Why Use Fedora Server as a Router?
ISP routers are usually only sufficient for basic needs. If you start tinkering with a Homelab, running a Plex Media Server, or a few game servers, these devices will quickly reach their limits. You’ll experience network lag, router crashes under heavy load, or frustration because the firewall lacks deep customization.
The key lies in control. By building your own router on Fedora Server, you have full authority over your data flow. I’ve used Fedora as my primary OS for over 2 years. The biggest plus is the extremely fast package updates. Core technologies like NFTables and Kea DHCP always have the latest, most stable versions on this distro.
Leveraging a Mini PC (like an Intel N100 or J4125 chip) with dual network ports is an excellent choice. It not only optimizes performance but also helps you gain a deep understanding of how Linux processes every packet passing through the system.
The Power Duo: NFTables and Kea DHCP
We will focus on two main components to build the network framework:
- NFTables: This is the modern successor to
iptables. It handles packet classification and performs NAT so home devices can access the Internet. NFTables processes faster, has a cleaner syntax, and consumes significantly less CPU than the old version. - Kea DHCP: Developed by ISC, Kea is the new standard replacing the legendary ISC DHCP server. It supports JSON structure, modular architecture, and offers lightning-fast IP allocation, suitable for both home and enterprise networks.
Deployment scenario: Network port enp1s0 (WAN) connects to the Modem in Bridge mode. Port enp2s0 (LAN) connects to a Switch to provide network access for internal devices.
Step-by-Step Configuration
Step 1: Setting Up Network Interfaces
Use the nmcli command to accurately identify physical ports. We will assign a static IP to the LAN port to serve as the Gateway for the entire network.
# Set static IP for the internal port (LAN)
nmcli con mod enp2s0 ipv4.addresses 192.168.10.1/24 ipv4.method manual
nmcli con up enp2s0Typically, the WAN port will receive an IP directly from the ISP. You can configure PPPoE on this port if necessary.
Step 2: Enabling IP Forwarding
By default, Linux blocks packet forwarding between network ports. To have the computer act as a router, you must enable the Forwarding feature.
# Configuration persists even after rebooting
echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/90-router.conf
sysctl -p /etc/sysctl.d/90-router.confStep 3: Building the Firewall with NFTables
Skip firewalld as it is too bloated for a pure router. Using nftables directly will help the system achieve the lowest latency. Create the configuration file /etc/sysconfig/nftables.conf:
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
iifname "lo" accept
ct state established,related accept
iifname "enp2s0" accept # Trust the internal network
tcp dport 22 accept # Open management SSH port
}
chain forward {
type filter hook forward priority 0; policy drop;
iifname "enp2s0" oifname "enp1s0" accept
iifname "enp1s0" oifname "enp2s0" ct state established,related accept
}
}
table ip nat {
chain postrouting {
type nat hook postrouting priority 100; policy accept;
oifname "enp1s0" masquerade
}
}Run the following command to activate the firewall:
systemctl enable --now nftablesStep 4: Automatic IP Allocation with Kea DHCP
Install Kea DHCP to professionally manage internal IP ranges:
dnf install kea -yEdit the /etc/kea/kea-dhcp4.conf file. Below is a sample configuration to assign IPs from .100 to .200:
{
"Dhcp4": {
"interfaces-config": { "interfaces": [ "enp2s0" ] },
"lease-database": {
"type": "memfile",
"persist": true,
"name": "/var/lib/kea/kea-leases4.csv"
},
"subnet4": [
{
"subnet": "192.168.10.0/24",
"pools": [ { "pool": "192.168.10.100 - 192.168.10.200" } ],
"option-data": [
{ "name": "routers", "data": "192.168.10.1" },
{ "name": "domain-name-servers", "data": "1.1.1.1, 8.8.8.8" }
]
}
]
}
}Enable the service to start assigning IPs:
systemctl enable --now kea-dhcp4Testing the Results
Plug a laptop into the LAN port. If the laptop immediately receives an IP in the 192.168.10.x range and browses the web smoothly, you’ve succeeded. A Mini PC running Fedora can easily handle 1Gbps bandwidth without breaking a sweat.
You can monitor live traffic with the nft list ruleset command. If a device cannot access the network, carefully check the masquerade section in the NAT table. This is often the source of the most common configuration errors.
Conclusion
Building your own router is more than just a hobby; it’s a way to optimize your personal network infrastructure. With a solid Fedora foundation, you can add DNS ad-blocking (Pi-hole) or a VPN server directly on this router. Happy tinkering and may your network be rock stable!
