// the find
martin-ger/esp32_nat_router
An AI-enabled NAT Router/Firewall for the ESP32
Firmware that turns a $5 ESP32 into a WiFi NAT router with WireGuard, firewall ACLs, PCAP capture, and MQTT/Home Assistant integration. Actively maintained with pre-built binaries for six chip variants and a browser-based web installer. Aimed at hobbyists who need a cheap guest network, IoT isolation, or a travel VPN router.
Pre-built binaries for ESP32, C3, C5, C6, S3, and WT32-ETH01 with a one-click web installer means zero toolchain setup for the common case. The component architecture (acl/, pcap_capture/, remote_console/ etc.) keeps features genuinely isolated — unused ones compile out and cost no RAM. WireGuard with automatic MSS clamping is non-trivial to get right on embedded hardware and it works here. PCAP streaming directly to Wireshark over the network is genuinely useful for IoT debugging and not something you get from off-the-shelf consumer routers.
The 8-client hard cap (5 on C3) is a real ceiling that will surprise anyone who tries to use this for a small office or a crowded guest network — it's RAM-bound and not fixable without a hardware upgrade. Throughput tops out around 15 Mbps and degrades noticeably when VPN, ACL, and packet capture are all active simultaneously, so it's not a substitute for a real router. The MCP bridge is labeled BETA and lets AI assistants reconfigure your network device, which is a significant attack surface that the security wiki only partially addresses. WPA2-Enterprise (PEAP/TTLS) support is listed but the credential handling on a device with no secure enclave is inherently weaker than on dedicated hardware.