[UPDATE] I need some help with a complex project, pihole, vpn, server setup:
Original Post Here
So I tried to use my RT-AC66U to encrypt all my traffic and it was an absolute shit show, was averaging about 3Mbs with full load on the router, it was terrible. I disabled it and tried using my RT-AC66U as a VPN server, and that was even worse. I don’t understand why these routers have these features if they don’t have the power to execute the tasks.
I thought about buying an RT-AC88U, but I figured that it still wouldn’t have enough horse power to do what I want (and it’s expensive).
I ended up buying a relatively inexpensive machine on eBay.
Lenovo ThinkCentre M72e i5-3550 with 8GB RAM, also got a 120GB HP SSD (the one that was on sale recently) and an additional PCIE GigaBit NIC card.
Figured with the extra RAM and higher performance CPU I could run a virtualized server on top of the router.
I tried to follow this guide The Ars guide to building a Linux router from scratch on ArsTechnica. I followed it religiously, except for the testing at the end and I opted to go with Ubuntu Server 17.10 since Ubuntu 16.04 wouldn’t install on this machine (it would hang).
So I got the machine up and running, with everything configured as described per the guide. I connected the WAN to my modem, and connected my LAN to my other PC, but Windows 10 is giving me an error about it not being configured correctly and not being able to obtain an IP. I tried inserting the older router in the middle (which is my end goal to serving up wifi), hoping that would help somehow, but of course it didn’t and it was stupid to think it would. I know the PCIE GigaBit NIC works, I tested it under Windows 7 and during the install I tested to see if it worked properly.
I wanted to do a Linux distro so I could install pi-hole side-by-side and so I could install either KVM/QEMU or VirtualBox with CLI tools so I could spin up a headless VM server for Radicale, TinyRSS, and a file server.
Is there a better guide to building a home brew Linux router?
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) # Generated by debian-installer. # The loopback interface auto lo iface lo inet loopback # WAN - MOBO - connects to internet auto enp3s0 iface enp3s0 inet dhcp # LAN - PCIE - connects to network auto enp2s0 iface enp2s0 inet static address 192.168.99.1 netmask 255.255.255.0
*nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] # WAN - enp3s0 # LAN - enp2s0 -A POSTROUTING -o enp3s0 -j MASQUERADE # NAT pinhole: HTTP from WAN to LAN -A PREROUTING -p tcp -m tcp -i enp3s0 --dport 80 -j DNAT --to-destination 192.168.99.100:80 COMMIT *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] # Service rules # basic global accept rules - ICMP, loopback, traceroute, established all accepted -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -m state --state ESTABLISHED -j ACCEPT # enable traceroute rejections to get sent out -A INPUT -p udp -m udp --dport 33434:33523 -j REJECT --reject-with icmp-port-unreachable # DNS - accept from LAN -A INPUT -i enp2s0 -p tcp --dport 53 -j ACCEPT -A INPUT -i enp2s0 -p udp --dport 53 -j ACCEPT # SSH - accept from LAN -A INPUT -i enp2s0 -p tcp --dport 22 -j ACCEPT # DHCP client requests - accept from LAN -A INPUT -i enp2s0 -p udp --dport 67:68 -j ACCEPT # drop all other inbound traffic -A INPUT -j DROP # Forwarding rules # forward packets along established/related connections -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # forward from LAN to WAN -A FORWARD -i enp2s0 -o enp3s0 -j ACCEPT # allow traffic from our NAT pinhole -A FORWARD -p tcp -d 192.168.99.100 --dport 80 -j ACCEPT # drop all other forwarded traffic -A FORWARD -j DROP COMMIT
enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.140 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::d63d:7eff:fece:1930 prefixlen 64 scopeid 0x20<link> ether d4:3d:7e:ce:19:30 txqueuelen 1000 (Ethernet) RX packets 1198 bytes 86564 (86.5 KB) RX errors 0 dropped 756 overruns 0 frame 0 TX packets 175 bytes 28953 (28.9 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 104 bytes 6418 (6.4 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 104 bytes 6418 (6.4 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
submitted by /u/mosaicorange
[link] [comments] via Linux 101 stuff. Questions are encouraged, noobs are welcome!