During the process I learned a lot about networking. In the past I have always been able to avoid iptables, but this time I could not. I bit the bullet and decided to read up on how iptables worked instead of just blindly copying and pasting commands and crossing my fingers. What did I learn? iptables really aren't that difficult conceptually, they're just not explained well by most tutorials on the internet. I won't try to explain them in detail in this post. Here is a link to a site that explains them really well. Specifically, see section 3 for details about how packets actually traverse iptables. Reading that section first will help you understand the commands that you will input later.
Here is a basic list of functionality that my router needed to have in order to be a viable replacement for my current SOHO wifi router:
- NAT routing
- firewall
- DHCP
- DNS
- OpenVPN
Additionally, my router is configured to handle the PPPOE connection to my DSL provider. This step is only necessary if you have DSL or some other service which uses PPPOE to connect. As a bonus feature, I also set up a script to automatically update dynamic DNS for the current external IP address of the router.
First, I recommend configuring your new router without exposing it to the internet. Plug the WAN port of your new router into your existing LAN. Then plug another computer into the LAN port of your router. This way you will be able to test all of your configurations without taking down your internet connection.
First, I recommend configuring your new router without exposing it to the internet. Plug the WAN port of your new router into your existing LAN. Then plug another computer into the LAN port of your router. This way you will be able to test all of your configurations without taking down your internet connection.