Hello selfhosted.

My router just burnt up and instead of buying a new one, I’m thinking of turning my own built NAS/home server into a router. Is this possible?

The server in question is a normal computer running debian, where I have a few disks in RAID and host some web services. The motherboard only has one RJ45 port, so my guess is that I have to at least get a network card that supports 2 ports. I’m no stranger to linux but physical networking is not my home field, though I’m very interested.

If someone could point me in the right direction, I would be more than happy.

  • talkingpumpkin@lemmy.worldEnglish
    13·
    1 month ago

    Not sure if others already said this (I seem to see mostly comments explaining how to do it, but didn’t read them all), but, while it’s certainly feasible, you may not want to do that.

    A router is the cornerstone of your network (if it goes down, so does the network) and if you are a self-hoster you’ll probably fiddle endlessly with your home server, and of course break it from time to time… the two things just don’t go well together.

    Personally, I’d recommend getting some second-hand router appliance that can run openwrt and use that (make sure to check the flashing procedure before deciding what to buy - some are easier than others). Or you could get a dedicated x86 machine… probably overkill though.

    • frongt@lemmy.zipEnglish
      3·
      1 month ago

      Agreed. Separate device. If your VM or hypervisor dies, or you misconfigure something, you take your Internet down. Not a fun thing to recover from.

    • Toralv@lemmy.worldOPEnglish
      2·
      1 month ago

      I truly understand this sentiment, and if I ever find it troublesome to maintain, I will do just that, but right now I just want to use this as an excuse to fiddle around haha ;). I don’t run anything high-profile and my server uptime is still on par with the frequent power outages in my area

  • rtxn@lemmy.worldEnglish
    13·
    1 month ago

    You can use OPNSense inside a virtual machine. You can use QEMU or install the Proxmox toolkit over Debian to manage it. I’ve been using this setup for years without issue.

    You’ll have to create a bridge network for the WAN and the LAN interface, connect them to the VM, then configure the virtual interfaces inside OPNSense.

    • Toralv@lemmy.worldOPEnglish
      4·
      1 month ago

      Ah I see, did not think of that. A network card with two ports would be enough right? One for the modem, and the other for clients, which ideally could be a switch, for more ports. That’s possible right?

      • rtxn@lemmy.worldEnglish
        71·
        1 month ago

        Yes, that will be enough. You can also use a single port on the NIC and the one on the motherboard if it can handle the ethernet speed you want.

        This is my network setup on Proxmox:

        vmbr0 is a bridge that has a single port going to the modem. The OPNSense VM’s first virtual interface is connected to this and configured as a WAN interface. Nothing else connects to this bridge as it is exposed to the internet.

        vmbr1 also has a single port that goes to the physical switch. OPNSense’s second interface connects to it as a LAN port, as well as every other VM and container running on the server.

      • glizzyguzzler@piefed.blahaj.zoneEnglish
        1·
        1 month ago

        Add to that, for an extant installation I’d rec Incus for the VM work with its web-ui. You get to keep your kernel, you’re less tied at the hip to it.

        2 port Intel NIC + some switch and your server is a router too. Opnsense’s web ui is great, can be difficult to find stuff but searching gets you there, but most is easy enough and it’s the best web ui + automatic updates for routers out there.

      • frongt@lemmy.zipEnglish
        1·
        1 month ago

        You only need one port. WAN to switch, switch to router. The router routes and sends it back to the switch, and the switch to the LAN. Vice versa for outbound traffic. It’s called a router on a stick.

        Not recommended if you’re paranoid about security, because a malicious client or particularly malformed inbound traffic could bypass your router. For general use it’s perfectly fine.

        • rtxn@lemmy.worldEnglish
          2·
          1 month ago

          Do not do that. You need to set up VLANs and proper separation between them on both the switch and the router, assuming the switch even supports tagged trunk lines. If you don’t, you’re just connecting all of your hosts to the unfiltered internet.

          • frongt@lemmy.zipEnglish
            1·
            1 month ago

            Technically yes, but as long as your WAN gateway doesn’t provide a route, clients will only know how to reach your own gateway.

    • Dultas@lemmy.worldEnglish
      2·
      1 month ago

      Only issue I’ve had with this setup is if you’re running in a cluster and you have to restart the cluster then you run into a deadlock. The cluster won’t start VMs without a quorum and it can’t form a quorum without the OPNSense VM up. So you have to manually intervene.

  • rumba@lemmy.zipEnglish
    9·
    1 month ago

    Personally, I’ve always been a big fan of running the firewall/router/DNS separate of everything else. It’s harder to accidentally make a security blunder and doing regular system maintenance on your hosting server won’t knock out internet to the rest of the house.

  • suicidaleggroll@lemmy.worldEnglish
    6·
    1 month ago

    OPNSense is a great option for turning x86 hardware into a router. That said, I would not recommend combining your router with other functionality. The router should be a dedicated system that only does one thing. Leave your NAS and web services on another machine.

  • Possibly linux@lemmy.zipEnglish
    5·
    1 month ago

    You can but I would strongly recommend that you set up a dedicated box. It doesn’t matter that much what OS it is running but it shouldn’t be the same device running other services.

    • StuffYouFear@lemmy.worldEnglish
      1·
      1 month ago

      As someone who has done their router as both a VM and a stand alone physical box, just do a stand alone box. It doesnt take much to run pfsense

  • ObM@lemmy.worldEnglish
    3·
    1 month ago

    First question. Was your router also your modem? As in describe each connection/device from street until you get to your router. (Do you also know your connection type? Some flavour of DSL, HFC, Fiber?)

  • Avid Amoeba@lemmy.caEnglish
    2·
    1 month ago

    As others have mentioned this is practical with a VM. It might also be doable with Docker, saving some resources.

    • Toralv@lemmy.worldOPEnglish
      21·
      1 month ago

      Sorry I was probably not very clear on one part, I’m looking to run a router additionally to my already existing debian installation. OPNsense seems very nice, but that would require me switching to FreeBSD, which I’m not very keen on right now.

  • ObM@lemmy.worldEnglish
    1·
    1 month ago

    Hey there! Sorry, I got busy with work today.

    I was just noticing that you have plenty of replies. I think you seem to have enough to go on with.

    If you still need anything, hit a reply to this one and I can give you my 2-cents worth of opinion.

  • boydster@sh.itjust.worksEnglish
    21·
    1 month ago

    First thing I’d troubleshoot… Is your router the issue, or the modem that decodes the signal from your ISP?

    Last I checked, router/AP stuff is pretty easy to DIY (OpenWRT, PFsense, etc). But that’s the step after the modem has done what it needs to do.

  • rmrf@lemmy.mlEnglish
    1·
    1 month ago

    I’ve gone down this path.

    You want an archer c7 with OpenWRT. I got one for 5 dollars on marketplace, flashing it took all of 2 minutes, and it kicks ass.