
A tiny PC as a router - mynameislegion
http://blog.liw.fi/posts/minipc-router/
======
arpa
8 gigs of RAM? SSD disk? 2.4GHz (incorrectly stated as MHz)? factory image is
4 GB in size? All this for a router? I'm no expert by any metric, but that's
one hell of an overkill IMHO. Shit, dude, my home pc is weaker in almost all
aspects and I play video games and HD content on that, in addition to network
stuff.

In my day, a router was a Intel Pentium @90MHz with 4M of RAM. No HDD, only a
FDD with Linux. Granted, it probably would have problems today with speeds
we're all used to and WLAN, but, man, strip it down, strip it all down to
Megs. You don't need X running on that. You don't need all these services.
Fonts. Libraries. Default pictures. That's all bloat. Throw out the SDD. A 1G
usb thumb drive is enough. I/O speed concerns? You got 8 gigs of ram, dude,
you could fit your whole "factory" image in it and have enough space for the
second one. Ramdisk the shit out the system. Dude...

And, just out of curiosity, how does using iptables make that not a real
firewall (even if you're using iptables in an indirect manner)?

~~~
icebraining
_Throw out the SDD. A 1G usb thumb drive is enough._

Agreed, though if you do, you have to be careful with writes. I literally had
to reflash my drive every time the power went out (I don't have an UPS). My
solution was to move every writable directory to a tmpfs, then mount the root
fs as readonly. Logs get shipped by a cron job over ssh. It's been rock-solid
ever since.

If you want to upgrade or reconfigure without reflashing, you can still
remount with rw, do your thing and then remount with ro again.

~~~
fnj
Or, rather than going through all that rigmarole, just use an SSD. If you want
to save money, get a really cheap one. You can easily get a 60 GB SSD for $30.

~~~
arpa
Or, alternatively, just use that USB drive for bootup and continue running
purely in ram.

------
any1
I used this for my router:
[http://pcengines.ch/apu2.htm](http://pcengines.ch/apu2.htm)

No complaints yet, except pfSense is not that great with Wifi. It's probably
best to do wifi separately if you want to run a BSD flavour on it. I haven't
tried installing Linux on it yet, since WiFi is functioning well enough,
albeit sub-optimally.

------
cpach
I guess the primary benefit of using something like Edgerouter Lite[1] is that
you get an efficient router for half the price (perhaps even less).

[1] Available e.g. here:
[http://www.newegg.com/Product/Product.aspx?Item=0XP-000A-000...](http://www.newegg.com/Product/Product.aspx?Item=0XP-000A-00001)

~~~
rnhmjoj
With the hardware acceleration for packets routing it probably outperforms a
custom-built PC.

~~~
wtallis
It'll outperform a low-end PC on really simple and dumb benchmarks. But in the
real world, routers should usually be doing active queue management and often
traffic shaping. Good luck getting the hardware offloads to do any intelligent
packet processing like that.

------
fnj
Confusing "router" with "router + WiFi access point" is a pet peeve a mine. To
me a router has absolutely nothing to do with WiFi, yet almost every
discussion of routers presumes WiFi.

I don't use WiFi much, but when I do, I use a separate box. Separation of
function.

Having said that, the Qotom is absolutely perfect for 1000Base-T to 1000Base-T
routing. It's got plenty of CPU (unlike the commercial crap is hopelessly
lacking), and plenty of RAM so it won't overflow its NAT tables.

~~~
dsr_
"almost every discussion of routers presumes WiFi"

That would be because numerically, the majority of routers are tiny boxes sold
for home use with three NICs: external ethernet, internal ethernet (often
connected directly to a mini-switch), and internal WiFi. They also serve as
firewalls, DHCP servers, NTP servers, and DNS relays, none of which are
technically routing.

------
rufius
This is neat. I'm curious if the author has gotten to test it with a Gigabit
internet connection yet?

I initially intended to build my own router when I got Gigabit internet. After
some research, I settled on a SOHO solution that seemed hard to beat in bang-
for-buck: Ubiquiti EdgeRouter LITE-3. It does roughly 933Mbps for WAN->LAN,
which means I don't lose much speed in that transition. For prebuilt
solutions, the only way to one-up that is to move to 10Gbps hardware which is
cost prohibitive.

All that said, the Ubiquiti router runs a custom version of Debian and I'd
prefer to work with something that could work with Ansible or the like and is
a little more open.

------
amq
An alternative: [https://omnia.turris.cz/en/](https://omnia.turris.cz/en/)
(just in other direction: a powerful router as a tiny PC / home server).

------
F00Fbug
For a router, I'd pick some BSD-based OS. pf is much more efficient than
iptables, although I only know this anecdotally.

I'm a huge fan of pfSense which wraps a nice UI and some great tools (proxy,
AV, analysis, etc.) into one big package. Worth a look. I used to run my home
router on a little Qotom computer, but virtualized it to get rid of wires and
boxes; works great. I'm running three pfSense boxes in various environments
and can't say enough good things about 'em.

------
dom0
Wasteful use of the hardware, which could easily do routing and network
storage and some services for a smaller office.

------
Nursie
I do enjoy these sorts of projects but ... My router needs were recently
fulfilled by a TP-Link MR3020, an old mobile phone and ROOter/GoldenOrb, an
OpenWRT variant.

£25 and two minutes to flash it, and away. It amazes me what OpenWRT and
ROOter have crammed into 4MB. 4MB!

------
znpy
I once used the IpCop Linux dostro and was utterly amazed by how well it
worked.

~~~
TobbenTM
IPCop is really great, but for some (like me) it may be too focused on
security vs convenience, with no upnp etc.

After using IPCop for roughly 4 years, I have now moved to Sophos UTM Home
[1], and couldn't be happier. Much easier to use, and supports upnp.

[1]: [https://www.sophos.com/en-us/products/free-tools/sophos-
utm-...](https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-
edition.aspx)

~~~
cpach
Is Sophos UTM also based on Linux, or on another OS?

~~~
zaggynl
Based on SUSE/openSUSE I think, their manual/wiki mentions selecting
SUSE/openSUSE when creating a VM for Sophos UTM.

------
mindrunner
I am torn between getting that, or waiting for the next generation
motherboards (apollo lake).

2 vendors have already made preliminary announcements:

* [http://www.asrock.com/ipc/overview.asp?Model=IMB-157](http://www.asrock.com/ipc/overview.asp?Model=IMB-157) * [https://www.asus.com/Motherboards/J3455M-E/](https://www.asus.com/Motherboards/J3455M-E/)

------
corv
I'm using a Qotom based OPNsense router. Its 4 Intel GigE do Multi-WAN
admirably. HardenedBSD and LibreSSL let me sleep well at night.

It's not more expensive than a high end consumer router and significantly more
capable.

It's been running for several months now but gets relatively warm due to
passive cooling. I wonder how long it will last.

~~~
vincentkriek
What made you choose OPNsense instead of pfsense?

~~~
corv
The ability to use pkg made customization much easier.

They are both good.

------
baronseng
I feel somthing like this is much cheaper for that purpose [http://www.pipo-
store.com/pipo-x9-tv-box-8-9-inch-mini-pc.ht...](http://www.pipo-
store.com/pipo-x9-tv-box-8-9-inch-mini-pc.html)

------
zaggynl
Those tiny PCs are nice for projects like this, I use a Jetway JBC373F38-525-B
with Sophos UTM.

Why not using anything with a GUI like pfsense or Sophos UTM?

------
windowsworkstoo
I'll add to the chorus of alternatives - I use the Mikrotik RB1100AHx2 in many
many places, they scale up quite well.

------
dxxvi
What wireless adapter do you guys use? Is it as powerful as a regular router
antenna?

