My Home-made PC Router and NAS Server

Note: This project has been rebuilt and full information is available here.
I suggest reading about the rebuild first. Information below is for reference purposes and no longer recommended.
DSC_0738.JPG

Many routers exist these days, as do many dedicated NAS systems. I, however, wanted to improve performance and reliability of these devices, and gain the know-how to build my own.

Over the years, this started as a NAS at first, and then recently evolved to become a router as well as a NAS.

In this write up - I'll take you through the complete build both a router and a NAS built around a Personal Computer and Open Source software.

Before we start though - what would I consider the requirements for a router, and a NAS?

Router

Well, a router for me actually needs to be simple - it needs to be able to forward traffic from many Internet connected devices inside my home (on my Local Area Network or LAN) to my one outgoing cable to the Internet, via my Internet Service Provider (ISP).

Each of my devices have their own Internet Protocol (IP) address, but my Internet connection has only one, so to allow them access my router needs to do Network Address Translation (NAT).

Along with NAT, my router may also need to open pinholes (or ports) from my public IP address to specific services inside my LAN (such as telephone connection, which uses VOIP).

The one other thing I require from my router is an ability to dynamically assign unique IP addresses to everything that connects to my LAN. DHCP (Dynamic Host Configuration Protocol) can do this.

So, NAT (with port forwarding) and DHCP. That, in a nutshell, is all I really require from a router. And I suspect it is all most people need too. But it should be flexible for me to add things in future.

NAS

What do I need from a NAS? NAS is simply 'Network Attached Storage', and that is all I want to do - make storage (disk space) available to my LAN. It should perform fast, be secure and be resilient.

Though if you spend decent money, you can get good commercial hardware, the curious inside me wanted to build a complete 'server', which has the flexibility to host services (such as a NAS service), as well as route traffic.

Why not just buy them?

Commercial routers and NAS systems are available cheap, but they are quite slow due to the lack of hardware capability. To get a good router, you need to spend upwards of £100, and the same again for a good NAS. Reliability can also be a problem - the router I'm replacing will usually stop working properly, losing Internet access, or failing to hand out IPs to devices.

Security is also a problem - I see increasing amounts of reports of all sorts of routers being hacked into, and it's often not automatic to keep them up-to-date and secure, and even when it is, that's another door a hacker could open.

The other reason is the general DIY reason - learning, and a sense of achievement.

My Project

My project is very much a home solution - it is not for the office or commercial use, but you may feel free to attempt it. It's also very much my own consolidation of many articles I've read online.

This project came in two stages, and then was rebuilt for the most optimum configuration.

The first inspiration was to build a NAS and get some familiarity using Linux as a server. This started over three years before creating a router from it.

It ended up with a Linux desktop OS - Linux Mint, having Samba configured on it and a configuration of drives that let me store data and make it available to the LAN. I also added my own VPN later on to it, so I could access UK services (mainly TV!) whilst I was in Japan for a few months.

In early 2016, an article on how a homebrew router improved speed was also put on Ars Technica - one to the great tech sites I frequently read: http://arstechnica.com/gadgets/2016/01/numbers-dont-lie-its-time-to-build-your-own-router/

Articles followed later to help you build it and I had planned for many months to do the same with the hardware I already had.

The hardware

The hardware isn't particularly considered modern these days, but well-up for the task! As I write this, the processor will reach 6 years since release. It's an Intel 'Sandy Bridge' low power Core i3 2100T. Having brought a Sandy Bridge laptop in 2011, I was always impressed in the great leap of performance this gave, and continued to invest in that hardware platform by buying Mini ITX hardware.

Mini ITX is a great platform allowing you to build small machines, but still with a full-size processor, RAM and enough I/O ports. For the server build, I was unsure how well it would work so I brought the cheapest versions of most things!

So here is list of what I used:

  • Intel Core i3 2100T - 64 bit 2.5GHz processor, dual core with hyperthreading, 3MB cache, has a thermal limit of 35W
  • Gigabyte GA-H61N-D2V motherboard. Socket LGA1155, two full size DDR3 RAM slots. For some amusing reason it comes with plenty of hardware from the early days - parallel port, serial port, PS/2 ports and a PCI (32 bit) old fashioned slot. USB is there, but not USB 3.0. Importantly, it does have a 1Gbps LAN built in.
  • DDR3 RAM - Crucial dual channel 2x4GB sticks. These are new, before that I used only 2GB RAM for NAS duties
  • A 120GB SSD from my laptop prior to upgrading - this is a OCZ Agility 3. Also 2011 hardware.
  • 2x Western Digital WD Red 1TB 2.5-inch hard drives (NAS storage, intended to be operated in RAID 1)
  • 1x Western Digital WD Blue 300GB 2.5-inch hard disk (not essential)
  • D-Link DGE-528T Gigabit PCI Network Card - 1Gbps
  • All of that is put an InWin BM639 Mini ITX case

If you're buying the hardware now, you probably be able to get newer stuff that Is also more power efficient. Equally, if you already have even older stuff, it could already work well! Carefully consider the right value for your project - don't spend too much! But, be wary of soldered on, low power processors such as Atom's, Celeron's, AM-1's - they will not outperform the above!

The InWin BM639 case is fairly large for Mini ITX (and will even take Mini DTX, as known as some very small micro-ATX motherboards), but is a good compromise. This server has been in three cases - the first one was far too large, second was too small and got uncomfortably warm - this one is a good compromise I feel. Has lots of room for drives too - if I brought the right adaptors, I'd be able to squeeze six 2.5" hard drives! Many cases were also not an option due to the absence of PCI card slots (something I needed to install an extra network adaptor).

Network Connections

It is important that you have two. You cannot make a router otherwise! Most motherboards come only with one, so if you don't get one with two, make sure you have a PCI or PCI-express slow to use.

For me, I had the ancient PCI slot - these were around in 1992! They can reach 133 MB/s though, so a Gigabit Network Interface Controller card (NIC) does work. Having a PCIe / PCI Express slot will work better though.

If you're building a small system in a case like mine, get a low profile one. Do also check there is good support for Linux.

image001.png

In its final configuration, your PC will have two LAN ports - one will be considered a WAN port, where the Internet connection is plugged in, the other is a LAN port. This will lead a to Network Switch (I use a 5 port D-Link Go) and the rest of your LAN.

Wifi?

This is one thing pretty much all commercial / home routers come with - WiFi support. My home build will not though. PC WiFi cards are not designed to accept multiple connections, acting as an access point, so you're better off getting real hardware to do it.

Given I was to swap out my existing router, I decided to jump to a more professional wireless access point and I recommend the Ubiquiti Unifi AP-AC Lite.

This I mounted on the ceiling in the hallway of my flat and I get a full signal on every device in every room. It doesn't create split 2.4GHz and 5GHz networks either - all 5GHz compatible clients will automatically connect at the higher speed.

Any other wireless access point with a LAN port should also work well. Make sure you get wireless AC and forget Wireless N, especially if you live in flats where the airwaves are congested from everyone else's WiFi - it is not fast enough!

You can also use an existing router, just disable everything else on it so it behaves like a WiFi access point. Plug your LAN into the LAN ports, not the WAN.

Software - Operating Systems

Given my one machine will be handling both router duties, and containing hard drives where I have all my data, I wanted to isolate them as much as possible. So, I'd always considered a Virtual Machine (VM) approach to this build.

The host - the physical machine would have a Linux O/S installed on it, and perform the LAN only duties. Therefore, my host would contain:

  1. Samba - this is the NAS element and allows me to share my hard drives to LAN PCs (mostly Windows), easily and with password security
  2. DHCP - this is better off here for the sole reason that if my VM guest does not come up, at least I will still get an IP address assigned to my client and be able to access the host
  3. SSH - for administration
  4. TeamViewer - for using the GUI

Any other services I may add later, such as media streaming, I'd add on the host too.

The host itself will be prevented to connected to the network interface where the Internet is plugged in (the WAN interface)

The guest will perform routing duties. This will be a simple Linux OS running iptables to perform NAT, pretty much how Ars-Technica have done it.

The main benefit this provides is some extra security. I can keep the PC itself (the host) away from any direct connection to the Internet, and separate the router VM so that even if it is compromised, the hacker does not automatically get access to the host's hard drives.

For both of these, I'm using Linux Ubuntu 16.04. This is very well supported (giving me until April 2021), stable and there is plenty of community information about it.

My host will use the standard Desktop edition, so I can use a GUI where it warrants it, but the guest (router) O/S will be the slimmed down server O/S which is command line only.

Page 2 - The router