====== Build A Slackware Router (Quick and Dirty Instructions) ====== On many occasions, I've needed a simple router that can do more [sub-netting] than your standard SOHO router but didn't need the complexity of something like pfSense. If you need a simple small router, a Raspberry Pi (with USB network adapters) + SlackwareARM (http://sarpi.fatdog.eu) works great. Regular Slackware on cheap x86 hardware works great also! ====== How to do it ====== 1) Install Slackware/SlackwareARM and make sure you have at least TWO network interfaces. For our examples: * ETH0 will be the WAN NIC * ETH1 & WLAN0 will be the LAN 2) Setup the WAN network interface as DHCP [client] or STATIC IP (as needed) and the LAN(s) as static IPs. (We'll address setting up a DHCP server on the LAN further down). 3) Enable IP FORWARDING: sudo chmod 755 /etc/rc.d/rc.ip_forwarding NOTE: I've had this not work in the past. What ALWAYS works is: vi /etc/rc.d/rc.firewall ADD: echo 1 > /proc/sys/net/ipv4/ip_forward 4) Enable masquerading: vi /etc/rc.d/rc.firewall ADD: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE If you reboot at this point, you'll have a very basic working router. ====== Adding niceties ====== === DHCP server on the LANs === You can set up DHCPD (included in Slackware) but using DNSMasq is SOOOOO much easier: vi /etc/dnsmasq.conf ADD/CHANGE: port=0 interface=wlan0 interface=eth1 dhcp-range=10.3.2.0,10.3.2.254,12h dhcp-option=6,8.8.8.8.8.8.4.4 WHERE: \\ port=0 disables DNS function and only allows DHCPD. \\ interface specifies which interfaces to listen to for DHCP requests. \\ dhcp-range specifies the DNS range start IP and end IP and the lease time. \\ dhcp-option=6,x.x.x.x specifies a DNS server IP to pass to connected clients. \\ Then enable DNSMasq: chmod 755 /etc/rc.d/rc.dnsmasq === Firewall tricks === So much you can do here. Do a web search on iptable rules. One useful rule is- DISABLE SMB/NETBIOS requests through the router: iptables -A INPUT -p udp --destination-port 130:145 -i eth0 -j DROP ====== Sources ====== * Originally written by [[wiki:user:arfon | arfon]] {{tag>router ip_forwarding masquerade author_arfon }}