Bailey's guide demonstrates that Linux's native networking stack — IP forwarding, iproute2, nftables, DHCP/DNS services — provides everything needed to build a fully functional router from commodity hardware. The article walks through the complete pipeline from basic packet routing to advanced features like VLANs, traffic shaping, and VPN tunnels, arguing no proprietary appliance is necessary.
The editorial argues that router manufacturers have spent the last decade adding cloud dependencies, subscription features, and telemetry to devices whose core function hasn't changed since the 1990s. When a router must phone home to a vendor cloud to function, users have effectively traded a networking device for a surveillance endpoint they pay monthly rent on.
The editorial highlights that mini PCs from vendors like Beelink, MinisForum, and Topton have driven x86 hardware with dual or quad Intel NICs down to the $50-150 range. These fanless, 10-15 watt boxes — particularly N100-based systems with 8GB RAM and four 2.5GbE ports — can handle gigabit routing at single-digit CPU utilization, making them cost-competitive with or cheaper than commercial router appliances.
N. Bailey published a comprehensive guide titled "How to Turn Anything into a Router" on their blog, and the Hacker News community responded with 631 points — a level of engagement that puts it in the top fraction of a percent of HN submissions. The article walks through the process of converting general-purpose hardware into a fully functional network router using Linux's native networking capabilities.
The premise is deceptively simple: any device with two network interfaces and a Linux kernel already contains everything needed to route packets between networks. No special hardware. No proprietary firmware. No $500 appliance from Ubiquiti or Netgear. Just a commodity box, an Ethernet adapter or two, and the networking stack that's been shipping with every Linux distribution for decades.
The guide covers the full pipeline: enabling IP forwarding, configuring interfaces with `iproute2`, setting up NAT with `nftables` (or the older `iptables`), running DHCP and DNS services, and optionally adding firewall rules, VLANs, traffic shaping, and VPN tunnels.
The 631-point HN score isn't just about one blog post — it reflects a growing frustration with the consumer and prosumer networking market. Router manufacturers have spent the last decade adding cloud dependencies, subscription features, and telemetry to devices whose core job hasn't changed since the 1990s. When your router phones home to a vendor cloud to function, you've traded a networking device for a surveillance endpoint you pay monthly rent on.
The timing matters too. Mini PCs from vendors like Beelink, MinisForum, and Topton have driven the price of x86 hardware with dual or quad Intel NICs down to the $50-150 range. These boxes draw 10-15 watts, run fanless, and ship with specs that would have been respectable server hardware five years ago. An N100-based mini PC with 8GB RAM and four 2.5GbE ports will handle gigabit routing with CPU utilization in the single digits — try getting that kind of headroom from a consumer router running a Broadcom SoC.
The Linux networking stack itself has matured dramatically. `nftables` replaced the aging `iptables` framework with a cleaner syntax and better performance. WireGuard landed in the mainline kernel in 2020, giving every Linux box a high-performance VPN with a configuration file shorter than most router web interfaces. `systemd-networkd` can now handle complex multi-interface setups declaratively. And projects like OpenWrt, VyOS, and OPNsense provide full router distributions for those who want a polished UI on top.
The performance gap between purpose-built routers and general-purpose hardware has essentially collapsed for anything below enterprise scale. A modern x86 chip can push packets through netfilter at wire speed for gigabit connections. For 10GbE, you might need to think about kernel bypass (DPDK, XDP), but for the vast majority of home and small-office deployments, the Linux kernel's built-in path is more than sufficient.
At its core, a Linux router needs four things:
1. IP Forwarding. One sysctl flag (`net.ipv4.ip_forward=1`) tells the kernel to pass packets between interfaces instead of dropping them. This is the single line that separates "a computer with two network cards" from "a router."
2. NAT (Network Address Translation). A handful of nftables rules masquerade traffic from your LAN behind your WAN IP. This is the same thing every consumer router does — Linux just doesn't hide it behind a web GUI.
3. DHCP and DNS. `dnsmasq` handles both in a single lightweight daemon. It hands out IP addresses to LAN clients and resolves DNS queries, optionally with upstream-over-TLS for privacy.
4. Firewall rules. nftables provides stateful packet inspection out of the box. You define what gets in, what gets out, and what gets forwarded — with the full expressiveness of a real programming model, not a checkbox grid.
From there, everything is additive. Want VLANs to segment IoT devices from your workstations? `ip link add link eth0 name eth0.10 type vlan id 10`. Want WireGuard for remote access? A 10-line config file. Want traffic shaping to prioritize video calls over bulk downloads? `tc` (traffic control) has been in the kernel since 1999.
The entire configuration fits in a handful of plain-text files that can be version-controlled, diffed, reviewed, and reproduced — something no consumer router has ever offered. When your router config lives in a Git repo, disaster recovery is `git clone && apply`.
If you're running a home lab, small office, or development environment, building your own router is no longer an enthusiast flex — it's a pragmatic choice. The total cost of a mini PC with dual NICs is comparable to a mid-range consumer router, but you get:
- Full packet visibility. `tcpdump`, Wireshark, and `conntrack` give you diagnostic capabilities that consumer routers can't match. - No forced updates. Your router doesn't reboot at 3 AM because a vendor pushed firmware. - No cloud dependency. Your network keeps working if the manufacturer's servers go down — or if the company goes under entirely. - Composability. Run Pi-hole for ad blocking, Grafana for traffic dashboards, or Suricata for IDS — on the same box, with the same familiar Linux tooling.
For teams managing development infrastructure, the same principle applies at a different scale. A $150 mini PC running VyOS or a custom Linux setup can replace a $2,000 branch office router for most workloads — and your network team can manage it with the same Ansible playbooks they use for everything else.
The main trade-off is WiFi. Dedicated access points are still the right call for wireless — Linux WiFi AP support (via `hostapd`) works but is finicky and driver-dependent. The pragmatic setup is a Linux box for routing/firewall/DNS plus a dumb access point for WiFi.
The broader pattern here extends well beyond routers. Purpose-built appliances — NAS boxes, firewalls, VPN concentrators, even smart home hubs — are increasingly just Linux with a proprietary shell on top. As commodity hardware gets cheaper and the open-source stack gets more capable, the "buy an appliance" default keeps getting harder to justify. The 631 HN points on a blog post about building your own router isn't nostalgia for the hobbyist era. It's practitioners recognizing that the tools they already know — Linux, plain-text config, version control — solve the problem better than the products marketed at them.
Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.