Table of Contents
Build A Slackware Router (Quick and Dirty Instructions)
On many occasions, I've needed a simple router that can do more [sub-netting] than your standard SOHO router but didn't need the complexity of something like pfSense. If you need a simple small router, a Raspberry Pi (with USB network adapters) + SlackwareARM (http://sarpi.fatdog.eu) works great. Regular Slackware on cheap x86 hardware works great also!
How to do it
1) Install Slackware/SlackwareARM and make sure you have at least TWO network interfaces. For our examples:
- ETH0 will be the WAN NIC
- ETH1 & WLAN0 will be the LAN
2) Setup the WAN network interface as DHCP [client] or STATIC IP (as needed) and the LAN(s) as static IPs. (We'll address setting up a DHCP server on the LAN further down).
3) Enable IP FORWARDING:
sudo chmod 755 /etc/rc.d/rc.ip_forwarding
NOTE: I've had this not work in the past. What ALWAYS works is:
vi /etc/rc.d/rc.firewall
ADD:
echo 1 > /proc/sys/net/ipv4/ip_forward
4) Enable masquerading:
vi /etc/rc.d/rc.firewall
ADD:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
If you reboot at this point, you'll have a very basic working router.
Adding niceties
DHCP server on the LANs
You can set up DHCPD (included in Slackware) but using DNSMasq is SOOOOO much easier:
vi /etc/dnsmasq.conf
ADD/CHANGE:
port=0 interface=wlan0 interface=eth1 dhcp-range=10.3.2.0,10.3.2.254,12h dhcp-option=6,8.8.8.8.8.8.4.4
WHERE:
port=0 disables DNS function and only allows DHCPD.
interface specifies which interfaces to listen to for DHCP requests.
dhcp-range specifies the DNS range start IP and end IP and the lease time.
dhcp-option=6,x.x.x.x specifies a DNS server IP to pass to connected clients.
Then enable DNSMasq:
chmod 755 /etc/rc.d/rc.dnsmasq
Firewall tricks
So much you can do here. Do a web search on iptable rules.
One useful rule is- DISABLE SMB/NETBIOS requests through the router:
iptables -A INPUT -p udp --destination-port 130:145 -i eth0 -j DROP