DIY a Manjaro Desktop to function as a router - possible?

I know for the fact that my local telco supplies China brand router to customers, and they are able to access my local network through the backdoor built in the router.
I have physically witnessed such event taking place.
I accessed the router menu, and the router has a customized firmware, and I see no option to disable remote access by the telco.

Options available:
While there are other telcos available, they are all using same China brand routers, so it seems like I would have to change the router to non-China brand to block unsolicited remote access.
However, a good wireless router is as costly as a top end CPU here.
And while researching, I came across the idea about DIY router using old desktop parts.
Since I’m building a new desktop, I am wondering if I could integrate the function of a router into my new desktop, by merely adding some extra parts (while not exceeding the cost of a wireless router).

I would like to know:

  1. I’ll be using this “desktop-router” for video remuxing, so I’m hoping I can use Manjaro as OS, instead of using those dedicated router OS. Can this be done?
  2. I only have 1-2 devices that need wired connection to “desktop-router”. And generally consumer grade motherboard has 1 network port. I presume I just need a network card that has 2 network ports for such setup?
  3. In the event that I need more wired connection, will adding a network switch downstream address my needs?
  4. Would the wireless antenna in consumer grade motherboard, suffice to act as wireless router? Or should I be concerned that the bluetooth connection in the antenna will interfere with wireless networking?
  5. What networking software would be needed / recommended for such setup?

Many thanks in advance.

I would not do it in a rolling release distro. In fact, not even in a normal distro. If you really want to use PC for routing, there are special distributions, like Pfsense for example. A hypervisor and a couple of virtual machines - one for pfsense, one for manjaro, one for web or storage server, is the way to go if you want a hobby server room in your home.

1 Like

Hmm, this is something I have not thought of.
If pfsense is run as VM, would that affect the latency of the connection?

Alternatively, would it be better to pause software update?

I do not know about a classic VM. What i really meant is a hypervisor on bare metal, not a vm in host os. Both are possible of course, i personally have not done it.

You cannot pause updates on a rolling release distro - it will break with a bang in a couple of months.

Does KVM work in the same way?

Probably. I wasn’t the networking guy when i worked in a ISP back then, i just listened what weird and less weird experiments they do…the chief of technical support had a whole rack server at home…for “exercise” purposes…
Have not done it. I have only done openwrt stuff. If i had to do home routing the complicated way i would probably go Mikrotik. Or Pihole, or gl.inet, or raspberry pi with something. Something with smaller form factor.

Do you run Openwrt on Hyper-V?
Is there any installation / usage experience you can share?

If you want to have a router do yourself a favour and buy a router. That’s all there is to be said here.

I appreciate you giving me the most diplomatic way to say “I dun know, i dun care, f*ck off” in a public forum.
Since you intended no contribution, can I politely ask u to keep away from my posts?

1 Would not mix something as special as a router/firewall/gateway with a workstation. This will cause challenges and issues.
2 That or combine with a switch to have more ports
3 That should work fine
4 If the antenna/chip can function as an accespoint and have enough reception (not al can iirc)
5 Something designed and built to do that job, not a desktop os.

See if there are some low cost devices that can do the task dedicated, if you don’t need 1 Gb/s + most hardware with 2 network cards will do in a pinch and there is something to choose. There are options like openwrt, pfsense etc that run on a variety of hardware. Sometimes on old hardware that is cheap to get at a flea-market / 2nd-life shop? (This will differ where you live I suppose, here lots of working hardware is thrown away, mostly because it is old, not because it does not work anymore)

edit: I suppose what I wrote above is the longer version of the post zbe made.
You assume that zbe does not care, but zbe does care and wants you to succeed and proposes you get the best solution for your stated problem, as Theo and I also propose.

On the contrary. My contribution is the only valuable thing you’ll get out of this whole thread. (includes other variations by others of the same thing)

Sure. I will make some popcorn and enjoy reading this though.


I guess I could also add an answer to your question: Yes, possible.

Set net.ipv4.ip_forward=1, add some routes and some iptables rules and you have a router.

I think both @Teo and you have proposed a new approach by using Hyper-V.
Same as Teo, I’m no networking guy, and I’m not familiar with Hyper-V as well.
I’ll look for more info on this, and see if the Pfsense / OpenWRT would function as intended on Hyper-V.

At the mean time, any suggestion and tip on how-to, or other alternative, are highly appreciated.

Hyper-V is a technical solution that we do not propose if I re-read what was written. Using a bare metal hypervisor to run the router function along side some other os with another function is an option, look at proxmox as an example, I’m sure there are others. In combination with desktop functionality, this is hard or simply not possible.

There are options for the situation:

  • Use a desktop os with more then one networkcard & wifi adapter as a router
    Advice: do not do this with a desktop os.

  • Use a dedicated piece of hardware and software for the router role
    Advice: This is the way to go

Some ideas for the dedicated router option, there are more options then this.

  • Get a ubiquity set of hardware and wifi acces point
    Cost: probably a lot, for the full stack 3 things are needed iirc.
    Will it do what you need: Yes, even looks pretty if you want your network gear to show itself.

  • A pfsense solution Official pfSense Hardware, Appliances, and Security Gateways
    Cost: probably not as much as the ubiquity stuff, can be run on hardware procured elsewhere.
    Will it do what you need: Yes

  • Openwrt solution
    Cost: probably less then a pfsense soltution depending on the hardware you can get
    Will it do what you need: Yes

  • Cheap consumer router
    Cost: There are 50-75$ routers
    Will it do what you need: Probably some functionality might be missing, it might be not as resilient nor as stable or perform as well as the other options. It might be possible to run Openwrt or pfsense or some other open solution.

  • A mainstream consumer router
    Cost: more then the cheap router
    Will it do what you need: Yes, It might be possible to run Openwrt or pfsense or some other open solution.

  • Leftover pc parts
    Cost: depends
    Will it do what you need: Yes, and you will learn something doing it.

Do research, compare, learn :slight_smile:

1 Like

First, my gratitude to @Hanzel for your time and efforts to gather these info, not to mention how organized it is presented.

I think my original idea has been “veto” - primarily cuz it involves a desktop OS.
I’m curious on the reason for “veto”, is it due to the complexity in setting up Pfsense / OpenWRT on Hyper-V, or the potential impact on network performance due to involvement of Hyper-V?

As mentioned in my 1st post, I was thinking of adding “router” function to a new desktop project, without incurring cost more than a new router.

So, with people / guru “veto” this idea, it would be wise for me to consider alternatives.

In that respect, would flashing a consumer router with OpenWRT, provide better security that factory firmware?

You’re overcomplicating things, I think.

What I would do in your situation, is simply to use a typical home router; a Billion branded one, for example, that might often be provided by an ISP; or in any case, are generally more affordable. Configure the router with security in mind, and… done!

If I was particularly paranoid about security on Linux, I might also configure a simple firewall on each connected machine - GUFW, for instance, and configure that as an additional layer of security. That is all. Cheers.

Yes - your ISP may have maintenance access to the router - which most probable is part of your contract.

I have been there - building a router/proxy using old hardware - and I can tell - it is simply not worth the effort - it will be a never ending maintenance project.

Buy a reasonable quality product with a good maintenance reputation.

A couple of brands I have used - in no particular order

  • Netgear
  • Linksys
  • Zyxel
  • Cisco
  • Unifi

To an earlier question: i have only done Openwrt on a classic routers (MIPS/Arm).

Once again, i would advise against such a project for all practical purposes. If one wants more tinkering at home - there are routers with openwrt support of mikrotik for that.

Using an essentially desktop grade machine with x86, even with the right software like pfsense on esxi or similar, is also not wise performancewise. And after buying decent switch, lan cards and wifi cards it is also more expensive. Such a project only makes remotely any sense for learning, like if you are going to make yourself acquainted with the basics of networking, learn CCNA or something.

this depends on the existing hardware he has to create a diy-router. there are nice solutions using a thin-client or raspberry/raspberry-clone. the main focus should be the power-wattage of the diy-router-system. something up to 20 Watts is is a no-go if it’s an elderly pc where the power-supply is several 100 Watts .

p.s.: such a project get’s interesting if the diy-router is combined with an diy-nas (that is very easy with an thin-client) and in combination with one or two hdd’s with a large capacity.

1 Like

Actually, this is my plan.

My new project actually involves using a desktop that can:

  1. perform daily video remux project.
  2. p2p
  3. simple NAS over local network only.
  4. routine HDD maintenance.

Since this desktop would be powered on 24.7, I was wondering if it is feasible to “add on” router function, thereby saving some costs on getting new router, which is quite costly here.

I’m very thankful to all the gurus who have contributed your thoughts, and I shall explore the directions you have pointed.