Networking

Build your own Linux wireless router with ClarkConnect


Having tested numerous wireless routers, I've been unable to find one that met my every need. Routers may offer great security but not support port forwarding. Other devices support port forwarding but provide weak encryption or limited coverage area. In the end, I decided to stop looking and build my own wireless router. Using an old Dell computer, a few wired and wireless network cards, and the ClarkConnect Linux distribution, I built a custom wireless router that offered strong security, great management tools, and plenty of range.

The foundation of my custom wireless router is an old Dell desktop, which was doing little more than gathering dust. The machine has a 500 MHz Intel CPU with 256MB of RAM and a 20GB hard drive. The machine also has a small-form-factor case and relatively small power supply-making it perfect for hiding on an empty closet shelf and easy on my utility budget. Your machine will also need a few networks cards. My router uses two Ethernet network cards and one wireless card. This configuration supports a single wired Internet connection and both wired and wireless LAN connections.

With the hardware ready, you can now choose an appropriate operating system and software suite, which will provide the actual routing and management tools. Before beginning this project, I knew my router would be a Linux box, but it was only after a little digging that I found a great selection of Linux distributions that come preconfigured for wireless routing. I tried several and eventually settled on the "Community Edition" of Point Clark Networks' ClarkConnect Linux distribution.

The Community Edition restricts the number of administrators and e-mail addresses you can create (if you plan to use the e-mail server functions) and lacks a few business-class features, but it's free and should be sufficient for home and small business users. ClarkConnect was easy to install and provided both a router and an advanced server. Once the software was installed, the machine rebooted and launched ClarkConnect's GUI configuration wizard.

During the configuration, ClarkConnect will ask you to specify the Ethernet card for the Internet connection and the card for the LAN connection. You'll also need to specify the machine's IP address, netmask, default gateway, and primary nameserver (DNS), as shown in Figure A. Figure A

ClarkConnect Linux Distribution

ClarkConnect's GUI based installation and configuration

Once the configuration is finished, you're ready to take the router for a test drive. First, disconnect your current router or DHCP server and plug your network cables into the ClarkConnect box. If everything is properly configured, wired computers on your network should receive an IP address from ClarkConnect's DHCP server and you should have Internet connectivity. At this point, ClarkConnect will not function as a wireless router. We will add that functionality through the ClarkConnect Dashboard.

Add wireless support to your ClarkConnect router

During the initial setup, ClarkConnect uses the default settings shown in Figure B for your LAN connection. The following instructions assume that you used the default LAN connection settings. If you changed the default settings, you will need to adjust the following instructions accordingly. Figure B

ClarkConnect Linux Distribution - LAN Settings

Assigning your LAN IP Address for the router

From the ClarkConnect Dashboard, shown in Figure C, you can fine tune the interface, update the ClarkConnect software, add wireless support, and configure advanced features like a Web server, mail server, or FTP server.

To open ClarkConnect's GUI Dashboard and add wireless support, open a Web browser and enter the following URL:

https://192.168.1.1:81/admin

Don't forget to include the "https" and note that the interface uses port 81.

Figure C

ClarkConnect Linux Distribution - Dashboard

ClarkConnect dashboard (The first screen you will see when you log in)

To add wireless support, you must create a free account with and register your installation on the ClarkConnect Web site. Through this account you can access automatic software updates and download add-on modules for your system. Download and install the Wireless Utility from the Add-on Modules section of the ClarkConnect Web site. Once the add-on is installed, you can configure the router's wireless setting much like you did the LAN settings.

35 comments
themoddingden
themoddingden

hi; would a p4 with 256 meg ddr be ok as well with 5 nics in it?

mikesg
mikesg

I've been using ClarkConnect since 0.7 and even back then, it was the most rock-solid server/gateway/router config that I can imagine. The forums used to be much more helpful back then, and now I can't find a lot of my 10 year old posts, but it is definitely the BEST out there. When I started, I didn't know ANYTHING about linux commands, or the OS itself, but within an hour of burning the ISO, I was up and running and have been using it ever since. I've tried different distros for some of my customers but all my customers were back to CC within no time. You just can't beat it. [root@gateway ~]# uptime 19:12:28 up 52 days, 7:12, 7 users, load average: 0.01, 0.05, 0.07 [root@gateway ~]#

drake_fs
drake_fs

Was just wondering if you use P2P on your network such as Torrent. My biggest issue with store bought routers (even reloaded with DD-WRT) is that eventually the amount of connections that Torrent opens at one time brings my network to crawl. I limit the DL and UL on torrent apps to control this, but the number of connections eventually slows down my network. Just wondering if buidling my own router would resolve this issue.

adelacuesta
adelacuesta

I am new with Linux and just hanging around the house with the kids. I am exited in learning linux and exploring my own network with this SW. Just one question in your experience with this setup. I have a Gbit NIC at the host, if I buy a Gbit switch, will the speed will be Gbit too considering all elements has Gbit nics?

vincom
vincom

u make it sound so easy, but only if u have the right wifi card, i had the wrong kind, i was trying the pci card, trendnet twe-423p1, it was a no go. did the belkin work as an access point?

Agent 77
Agent 77

I am SO glad to see this article. I have used a P2 box with Clark Connect Home v1 thru the latest Community distro as a router/mail server/ web server for as long as it has been around. Glad to see it getting some attention in the mainstream. I have yet to use it for wireless though. Haven't had the need, just let Clark be my router and plugged my Linksys wireless to the hub to avoid the need to download a package and configure it all. let the Clark handle all the do's and don'ts and just let the Linksys act as a WAP. Kudos Chris, on the best article I have read here in a LONG time.

laideyusuf1
laideyusuf1

is okay , but i will like hime to expanciate on the wireless config and security

Here2serveu
Here2serveu

sme server, engarde secure are other canned solutions. Pick a distro and play is what I say.

BALTHOR
BALTHOR

I can hardly get my new computer to work.(It misspells a lot)

qhartman
qhartman

Specifically what wireless card did you use?

Neon Samurai
Neon Samurai

Linksys WRT54GS + Tommato Linksys WRT54GS + OpenWRT Linksys WRT54GS + OpenWRT + xWRT Linksys WRT54GS + DDwrt Did you comapaire these types of alternative firmware or only what the vendor's included with there wifi router boxes? That's a serious questions as I'm curious how they compaired and where you found the shortcomings that lead you to build your own rig. While the cpu in the Linksys is too small for an enterprise, it works great for home or small business use. The Linksys provided firmware is pretty minimal but replacing it with OpenWRT or Tommato opens up the complete potential of the hardware. - port forwarding (not limited to ten entries) - dhcp assigned static IP - wpa2 encryption by PSK or Token - network usage tracking and graphing - DDNS clients included (DynDNS for example) - SMTP, PnP What am I missing? From what I can tell, Tommato is based on OpenWRT's router linux distro as a back end so you can add in any extra packages you want including VPN. Heck, I have nmap and some "auditing" stuff on my router for when I just don't want to boot my notebook. I SSH into a prompt on the router and I've got me a *nix box with all the networking. Anyhow, I'd be curious to hear your comparisons or reasons for choosing a full built rig over *fixing* a prepackaged router with real firmware. (note; Now, I'm going to go back and reread the article in detail to see how much I missed the first time.)

Neon Samurai
Neon Samurai

You can get far more resources out of your own rig if you need that much power for a router/gateway. If your using a storebaught, it's probably in the range of 200 or 300 mhz processor and very limited memory. It either can't process the connections fast enough or can't remember enough of them at once I'm guessing. My 54gs/54gl are 200 mhz processors with 300 mhz in a 350n. I'm not sure what the newer routers are offering as I haven't check the specks on Linksys new 600n router and don't have reason to track the other brands at the moment. With a homebuilt router rig, your looking at whatever cpu you choose and as much ram as you feel required. I've noticed similar instances where my network seems to slow but works perfectly afer a router reboot. That's some serious transfer traffic if your choking the router more than once a week.

Chris Torres
Chris Torres

Thank you very much for the comment. I was just starting to get writers block when i noticed my internet was down. I went to the server room to investigate and I seen that the ClarkConnect box was off. It turned out that the breaker that the machine was connected to was faulty. After fixing that problem I started it back up and the network came back online. When i checked the log files i noticed that the uptime on the box was several months with no interruptions and no slowdowns/bottlenecks in the network. I decided something this bulletproof and reliable had to get some recognition and was worth bragging about! As far as the wireless portion of the ClarkConnect goes, it works great. I will say that using the configuration that you are using is better for several reasons. You should get better range having the wireless AP away from the machine. Having the PCI card makes it difficult to get 360 range as the antennae only sticks out of the case itself less than a half an inch. An actual router (in AP mode) gives you the flexibility to hide it up high on a shelf and move the antennae around to clear the case of the router. The only way around this is to use a higher gain antennae on a long pigtail cable! The only benefit with having the wireless on the Clark Connect itself is the control of the wireless security standpoint. You should be able to get similar security on any router by flashing the router to a different firmware. Thanks again for the great comment and I hope you the best with your ClarkConnect box!

Chris Torres
Chris Torres

Thats my favorite part about Linux. There are so many flavors available. I am sure there is always going to be a better solution available so long as the Open Source community is active!

mrogers
mrogers

Hahaha. I know what you mean! I remember my old Pentium 100 (MHz, that is) and how stable it used to be. That thing was a ROCK! I live in the middle of Arizona, and when I was living at home with that computer, most of the time we'd only run the swamp cooler and the core CPU temps would so often climax around 190 degress+ (ohh, and it never misspelled, it just BEEPED when I'd mess up.)

Chris Torres
Chris Torres

The wireless card that i have found to be most effective in Linux distributions is the Belkin 802.11g 54Mbps Wireless PCI Adapter from Walmart. There is only 1 version that works out of the box though, and thats the version that uses the Atheros Chipset. If you look on the bottom of the box you will find a version number. Version 5100 is the correct version. The distributions that i have tested this card on are Suse 10, Ubuntu 7.04 (Feisty) and Clark Connect. The ClarkConnect website has a complete list of supported devices. Click the following link for the list. http://www.clarkconnect.com/wiki/index.php?title=Network_Settings_-_Wireless_Card_Configuration#Supported_Hardware I will be posting a blog in the next couple of days with details on wireless cards and Linux. I will post the link to it when it is published.

Chris Torres
Chris Torres

Great question! I have in the past tested alternative firmware installs on various routers and have found them to be an excellent choice in finding the right features. This method would be perfect for me as i have a small network configuration at home. The features that are available in several of the applications are robust and full of the same features that Clark Connect has to offer. The only problem that I always ran into was a performance slowdown. After time it would always seem that the bandwidth would slow down even on my small 5 Mb DSL connection. The ClarkConnect that I implemented to the network has been running strong for over 6 months now and i have not noticed any bandwidth bottlenecks using it. The added benefits of a ClarkConnect is the use of its additional server functions that are built in. Features such as the Email, Web, and FTP server make constructing and configuring a multi-purpose server a breeze. They are much easier to configure than the traditional non-GUI based install and configurations of most LAMP based server installations by using the web GUI configuration of Clark Connect. DNS caching, and memory utilization make use of whatever size hard drive and the amount of RAM that is in the system. You will notice that the RAM usage regardless of the amount in your system will be at a constant 90+ %. This is the utilization of the caching that ClarkConnect does to speed normal operations up a bit. I would defiantly like to test the Alternative firmware method out more! What have you found to be your favorite configuration?

pccowboy
pccowboy

Great article. Which wireless card did you use? I understand there are only a couple that work with CC. I just started using CC and love it. Wireless would be nice.

Dumphrey
Dumphrey

the Netgear MA311, but not aversion. This is a card I had trouble with in Linux, as versions 1-3 worked out of the box, but I had version 4... If you dont mind ordering online, the Edimax cards are well supported by Linux. They use the ralink chipset.

Chris Torres
Chris Torres

MikroTik makes some nice routers and boards. I know of a few WISP's that use MikroTik boards and software. They seem to provide a nice solution for a one stop shop for all of your wireless needs. I have not personally tried the software that they offer but it looks like it is pretty well complete. I will have to test that out sometime!

mford66215
mford66215

GOTTA go get yourself a download of thedude from mikrotik. snmp monitor, pretty graphics, etc, etc, etc... I have a monitoring box that uses thedude's network map as a logon screen saver, lets the boss types have a pretty dashboard of the network without being able to engage destructo mode.

Neon Samurai
Neon Samurai

I can see that being the case. I?m generally running five or less IP against the router at a time so I?ve not noticed throughput degrading. That does make me think that I need to reboot my router more often though. On the other hand, building a full rig would give you the higher end hardware support closer to an enterprise router?s specs. For firmware, I?ve been having great fun even with the few weeks long occasions I?ve right borked my linksys and had to use the dlink backup in its place. The last was a bad firmware upgrade between major versions that left me with a GUI-less setup. I?ve been spoiled where networking and GUI tools in concerned so it?s not previously been an area of reading I?ve focused on. In comparison to firmware, here?s what I?ve found so far: I?m limited to the Linksys wrt54gs router since I have one and no reason to replace it yet so everything is from the perspective of that particular collection of hardware parts. Wrt54gs + Tomato Tomato is probably the big name in firmware right now from what I see (even had mention of it in MaximumPC). It runs on a limited number of routers primarily of the Linksys family (last time I looked). Install is as easy as any firmware update and presence you with an https accessed set of admin forms. The features set is good including statically assigned DHCP IP, dynamic DHCP ranges, usage graphs and such. Behind the GUI is a linux distribution (OpenWRT I suspect) which can be accessed through ssh if you want to play at the command prompt. On the down side, updates seem to be provided as a newer firmware download rather than a package update system like any desktop distro provides. If your router is on the short list for compatibility and you just want something to stuff in it and run then this is where too start. Wrt54gs + OpenWRT + Xwrt This is really my preferred setup though I?m not using it currently. OpenWRT was the first alternative firmware I stumbled across. It?s a linux kernel wrapped in a distribution specifically for routers. Xwrt is a third party graphic interface for administration. OpenWRT has a long list of compatible and ?we?re working on it? routers so it?s more flexible than Tomato in that regard along with a few others. The first install I did was using the Xwrt provided OpenWRT firmware rather than the OpenWRT provided firmware and it?s more basic GUI forms. You can access the command prompt easily through SSH and manage packages from central repositories with ipkg including package updating (ipkg ?update, ipkg ?upgrade). Updated packages are frequent. I?m not currently using OpenWRT due to the newer distribution version not including a GUI setup and Xwrt?s website not currently providing a firmware based on the newer distro. That may have changed as I?ve been busy with other things and haven?t checked the sites for newer versions. I?ll be back to this firmware as soon as I stumble across a good install with GUI due to the frequent package updates indicating a vibrant developer community. Additional packages are available for everything from nmap through web servers to network monitoring and security software. If you like to tinker and want something as flexible as a desktop distro then OpenWRT is where you should look. If configuring *nix through console is your happy place then the newer version (kamikaze?) is worth a look. DDwrt This also has a good list of compatible routers. Based on website images, it has a good user interface and list of functions. I didn?t have much luck installing it in my case but then I really didn?t take the time to properly understand why it wasn?t working since I had the above two firmware providing the same functions. I can?t comment on updates and additional packages but it?s a *nix router distro so they must be available. DDwrt is worth a look. The one thing I really like about DDwrt is that they have the only website which links to six or more other firmware; ?if ddwrt doesn?t work for you, try one of these other alternatives?. As a result, ddwrt is also the website you should start at to explore the other firmware they can direct you too. I?ve read over the websites for two other wrt54gs specific firmware linked from DDwrt but they are a little obscure and in one case, seem to have stalled as far as development goes. As a side note, I'm currently building a LAMP server and found minimal Linux, http/https, PHP, MySQL and ProFTP to be pretty easy to setup though those later three took some learning (I'm used to the Windows way of doing http, ftp and email). I'm having some challenges getting the mail server functions setup on the server currently. To make things more complicated, the webserver sits behind a router in the office. forwarding ports for http/https and ftp was no issue but I'll be doing more reading to get email functions working and acting like they are outside the network.

Chris Torres
Chris Torres

I used the Belkin Wireless G card. I found this card to be the most compatible with several Linux Distributions. Any card that you can find that has the Atheros chipset should work fine. The least expensive card that i found at Walmart just happend to have an Atheros chipset. NOTE: not all Belkin 802.11G cards contain the Atheros chipset! In fact they have serveral versions available that all utilize a different chipset. Read my 802.11g pci for linux article at the following link for more information on finding the correct card. http://blogs.techrepublic.com.com/wireless/?p=128 Good luck with your new Clark Connect, I am sure you will be very happy with it!

Neon Samurai
Neon Samurai

Encase you can spot where I'm going wrong. I have TheDude running on a Win32 box. When I use the discover network function and enter my base IP it ends up displaying every possible IP on the generated diagram instead of just the IP with actual machines behind them. The first time I ran it everything went perfectly; five machines booted, five IP shown with machine types correctly identified. It's only run a clean network discovery that first time though. Now it just scrolls down the grid paper adding a machine diagram for each IP; 192.168.5.0 (added, shown to be down), 192.168.5.1 (added, shown live), 192.168.5.2 (added, shown live), 192.168.5.3 (added, shown down), 192.168.5.4 (added, shown down).... and so it continues for fifteen to twenty minutes adding ghost machines. I can't find an "add only live machines". I've tried scanning by identified services and by the other option both with the same dirty discovery results. That first time it ran, I was sold. It's a great bit of programming but either I manually add my hosts (not a solution if I use it for auditing client networks) or it remains unusable. Have you seen such a result from it before and if so, any tips on how I can run a clean network discovery?

Neon Samurai
Neon Samurai

Only because it is Linksys and I've had to learn about the hardware, I believe the 54G/GS models retained the smaller memory but the 54GL (54G-Linux) was produced specifically for the firmware flashing crowd so it was released with the higher storage and memory though the same humble processor. After having my 350n drowned with the only effects seeming to be resetting everything back to factory defaults; I'm pretty darn impressed with that appliance. My guess on the Wifi: It's still a Linux kernel behind Clark so you'll want to stick with generally friendly wifi cards unless Clarkconnect has a more official hardware compatability list on there website. (Mandriva's list is my first visit before any hardware purchases) With NDiswrapper, your going to be missing any advanced features. It works as a band-aid to get wifi working but it will never support any of the more advanced NIC modes like "monitor" so Clark would loose any functions not related to basic connectivity. Your note 2: I had the same problem with my new motherboard and it's two onboard wired interfaces. The back does not label which is NIC0 and which is NIC1 so when the cable get's unplugged it's a brief game of "guess lucky or reboot" while I check for the BIOS "network cable unplugged" error on the activate NIC. The labeling on the physical routers tend to be ok from what limited I've seen. The front lights are labelled by port number. On the back, the WAN port is set seporate from the internal ports. That raised or imprinted plastic label can be hard to spot under each of the ports though. For me, the WAN port is seporate so I mostly just guess at which of he back ports is what number then confirm with the front indicator showing the connection.

Dumphrey
Dumphrey

I would not put it on an exposed web/mail server, but for a machine behind a firewall I feel comfortable doing so. And with its "only from" ACL its probably safe for DMZ usage. I don't remember reading anything anywhere about the security of Webmin.

Dumphrey
Dumphrey

discovering the amount of ram and flash available, let alone actual throughput... If I rememeber correctly, the WRT54?? line has fluxed from 2/4 to upwards of 8/32 With sustained throughput of about 50 Mbits (lan to wan nated). I would like to see this info on the box, instead of having to scour forums to discover.. and then try to find the right version in the store... Note: Has anyone tried the Clarkconnect wireless addon? and know if there is a compatibility list for wireless pci cards? Is it just a ndiswrapper package rebranded? I had a bear of a time getting my card to work under Linux (albeit a year ago) and as such give big thumbs up to any thing that improves cmpatibility. Note2: Why do none of the install routines for these types of distros have a little "button" on network set up to blink the lights on the Ethernet interface to help ID them on the back of the box? Maybe I am missing something simple, but eth0 is not always the top card.

Neon Samurai
Neon Samurai

There are few machines I don't put Webmin on but generally, if it's going to be a Linux distribution or BSD, Webmin is going to be on there. The only down-side is having yet another network port hanging open. Webmin's built in settings help this though with "deny all, allow from #.#.." configurations though.

Dumphrey
Dumphrey

adds a decent amount of web based config for many server packages. Good stuff.

Neon Samurai
Neon Samurai

I learned that this week actually. Most stores are selling hardware version 8 while Tomato will not currently work with versions 5 or greater. That is only the 54g/54gs routers though, the wrt54gl router works fine with Tomato according to there website. You can also look at DD-WRT based on the openWRT back end. The dd-wrt website clames to work on the newer wrt54g/54gs routers though the install process is a little different. I'm starting to look at the wrt300n as a replacement for my old 54gs version 1 now.

vincom
vincom

only version linksys wrt54gs v1 to v4 are reliable enough, they can use the linux firmware, newer versions, i believe, dont support linux firmare.

Neon Samurai
Neon Samurai

I'll be stuffing Clarkconnect into a VM this week. Right now I'm using Mandriva mostly out of familiarity and the great GUI config tools since the client also requires admin control. (ssh/X forwarding is so much nicer than VNC) The eventual plan is to have two servers hosting client domains, if the primary box in the office looses network connection then the DNS will flip over to the redundent server in my basement. The two locations are a hundred km apart so we hope to get high up time out of the natural redundancy of tcp/ip though the magic part of the trick will be the DNS config. I'll have to confirm if my port 25 is getting blocked. So far I've been checking it by running nmap against my dyndns. For testing, I've forwarded 25, 110 and the imap/imaps ports. So far, I've been thinking the glitch was in the server naming and mail config that tells it if a recipient is local, remote or to be ignored. After I confirm that, I'll also need to make sure I'm not getting blocked by a non-forwarding recipient server.

Chris Torres
Chris Torres

Thank you for the detailed descriptions of each setup! I had to save that list for a reference because I'm sure I will eventually be looking into doing something along those lines for a personal setup for myself as well as some friends. Personally I am a big fan of the Ubuntu distributions, and I have found that the Ubuntu Server Distro is a great LAMP solution. Very easy to install and although it is a non-GUI based O.S. as are the other LAMP servers, it is not too bad to get going. If you are looking for a Linux box to do your LAMP type server functions, try out an install of Clark Connect but leave out all of the routing functions. You will be left with an awesome GUI based web/mail server (plus any other server type that you choose to install with it) all in one. If you do decide to give this a try, let me know how it turns out for you! For your email functions you want to make sure that you have the following ports open and forwarded to your email server: 1) Port 25 - You will need this open and forwarded to your email server, however if you are not able to see it from the outside, your ISP may be blocking it! As an attempt to lower Internet Email spamming, most ISP's block port 25 especially for a residential Internet connection. Once you have port 25 running and broadcasting to the Internet, you can try running a port detection application or a webpage such as http://www.canyouseeme.org/ just type in the ports that you want to check and it will tell you if it can see them or not. Example, try port 25 once your email server is running. The other port that you sometimes need to open and forward is port 110 (incoming mail port), although in most cases this wont be necessary. Good luck with your servers!