When we last visited this topic, I’d done the research and decided that I wanted a complete overhaul of my home network. As an internet-only FiOS customer, I discovered that I could ditch the ActionTec monstrosity of a wifi router and roll my own. Hallelujah! The promised land beckoned.
The Universe provided me with an amazing opportunity – two straight snow days in front of a weekend. I knew this was my moment – I’ll never have more unbroken days to muddle through this. Unfortunately a nasty head cold set in at the same time as the snow days, but the lack of work stress plus a steady stream of ibuprofen enabled me to power through. I truly am I hero.
As I write this, I sit on the other side of:
- Receiving and configuring all of the necessary hardware
- Installing Ubuntu Server onto the barebones PC
- Configuring the IP table, DHCP, and DNS settings that will turn it into the screaming router of my dreams
- Running a hard line from the (outdoor!) Verizon ONT into our Family Room
- Cutting over from coax to Ethernet and realizing homebrew router success
In actual truth, the first three bullets were already done about a week ago, I just banged out the final two during the snow days. Sounds easy, right? WRONG. Oh my god it took years off of my life. Nothing, I mean NOTHING, was as easy as the Interwebs made it sound. Improvisation abounded, there was swearing in front of the children, and the house was without wifi for about two straight hours. Settle in.
(This may seem like a cautionary tale, and it sort of is, because what I undertook is not for the faint of heart, or the weak of command line skills. BUT, I’m here to say that it’s totally possible – you just have to be patient and waaaay more conservative than the online tutorials encourage you to be.)
Piece of cake. I opened up my barebones PC, dropped in the RAM and 128GB SSD, and closed it back up again. Connected the VGA monitor, power supply, and USB keyboard, fired it up and away we went.
I initially followed this page to load the Ubuntu Server ISO onto a USB thumb drive, and it totally didn’t work. I blame UNetbootin, and so did the ISO – it even detected that I’d used that tool and warned me that it was associated with weirdness. After a few other aborted attempts I used the dd tool and rdisk to copy the image onto the drive and…it finally booted. I’m a king.
As I next-fested through the installer prompts, I found the next issues – the install kept coming to a grinding halt at the partitioning step. The SSD just wasn’t showing up. I even accidentally partitioned and formatted the USB installer drive before I realized that the other drive had gone AWOL. Ha ha, I said! Silly Doug! But in language that stained my shirt.
After several attempts at the same thing and hoping for different results (we all know what that means), I began to worry that I hadn’t seated the SSD properly, or even that the SSD itself was bad. I opened the little box back up and….I’d put it in the wrong slot! HA HA. Apparently this American Microtrends motherboard has the EXACT SAME SLOT for wifi cards as for mSATA drives. In my haste to get it going I’d totally missed that there were two identical slots, handily labeled on the board. SMH.
Once I’d figured that part out the install was a breeze. But I’d lost a good day in the process. AND, I had decided to set it all up on my desk, far from any hardwire connection. Time to relocate to the family room where that gorgeous ActionTec Frankenrouter is and plug in!
Next stop was to follow the Ars Technica guide to building a homebrew router, courtesy of sysadmin god Jim Salter. I’m no stranger to the command line world, and nano has got to be the easiest CLI text editor ever, so I got through it. I even went the extra mile and headed over to Bigdinosaur.org to follow Ars god Lee Hutchinson’s guide to configuring Bind9 DNS and the ISC DHCP Server. He went into way more depth than Salter did with these services, and I learned a good deal. (I also planted a time bomb that blew up in my face, but that comes later.)
Pro tip: If you’re configuring services you’re not totally familiar with, and you think you may have done a few things wrong, take the time to understand the troubleshooting of these services, including which conf files to edit and where the log files are located. You may even want to explore utils that allow you to poke these services a bit. It MAY come in handy when it’s Go Time. Just saying.
In a nice, easy world, one’s Verizon fiber box (Optical Network Terminal, or ONT) is an entirely indoor affair, easily accessible in a handy closet. Not in my house. I discovered that the box I thought was the ONT is actually just the power supply, feeding power out through the foundation into the actual ONT, helpfully stuck near our AC unit and the garden boxes. This meant I was going to have to run an outdoor cat5e cable from the Ethernet terminal on the box through a hole in the house, then thread it above our new suspended ceiling and somehow feed it up through a pre-existing speaker wire route into our family room. I had done exactly none of this before, although I’ve seen it done a few times.
I made liberal use of the Googles and figured out that drilling the hole is the easy part – fishing the cable through and up a wall is more difficult. I ordered the materials – a 30m outdoor-rated cat5e cable, silicon gel, a 12-inch 5/8″ drill bit, and some pull string for cable fishing. I got the bit so large because I bought pre-terminated cables – I’m not about to press my luck by punching down my own RJ-45 ends, that Hard Mode where I come from.
I discovered to my joy that an old drainage tube was already poking out of a hole in the footer planks of our house, one which I’d cut during basement demo and could definitely yank out. Woohoo, premade hole! Except no, it wasn’t anywhere near wide enough for pre-terminated cat5e with snagless ends. And since I’d also discovered that the board wasn’t nearly 12″ thick, I used a 5/8″ spade bit I had instead of the monster auger I’d bought. Pro tip #2: 5/8″ isn’t wide enough for snagless ends. I’d like to take a moment to mention that all of this involved several trips inside and out, and outside it was a FOOT OF FREAKING SNOW on the ground. So just imagine me trudging with bad knees and doof-boots and you’ll have a picture of why it took me the better part of an afternoon to get this cable threaded through. All while my family watched and wondered why I was putting myself through this ordeal.
After too many hours I had drilled the hole, fished the cable through, pulled it in, clipped it to the outside wall of the house, plugged it into the ONT, and sealed the holes (there were two by now, stop laughing) with liberal amounts of silicon gel. It wasn’t pretty, but it got through. I’m still proud of myself for making that work. In the end, I didn’t need the big drill bit or pull string for ANYTHING AT ALL – so glad I shucked out those bucks.
Next step was to take the cable a few feet over in the ceiling and get it up into the family room. An hour and a half later, I had to call it – the snagless end was again making my life hell, and of course the actual hole that needed widening was right above a header in the newly renovated basement, making it nearly impossible to reach. Also the drill was just a bit too near to plumbing and electrical for my liking. Somehow, after a dinner of fusilli with meat sauce and no wine, I made it work. With my 9 year-old daughter’s help, we fished that RJ-45 end up and pulled it through. And to my great joy the hole in the plaster that my Leatherman’s saw had aggressively enlarged was entirely hidden by the wall plate. (Spousal placation is not to be underestimated.)
Today after lunch I decided to pull the trigger – I called Verizon and had them cut over to the Ethernet port on the ONT. I had already regained access to my balky AirPort Exreme to make sure I could control those settings (turning off Back-to-my-Mac was the magic, mostly, another story altogether), and I was ready to ditch the ActionTec and go with homebrew.
Or so I thought.
The actual cutover worked, and the Linux box got online beautifully. DHCP address assigned, das blinkenlights on the port, and a quick apt-get update showed me I had a connection. Success! Until, that is, any client on our home network tried to get on the wifi. Then: no love. Thus began a two-hour stress-induced bender of tweaking config files, reading online tutorials, and learning a whole bunch of new shit that I really should have known beforehand. Guess what? I’m now way, way better at configuring my own DNS zones than I was before. Nothing like an irritated wife and restless, Roku-deprived kids to kick you into High Troubleshooting Mode.
Here’s what I knew: my clients were getting DHCP addresses, that much was working. I could connect to wifi, but with the “No Internet Connection” message, or “Resolving Host…” endlessly blipping in the browser status bar. To my semi-practiced eye, that could only mean that DNS was not happening. Oh, external DNS was firing on all cylinders – every
ping I did on in Ubuntu worked like a champ – but internally I was forwarding nothing. But, but, I’d followed Lee’s blog entry to the letter! I’d been so careful!
Get over yourself, Macdoug. Without a blow-by-blow account, here are a few things I found out:
- It’s really, really easy to forget trailing periods and semi colons when copying config files – always double- and triple-check your syntax. I found several obvious misses.
bind9 is tremendously picky about syntax, and there are at least 72 different ways to write a zone file.
- lots of people on the intarwebs think they know how to write a zone file, and most of them couldn’t be more wrong.
- Lee Hutchinson, you may know a thing or two, but your zone file examples were a complete and utter disaster. Fie on you.
named-checkconf are fantastic commands that you should always use before you go live with your DNS zones.
In the end what saved me was this page, which walked me through the creation of a basic zone file by copying the template and editing it as minimally as possible. You don’t say – I perhaps shouldn’t have hand-coded my forward and reverse zones from scratch? Kids, pro-tip: DON’T HAND CODE ZONE FILES. Unless you’re an absolute genius with bind and have done this a thousand times. I am the opposite of both of those.
My final zone file looks like this:
; BIND data file for local loopback interface
@ IN SOA ubuntu.<mydomain>.org. webmaster.<mydomain>.org. (
2017021029 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; NS records
IN NS ubuntu.<mydomain>.org.
; A records
ubuntu.<mydomain>.org. IN A 192.168.99.1
;ns IN CNAME ubuntu
;@ IN AAAA ::1
See how simple that looks? Way better than what I had copied down from Bigdinosaur. And, more importantly, functional. Once I had both forward and reverse zones loading happily (thanks to
tail -f /var/log/syslog, another useful command I should have known YESTERDAY) a quick restart and…magic. Router was functional! Devices came back online, wives were Tumblring again, and the children had all the Rokus. And I had to make Spicy Beef Tortas from Blue Apron because it was way past dinnertime.
The takeaway? This stuff is just messy – we’re not all sysadmins or Linux gurus, and it’s the rare geek who really, truly plans his or her way through a process like this. Learning happens when you use the ready, fire, aim method and just muddle through. If and when I do this again, I shall for sure check my confs and zones to see that they load with no errors, and I’ll be SO much better at threading wires through walls. One thing is for sure, and that is that it feels really, really good to have done it all and come out the other side a success. Check out this speedtest:
Well, not long after this it all came to a standstill when I foolishly upgraded Ubuntu and some bug in DNS broke everything. After some troubleshooting (I think, it’s been a minute) I just gave up and reverted to the Verizon FiOS box again. Today we’re at probably 60+ devices, a Google mesh wifi network, Gigabit Ethernet, and that 9 year-old girl is 14 and owns her own iPad that must never, ever be disconnected. So the likelihood of me trying this again is…faint but real. pfSense seems like a much, much more logical option, though.