Router lockups have been a problem for me ever since I got my first 802.11G Router in 2004. Since then, we've seen companies roll out supposed "power user" routers or routers meant for "gamers," but for some reason not a single one has alleviated the problem of having to reset the router after running for a few days. After my new "gaming" router locked up while refreshing a server list for a multiplayer game, it was the last straw and I began searching for something a little more robust.

What I found was a multitude of Linux-based firewall/router distributions that were easy to install and configure and offered an enterprise level of robustness, not to mention some extra goodies for power users. You don’t need to have any knowledge of Linux to build one of these, so don't be intimidated. Let's jump right in!


The good news about *nix router distributions is that there are different flavors for just about every level of hardware. In fact, the first one I put together was just from an old Pentium III 600Mhz box with 128MB of RAM that I had lying around. It worked just fine, but I wasn’t able to use any of the high-end distros that are more resource heavy.

The machine I currently use is a Pentium 4 3Ghz with 1GB of RAM and a 40GB hard drive that I bought off of eBay for $50 two years ago. Certainly meager compared to today’s quad and hex core beasts, but it is more than enough for running a router. Aside from the actual machine itself, you’re going to need at least two Network Interface Cards (NICs). One of which will take the Cat5 cable from your cable or DSL modem (known as the Red interface) and the other from the machine to a network switch (known as the Green interface).

The switch on the green side of the network will act just as the ports on your old router did. I’ll go into more details about exactly how much power you’ll need for specific distributions later on, but since a Pentium 4 level machine isn’t exactly breaking the bank these days, I’d recommend just going for that and being relatively future proof. However, if you have an older machine lying around, you can certainly use that, and it will still be better than any consumer router.


Because there is no wireless radio inside the computer that you’ll be using, you will need to purchase a separate wireless access point. The good news is that most consumer routers can be put into what is commonly called "access point mode" which turns off all of the features not needed for serving wireless such as the firewall, the DHCP server, etc. This means you should be able to purchase one for relatively little money, or you could reuse the one you currently own if it supports access point mode.

Setting it up is as simple as putting it into access point mode, setting your SSID and password, and then plugging it into an empty port on your switch. If you want to go a little more advanced, you could put a 3rd NIC into your machine and run the wireless access point on an entirely separate interface. The advantage to this is that you are able to have more control over the machines on the Wi-Fi network, and you can setup things like captive portal, though that is another article. See below for a diagram of the most common types of setup.


m0n0wall:
This particular distro, based on FreeBSD, is going to be the best bet for those who are using very low-end hardware as it can run on very minimal CPU and only needs as little as 64MB of RAM. However, this is one of the more advanced distributions and takes a little more work to get setup. It provides a nice feature set, but it does not compare to the more full-featured distributions. Notable features include captive portal support, dynamic DNS, traffic shaping for Quality of Service (QoS), and many more. Go to the website to learn more.

Recommended for: Advanced users that are using lower-end or embedded hardware or for those that want something barebones in terms of features.

pfSense:
pfSense is a fork of m0n0wall that was started in 2004. It provides a more comprehensive feature set in comparison to m0n0wall, but does so at the expense of raising the minimum hardware requirements. Although the CPU can be nearly anything made in the last 15 years (Pentium 100 MHz), the RAM needed is 128MB. Keep in mind that any advanced features you enable will raise CPU and memory requirements. As stated, this provides a greater feature set than m0n0wall and includes things like load balancing for WAN connections. As with m0n0wall, this particular distribution is a little more complex than some of the other more user-friendly ones. Keep that in mind when making a decision on which distribution to go with.

Recommended for: Advanced users who want a good balance between an advanced feature set and low hardware requirements.

Smoothwall:
Smoothwall is one of the original Linux firewalls. It is a fantastic router for new users as well as experienced ones. It offers the simplicity of m0n0wall with less of a learning curve. I used this in my first router build, and I had it up and running inside of 30 minutes; and trust me when I say that at the time, I didn’t know much about this subject. It offers features such as a web cache to decrease bandwidth usage and increase browsing speeds, as well as a very easy to set up Quality of Service (QoS) module. All around a great distribution to sharpen your teeth on as it offers you the basics without being too intimidating, but allows you to poke and prod the more advanced features without feeling too overwhelmed.

Recommended for: New and advanced users that are using low to mid-level hardware.

Untangle:
Untangle, while relatively new to the market, is probably one of the most popular distributions for not only home users, but also companies that have gone the Linux firewall route. Untangle is just a spectacular piece of software that just keeps getting better and better. Untangle is what you call a UTM firewall. UTM stands for Unified Threat Management, and it means that there are things like antiviruses that scan incoming traffic to keep the internal network safe. The Untangle software is unique in its GUI in that it offers a virtual rack (seen below in the picture) that lets you choose what you want in your router. The "home" version of untangle offers a very nice base of features, but it also offers premium features to those super power users or companies that need them.

A few of the many features include virus blocker, ad blocker, openVPN, web filter, application control, and many more. Note that the versions of these features in the home version are labeled as “light” versions and omit some of the things that are in the paid versions. Even still, they still provide more than almost any other distribution. The only downside is that it is quite resource heavy and requires a bit more horsepower than the other distributions do. For a home user, I would recommend a minimum of a Pentium 4 3.0Ghz with at least 1GB of ram. This is also one of the most user-friendly distributions that I’ve seen. The install and setup is very easy, even for the most novice of users.

Recommended for: New and advanced users that have enough hardware to throw at it.

Astaro Security Gateway
Astaro is very similar to Untangle in regards to the features that it offers. However, I would not recommend it to novice users, as it can be quite daunting for someone new to this style of device. The good thing about Astaro though is that it offers its full paid version to home users free of charge as long as you don’t have more than 50 devices on your network (not a problem for most users). It offers features such as virus scanning of various protocols similar to untangle, traffic shaping, WAN load balancing, web cache, and many more things that provide very useful to power users looking to take control of their network. Like Untangle, this distribution is resource heavy. The same requirements as Untangle are needed to run this distribution well.

Recommended for: Advanced users who have enough hardware to throw at it.


Every distribution will have its own setup and installation process. I would highly recommend before you undertake the installation that you download and read the manual so that you know what to expect up front. A few things will usually happen regardless of the distribution, is that it will ask you which of your NICs you want to be the green and red interfaces, it will ask you to specify the address of the green interface and the subnet (this is usually something like 192.168.xx.xx – similar to what you would find on a consumer router) and it will ask you for a password and sometimes a username. It will also give you the address to access the web management interface, so if you didn’t write that down from the manual be sure and do it when it gives it to you.

Again, the best advice I can give you is to simply read the manual. Most manuals outline the entire installation process so nearly anyone can do it.

This article is part of an effort to solicit paid content from the Broadband Reports community. If you'd like to participate, please contact us.