A list of do it youself *nix router distros

I used freesco for 2 or 3 years a long time ago, I had no idea it was still in development.
 
Appreciate the thread.

I've been running Smoothwall at our office for years, but felt it was time for a change so I'm trying a few of the different setups here.
 
I think OpenWRT should be added to this thread. It has an x86 version that runs perfectly fine. It can support ext2, ext3, and ext4 (on trunk builds) file systems for installation.
 
you should add MikroTik's RouterOS to the list.

they have routerboards that come pre-installed with RouterOS, as well as an x86 version that you can install on any x86-based PC, including PC's with multiple cores.

MikroTik RouterOS is one of the best router products i've used to date, and i don't think i'll ever switch to another product for my home connection. we also use Routerboards at work, and are doing our best to transition as many of our existing installs over to Routerboard/RouterOS products as we can. unless one of our clients just insists on something else, we are pushing hard to get them all to make the switch. it works extremely well when properly set up.

there is a bit of a learning curve for RouterOS, but once you learn it, i doubt you'll ever go back to anything else.

check 'em out at www.mikrotik.com.....you can also check out the routerboard products at www.routerboard.com...routerboards are a build-it-yourself router product, so you pick/choose the parts you want to build it on.....and so far the best place i've found to purchase routerboard products is Flytec Computers (but it's a good idea to look at the routerboard page first to know what pieces you want/need before going there, so you know the part numbers to search for)....you can buy parts directly from the Routerboard page, but they require an account, and there's an extra $50 charge for orders less than $1000, so it's best to buy from another retailer/e-tailer
 
I'd like to get my first PFSense box going, but when I click the link to download the RC3 for 2.0 there are soooo many options I don't know which link to download... I know I want RC3 2.0 but there are tons with that name on it.

I want to install it on my 4GB USB stick that I got free with the ram for the box figured it was free and might as well use that instead of a HDD



ok I got this one cause it seems like it would be the right one...
pfSense-memstick-2.0-RC3-amd64-20110621-2308.img.gz

what do I do with the file tho? Never installed onto a memory stick before.
 
Greatone123 said:
I'd like to get my first PFSense box going, but when I click the link to download the RC3 for 2.0 there are soooo many options I don't know which link to download... I know I want RC3 2.0 but there are tons with that name on it.

I want to install it on my 4GB USB stick that I got free with the ram for the box figured it was free and might as well use that instead of a HDD



ok I got this one cause it seems like it would be the right one...
pfSense-memstick-2.0-RC3-amd64-20110621-2308.img.gz

what do I do with the file tho? Never installed onto a memory stick before.
Click to expand...


There are instructions on pfSenses website I believe. But the fast directions are that you need to get a program that will make your USB drive into a bootable disk from the .img file. What OS are you using to make the live USB drive? In windows I use Universal USB Installer.
 
So will using that program allow me to install PFSense to my USB and boot from it to run PFSense?

The only instructions on the website are for the LiceCD installing to a HDD or to a Compact Flash card, which I tried to do the same CF instructions just to my USB stick but that writedisk program that they talk about didn't work.


I really don't want to waste a HDD in my PFSense box
 
Ya it should work. I made a bootable Ubuntu USB drive with that program, so I don't see how it would be any different for pfSense since it's FreeBSD based and is generally the same. I'm actually going to try it on my home router box since I don't have an HDD for it. I'll get back to you via PM in a couple days after I figure out my wireless router cutting out and get everything running good.
 
Ok so that's where it went wrong then, I was using the GUI, and it made it look like it was actually writing to the drive.

So I'll try command line then
 
So that method didn't work when I attempted last night. I had to get physdiskwrite for windows and then I used command prompt to run it since for some reason the GUI version didn't work correctly. It is the only way I could get it to work since I tried dd as well and that didn't work since I didn't know the block size for it. Just google physdiskwrite for windows and if you need any help with it just shoot me a pm.
 
i am currently using ipfire, I've tried the majority of the distro's listed, but seeing how new it was i figured i would give it a go , can't be happier.

running on
Biostar nforce 410 board
939 4200 x2
1gb ddr 400
80gb 5400rpm laptop drive
intel pro mt dual 1000 nic
cheapo bt adapter (testing out feature)
cisco (atheros based) pci wifi card
 
Will any of these give me specific enough information either by port or by IP address in MRTG format?

For example, I'd love to see all the traffic on port 80 vs 443 vs 22 on each device I have, not just a general total for those ports into my network.

Even more specific, I'd love to see all external traffic from a specific IP address to an internal port address. eg: Client backups to my systems - can I see how much data client 1 is pushing to me, vs client 2.

I'd love a MRTG type graph for my router, NAS, desktops, IP cams, etc.
 
Here is my experience with these firewalls:

I am a network engineer with the Deparment of Energy and play with Cisco all day long, so I really only have the old Pix/ASA stuff to compare from a work perspective, but the reality is from a capability standpoint any one of these can be a great firewall.

I personally use m0n0wall as my main firewall at home, due to its speed and easy shaping (magic shaper wizard is perfect). pF is newer/somewhat better (and I use it on another network for multi-WAN combining), but my main box is a IBM Thin Client with a P266 MMX chip (classic P1 baby!) Both of these are BSD based which I personally prefer.

Props to utangle and ipcop, although the whole "pay us to get a few more features" thing always bugged me when its on a free software platform to begin with.

I think what most gamers/enthusiats don't comprehend about networking and home routers is the raw connection/NAT table capabilities of a *real* router vs the SOHO garbage. The Linksys WRTG54G was lucky to support 1500 simultaneous connections in its NAT table before starting to get flakey. Some routers only do 500! Some of the newer stuff starts to have real simultanous connection counts but not many.

I just remember when modern warefare was released. That game had a nasty habit of not closing connections properly when doing server refreshes, so to actually ping all servers it was about 20-40k simultanous connections in use! Example Scenarios -- Try to refresh servers with the average router. Result: find a dozen servers with under 80 ping. Try to refresh servers with mono. Result: find three dozen servers under 30ms! I've seen/ran ~75K active connections before through pF and m0n0, neither broke a sweat!
 
A quick update - been running ClearOS for over a year now in a virtualized environment and aside from manually shutting down the box for host maintenance and moving locations, it has been rock solid...
 
JermWerty said:
I think what most gamers/enthusiats don't comprehend about networking and home routers is the raw connection/NAT table capabilities of a *real* router vs the SOHO garbage. The Linksys WRTG54G was lucky to support 1500 simultaneous connections in its NAT table before starting to get flakey. Some routers only do 500! Some of the newer stuff starts to have real simultanous connection counts but not many.
Click to expand...

Why is a full NAT table handled so badly?
What's the reason for the low limits anyway?
And what kind of connection counts do things like DD-WRT and Tomato support?

BTW, are there any router 'packages' that run on top of normal Debian?
 
A full NAT table = no room for new connections. In other words you will experience that browsing slows down to a halt because you are only able to download new stuff from a page when old connections gradually clears. Entering a modern web page can easily spawn 50 new connections because of things like ads and pictures.

Each and every connection requires memory and resources. To save money old/cheap routers only have the bare minimum of hardware to support a GUI and enough connection for normal browsing. If you ping thousands of servers using a gaming platform or have some torrents going on, perhaps also in combination with stupid connection clearing algorithms in the routers software, then you will get slowdowns and missed connections if you don't use good equipment.

The connection count are mainly set based on the hardware resources (often memory) available. New software on too slow hardware won't necessarily help much, but may improve things a bit given that it is optimized better.

I use a CLI-only headless Debian firewall at home. It has OpenVPN, IPSec, iptables(firewall and NAT) and does routing between eight subnets (with OSPF in certain cases). You don't _need_ a "routing package" for this as this functionality set up from the CLI using built-in functionality or only the needed packages (e.g strongswan and openvpn).
It uses only a barely visible amount of CPU to route 1 gbit/s real TCP throughput from interface to interface using VLANs with iptables firewall on both interfaces. This is only one connection of course. I have had massive amounts of connections and have never had anything appearing at all in the CPU or memory stats. If I enable netflow collection it will increase CPU-usage a lot when routing at gigabit speeds however. My internet connection is 50/50 fiber-optic and it is not able to produse any kind of visible load even running at the maximum in both directions with thousands of connection.

I use a Intel Core 2 Duo E8400 (dual core 3GHz) with 4GB RAM and a SSD for OS that I had lying around as the firewall. It also has Intel PCI-e Pro/1000 server NICs.
 
Last edited:
I'd add Mikrotik to the list. It's focused on routing and wireless. They also have their own related circuit boards.

The hotel I live in uses it for it's wifi routing.

Coyote Linux - LiveCD router.

DD-WRT, runs on existing embedded router hardware.

FloppyFW, router that runs from an x86 floppy.
 
^^^^ Used DD-WRT x86 in a VM for probably two years. Only time it every gave me issues is when I swapped hardware around.
Worked great until recently when one of the NICs went flaky. (Realtek)...quit picking up on the modem, that or VMware borked something in the bridge driver.
Switched to a beat to piss WRT54g2 loaded with DD-wrt while I work on a complete rebuild and move it to a physical machine. I am however considering running Untangle for a bit, on some good speedy hardware, and see how well it does. If it can handle a few dedicated game servers since the last time I tried it Ill stick with it possibly. Last time I tried it was 2yrs ago when I broke into DIY routers...its had alot of updates since.
It was great for everything but hosting MW2 servers.
 
I'm in the market for a new router and I've been thinking about building a m0n0wall box. How does it compare to something like this? Specifically, that router has 3 antennas, doesn't this mean it has better coverage than an old PC-turned-router with only 1? Can any old NIC just broadcast a wireless signal? Also if you needed more ethernet ports would you just buy a different NIC or just use a switch like this?

Also, if I download an IP blocklist using Blocklist Manager, can I export it into m0n0wall and have it block a range of IPs? specifically I would be looking at the malware, adware, and bogons blocklists.
 
Untangle has now gone to version 10 which has full IPv6 support and the network core has been completely re-written. Too many changes for upgrading, Has to be a new install.
 
It would be nice to update the list with domain blocking capability over https.
Sophos (astaro) has the feature.
 
nomination for OpenWRT... been going through all the options, and I'm more familiar with OpenWRT, since I have run it on various routers in the past..
Just tossed the latest version in a VM on ESXi 6.0u2, and quite simple.
 
using 32bit Untangle w/1.66ghz Atom & 2 x 2gb DDR2 with an SSD drive .. any advantage to going with 64bit version? It currently sees all 4gbs and it's just for my home network so just 2gb's of memory would probably be sufficient. I use the free apps ..

Web filter lite
Virus blocker lite
Firewall
Intrusion Prevention

I've been "googling" around for an answer to no avail.
 
Not really, until you get over 4G, also the extra instruction sets for x64 i know on the UT forums people always said it took SOOO MUCH more resources, but not sure how true it was. I would stick with 32 if it is working.
 
Would have to agree with the above statement. If its running well with 32bit and 4gb of ram. Your probably just fine.

If your network ever gets busy the best upgrades ive found have been cpu and intel pcie gig nics. I have mine on an asrock amd C70, 4gb of ram and intel dual pcie nic.
With the free apps and OpenVPN running the biggest compliant ive ever seen from it has been on lenghtly steam downloads....and the was for the cpu. It is a AMD c70...not surpised. It still pegged my 175 down and 24 up internet.
 
Also well worth adding to the list is "Vyos", which is a community fork of the late Vyatta Core.
Ubiquiti's EdgeOS (used on the Edgerouter product line) is also a fork of Vyatta Core, making Vyos a natural and cross-compatible alternative for someone wanting to roll their own physical or virtual fully featured router or firewall.
The configuration can easily be migrated between all 3 with minimal modifications.


https://vyos.io/
 
You must log in or register to reply here.
Back
Top