====== Build A Slackware Router (Quick and Dirty Instructions) ======
On many occasions, I've needed a simple router that can do more [sub-netting] than your standard SOHO router but didn't need the complexity of something like pfSense. If you need a simple small router, a Raspberry Pi (with USB network adapters) + SlackwareARM (http://sarpi.fatdog.eu) works great. Regular Slackware on cheap x86 hardware works great also!
====== How to do it ======
1) Install Slackware/SlackwareARM and make sure you have at least TWO network interfaces. For our examples:
* ETH0 will be the WAN NIC
* ETH1 & WLAN0 will be the LAN
2) Setup the WAN network interface as DHCP [client] or STATIC IP (as needed) and the LAN(s) as static IPs. (We'll address setting up a DHCP server on the LAN further down).
3) Enable IP FORWARDING:
sudo chmod 755 /etc/rc.d/rc.ip_forwarding
NOTE: I've had this not work in the past. What ALWAYS works is:
vi /etc/rc.d/rc.firewall
ADD:
echo 1 > /proc/sys/net/ipv4/ip_forward
4) Enable masquerading:
vi /etc/rc.d/rc.firewall
ADD:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
If you reboot at this point, you'll have a very basic working router.
====== Adding niceties ======
=== DHCP server on the LANs ===
You can set up DHCPD (included in Slackware) but using DNSMasq is SOOOOO much easier:
vi /etc/dnsmasq.conf
ADD/CHANGE:
port=0
interface=wlan0
interface=eth1
dhcp-range=10.3.2.0,10.3.2.254,12h
dhcp-option=6,8.8.8.8.8.8.4.4
WHERE: \\
port=0 disables DNS function and only allows DHCPD. \\
interface specifies which interfaces to listen to for DHCP requests. \\
dhcp-range specifies the DNS range start IP and end IP and the lease time. \\
dhcp-option=6,x.x.x.x specifies a DNS server IP to pass to connected clients. \\
Then enable DNSMasq:
chmod 755 /etc/rc.d/rc.dnsmasq
=== Firewall tricks ===
So much you can do here. Do a web search on iptable rules.
One useful rule is- DISABLE SMB/NETBIOS requests through the router:
iptables -A INPUT -p udp --destination-port 130:145 -i eth0 -j DROP
====== Sources ======
* Originally written by [[wiki:user:arfon | arfon]]
{{tag>router ip_forwarding masquerade author_arfon }}