April 3, 2026
Router or Notter?
What changes when you turn a Linux box into a router
Linux box becomes a router — and the comments explode over what “router” means
TLDR: The article shows how a Linux PC can become a home router by enabling traffic forwarding and adding Wi‑Fi, firewall, and address‑sharing services. Comments erupt over what counts as a “real” router, while a security scare about a virtualized firewall sparks a go‑simple, separate‑box backlash.
The post says you can turn a regular Linux computer into a home router by flipping a few switches and adding services: let traffic pass, bundle ports together, add firewall rules, translate addresses so multiple gadgets can share one connection, hand out Wi‑Fi and IPs, and broadcast a network. It even breaks down "hooks" as little checkpoints where rules run. But the real action? The comments.
The top fight is a definition war. One camp shouts, it’s a router the second you enable forwarding — essentially, once the box will pass traffic, job done. Another camp argues the author’s seven steps are practical must‑haves, not a redefinition. Cue sarcasm: one user thanks the internet for the “novel definition” of router, while another insists, anything routing is a router, whether or not you’re replacing your internet company’s box. Meanwhile, someone asks what “CPE” means, and the thread promptly devolves into acronym chaos (it’s the device your provider gives you, by the way).
Then the mood turns dark: a chilling tale drops about a virtualized firewall exposing a management panel to the open web. Instant rallying cry for the safety squad: go simple, go separate, go OPNsense on bare metal. In the background, a quiet civil war over IPv6: some say “no IPv6 at home is a feature,” others roll eyes. Tech how‑to? Sure. But this was really a vibe check on pride, semantics, and one very public “don’t get hacked” lesson.
Key Points
- •Linux defaults to host behavior and drops non-local traffic unless IP forwarding is enabled.
- •Converting a Linux system into a router/AP requires seven steps: IP forwarding, bridge, nftables, conntrack, NAT/masquerade, dnsmasq, and hostapd.
- •Packet ingress involves NIC interrupts, DMA to a ring buffer, Ethernet decapsulation, and routing table checks.
- •Without forwarding enabled and a second NIC, Linux will not route packets; it drops them and increments /proc/net/snmp counters.
- •Kernel hooks allow nftables and other code to inspect/modify packets at defined interception points, separating policy from core processing.