I’ve generally been very happy with my Netgear DG834G ADSL router. It does ADSL. It does routing. It serves as a wireless access point. However, I felt myself wanting a little more.
The web interface is a little rudimentary, so initially I looked into the OpenWRT project. It turns out that the DG834G, as well as many other routers, runs Linux and there is custom firmware out there to do much cooler things. Perfect!
Well, not quite. The support for the DG834G appears rudimentary at this time. Mainly due to some evil checksum routines on the DG834G which will not allow custom firmwares to run. These can be bypassed, but it is at this point I started reading more and more pages with the phrase, “This could brick your router!” and more forum threads along the lines of, “My router stopped responding!”.
The next step was to look into firewalls which can be run on old PC hardware. I had an old Pentium III-800 laptop kicking around not doing much (I remember ordering a PIII-800 as a server ‘back in the day’ for its sheer power). It had Ethernet on board. So, stick two more PCMCIA cards in (one for Ethernet, one for Wireless) and I’ve got a router and access point in one. It is also whisper quiet and generates very little heat.
There are quite a few firewall packages designed to run on old hardware like this. Initially considered was SmoothWall. However, not for long: No PCMCIA support.
IPCop was next as it features PCMCIA support. Perfect. Unfortunately, it would not install. It made the laptop hard disk perform a ‘click of death’ during formatting. Although worrying, I could not reproduce this with any of the other firewall packages I looked at, or even a full install of Ubuntu.
pfSense supports PCMCIA. It also scored many bonus points as you can try it out without installing. It will boot off the CD and you can configure it and go (storing the configuration on removable media). I was impressed and installed it properly.
The web interface is excellent and has all the fancy graphs that I was after from before. It was easy to get it to treat the wireless PCMCIA card as an access point, and to bridge it over to my LAN. pfSense then performed firewall duties between my network and the WAN.
Now, this was a slightly awkward bit. The Netgear router itself was acting like a bridge. So I ended up with a 192.168.1.* ‘insecure’ network, and my main internal 192.168.0.* secure LAN. pfSense sorted that out but it felt a bit clunky. Plus you then hit a ‘double NAT’ problem which means NAT will just not work properly on the LAN (as you have one NAT router sitting right behind another).
Thankfully, the DG834G can be put into pure modem mode. It won’t act as a router at all. It will present itself to pfSense with the ADSL IP address and ‘play dumb’. This is great as now I just have my 192.168.0.* subnet as before, yet behind pfSense. Phew.
Again, pfSense made this easy. Just configure the WAN as PPPoE (You fill in your username and password in pfSense instead of on your ADSL router, as remember the ADSL device is just being a dumb modem). Note that some ISPs, including mine, state they are PPPoA (which pfSense does not support). Thankfully, PPPoE worked with my ISP anyway.
My 360 still complained about being in a ‘strict NAT’ zone. That was fixed by some further NAT configuration and now all is perfect!
There are various cool packages available for pfSense. For example, a transparent proxy mode for squid to cache web content.