Your Router Is Just a Computer — So Build One

March 30, 2026 · 5 min read · linux · networking · diy

The US government just effectively banned the import of new consumer router models from outside the country. Whether or not the policy sticks, it raises a question worth asking: why do we pay $200+ for locked-down boxes running firmware we can't trust?

Here's the thing most people don't realize — every router is just a small computer running Linux under the hood. And you can build a better one from hardware you probably already have.

Why Build Your Own?

Consumer routers are notorious for:

Abandoned firmware with known vulnerabilities
Backdoors that manufacturers never fix
Artificial limits on connections, bandwidth, and features
Forced cloud accounts and telemetry

A DIY router gives you full control. You pick the OS, the firewall rules, the DNS, the VPN — everything. And it's not some exotic hack. People have been running Linux routers for decades.

Routers are all just computers after all. — nbailey

What You Need

Almost anything with two network interfaces will work:

Mini PC — best option. Fanless, low power, purpose-built. $50-150.
Old laptop — grab a USB Ethernet adapter for the second interface. Free if you have one lying around.
SBC (Raspberry Pi, etc.) — works but limited by USB bandwidth for the second NIC.
Old desktop — overkill but works great. Add a $10 PCIe NIC card.

The original author runs a Celeron 3205U dual-core at 1.5 GHz — a chip most people would throw away. It pushes 850mbps on wired LAN and 300mbps on Wi-Fi without breaking a sweat.

Quick Setup Guide

The basic architecture is simple:

Internet (WAN) → [NIC 1] → Linux Box (routing/NAT/DNS/firewall) → [NIC 2] → LAN switch → Your devices

Step 1: Pick your OS. Debian or Alpine Linux are both solid choices. Alpine is lighter if you're comfortable with it.

Step 2: Enable IP forwarding.

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/99-router.conf
sysctl -p /etc/sysctl.d/99-router.conf

Step 3: Set up NAT with nftables.

table inet nat {
    chain postrouting {
        type nat hook postrouting priority 100;
        oifname "eth0" masquerade
    }
}

Step 4: Run a DHCP + DNS server. dnsmasq handles both in one package. Or go full nerd with ISC DHCP + Unbound.

Step 5: Add Wi-Fi. A USB Wi-Fi adapter with AP mode support (like anything using the ath9k driver) lets you run hostapd for your own access point.

Go Further

Once you have the basics running, a Linux router unlocks things consumer routers can't do:

Pi-hole or AdGuard Home — network-wide ad blocking at the DNS level
WireGuard VPN — access your home network from anywhere
Traffic shaping — prioritize gaming or video calls with tc
Intrusion detection — run Suricata or Snort for IDS/IPS
VLANs — isolate IoT devices from your main network
Custom logging — see exactly what every device on your network is doing

The Real Point

This isn't about replacing your router tomorrow. It's about understanding that the devices we trust with all our traffic are just computers we've decided not to think about. Taking back control of your network layer — even partially — is one of the most empowering things you can do as a builder.

And if the import ban actually hits? You'll already know how to build something better than anything on the shelf.

Full tutorial (with photos of some gloriously janky setups): nbailey.ca/post/router

Building weird stuff with Linux? I write about it.

z3n.iwnl

linux networking diy router firewall