A Safer Home Network For Under $100
Posted on December 3, 2007 at 12:00 pm by Josh

Stop! Don’t buy that cheap router! So-called “plug ‘n play” routers are the cause of more home network problems and security holes than anything else. Why would you pay $50 or more for a migraine in a square box? I’ll show you how to build your own router from scratch that is far more powerful, far more secure, and far cheaper than that store bought hunk of junk you’re looking at in another browser tab right now. Yeah, that’s right, close that out right now, and relax. This isn’t going to be nearly as painful as you think.

The first thing we need to do is take a quick crash course in what a router does. Most people want to treat a router like a phone jack splitter, but if you do this you’re going to run into a lot of problems without having the faintest clue why. The truth is a router does far more than just split up your DSL or cable connection to several computers. It also has to assign unique addresses to each computer on your network, determine which computers are actually on and active on the network, and act as a postmaster delivering data to and from the right computers. If you have wireless it maintains and (hopefully) encrypts the connection, and in some instances your router also initiates the connection to your internet provider.

Any cheap router off the shelf will do all these things. Some will do these things better than others, and toss in a few neat features, but at a higher price. I’m going to show you how to build a firewall with features and functionality that would cost you several hundred dollars, for just the price of a very low performance computer, a cd-rom, and a couple network cards. I was fortunate enough to have an old Pentium 2 given to me, and to have a couple network cards laying around, so I was able to purchase a wireless card and have a working wireless router and firewall within an hour for $40.

So let’s talk turkey. You need at a bare minimum a Pentium 1 with 128 MB of RAM,a CD-ROM drive, and a 1 GB hard drive. You also need at least two network cards. This sort of hardware can be found in dumpsters, thrift shops, garage sales, etc. Seriously, it’s hard not to trip over this in everyone’s garbage. If all else fails you can pick up something on eBay for pocket change. My recommended specifications are a Pentium 2 with 256 MB of RAM, a CD-ROM drive, a 5 GB hard drive, two network cards, and a wireless card based on the Atheros chipset, such as any recent cards made by NetGear. For network cards I recommend NetGear or 3com. If you are going to have more than one computer connected directly to the router with an ethernet cable, you will need to get a switch. SMC switches are good and cost around $20-$30 for a 5 or 8 port model. This will set you up with a pretty beefy system, and you should be able to meet these specs for well under $100.

Installation

Once you’ve got your hardware together, you’ll need to download a copy of pfSense and burn it to CD. Boot up your firewall with the CD in. Make sure you set your BIOS to boot from CD, and you should see the LiveCD start booting up. At one point in the boot process, the system will stop and ask you to configure your network connections. Make sure all the ethernet cables are unplugged from the box. The first one you’ll need to configure is the LAN interface, so hit “a” for autoconfigure and you will be prompted to connect the LAN interface and verify the link. Take the ethernet cable that goes to your internal network and plug it in to whichever network card you like, then hit enter. It should say linkup detected on interface xl0 or rl0 and proceed to ask you to configure the WAN interface. Take the ethernet cable from your DSL or cable modem and plug it into the other network card, then hit enter. If all goes well it will detect a linkup again and prompt you to enter the interface name of the optional interface. If you decided to go wireless, and took my advice and got an Atheros card, you can enter ath0 here and hit enter, then hit enter again when it prompts for the second optional interface.

There is some more booting, then you’re brought to a menu. Hit option 99 to install to hard drive, and follow the on-screen prompts. It will take about 30 minutes to an hour depending on how fast the machine is. Once the installation is done, select reboot from the menu and remove the CD from the drive. I will warn you now, you’re going to have to reconfigure the interfaces again during boot, but this is the last time I promise!

Configuration

Once the box reboots and you’re back at the menu, you’ve got one more thing to do and we can disconnect the monitor and keyboard for good. Select the menu option to set LAN IP address. Choose whatever you like, I stick with good old fashioned 192.168 format familiar to anyone who has ever suffered….ahem exscuse me…used a Linksys router. You’ll also need to set your DHCP stop and start addresses. If you did like me and used 192.168.1.1 for your LAN IP, you can use anything between 192.168.1.2 through 192.168.1.254 as your range. However, it’s usually a good idea to leave some addresses reserved for static assignments. I always use the top end of range for dynamic addresses, and the lower end for static and temporary addresses. In my case this means my DHCP range is 192.168.1.100 to 192.168.1.200. This gives me 100 dynamic addresses, and seriously, I’m never going to have 100 computers attached to my network.

Once you have set the LAN IP, move to a machine on the local LAN and pull up a web browser. Type in the LAN IP you set a moment ago, and if all goes well you should get prompted for a username and password. The default username is “admin”, with a password of “admin”. The first time you log in, you’ll be taken through a short and simple setup wizard. I recommend you take the opportunity to change the admin password. Once the wizard is done, take a few minutes to look around at the interface and see what options are available. At this point you should have internet access on your wired LAN. If you installed a wireless card and configured it during boot up, you will need to go to the interface menu and select OPT1, and check the box to enable it. There are a few other settings on this page as well such as ESSID, encryption, etc. At the very least you need to set an ESSID and change the mode to Access Point. You should now how have a fully functioning, enterprise-grade firewall complete with wireless access. Companies pay hundreds of dollars for equipment that is often actually less powerful than the unit you’ve just built for a fraction of the cost.

Be sure to read the documentation for pfSense found here. Happy safe surfing!

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
Permalink

2 Responses to “A Safer Home Network For Under $100”

  1. LogicSouth Tech Blog » Blog Archive » A Safer Home Network For Under $100 Says:
    December 6th, 2007 at 18:07

    [...] (more…) [...]

  2. TECHNOLOGY Blog Carnival on TECHIEGIRL- January 2, 2008 &raquo techiegirl.info Says:
    January 1st, 2008 at 11:30

    [...] Handle presents A Safer Home Network For Under $100 posted at Open Source [...]

Leave a Reply

You must be logged in to post a comment.