On many occasions, I've needed a simple router that can do more [sub-netting] than your standard SOHO router but didn't need the complexity of something like pfSense. If you need a simple small router, a Raspberry Pi (with USB network adapters) + SlackwareARM (http://sarpi.fatdog.eu) works great. Regular Slackware on cheap x86 hardware works great also!

1) Install Slackware/SlackwareARM and make sure you have at least TWO network interfaces. For our examples:

• ETH0 will be the WAN NIC
• ETH1 & WLAN0 will be the LAN

2) Setup the WAN network interface as DHCP [client] or STATIC IP (as needed) and the LAN(s) as static IPs. (We'll address setting up a DHCP server on the LAN further down).

3) Enable IP FORWARDING:

 sudo chmod 755 /etc/rc.d/rc.ip_forwarding

NOTE: I've had this not work in the past. What ALWAYS works is:

vi /etc/rc.d/rc.firewall

ADD:

echo 1 > /proc/sys/net/ipv4/ip_forward

4) Enable masquerading:

vi /etc/rc.d/rc.firewall

ADD:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

If you reboot at this point, you'll have a very basic working router.

You can set up DHCPD (included in Slackware) but using DNSMasq is SOOOOO much easier:

vi /etc/dnsmasq.conf

ADD/CHANGE:

port=0
interface=wlan0
interface=eth1
dhcp-range=10.3.2.0,10.3.2.254,12h
dhcp-option=6,8.8.8.8.8.8.4.4

WHERE:
port=0 disables DNS function and only allows DHCPD.
interface specifies which interfaces to listen to for DHCP requests.
dhcp-range specifies the DNS range start IP and end IP and the lease time.
dhcp-option=6,x.x.x.x specifies a DNS server IP to pass to connected clients.

Then enable DNSMasq:

chmod 755 /etc/rc.d/rc.dnsmasq

So much you can do here. Do a web search on iptable rules.

One useful rule is- DISABLE SMB/NETBIOS requests through the router:

iptables -A INPUT -p udp --destination-port 130:145 -i eth0 -j DROP

• Originally written by arfon