Hello selfhosted.
My router just burnt up and instead of buying a new one, I’m thinking of turning my own built NAS/home server into a router. Is this possible?
The server in question is a normal computer running debian, where I have a few disks in RAID and host some web services. The motherboard only has one RJ45 port, so my guess is that I have to at least get a network card that supports 2 ports. I’m no stranger to linux but physical networking is not my home field, though I’m very interested.
If someone could point me in the right direction, I would be more than happy.
This is extremely possible and I have done a lot of stuff like it (I set up my first home built Linux firewall over 20 years ago). You do want to get some kind of multiport network card (or multiple network cards… usb -> ethernet adapters can do OK filling in in a pinch). It also gives you a lot of power if you want to do specific stuff with specific connections (sub netting, isolation of specific hosts, etc).
There’s a lot of ways to do it, but the one I’m most familiar with is just to use IP tables.
The very first thing you want to do is open up /proc/sys/net/ipv4/ip_forward and change the 0 to a 1 to turn on network forwarding.
You want to install bridge-utils and isc-dhcp-server (or some other DHCP server). Google or get help from an LLM to configure them, because they’re powerful and there’s a lot of configs. Ditto if you want it to handle DNS. But basically what you’re going to do (why you need bridge-utils) is you’re going to set up a virtual bridge interface and then add all the various NICs you want on your LAN side into it (or you can make multiple bridges or whatever… lots of possibilities).
Your basic iptables rule is going to be something like
iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE, but again there’s lots of possible IP tables rules so read up on those.
I had a very similar problem as @Toralv@lemmy.world a few weeks ago. I repurposed a small, fanless x86 desktop computer as my new router. It has only one RJ45 port and due to its small size cannot be extended with a proper network card. As it has an unused USB3 port, I acquired a cheap Realtek-based USB3-to-RJ45 ‘adapter’ as the second network interface. It works without any further issues in Linux (Arch) and has no problems to handle Gbps traffic.
For the router configuration, I am using ‘nftables’ instead of ‘iptables’, as the former is supposed the successor of the latter. I only used the new nftables configuration, but there are wrappers available so that one can continue to use iptables syntax if desired.
For network configuration, I am using systemd’s networkd. Check systemd.network(5): Configuration option ‘IPMasquerade’ takes care of telling nftables/iptables to setup masquerading (rendering the iptables invocation @thebardingreen@lemmy.starlightkel.xyz exemplified unnecessary), options ‘IPv4Forwarding’ and ‘IPv6Forwarding’ renders manually changing ‘/proc/sys/net/ipv4/ip_forward’ unnecessary.
systemd’s networkd has a built-in DHCP server; check option ‘DHCPServer’ and section ‘DHCPServer’ for that (same man page as above). This way you can skip installing/configuring a separate DHCP server, but systemd’s DHCP server has some limitations, such as only supporting DHCPv4 and lack of proper command line tools. For example, to retrieve the list of current leases, you would have to make a dbus call to networkd, e.g. via busctl or dbus-send.
Bridges can also be configured with systemd’s networkd, making a separate bridge tool unnecessary. Rather straight-forward with three small configuration files, telling networkd that you want to have a bridge, its name (e.g. br0), its MAC address, which NICs will be part of the bridge, and the bridge’s configuration like a NIC itself (e.g. static IP address, that the networkd’s DHCP server shall listen here, …).
systemd’s networkd has a built-in DHCP server; check option ‘DHCPServer’ and section ‘DHCPServer’ for that (same man page as above).
Is that true in Debian? If so, cool. I did not know that.
This was my first thought. I have some experience with iptables so I think this would be doable. Thank you
I’m happy to answer specific questions as you dig into it. :) Good luck.
I’d recommend
dnsmasqfor a DNS/DHCP server component. It is time tested, used on some consumer routers as a daily-driver industry component. It has a far easier learning curve compared to the like of ISC’s offering, and the feature gaps are not going to affect you until you have a firm grasp on many deeper DNS or DHCP nuances.
