Slashdot Mirror

Looks like DD-WRT supports SNMP and has a helpful wiki article. You'll need to use another program to query over SNMP to get the data and display it on your desktop.

Exactly. I'm doing this as well. I configured a second wifi interface, wl1, and once you have second interface in dd-wrt, you can apply bandwidth throttling. It works like a champ. I connect my systems to the primary wifi interface, and any guest can connect to the open secondary interface. To test the throttling, I fired up a bandwith test on the open guest interface, and then another on the primary network and confirmed that the primary network takes priority over any of the guest traffic.

I used this wiki to help configure my setup:

http://www.dd-wrt.com/wiki/index.php/Multiple_WLANs

Buy a Linux-based router that can run open-source firmware such as DD-WRT. See the DD-WRT site for a list of available devices.

Replace the junk firmware the comes with the router, which is primarily used to segment identical hardware into low-end and high-end product categories. You now have a much better device at no extra cost.

With DD-WRT the router can be configured to run two wifi networks. They can be configured separately and throttled for bandwidth if you prefer.

One LAN is open to the world. One LAN is closed. Done!

http://www.dd-wrt.com/site/index

any of the dd-wrt routers will support this: http://www.dd-wrt.com/wiki/index.php/Supported_Devices you can setup a hotspot with or without ads and you can setup a 2nd SSID that is on a seperate vlan that has no access to the internal network.

I don't even understand why any self-respecting geek would buy a router that couldn't run OpenWRT, Tomato or DD-WRT. The stock firmware of commercial routers is always just rubbish compared to the open source (ish, in the case of DD-WRT) replacements.

For setting up bandwidth limiting for OpenWRT, well, OpenWRT is for real men (or real women), as this wiki page should make clear. Losta commandline and config files; there are web frontends but I'm unsure if any let you fiddle with these kinds of powers. But if you're looking for fine-tuned control, OpenWRT is pretty much a distro in its own right so the possibilities are pretty vast.

For Tomato (which I use 'cause the graphs are pretty), unlike what SighKoPath has said here, you don't have to set up specific rules for each MAC or IP; just set up the classifications for your own devices, then in QoS -> Basic Settings set the Default Class to something like, say, Class E. Now you can set the bandwidth limits for random strangers in Class E and any device or type of traffic that you don't have an overriding rule for gets categorized in Class E, so any new random neighbor devices will fall into that class. Simple.

As far as routers go, a lot of existing routers (as long as you didn't buy a really bad one with too little memory to even install anything to) are supported by at least one of the three main firmwares. Tomato is far more restricted in terms of choice, but if you can't find a spare WRT-54Gv1-4 lying around, Linksys deliberately sells the WRT-54GL for the sake of folks who'd like to install Linux-based alternate firmwares. For OpenWRT you can check their Table of Hardware, random pick, the Buffalo WZR-HP-G300NH is good bang-for-your-buck. DD-WRT's equivalent table is here; you can actually get some routers, like Buffalo's WHR-HP-G54-DD, which come with DD-WRT pre-installed. Never actually tried DD-WRT myself . . . I'm a bit of an open-source zealot, and DD-WRT has had a somewhat sketchy record. Plus, have I mentioned Tomato has pretty graphs?

You can do more sophisticated traffic management with DD-WRT than with the stock router firmware.

Take care, though. There have been several cases of the FBI busting in and making life hard because of child porn traffic on open routers. You could also look at a FON router. They allow for some management of traffic (and cashing in).

DD-WRT (and most likely Tomato) also provide Hot Spot software that your neighbors "log in" to get on the net through your connection.

http://www.dd-wrt.com/wiki/index.php/Chillispot

It may at least give you a possible "out" if the law breaks down your door, but I'm sure it violates your ISP TOS.

Forget being a nice guy, and in this case, the EFF's recommendations. Aside from the issues you raise yourself, this story should be all it takes to convince you of the foolishness of such a policy these days.

To answer your question directly, yes, some consumer AP / Routers can shape traffic like you're asking. You will need to divide your network into multiple VLANs, I would suggest three: One wireless and wide open, one wireless and secure for your use, and one for the wired side. Then, bandwidth limit the free wireless, route appropriately, and apply a security policy to protect yourself. You might also consider logging all that "free" traffic so when the Feds show up with a warrant, you have some kind of audit trail to get yourself out of jail.

I'm not aware of any consumer grade equipment that will do this out of the box. On the other hand, there are several free / open firmware projects that replace the factory firmware that are linux based, and may be able to meet your needs. A couple (by no means all) of these projects are http://www.dd-wrt.com/site/index> dd-wrt and https://openwrt.org/> Open-wrt .

Beware though, that not all of the consumer hardware is created equally internally. Research carefully the hardware / replacement firmware combinations to make sure you can get where you want to be before spending money. You'll also be stressing the hardware far beyond it's original design, so opt for more RAM and a faster embedded processor.

Gee, this sounds like a PITA.....

Hope this helps, and that you don't get arrested.

--Red

Huh? Do you mean like the DD-wrt project or a hundred other projects or something else?

According to this you should be able to get IPv6 with 4Mb RAM too (never tried it though, and since my ISP still doesn't support it I'm not going to anytime soon either :p).

Woops, sorry, wrong link.
http://www.dd-wrt.com/wiki/index.php/IPV6

http://www.dd-wrt.com/wiki/index.php

Keep in mind it can be dangerous to enable IPv6 without also having a firewall on each client that handles IPv6 packets, or having ip6tables on your router to filter incoming connections. ip6tables is NOT included by default with DD-WRT, which means your clients will be directly exposed to the Internet once you have enabled IPv6.

You know there's a list of which versions have which features. There are some 4MB versions that have IPv6 support.

http://www.dd-wrt.com/wiki/index.php/What_is_DD-WRT%3F#File_Versions

A how-to for getting ip6tables going on an Asus RT-N16:
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=506009

DD-WRT

As someone who wanted to test his home router with Comcast IPV6 testing, I was sorely disappointed with the firmware running on my router. Appearently the version I have USED to have some IPV6 support, but recent revs have either broken it, or stopped supporting it.

Cisco doesn't care about Linksys brand. It was simply a marketing decision to buy the company to promote Corporate products. I won't buy Corporate Cisco equipment if I can ever help it. My company is replacing Cisco with much less expensive HP gear and can't be happier.

Do you hear that Cisco, your Microsoft style tactics will let your lessor rivals overtake you.

If you have existing Linksys gear, see if DD-WRT works on it. If it does, you'll get MUCH better support and it is IPV6.

http://www.dd-wrt.com/wiki/index.php/IPV6

DD-WRT

As someone who wanted to test his home router with Comcast IPV6 testing, I was sorely disappointed with the firmware running on my router. Appearently the version I have USED to have some IPV6 support, but recent revs have either broken it, or stopped supporting it.

Cisco doesn't care about Linksys brand. It was simply a marketing decision to buy the company to promote Corporate products. I won't buy Corporate Cisco equipment if I can ever help it. My company is replacing Cisco with much less expensive HP gear and can't be happier.

Do you hear that Cisco, your Microsoft style tactics will let your lessor rivals overtake you.

If you have existing Linksys gear, see if DD-WRT works on it. If it does, you'll get MUCH better support and it is IPV6.

http://www.dd-wrt.com/wiki/index.php/IPV6

Which Linksys router are you using? There is a good chance you can use IPv6.
http://www.dd-wrt.com/site/support/router-database

Just wanted to add that the 6RD instructions on the DDWRT wiki also worked for me on Comcast. Thanks for the tip about native dual stack requiring DOCSYS 3.0.

If someone can't afford to buy a router that's hundreds of dollars, at least look at MikroTik (routerboard) hardware. Similar price range without the brain dead functionality of the typical D-Link or Linksys.

Or if they get (or already have) a Linksys, installing dd-wrt turns it in to a pretty decent little box. That's been my personal preference over the last couple of years.

Maybe I'm wrong, but I suspect that a large part of the IPv4 space is used by smartphones, ebook readers, home and small office equipment.
Either all that stuff needs be upgraded to IPv6 or operators will need to deploy IPv6-to-IPv4 gateways.
If you're lucky you can mod your routers with OpenWRT or its derivatives.

And here I was thinking that the likes of Diaspora could be nicely installed on my router. With a load of luck and a pitchfork I might be able to get it on there because this router has more memory than my previous laptop but you might as well forget about getting this incarnation of Diaspora running on a WRT54GL. If lightning had not struck last month I'd still be running one of those with no plans to replace it until, well, lightning would strike.

I will try to keep an eye on what they are doing but I'm really more interested in the protocols and APIs they use and develop. One it all settles down I'd create something which interacts with their implementation without all the buzz they deem necessary in some nice, compact and high performance language. It might even fit on a WRT54GL then which would give it an instant base of who knows how many nodes...

Where do you get a NAS with gigabit for less than $100 (running Linux)?

http://www.dd-wrt.com/wiki/index.php/Supported_Devices

Yes, DDWRT is vulnerable (as is OpenWRT). However, on the plus side, as I understand it from the article, this exploit can only take place if the attacker is able to gain admin access on the router itself***. As long as you've changed the default password to something secure and there are no unpatched exploits, then you should be safe. Someone who bothers to install DDWRT/OpenWRT almost certainly has enough sense to change the password, so it's only patching the exploits you need to worry about.

I'm not aware of any current explots for DDWRT. There was one vunerability last year:
http://www.dd-wrt.com/site/content/dd-wrt-httpd-vulnerability-milw0rmcom-report

That has been patched already, and if you can't apply the patch, there is a workaround in that article for older firmware.

***The fact that the attacker needs to gain admin access almost makes this story a non-issue in my eyes, as I assume that if they have admin access then they already have almost limitless ways to attack me from there.

The ASUS RT-N16, Linksys WRT610N, and Netgear WNR3500L look promising. They're all supported by dd-wrt and in theory could work with openwrt. The Asus is some nice hardware for $90.

Openwrt is the router part of dd-wrt. Here's an explanation of dd-wrt's architecture on the wrt54g router that I wrote up for the dd-wrt wiki.

Here's the link to the DD-WRT discussion on WR1043ND.

I've been using this router for a week now, and it's blown away my old linksys--which started to hang and reboot if I downloaded a heavy torrent. I want to put my USB printer on the N16, but haven't gotten around to trying that yet.

Also, because this thing has so much RAM, you can bump the number of supported TCP connections way past the dd wrt default limit of 4096. See http://www.dd-wrt.com/phpBB2/viewtopic.php?t=65396&postdays=0&postorder=asc&start=0

DDWRT Supported Devices [dd-wrt.com]

That's what I thought too. Until I bought an Asus RT-N10 and till today, no wireless. It's basically a cheapskate home router, with the words "Open Source" on the packaging.

The Asus RT-N10 is listed in 3 different places as dd-wrt compatible.

• Wikipedia
• dd-wrt Wiki
• dd-wrt Router Database

Ergo, this router is fully compatible, until you buy one. Then you find out:

• Not listed in the OpenWRT list.
• Forum Discussion on getting wireless to work. Till today, it couldn't.

Therefore, do not just rely on the dd-wrt list. Cross-check with the OpenWRT list too.

DDWRT Supported Devices [dd-wrt.com]

That's what I thought too. Until I bought an Asus RT-N10 and till today, no wireless. It's basically a cheapskate home router, with the words "Open Source" on the packaging.

The Asus RT-N10 is listed in 3 different places as dd-wrt compatible.

• Wikipedia
• dd-wrt Wiki
• dd-wrt Router Database

Ergo, this router is fully compatible, until you buy one. Then you find out:

• Not listed in the OpenWRT list.
• Forum Discussion on getting wireless to work. Till today, it couldn't.

Therefore, do not just rely on the dd-wrt list. Cross-check with the OpenWRT list too.

DDWRT Supported Devices [dd-wrt.com]

That's what I thought too. Until I bought an Asus RT-N10 and till today, no wireless. It's basically a cheapskate home router, with the words "Open Source" on the packaging.

The Asus RT-N10 is listed in 3 different places as dd-wrt compatible.

• Wikipedia
• dd-wrt Wiki
• dd-wrt Router Database

Ergo, this router is fully compatible, until you buy one. Then you find out:

• Not listed in the OpenWRT list.
• Forum Discussion on getting wireless to work. Till today, it couldn't.

Therefore, do not just rely on the dd-wrt list. Cross-check with the OpenWRT list too.

I was just considering the same question myself not even 2 days ago. I ultimately decided on the ASUS RT-N16 as others here have suggested, as it seemed to have the consensus of several users on the DD-WRT forum: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=70817&highlight=rtn16 The WNDR3700 would be nice if they manage to get it past what appears to be an alpha-release support

The ASUS RT-N16 is an awesome router that is supported by DD-WRT and has been reported to work with Tomato. The stock firmware is pretty good too. It has some impressive specifications:

• 802.11 b / g / draft-N at 2.4 GHz
• 128 MB RAM
• 32 MB flash
• Broadcom4718A
• 2 USB ports

You should be able to find one for about $100.

The Linksys Refurbished WRT610N-RM for $110 free shipping in the US. The router might not be "open source" but you can and should load dd-wrt onto it. http://homestore.cisco.com/viewproduct.htm?productId=83108078&categoryId=85185 http://www.dd-wrt.com/wiki/index.php/Linksys_WRT610N

I was just shopping last night for a similar router that would support 802.11n and I found the Buffalo WZR-HP-G300NH router. It looks like this router supports DD-WRT and it appears that it will even ship with DD-WRT as the default firmware in a month or two. That's what I'll be buying.

Also from the news on the dd-wrt site. It looks like Buffalo will be shipping some of their high performance routers with the dd-wrt firmware.

DDWRT Supported Devices

CTRL+F

"b/g/n"

Conversation over.

I agree that what the poster's thinking of doing is not going to work from a practical POV, with the parent not likely being capable of administering the network they want to set up. But at the same time it's irritating to hear everyone give the same generic response of "I don't agree with filtering because blah blah blah therefore I won't dignify your stupid question with an answer". I'm not a parent, and while I don't think I would necessarily filter my child's internet access, I don't agree with people intervening in how a parent/parents want to bring up their child. I don't appreciate it when the gov't sanctimoniously decides what me/my children should see/think/do, so why is it better when an individual (or group of individuals, such as here on /.) impose their moral beliefs on someone?

This smacks of the same groupthink that hates MS/Google/Apple/Company-of-the-day without any thought behind it, just because it's the opinion-du-jour on /. It's actually funny how many +5 posts on Apple topics recently have berated Apple for trying to force their way of thinking on everybody, all the while the mods/posters missing the irony in their attempts at coercing others to agree with their anti-Apple opinions, a la Fox News' tactics. Yes, there are legitimate posts with legitimate concerns, and yet they are drowned out by hate-mongering.

Anyway, with that in mind, I agree with the DD-WRT/openWRT/whatever firmware on a decent router as part of the solution. Couple that with OpenDNS, enabling it as outlined here and elsewhere, will allow monitoring of internet activity, as well as filtering based on specific address as well as generic categories of websites if that's desired. This takes much of the work out of the hands of the parent/admin.

Keep the login/passwords private/secure, as well as the password for the DSL/Cable/Fios/satellite/whatever service you use to avoid bypassing. And if there are other open wireless networks nearby you might want to either eliminate wireless adapters from the computers, or lock it down to a single network (a la the dreaded Apple's network setting in Leopard/Snow Leopard to require admin creds to change networks)

Well, I don't think you want to mess with how the operating system handles its network and file system so you have two options. You can either throttle at the router or throttle at the neck. The router option requires you have a capable enough network router connecting you two in order to be able to write a rule for his machine (by IP address or machine name usually) that limits the amount of information he can transfer (I believe this is possible in DD-WRT and is called throttling or traffic shaping). This will cause his experience to become slow and he will most likely complain and bitch to daddy if he knows you did something.

The other option is throttling the neck of the user. This requires somewhat strong hands and forearms applying a pressure to the neck of the user until he stops moving or goes limp. It may result a decreased experience for the user, difficulty breathing, death and in some cases an erection. Use with caution and have an alibi.

Yes, but you need to first install linux on the router, there are many flavors such as Tomato, OpenWrt, x-wrt, and freewrt, but I think DD-WRT is probably the best place to start. Then you need to split the network as mentioned below.

That's the one I mean, DIR-615.

http://www.dd-wrt.com/dd-wrtv2/downloads/others/eko/BrainSlayer-V24-preSP2/02-03-10-r13832/dlink-dir600b/dlink-dir600b-factory-webflash.bin

Use that firmware and use the "emergency room" method of flashing in this link : http://www.dd-wrt.com/wiki/index.php/DIR-600#Alternate_Install_Method_using_Emergency_Room_Web_Interface

Been running mine for a couple of weeks now, the QOS is fantastic as I can leave my torrents running full chat up and down and I barely feel it.

That's the one I mean, DIR-615.

http://www.dd-wrt.com/dd-wrtv2/downloads/others/eko/BrainSlayer-V24-preSP2/02-03-10-r13832/dlink-dir600b/dlink-dir600b-factory-webflash.bin

Use that firmware and use the "emergency room" method of flashing in this link : http://www.dd-wrt.com/wiki/index.php/DIR-600#Alternate_Install_Method_using_Emergency_Room_Web_Interface

Been running mine for a couple of weeks now, the QOS is fantastic as I can leave my torrents running full chat up and down and I barely feel it.

I'd like to tap the powers of the Slashdot hivemind in seeing whether I might have been roundhouse-kicked by Chuck Norris; ie. has my router been rooted?

A few years ago I bought a Linksys WRT54GL router, in support of it being explicitly Linux compatible (in fact, I bought two of them --I really wanted to send a message to Linksys). I flashed DD-WRT onto it, and had been using it as a usual router through my DSL line, with DHCP, wireless (at first WEP but later WPA), and port forwarding (a high-numbered port would forward from the Internet into the SSH port 22 on my server).

Lately I have had two problems with it: in the past half to one year, I haven't been able to SSH from outside into my server (I can do it within my home network, so the SSH server is not the problem). More recently, I tried to do something-or-other on the net (I think it was play a BZFlag game?) and it said, "Your IP address, , is known to be an open proxy relay so we're not letting you connect."

If I suspect that the problems I've been having are due to malware/crackers, am I being paranoid?

Possible flaws in my security include: I enabled SSHd on the router, password based SSH (but I changed the default password of course), I was broadcasting my wireless SSID (required because my wife's vaunted MS Vista system didn't know how to handle hidden SSID's!), and I was using an old version of DD-WRT that I hadn't bothered to update. (I think it was Build#4000 or something, and the current build is #16000 or something.) However: I only briefly allowed SSH access from the Internet WAN and otherwise limited to SSH access from LAN, and I did not allow router admin access by wireless: the computer would have to be connected by ethernet.

Does DD-WRT have security flaws? Should I switch to something else like OpenWRT or the Tomato Router (or something like that)?

It looks like this might be a broader issue than just DLink routers. Several comments on TFA seem to suggest that the HNAP remote management interface is a part of the SDK for the board used in these routers. This implies that any router based on this board might have this vulnerability. The DD-WRT hardware incompatibility list happens to have a list of routers that use UBICOM boards.

Some other UBICOM based devices listed in TFA's comments include:

• D-Link Wireless 108G Gaming Router
• SMC Barricade SMCWGBR14-N
• Netgear WNDR3700
• ZyXEL's MIMO-N line

Don't diss DD-WRT so quickly. The software running it is damn solid and feature rich - most of it's limitations are caused by the relatively weak hardware low cost routers use. I think there was some beefier hardware available on the DD-WRT shop.

http://www.dd-wrt.com/site/index

It's Linux on low cost wireless routers.

Yeah, that's just what I'd want my ISP to run as a core router.

That's funny, I run the whole interwebz on mine!

The dd-wrt shop does have more powerful CPUs/throughput-hardware than is afforded by common WRT-class home routers. HOW much more powerful, or more throughput I do not know. Maybe someone else can comment, given the hardware available.

The prices are reasonable; it seems for about $75 you can buy a outdoor-unit that will blanket an area better than a home router.

http://www.dd-wrt.com/shop/catalog/

http://www.dd-wrt.com/site/index

It's Linux on low cost wireless routers.

Yeah, that's just what I'd want my ISP to run as a core router.

...If however you never go outside, or otherwise spend 100% of your time in areas with free WiFi, then it's great for you, but there's no point making a big deal about it because it's a useless idea for most mobile users.....

You can extend your WiFi even outdoors, I know this is not what you mean.

I had over $150 per month plan...switched to VoIP, ditched cellular, so I save allot.

Total Cost of my Old Cellular plan:
$150 * 12 = $1,800 per year * 3 years = $5,400.00 + $500 hand set = $5,900.00 (TCO) Total Cost of Ownership over 3 years.

Skype: My service is less than $100 per year.

$100 per year * 3 years = $300 + Nokia N800 ($500, when I bought it, $200 today) = $800.

$5,400.00 - $800 = $4,600.00 in savings. That is a very big deal to me and I bet 80% of the others reading this.

I had my router/firewall, but lets say you did not. Lets say you buy one of the better DD-WRT supported device! costing $100 (I have bought these for $15 per router and they have $200 dollar routers also, with the DD-WRT software they are worth between $600 - $1000 dollars for that $15, $100 or $200 hardware cost! And there is nothing you can NOT do with DD-WRT!).

$4,600.00 - $100 = $4,500.00 in savings.

So you need cellular for emergencies, no problem... Prepaid hand set ($100), $50 for prepaid minutes the first year, if not included for the $100. (Plus $20 for year two and $20 for year 3. No one has this phone number, therefore no one can call it, just for me to call out in an emergency. The cellular plan I bought allows my minutes to remain active for one year. No monthly recharge, that would be stupid.

$4,500.00 - $190 ($100 + $50 + $20 + $20) = $4,310.00 in savings.

So I have cellular when I need it, emergencies only. I have unlimited calling and a phone number for people to call me back from any phone, cellular or landline. If I am not connected to the internet, Skype Pro takes a message, which I get the next time I connect to the internet from anywhere, at work, at home or other WiFi hotzone.

I do not fear getting a ticket for talking on my cellphone when driving, my state does not allow that, driving without hands free device. I was never worried about distractions when driving, as I have been driving for years, however with newer, younger drivers this is important. Removes the temptation to answer the phone in the car, if a phone can NOT ring.

No fear of extra charges. Does not happen with WiFi or Internet direct connected VoIP.

I do not count the cost of Internet Access at home as you have that with cellular anyway. So that is a wash. I do recommend fiber always, but if no fiber, go DSL, just say no to Cable. By the time they restrict, throttle your service you would be better off with DSL service at 1.5Mbps down / 384 Kbps upstream. Most of you do not see how bad your Cable modem / service is throttled because you do not have a firewall/router device capable of showing you this in real time like the DD-WRT software shows you. You need to know, get a DD-WRT enabled router and learn the truth.

I figured I could purchase two separate DSL providers fro the cost of one Cable provider, thus I have redundancy built in. Yea!

My next apartment/home will have fiber and I will never look back!

I call $4,500.00 in savings over three years, very significant and you should too!

Think the cost of a N900 is pricey and i agree, $599.00. What if I changed my $150 per month cellular service plan to $50 per month thanks to the WiFi capability of the Nokia N900 or Android smart phones? $599.00 / $100 = I have paid for my new Nokia in 6 months with the savings by reducing my cellular plan. If you can reduce your plan by even $50 per month, you will recoup the cost of your Nokia N900 in 1 year. And after that its paid for! Best of all its a computer with full browser, GPS and more and also your phone!

I can not be the only person who sees a problem with a restricted virtual layer running underneath the operating system on any device that I own. I would not put up with tethering, I will not put up with that.

I do not have a problem with a virtual layer running under the OS on a system I own, as long as I have 100% access and control to that virtual layer. Meaning I can remove, reconfigure, reinstall and tweak it as I see fit. The last thing any of us need is for some entity to not only track us, but monitor our communications, without a warrant, 24 X 7.

Hey Intel (some of you reading this might not be aware of this fact) has processors that phone home and communicate without the user being aware of it. It would be pathetic to have to run a passive sniffer on your personal network to monitor for unusual, unscheduled or abnormal outgoing traffic. Pathetic but to be 100% secure absolutely necessary. (Fortunately a DD-WRT supported device! will allow you to do just that!)

So any cellular phone that had a "restricted" virtual layer would be foolish to purchase, bring home and use. Hopefully everyone has learned their lessons from useless tethering and other such restrictions.

Its not about FREE, its about control and access, that is your only security.

Do you have the ability to tell your phone that while you are at home you ONLY want to use your WiFi broadband network and NOT your cellular plan. A "smart" phone would give you that capability.

*Checks calendar* Yup, it's 2009. VOIP still not possible on my smartphone...

My phone is smart because it runs a Linux distro that allows for root access when required. Meaning I am not restricted, tethered, limited etc...

I bought my phone two years ago, so it is not new.

Nokia Nxxx (770, 800, 810, 900) all will allow you to run WiFi, VoIP, etc... With the N900 you have the option of getting a cellular plan if you must. Personally I would not bother with cellular any time soon, but that is my choice.

Thanks to my choice (VoIP + WiFi on my "smart" linux enabled (maemo) hand set) my total cost of ownership (TCO) is less than $100 per year. You read that right, less than $100 per year. $24 per year for SkypeIn (with SkypePro) + $3.00 per month for unlimited calling. $24 + $36 and I am done. That is for one year.

I love it. So make sure you purchase the right phone. Hint on the WiFi Firewall/Router, get a DD-WRT supported device!. Check the website first before you purchase and only purchase hardware that supports DD-WRT, that way you can control your router and insure WiFi access via a secure intranet.

Your solution is simple, purchase the right hand set. Buy the right phone. If it will not run a Linux (that allows you to access root when required) then do not buy it! Are you limited, tethered, restricted...then you must not have root access to fix that!

A strong password for your root account is enough of a security deterrent and has been for years, so please do not spread that FUD.

I'm using a WRT-3XXN with dd-wrt (not at home and can't remember the model exactly). 1 10/100 uplink, 4 10/100/1000 switched and b/g/n wireless. I've been able to saturate both the wired and wireless on the LAN but I only have 15Mbps DLS so I haven't maxed the WAN port but even with maxing out my DSL at 15Mbps via bittorrent the load average on the thing is like 0.02 with gobs of free memory so I would guess one of these would be fine.

The easier thing to do would be to look at the DD-WRT hardware page ( http://www.dd-wrt.com/wiki/index.php/Supported_Devices ) and find something with a decent CPU/RAM combo.