This is Hacker Public Radio episode 3,799 for Thursday the 23rd of February 2023.
Today's show is entitled, My Home Router History.
It is hosted by Norris and is about 32 minutes long.
It carries a clean flag.
The summary is, recent router maintenance makes me remember all the fun I've had with my
home network router.
So I recently had to update my home router and to rebuild it and I don't know what I can
have about like all the different sort of iterations I've had for a home router.
I thought it might make an interesting HPR episode so I'll kind of start from the beginning
maybe working my way forward a little bit.
So the first thing I can kind of remember doing that was even sort of like a little bit
different at router was around 2000ish, we still had dial up and only one computer but we
started getting additional PCs around the house and with dial up we would have to connect
one computer at a time so if one computer new one internet connect to the other one
computer the only internet disconnect and connect it and I remember figuring out or learning
that there was a way to share internet connection even if it was dial up and you have to
buy like a special ethernet cable like a crossover cable and connect one to the internet
and connect the other one to the internet connect the computer via the crossover cable
and then I remember and when does I had something to call the connection sharing that you
could use or if you didn't have a win mode and you could actually get connected to a
dial up via a speed on Linux you could use IP masquerading to connect.
You can have sort of multiple computers sharing an internet connection so it was um
faster internet starts becoming available start thinking about how can we
gonna share a connection with the things like DSL and cable modems are starting to come out
and then to share you know you need a ethernet card for your network connection to the internet
and if you want to share it with another computer you've got to have two network cards and that's
a big deal and two network cards in the same computer right. So I've gotten cable and
wanted to a way to figure out how to obviously use multiple PCs with the cable internet
connection so I've gotten found to start looking on eBay for like cheap computers and found
something for like it was like 50 bucks but they might be sitting with 50 bucks. It was still
probably the best deal I could find or the most most affordable thing like a pond and then
got it to the internet. I remember experimenting with a few different Linux distributions
setting up the connection sharing and you know there were tools or guides for using just playing
all IP masquerading or a generic Linux server but I don't I can get it to work so the first thing
I remember actually working well was a distribution of mandrake called the multi network firewall
and it almost seems like a dream because I know I use this I know it existed and I know it
worked but it's really hard to find any documentation or any website comment but
I know the mandrake multi network firewall existed I know it used it but I don't I don't think it
was maybe maybe only got a single release but it worked really good just like everything else
mandrake another distribution I remember using a lot was one called IP comp IP space
CLP and it was it was it was pretty nice again like a web you are to manage it so you could put
you know just get any PC with two or three never cards in it configured it had all the settings
that you needed to use to deit for DSL I remember DSL having some extra things you had to do
okay well cable use plug-in play on the load up but for DSL you have some extra
a username and password and stuff but IP Calpad all that stuff built in and you could manage it with the
web interface I started getting a little nervous about using IP Cal it went a long time
without any updates and after a few months when you're using a project it's kind of small
and you start to wonder is it not getting updates because it doesn't even get updates or is it
not getting updates because the developers have stopped paying attention so I just wasn't sure
and I wanted to do something different so I just started to look around
I'm not not sure how I heard about open the SD other than just being on the internet
hanging around OS forums looking for Linux info but I knew open the SD had a strong
reputation for security and that it was a good choice of operating systems for networking and
firewalls so I found some instructions for setting it up there's there's always been
open the SD has always had very good documentation and there's a there was a guide there's always been
on the part of the FAQ some instructions for setting up a small router using open the SD so
I don't remember exactly what it was probably around 2010ish went installed open BSD
on some of these sort of junker servers that I had around you know I had the one
which earlier I'll put that up on eBay and there was another one that I found out on the street
that I picked up and sort of combo the other but you know at this point you know I've sort of
moved away from dedicated firewall distributions and I moved to use an open BSD as my home router
and it was nice again I had a good feeling because it had a regular release cadence you know
every six months you get a new release and it's you know a fairly active project on me that
there was being maintained and I knew this being kept up to date and I knew that unless I did
me it's a really silly miscalculation that I was going to have a secure network router
so to go along with a network router when I started to get started to bother devices that
I had the capability of getting on my thought. I had purchased one of the links this router
was there were specifically sold to run Linux where the WTRT distribution was
54 GL model. I had it around and I had it running tomato firmware and for the most part I would
only use it as an access point but because the hardware that I had bought firewalls on was
kind of junkie sometimes I don't have a hardware failure and I have to sort of promote the
links this router from access point to sort of primary home router. I remember mostly having hardware
issues with power supplies. I remember having like a stack often a corner like three or four
PC power supplies is a sort of hot stand box because those things always seem to go bad and then
also at the time all the hard jobs were IDE and like spinning IDE drives it while reliable they
can get banged around too much for their toss so to know between the hard drives and the power
supplies usually a few times a year I would have to do some hardboa replacement in the meantime
use the links this router is the primary home router. At some point I decided it would probably be
a worthwhile investment to go ahead and saw some hardware that was meant to run as the firewalls
meant to be used as a firewall and I have looked at so Chris I don't remember how to spell that but
kind of felt like they were a little overpriced and underpower so I heard about a company called PC
engines and they had a hardware loan called Alex or A-Lix A-Lix A-Lix and they're small
on 386 compatible about the size of a links this router and they have like three network
cards on them and like a 800 megahertz or 400 megahertz processors I don't like that and that
not very powerful only like a quarter of a giga ram but it would have three really good
network cards on it or really good for the at the time network cards on it and the is a ported
running over in VSD a lot of people will buy them to run open VSD on it so I picked up one of eBay
one thing about the PC engines one is they don't have video there's no like the J port or anything
on them it's all you all add in my cereal and I had this it's not anything I've ever done before
this this was new to me at the time so I had to kind of learn how you know how how does it work
when you plug in a when you connect a couple computers with a cereal port what you have one of
the keyboard and monitor you can add you get a console or no the one that does it but
I've actually got a figured out in the original Alex line of PC engines it wouldn't boot off USB
so if you didn't have our operating system already installed on it the only way to install it was to
set up a TFTB server and fixing boot and so again relying on the open VSD documentation they
had that they had that process docking in it well so it wasn't very hard they had it there was
a page and FAQ about how to set up an open VSD, fixing boot TFTB server so you could
um pixie boot these Alex devices and what it would do is when the device would boot up it would
get it's a page rest via DHCP and then it would ask for you know is there or DHCP P would tell
it hey if you need a boot there's a file you can boot from and then it would pull it via TFTP and
what it was actually pulling was the open VSD installer edge so once you get it up in an installed
works great um after the initial install you know the twice a year updates from an open VSD project
it was easy to update from one release to the next so I use that for a few years no real issue
but there are some kind of hardware limitations with the Alex lawn one is that the network
devices are only 100 megabit and at the time that was home but I could sort of see into the future
where you know you know a lot of my devices around the house were gigabit but I couldn't really
really use gigabit because my main router wasn't gigabit yet and then the other hardware issue was that
the disks on the Alex lawn for compact flash so there was nothing wrong with compact flash
it worked well but by the time I had this Alex router compact flash was falling out of favor
it was really hard to find a replacement um compact flash cards and um if I knew you know if I did
have to replace the compact flash I have to go back and do the TFTP and install it and all that's
again so I did buy a spare um Alex on eBay that there's certain it really cheap um so I bought
a gun with another one just like I had um on eBay just in case um something didn't happen
I wouldn't have any problems with it but I knew that it would be a lot of trouble to say back
up again if I if I if I did have a trouble with it so I went ahead and um since I found one cheap
I bought it just kind of kept it around as a as a hot spare
so PC engines came up with a new line of hardware called the APUs specifically the APU to
I'm all one of those and I think 2015 or 2016 and it was a pretty significant improvement
or for the um Alex line that I had before from the same company PC engines um it was still didn't have a
video I'm still serial only but by this point that it wasn't a problem but it did have you know
gigabits uh network adapters and you had a um SATA uh for the uh drives off felt a lot better about
you know the availability of still works for it um so I had um updated got bought
the new hardware uh this these boot off uh USB so I got uh open VSD installed uh I think I believe it was
open VSD 5.6 was the version I installed um and it like it has three network cards
I didn't mention this before but Alex also had three network cards um but I would set up like three
networks uh or one one network card was for the internet and then I had two networks in the house
one for like trusted devices and one for uh trusted devices so um open VSD is really cool it's not um
too hard to use um but it it's not like um some of the purpose made router
or software distributions um if there's no web gooey or anything on tap so you have to
it can do everything that the web gooey ones can do but you know to kind of get in there
and uh rebandvages and right uh config files and stuff like that um so one thing that I was really uh
uh sort of missing from uh router specific distribution was the ability to have reserved
DHCP assignments so you could um put in you could tell the router you know a MAC address
and tell you always give this MAC address it's hard to address and at the same time you'd also
provide a name for that device and then um you could also I would you could set up the DHCP
assignment and also set up uh a local DNS server so um so I wanted to do something like that
with open VSD and I'll always think it's possible I just got to know how to do it and set up
some configs for and it's um I got tired of kind of doing it manually I wanted sort of an
easier way to do it um so I set up uh I didn't HBR episode about this um 3187 so if you want some
details you can go back and listen to HPR 3187 but uh synopsis is uh would make a CSV file
that would contain a MAC address, IP address and a host name and then we'll have that
and playbook that would read the CSV file and then uh write the configs the appropriate config
files for open VSD uh and then uh restart all the services so now um instead of a good week
I just have the CSV file I could fill out uh IP address MAC address host name and then we're
getting the DHCP reservation and the local DNS so when um we're using open DNS to do content filtering
I'm gonna I'll go to the window how open DNS works but you can you can it's a DNS server
that you can say you can limit specific content kind of like piled us with head that um it's uh
better interesting product if you know that's something you're interested in but um so I had
a lot of open VSD router uh set up a uh caching DNS folder um so when you know client on the
network um requests uh uh the DNS well has the DNS request um you know it would
return the cache result if it had it and if not it would afford a team um open open DNS um
cache servers DNS resolvers so wanted to make sure that um you know no no no nothing on the
internal network was able to to pop pass uh the DNS server on the router so I had some
pf rolls to capture any um in traffic on 453 uh that wasn't going to localhost uh redirected
from where it was going to to the localhost uh and then it would um look look up to the requests
from open DNS um I would also use the router to limit uh internet access to certain
times for certain devices so uh the open BSD firewall is called pf and pf has something called
tables that you can store IP addresses in and you can load IP addresses into the tables um
at run you know at run time uh I put them in the config uh uh or you can just create the empty
table and then add and remove IP addresses later um so what I did was have a pf roll that
um would block all traffic to anything in this pf table and then one of Chrome jobs um
that would load or unload IP addresses um based on Tom so uh you know at specific Tom's
I could insert specific IP addresses into that another table and it would uh
cross the internet access for those devices and then later whenever it was Tom or have another
cron job that would uh in key out the pf table or really good um so uh a couple of years ago
I started running into some problems with this installation of open BSD um and I bought the
APU from PC engines uh bought a 16 gig um MSA decor uh for uh and that was fun for a long time
but um open BSD changed um how they use some of the partitions and let me say that
a different way open BSD introduced some new security measures uh specifically like they were
rebuild uh the the kernel or pre-link the kernel um every time it booted up so every time you boot
up the kernels it's a little bit different um and that helps mitigate uh some uh vulnerabilities
that depend on specific things of the kernel being in specific memory addresses um but um um
downside of that is that uh and it used a lot of disk space specifically in the slash user um directory
so whenever a first installed open BSD um I always use whenever installed in BSD it has an option
to auto partition and I always use that after they they know better better than me uh what but
well the defaults will open BSD are always pretty same so I stick to them where I can
um so but because of the kernel re-linking and the extra space that's being used um during the process
uh the sort of minimum requirements for slash user have crumb and um the original
partitioning scheme you know by this point it's five years old uh is it's not it's not big enough
to um support all of the everything that needs to go in slash users or slash users too small
so um one thing I had I had done um over the last couple of years as I had some partitions
that were the auto partitioner um created that I wasn't using um there's a couple of partitions
that that you need if you want to um rebuild open BSD there's a source directory and an object directory
uh that are separate partitions so I would convert those like I would I would take
user obj and convert it to um user local or something like that or user share and I did that a
couple of times and it saves me um from having to uh re-partition because you know user was getting full
um but whenever the latest release of open BSD came out you know it's said sort of as a minimum
you need two gigs slash user and um my slash user partition was only one one gig um so it
didn't didn't create them it didn't meet the minimums probably can have forced it through the
update process but I wasn't gonna do that so I knew that I was going to have to at least
re-partition um because I had 16 gigabyte to what had been plenty but I needed to re-arrange it on
the disk um and so to do that I'm really the best way to do it safe is what to do is just um like
wipe and you can pay if I say um I figured if I'm gonna do that as well go ahead and buy uh a bigger disk
um and then start working on the real project so about a hundred and twenty gig and say
it covered from from PC engines though and um added ship to the house um and then I started
rehearsing practicing um setting up open BSD from scratch um it's just sort of match what I had
now um and uh you know like like I'm talked about I made a lot of you know a lot of neat things
that I would do um with the router not even went up you know when I did the upgrade I didn't want to
miss any of those unique things so I started digging around um in uh slash at the or in any
place else and you know looking in cronzo's and stuff like that trying to gather all this stuff up
um and so I decided to um make a Ansible Playbook uh it would do you know I I found all these
unique things that I'm at unique changes that I made to the open BSD gather them all up put them
in a Playbook uh in that way um whenever I reinstalled open BSD I would have some um
I would have Ansible to do all the reconfigure for me and then so to practice practice it
um built uh open BSD virtual machine uh the um network adapters in uh the PC end is machine
for uh Intel uh network adapters and open BSD names the network adapters by the uh driver
and Intel uses the MM driver so the network devices are EM-0, EM-1 and EM-0, EM-1 and EM-2
um so when I built the virtual machine you have the normally I would use the for I oh
network adapters but I you know I had the option of using the like an emulated Intel and
network adapter so I did that that way the network device names of the same because that was one of the
things I had to set up uh was I had to you know EM-0 on the router uh needing to be EM-0 on the
virtual machine that way I can practice all the network configs and stuff same EM-1 and EM-2
so I gathered all this stuff out built the virtual machine uh practiced uh with Font something
that I missed go back and look at the playbook uh over and over again it took me I spent a lot of
time doing this not because it was a lot of work it just took me a lot of uh it took me a little
while the content's myself that I had actually found everything that I needed to change and then
I found everything that needed to be in the playbook so I had this original playbook that I
mentioned and this where I did HBR so a couple of years ago and that took up your a lot of it
but not everything was in there so I built this new one practiced it on the VM for a little
off I mean I'm embarrassed to say it's probably a couple of months but finally I got to the point
where I was comfortable and then I figured that there was something that I missed that I was
close enough that I could fix it all right so I finally work up the courage to start the upgraded
process one thing I wanted to do before actually replace that way is update the firmware like the
bios firmware um I didn't want there to be like it you know any issue that um with a new
OS version that was maybe incompatible or packed in rear or whatever with the firmware so
I did that when we came to update the firmware um open bsd um I asked some really good instructions for
um updating the firmware on the APUs it's in it's in the package, it means it's in package called
flash ROM that comes with a read me open bsd, read me that uh details the process it's it's it's really
simple but I did that when we came to kind of let it begin and then on a Saturday morning uh before
everyone else got up uh uh when in there made one last uh backup of all the convict files and stuff
just in case um took everything apart took the router out uh disconnected it powered it down
uh I just went to the disk out uh put the USB installer for open bsd and booted up
installed it went through the regular installation then uh ran the playbook on there and
man when you believe it it worked the first time uh I was so cautious and careful uh that uh
I don't I don't think I missed anything um so uh I was really pleased with how well the process
turned out uh I'll see what uh I don't know what kind of show notes I'm gonna have uh
kind of just sort of rambling for a little bit uh uh I will at least put some links in there just
some of the projects that uh I was talking about I found some links to IP cop the old sort of router
centric distribution that I was using um and I got some links to a few of the uh PC engines pages
with the there pages about the hardware that I was using and then I'll link to the open bsd
the example for setting up a home router uh and then just sort of an encourage you to um this is
something you're interested in just jump in and do it uh you know there's um there's not a lot of
riff the only risk release uh some of your family yelling at me because of the internet sound
while you're um within the changes but but that's it uh I'll see you next time you have been listening
to hacker public radio as hacker public radio does a work. Today's show was contributed by a
HBR listening like yourself if you ever thought of reporting podcast click on our
contribute link to find out how easy it means hosting for HBR has been kindly provided by
an onsthost.com internet archive and our synced.net on the satellite stages today's show is
released on our creative comments attribution for pointo international bison's.