A router is defined as a system that performs the following duties:

• Network Address Translation (NAT).
• Handing out IP addresses to clients via DHCP.
• Allowing incoming connections to a local web server.
• Doing DNS caching for the LAN.
• Providing wireless connectivity (requires a supported card).

The following interfaces are needed:

• WAN
• LAN
• WiFi (Optional)

echo 'net.inet.ip.forwarding=1' >> /etc/sysctl.conf

Set an IP Address for the device.

Either DHCP or a Static IP.

Configure the WiFi Network.

The DHCP resolver should be started at boot time to provide client machines with local IP addresses.

Example for DHCP servers include:

• dhcpd.

Configure Firewall with:

• Default policy: drop.
• Block any connections in on the WAN to unroutable addresses. Only incoming and outgoing connections which have been explicitly put in the firewall rules will be allowed.
• Block any return connections to unroutable addresses.
• Allow outgoing IPv4 traffic from both the gateway itself and the LAN clients.
• Allow internal LAN traffic.

A DNS cache is recommended.

An example configuration would include:

unbound.conf

server:
  interface: 192.168.1.1
  interface: 192.168.2.1
  interface: 127.0.0.1
  access-control: 192.168.1.0/24 allow
  access-control: 192.168.2.0/24 allow
  do-not-query-localhost: no
  hide-identity: yes
  hide-version: yes
 
forward-zone:
  name: "."
  forward-addr: 1.2.3.4  # IP of the upstream resolver.

/etc/resolv.conf

nameserver 127.0.0.1
nameserver 1.2.3.4
search localdomain

Reboot the system.