PURPOSE

In 2015 I purchased an Intel NUC with dual Gigabit Ethernet ports, with the intention of running Debian Linux on it and using it as my home router.  That worked out great, but I never documented how I set it up.  In October 2021 I decided to replace Debian with Arch Linux.  This series documents how I set up Arch to act as my home router.

PREREQUISITES

• An x86_64 based PC (Arch only supports x86_64/amd64 CPUs) with dual Ethernet ports (1000Mbps copper or 10000Mbps fiber recommended).  My NUC tops out at 4G RAM with a 60G 2.5" SATA SSD, but more RAM and HDD capacity is always better.  Optionally, a (mini-)PCIe WiFi adapter if you don't have discrete WiFi access points.  I no longer use the Atheros WiFi adapter I purchased originally for the Debian router (it was 802.11n, which topped out at 30Mbps if I remember correctly).  I now have an Ubiquiti UniFi system with 802.11ac APs, and they work great!
• Arch Linux installed, following the excellent Arch Linux Installation Guide.  I went with the linux-lts kernel, on the perception that it will be less susceptible to kernel regressions than the standard linux kernel.  I also installed the Btrfs filesystem, but that isn't strictly necessary for this project.  Btrfs snapshots is how I take backups of this router (make a read-only snapshot, and backup the snapshot rather than the live filesystem, this avoids the backup program backing up files that are actively being written to during the backup).  You'll also need to select a network manager.  I selected systemd-networkd, since it was already included in Arch by way of the systemd package (more on this below).
• A WAN modem compatible with your ISP.  My ISP provides me a Gigabit fiber connection (modem is probably not the right term for this device).  The modem should have an Ethernet port that you plug into the router's WAN interface (you get to decide which one is your WAN interface).  Note you may need to put this modem into bridge mode if it contains its own router (I had to do that with the Comcast Xfinity X2 modem when I had them as an ISP).  Consult your modem documentation if you don't get a public IP address when you request an address from your ISP's DHCP server.

PROCEDURE

First, you should design your physical network.  Make sure you have enough Ethernet switches (managed or unmanaged) to cover all of the devices that need to be connected via Ethernet.  Also, considerations for WiFi should be made, as I suspect most of the devices that connect to a typical home network will be over WiFi.  Consider splitting your network into zones, possibly with a DMZ (demilitarized zone) for any hosts that you intend to be reachable from the public Internet.  I don't have a proper DMZ, but I do have a separate VLAN for my IoT (Internet of Things) which the firewall blocks access from this subnet to my main LAN subnet.  Here's a diagram of my network (wireless/WiFi clients are not shown):

This network shows the Internet (represented as a white cloud) which has bidirectional traffice over a fiber medium, which comes into my home through a wall, and into the ISP's device (which I've labeled the Fiber Modem).  Next, there is bidirectional traffic between the fiber modem and my router barbican, which connects to my UniFi 8-port switch in my office.  

Connected to the office switch are a number of devices, including my workstation osmium (which I use as a Plex Media Server, UniFi Controller, and Blu-Ray ripper/encoder;  it has two Gigabit Ethernet interfaces, one for my LAN and one on my IoT network), my new file server tennessine, and my old QNAP NAS, sodium (which I've recently converted to Arch Linux).  It also has my HP LaserJet printer attached via Gigabit Ethernet.  Finally, the office switch is connected to the Office Access Point (a UniFi UAP-AC-LR), which covers that side of the house.

Also connected to the last port on the office switch is a Zyxel PowerLine adapter, which converts the power network in my house  to a Gigabit Ethernet bus (represented by a gray cloud on the diagram).  This allows me to connect another Zyxel adapter in another room (my Loft), and I have another UniFi 8-port switch in there (the Loft Switch).  I have another UniFi UAP-AC-LR connected there, to give the other side of the house WiFi coverage.  

The loft switch only has the Loft AP attached.  If I get any more devices which need to be connected to Gigabit Ethernet, I will probably set them up in the Loft.  I do have my father's file server that I have yet to set up on my network.  That is a project for another day.

NEXT STEPS

The following articles continue this series on setting up an Arch Linux Home Router:

1. Arch Linux-based Home Router, Part I (This article)
2. Arch Linux-based Home Router, Part II (systemd-networkd and sysctl/kernel)
3. Arch Linux-based Home Router, Part III (firewalld configuration)
4. Arch Linux-based Home Router, Part IV (dhcpd configuration)
5. Arch Linux-based Home Router, Part V (bind)
6. Arch Linux-based Home Router, Part VI (DDNS)