Linux router with 1 NIC?

Phil99 · 4 May 2009 at 09:33

Trying to turn my spare PC in to a router, only problem is that it's only got one LAN card; I thought I had a spare PCI card but it seems to be dead, so only one interface available.

Smoothwall will install with only one NIC, but unfortunately this then assumes that I'll be using a modem.

I'm not entirely sure if it's possible to run two 'interfaces' on one card, but if it is possible can anyone recommend a distro/(easy) setup that will run on the one? The aim is to have a standard router configuration with an 'internet' side and a 'lan' side with some QoS etc. in the middle.

Thanks

growse · 4 May 2009 at 12:46

it's possible to run many interfaces on a single physical NIC, they're called VLANs. Monowall and pfsense I know for a fact support VLANs, but I've never been through the setup process. I imagine it'll be a case of saying that you want VLANs and then assigning the WAN / LAN to VLAN IDs.

You'll need a VLAN-aware switch as well.

Phil99 · 4 May 2009 at 12:56

Ah, ok, seems my switch doesn't support VLANs (Netgear GS608). A second lan card will be cheaper than a new switch so I may as well go down the 'normal' route.

Thanks for the reply

slylittlefox · 4 May 2009 at 19:30

Can you get away with having virtual interfaces? That is, set up eth0 and eth0:1 a la:

Code:

ifconfig eth0 192.168.1.1 255.255.255.0
ifconfig eth0:1 10.10.1.1 255.255.255.0

I've pondered on this question in the past too, as I've got a few machines that would be ideal for a little router, but don't have any PCI slots to fit another NIC.

The other idea would be to use a USB>Ethernet dongle, they're about £10 on the bay

rick827 · 5 May 2009 at 12:24

Yes in pfsense certainly you can create virtual interfaces without assigning them seperate VLANS. You just need to remember they're physically in the same broadcast domain and there's nothing to prevent a device on the switch communicating directly with the Modem bypassing the router. However, presuming its a home setup this wont really bother you unless you want to create a DMZ etc

HTH

Phil99 · 5 May 2009 at 14:57

rick827 said:
Yes in pfsense certainly you can create virtual interfaces without assigning them seperate VLANS. You just need to remember they're physically in the same broadcast domain and there's nothing to prevent a device on the switch communicating directly with the Modem bypassing the router. However, presuming its a home setup this wont really bother you unless you want to create a DMZ etc

HTH

Sounds exactly what I'm after, I don't care if users can change their IPs to access the other network so I'll look in to that further

smids · 6 May 2009 at 22:30

I would seriously just buy a lan card. It'll cost £5 at most and will save all the hassle...

SMN · 6 May 2009 at 23:16

Seconded. You can get a Gig NIC card for like £10 now - not worth the grey hair.

rick827 · 7 May 2009 at 08:10

smids said:
I would seriously just buy a lan card. It'll cost £5 at most and will save all the hassle...

SMN said:
Seconded. You can get a Gig NIC card for like £10 now - not worth the grey hair.

as I've got a few machines that would be ideal for a little router, but don't have any PCI slots to fit another NIC.

smids · 7 May 2009 at 08:52

Thanks rick827 but I can précis text quite well on my own

.

Phil99 said:
A second lan card will be cheaper than a new switch so I may as well go down the 'normal' route.

Might be worth looking at post 3 and not quoting someone who is not the OP.

rick827 · 7 May 2009 at 09:01

Yeah sorry, was a bit pedantic of me

slylittlefox · 7 May 2009 at 11:35

rick827 said:
Yeah sorry, was a bit pedantic of me

And you quoted me, not the OP

smids · 7 May 2009 at 14:07

rick827 said:
Yeah sorry, was a bit pedantic of me

No, actually I apologise. Little sleep last night meant I was a little cranky when I read my morning mail... simple error you made

- think my tone was a little off.

Knowing how fiddly it can be setting up mutliple LANs through one interface, I just think it is not worthwhile, even if it can be done. I also think some distros will prevent using a certain type of mode without a second physical interface.

rick827 · 7 May 2009 at 14:27

I was speaking from my memory of the post yesterday thinking the OP mentioned a faulty PCI slot rather than card so quickly edited it for the other chap with just 1 card available so it made sense

i knew someone only had a single card lol

In pfsense at least its quite simple, i'd image from the CLI it wouldn't be particularly fun making routes etc. From my experience on pfsense it's not too bothered whether the interface is bound to a physical NIC or not, you can simply create a new interface and slap a MAC/IP address to it and it'll route any traffic sent to it.

In my setup I had 2 nics, LAN and WAN, and then created a 3rd DMZ nic which was virtual. Setup the relevant ACL rules and made some VMs on a 2nd ESXi switch, vlan tagged them and the DMZ nic and away it went. I think having a 2nd physical switch/hardware boxes/3rd router NIC would be just as fiddly, its the logical pathing that matters in the end