Raspberry Pi Router Firewall
I built a Raspberry Pi Router Firewall. I’ve been using it on my home network for years. It has been up and running since at least 2014 and I’m writing this article in 2020. It looks like I actually initially installed the OS on January 7, 2014. Today is April 14, 2020. It still works great.
Specifically, I used the original Raspberry Pi 1 Model B. It is still running an old version of Rasbian. Here is a screenshot:
How does that work with only one ethernet port?
It works great. I have a USB ethernet adapter installed to provide a second ethernet port.
One downside to using a Raspberry Pi as a router is that it has limited speed. The USB Bus itself is actually what limits the speed of the network. This is the case for both NICs. Even the builtin NIC connects to the SOC throught he USB bus limiting the speed to about 300 Mbit/s. Even though one of the NICs is gigbit NICs it won’t ever really be able to reach that speed because they are both limited by the USB bus. This isn’t a huge issue because my ISP is really going to be the bottle net for anything going out to the internet anyway. For internal communication on my home network I go through a gigabit switch so local traffic won’t go through the router anyway.
Here is screenshot of the interfaces on my Raspberry Pi:
Here is the mii-tool output:
One other limitation would be if you wanted to run an IDS like Snort. You might want a bit more power to do something like that.
Raspberry Pi Router Firewall Setup
I’ve secured it to the inside of a plastic bin with the other componenets using zipties.
TRENDnet USB NIC
I still have the link for this in my Amazon orders history. It looks like they have updated it a bit. The first thing I notice is that the color is different. Here is the link:
Netgear Gigabit Switch GS108
I litterally pulled this out of a dumpster. The box was still sealed in plastic wrap. I was walking by and just happend to notice it. Now it powers my internal network. In the picture you can see only four cables plugged in. One of those is the uplink to the Raspberry Pi, another is my Linux desktop, another would be my NAS, and the last one is a printer. Currently my Windows gaming PC and backup NAS are both physically disconnected from the network.
For the OS I just installed Rasbian to keep things simple. I did the basic stuff:
- enable forwarding in the kernel
- enable IPTables forwarding rules
- create IPTables rules for specific ports
- probably a few other tasks to lock it down