I would like to build a custom router. Please help!

[marionwalters]

Hello everyone! As the title states I would like to build a custom router for my home. Unfortunately, I don't have much experience with networking in general and could really use some guidance and advice. Thus, why I have come to overclockers.

My main motivation for building a custom router is for increased security, to setup secure wi-fi access for our home and to learn more about networking and security in general.

Our current router is a Netgear WNR834Bv2 and is a piece of garbage for the most part. The wi-fi it offers is very poor (being in the same room, even right next to it, or a few feet away doesn't seem to matter) and is not secure. Using Reaver I was able to brute-force my way into our network very easily because the router features WPS. Although Netgear says that the WPS PIN can be disabled, it is not actually disabled.

I was interested in using PFsense as the software for the router and firewall. However, I am open to other types of software and any feedback is greatly appreciated.

Regarding the hardware I would need, I believe I would need the following components: a motherboard, a CPU, a heatsink, RAM, a HDD, a NIC, a switch, an antenna, a case of some sort, and a PSU.

Hopefully these are all the necessary components, if not please let me know. I have some hardware laying around already and I hope it can be used to save some money.

I have an AMD Athlon II 640 CPU, a Biostar A780L3G motherboard, some stock heat sinks for the CPU and some thermal paste.

Could I use these components for my custom router? If there are better alternatives that are cost effective, I would certainly be open to using a different CPU and motherboard. Perhaps a motherboard with ECC support?

I would like the router to be a dual-band, gigabit router with wi-fi support. Ideally I would like it to run on as low power consumption as possible without compromising performance.

We have four computers in our home and would thus need a minimum of four ethernet ports with room for expansion. Could I purchase a single gigabit NIC (dual port) or two single port NICs (WAN and LAN) and then use a gigabit switch to expand the number of LAN ports? If so, would this cause a bottleneck since there are multiple devices connected to the switch which is then connected to a single ethernet port on the router? I don't think there would be bottleneck as far as speed is concerned but perhaps the number of connections (games and torrents) would be less than ideal?

I am also posting our internet speed below for what it's worth:
Ping: 5ms
Download Speed: 47.00 MBps
Upload Speed: 11.18 MBps
Server <50 miles away
From Speedtest.net

I will be closely monitoring this thread and happy to provide any further information if required. I greatly appreciate all feedback and help. Thank you!

 

[Automata]

I would stay with your original idea of using PFSense. I'm currently using that in my setup and it has worked wonderfully. I've used Astaro, M0n0wall, and Smoothwall in the past and I like what I'm using now the most, by far.

Hardware wise, I would suggest picking up an older system that is lower power and will take two network ports (preferable gigabit). I'm currently using a 2007-2008 era Gateway with some recent modifications because the power supply exploded. It is quiet, small, and pulls very little power. I leave wireless duties to a e3000 and various WRT54g devices, all set to have DHCP disabled to allow the PFSense router to handle routing duties. For ease of setup, I would suggest leaving wireless to the wireless routers.

 

[grubbster]

I have used a set up similar to what you are requesting (smoothwall) and wireless routers as Thideras noted. I would recommend you install 3 NICs if you have the slots. One for wan, 2 for lan. You can attach switches to the lan ports as necessary. You can make your two lans the same network or different. I would use one for your wireless and the other for your pcs.

 

[cullam3n]

At a minimum you will need two NICs (WAN and LAN) for pfSense. I set one up a while back, it's pretty easy. I even set up a VPN so I can connect to it through my phone while on 4G. You can plug your current router into the LAN if you want, you just need to o into the configuration of it and put it in "access point" mode (or something to that effect). You'll give it a static IP and gateway, and it will just act as a switch with wifi.

You hardly need any space or high specs for a pfSense box at home that isn't routing that much traffic or have a lot of firewall rules or lots of traffic. I had mine running on a 3200+ with 1GB of RAM just fine. You don't need a lot of space either; I've read of plenty of people using a CompactFlash card with a CF-->SATA adapter (4 or 8GB, I don't remember). Unless you are keeping logs, it doesn't write much to disk.

Although you can manage wireless adapters with pfSense, I would just leave that to the router you currently have.

 

[gangaskan]

pretty much what everyone else said stick to smoothwall or pfsense.

i would use other stuff, but thats the networking geek in me (i have a cisco 1841 and a Cisco 4503 as my core at home ^_^)

 

[fall]

As what Thideras said, for Wireless use a Wifi capable router as Driver support for Wifi cards in FreeBSD is rather lacking to use it as an access point. If you would like it to be firewall and access point you can use Untangle and Hack around with the Kernel source code to get it to work. But at that point it would just be easier to use a Wifi router

 

[marionwalters]

Thank you everyone for your responses. I have read them all carefully.

After some more research and based on the response given here, I have determined purchasing a wireless access card is simply not worth the trouble.

So instead I will purchase a wireless access point or wireless router and connect that to the PFsense box to manage the wireless network.

Does anyone have some recommended wireless access points? I'm looking for the most cost effective ones. A good range and signal strength for the price. It doesn't have to be top of the line but reliable and preferably with open source firmware.

 

[cullam3n]

You can use the netgear router you have now as a wireless access point.

 

[klauss214659]

I have been using IPFIRE and is awesome, very easy to configure lots of options (squid, squid guard, update accelerator, time server {lan}, snort, guardian, clamav, openvpn), definitely another option