router SSID and your wireless settings.

Next is port forwarding.  You might have services on your network that you would like to access from the Internet.  To do this, we add a rule to our firewall that forwards the port.  Here is where you go to add the rules….

Networking -> Firewall -> IPTables -> Forwarding -> Add Rule

The information you will need to fill out is both your source and destination IP addresses, and port numbers / port range.  You have to accept or decline the port forward request, and you have to give it a comment as to what it is for.  For example… i would enter router IP as source, and Kodi Server IP as the destination, port 8080 for both tcp / udp, and name the rule comment as Kodi Server.  This would allow me to connect to Kodi using my phone and my public IP address.  I would not recomend messing with this until you research and experiment with port forwarding on a separate setup to learn.

Next is packet filtering.  We want two things for packet filtering... first is simple firewall rule set.  The next is Antimalware scanning which will be in a different article.  
Networking -> Firewall -> IPTables -> Input -> Add Rule (the following is only for your ethernet port with the incoming internet connection)
 * Add rules to allow the following ports... 21, 80, 420, 580, your-selected-webmin-port
 * then set default action for input to drop, and default action for output to accept.
 * select start firewall at boot
 * Save your changes, and restart firewall.  If all was entered correctly, you should still have access to your router, and webmin.
What this does is tell the router to drop all packet communication requests on all ports accept the ones specified above.  And to allow all outgoing connections from our router to any outside source.  This is a standard packet filtering firewall on high security.  We want to leave our wifi AP connection as / is to allow connections through wifi.  However, you can allow mac address filtering so that only approved devices can connect to wifi as added security.
Next step is to supply internet connection to our network (the most important part of our router).  Since there are plenty of resources, I will provide a link to an external source that explains this perfectly for our application.  We want to do this for both our second ethernet port, and our wifi interface.  Here is the link...
http://www.trbailey.net/tech/iptables.html
 
Next step is quality of service filtering / QoS.  To do this, we need to install Webmin-HTB.  first... open a terminal and ssh to our router.  Type in the following command...
 # cd /usr/share/webmin

   # sudo apt-get install cpan wget tar

   # sudo cpan -i Tree::DAG_Node

  # sudo wget http://sehier.fr/webmin-htb/webmin-htb.tar.gz

  # sudo tar -zxvf webmin-htb.tar.gz

Now, in the webmin servers module, we need to give access to the users using our router.  After this, we now have the ability to set priorities and monitor ques.

Once you fine tune your packet filtering firewall and your QoS, you will have the ultimate WiFi router with upgradable components to future proof your investment!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.