Slashdot Mirror
Choosing a Router/Firewall for the Home LAN
Dr. Zowie asks: "How should one choose a router for a home LAN? We just added a few hosts on our home ethernet, which is connected via DSL. There are an amazing
number of new entries into the market for routers and even stand-alone
firewalls. NetGear,
Linksys,
SMC, and even Panasonic
all have boxen in the $99-$300 range, each of which will do some
combination of NAT, routing, source-IP filtering, port filtering, and
content filtering."
"It's not at all obvious from the packaging, the web sites, or the drool-proof pamphlets in the boxes which routers will do what. For example, we'd like to pass through packets for our two server machines, and use NAT/DHCP on a third address for the rest of the LAN. Nearly all the boxes advertise that they can do NAT routing, but many don't support NAT and static-IP routing simultaneously.
Die-hards will insist that one should run a standalone box with dual ethernet cards and the appropriate routing goodies -- but these standalone boxes, at 5-15 watts and a couple hundred bucks, seem like comparatively hassle-free solution. Which one do you use?"
Find an old, cheap PC, get two old netcards, and put OpenBSD on it. Plus you'll need a hub or switch. Simple and secure.
Practically Networked
All kinds of good information and reviews on exactly what you're looking for.
my room-mate and have just what you describe at the end,.. a P90 running slackware, with telnetd, et al disabled, and two cheap ethernet cards.
it works amazingly well, had two months of constant service until a power blip caused it to reboot the other day (yeah yeah, i need to get a UPS.)
it's amazingly cheap (read: nigh-unto free) and quite hassle free in its own right. not only that but it's breath-takingly easy to configure and maintain for anyone who probably reads
...dave
Think different? I'd be happy if most people would just think...
found a cheap pentium 90 with 100 megs of ram and a 300 meg hardrive...all I had to do was go get a $5 network card (instant rebate), and install a minimal Slackware install, took 2 hours total time...total cost : $25
How Jaded Are You?
I use Freesco on a old 486-66. Easy to set up, easy to maintain.
I used to use LRP but it didn't like my new ethernet card so I switched to Freesco.
Beta sux! Join the Slashcott! http://hardware.slashdot.org/comments.pl?sid=4760465&cid=46173047
The extra pc option is nice, but in my office it would just add to the noise. Those router boxes have no fans and require practically no effort to install.
Linksys working fine for me (make sure you update with latest patches)
Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
In a new PC, install two nics, and install mandrake linux 8.0
That's what we all do.
My ADSL connection comes in via an Alcatel router with four Ethernet ports on the inside. Problem is, its basically a 10Mbit half-duplex hub. So, the first thing it does is go to a 100Mbit switch, that then goes in two directions - one cable to an OpenBSD NAT router to the private network for all the internal things (fileserver, multimedia box, etc). A few other cables go to outside facing servers (web, FTP, etc).
that 486 you have in the corner collecting dust. I think the idea of spending $100+ on a box that does nothing more than firewall is rediculous. Why not spend something like $30 to dig up a small machine with a small hard disk (or use LRP). I've got a LAN set up with any OS you'd want, and a small Debian box that does NAT, ip forwarding, firewalling, the works.
That being said, is there any sort of config utility fopr IPtables that runs on Apache? These stupid little Linksys/Netgear/etc firewall thingies have web interfaces. People like them. I can go and tweak out my iptables stuff but too many admins would prefer not to. Is there any good solution?
There is no reasonable defense against an idiot with an agenda
:wq
Linksys are OK but quite limited in their functionality. I am usuing it and quite happy.
SOHOWARE sucks big time - buggy and unreliable. Do not beleive words about "Stateful Packet Inspection" - even if it does it you could not use it.
What I really want to see is SNMP management for
such devices. Unfortunalty, best they could do
is read-only SNMP access.
You'll have to think abaut power usage as well. Those PC boxen need _lots_ of electrical energy, which sums up over the year.
IMHO its more effective to just buy a DSL Route with an 4-port switch built into it. I've seen those beasts for roughly DM 400.- to DM 600.- ($200-$300).
I (being the lazy bastard that I am) didn't want to bother with setting up a PC as a firewall so I simply bought on of the little 4-port linksys routers. After rebates it turned out to be about $100. I have had no problems with it and it handles everything I need it to do fine (DHCP, Port Forwards, etc).
Just my experience...
I'm pretty pleased with my SonicWall SOHO -- very plug and play, if that's of value to you.
It depends on what you need the most. I like having a full machine with 2 NIC's as my firewall as it is the most configurable and can be modified to meet my needs. I run a little webserver with database and I can open up pop, and other services on a whim. Once you get a firewall box, you are limited somewhat by what you can do, and if you want to put up any other services, you will need to tunnel to another machine anyway..
I expect for the average SOHO, all they want is connectivity, rather then the ability to do everything...
old p90, 3 ethernet cards and one wireless card. 2 hubs, one for my apartment, and the other for the first and third floor apartments. the wireless gw works everywhere in the house.
the old pc offers the most flexibility. our's has been running in a closet for over a year now.
Don't let the door hit you on the way out, okay? You'll be missed.
Since you're obviously a /. reader, you must have AT LEAST heard of Linux. My suggestion is to get something like freesco on a 486, or possibly on a newer box with red hat or similar...
-theKGB 8)
That's what I've got between my Surfboard and LAN...
Works great and I got it for about $140...
Here's a link to the product page: RP-114 Product Page
Goofy, Geeky Gifts and More!
My linksys worked great on my slower DLS, but with my faster DSL(4MB/1MB) it would lock up alot with high traffic, either on the WAN, or the LAN. Its a know issue and no resolution as far as I know...
Ipchain and Iptables have worked ok for me so far..
http://www.smoothwall.com should get you to the main product page. It's a freeware GPL firewall running Linux, but designed for ease of installation and administration via a web browser afterwards. The new version 0.99 is due for release any day now, and the beta of 0.99 works quite well for me.
Since most people have an old 486 or Pentium lying around, the cost to set this up is next to nothing - and it has features the hardware firewall/router boxes don't include. (EG. Ability to auto-update your dynamic IP with the dyndns.org service and "snort" to log hack attempts with details on what was attempted.)
Old P1* boxes with OpenBSD make stunningly great firewalls. Throw a couple of good, well-known NICs in one of these and install either using the net (which works very well) or by buying a CD from CheapBytes for $4.99. OpenBSD uses IPFilter and IPNAT (at least for now, but I understand that's going to change soon - perhaps next release...) which I think use a much easier to understand syntax than IPChains/masq. Plus, OpenBSD is pretty damn secure right out of the box without any configuration.
You need people like me so you can point your fucking fingers, and say "that's the bad guy."
Buy a cheap pc with a small hdd or just a disk drive. I support having a small hdd. Get one from ebay ..those p75's will do great. Have some ram. 16mb would be good. And install freesco. Checkout www.freesco.org It is an amazing linux router distro with text based gui installation and it has package management also. Can have support for dhcp, dyndns, sshd etc. Too many features. I use that for my home network. I have had no problems with it till date.
IMHO the linksys is the best. It will do everything you are looking for. I have tried the dlink version and had a lot of problems.
I like my Linksys hub/router, but the support has been downright hostile once I mentioned I run Linux. Like it matters - it's an entirely separate device configured through web pages. But like many of us, I usually run with javascript disabled and their pages provide no indication of why the router can be nonresponsive.
As for the suggestion that you run an old box, please, give it up. If it works for you, great, but I switched from a box to a hub because of power consumption, noise, floor space, etc. Except for those hassles with javascript, I haven't regretted this decision.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
I have 5 computers connected to the internet in my in-home LAN right now. My router/firewall/gateway is a 166MHZ linux box running redhat 6.0. I've been running this setup for about two years, upgrading as necessary. Using IP masquerading this is all very simple and with IP Chains, you can setup any firewall rules you want. I recently installed redhat 7.1 and it has a firewall wizard type thing that makes this all even easier! Take an old box and put linux on it, you won't be dissappointed.
mp3's are only for those with bad memories
I have had no complaints with my Linksys BESFR41, it runs a little web server so all the configuration is done through a browser. I can close/open any port or range of ports very easily. I can use DHCP or static IP addresses on my computers. You can read about all the things it does, but I just wanted to say that I have been very pleased with this product.
I've run the Linksys BEFSR41 single-port Cable/DSL Router and it's awesome. I've also run a 486 with DHCP and NAT under W95, and a P166 with DHCP and NAT under WinNT Server. The best one? The P166 NT server box. Why? Speed and flexibility of configuration. The easiest to use? The Linksys box. The best for firewall activities? The P166 NT server. The easiest and fastest to setup and use? The Linksys box.
Hey, has anyone looked inside a Linksys box to see what processor is in there yet?
pi=sigma{n:0-infinity}[(1/16)^n][(4/(8n+1))-(2/(8n +4))-(1/ (8n+5))-(1/(8n+6))]
The plural of "box" is "boxes."
Saying "Boxen" isn't clever or 'l33t, it's just stupid.
Knock it off, you're making all of us look bad.
That is all.
Why do it this way (the hard way)? Because you can do ANYTHING you want with it. IPSEC tunels, NAT, DHCP, IPmasq, http cache, DNS cache, spam filtering, your own domain, your own email server, web server, instant message server, streaming audio server, and on and on. Add a third network card and you can set up a DMZ network too.
If you just want to surf and email then get one of the sealed box router/firewalls.
-=-=-=-=- osjedi uses Debian GNU/Linux. -=-=-=-=-
I bought a BEFW11S4 - EtherFast Wireless AP + Cable/DSL Router w/ 4-Port Switch about a month ago on eBay - brand new. I have had nothing but problems thus far, and wouldn't recommend anyone buying one. I have to push the reset button on a regular a regular basis, as my connection drops frequently. Firmware upgrades dont work, after many emails and phone calls I have determined that Linksys tech support is virtually non existent, and I had to resort back to using connection sharing on my 2000 box to get a half stable connection.
Matt
Like others who have commented, I too have repurposed an old PC that someone was going to throw out. I used Linux kernel 2.4.2, and three NIC's in a LAN/DMZ configuration.
For my purposes, I was happy to have the learning experience. But if you're new to it, be forewarned that it can be a big headache getting it right.
I don't know half of you half as well as I should like, and I like less than half of you half as well as you deserve. BB
Umm... I've always heard "roww-ter", there are some who call them "roo-ters" but since Cisco calls them "roww-ters" I'm willing to listen to them.
There is no reasonable defense against an idiot with an agenda
:wq
I have a Linksys router installed. You are right that it is a very easy way to protect your network. A friend is using SMC. Both work the same way. HTML interface. Both do port forwarding, NAT, IPsec, DHCP etc...
I run a web server as does my friend. No problem, just port forward 80 to the server running your website. Very easy to setup and run. These are basically plug and play.
Yes you can do the cheap box Running linux. I have on of these too. But I prefer the no fan, low power Linksys box.
Hope this helps.
This works great for me -
www.smoothwall.org
And when I had some problems with setup they were extremely helpful on irc.
i would like to point out that someone who is looking for an pre-packaged alternative to a couple hours spent installing linux on a old computer just used the term "boxen", thus demonstrating that this word is, and never has been "cool" or "with-it".
if you are going to call a computer a 'box', at least pluralize it like a regular english speaking human.
It's not the latest and greatest anymore, but it works great with the most recent software updates. (Word of warning: BUY OR MAKE A NULL MODEM CABLE! If you like tweaking and fiddling with stuff, you WILL lock yourself out of the router.)
:)
You did mention you wanted two servers running behind this: do the servers have different service sets running on them? (One using port 80 and 443, the other using 53,25,21,22, etc?) If so, then it shouldn't be a problem at all to use a RT314, with the sole exception of havinf two static IPs *and* DHCP on the internal interface... I believe it is either static or DHCP but not both.
Anyway, it was less than $100 and I've had it for about a year now. Once you update the software for it, it is a joy to use.
I thought about an old Linux box but:
1) It's noisy
2) It's a potential security risk
3) PC hardware is prone to crashing. By the time you've patched the kernel 50 times, and fixed the dodgy old hard disk when it crashes.
4) It's expensive (not just hardware cost, but also in electricity, floor space etc).
I bought a Netgear RT314. This does NAT, outgoing and incoming (based upon port), DHCP client/server, web/serial/telnet configurable and it's a 10/100 4 port switch.
Cost ~$100. Noise: almost none. Power consumption: minimal. Reboots required: none. Time to install: 3 mins. Time taken to adminster in first six months 20 mins. Reboot time ~30 secs. No moving parts.
Fantastic box. Best home IT purchasing decision I think I've ever made.
I think I'll call my firstborn 'Netgear' or perhaps even 'RT314'.
The linux router project is one of the best sources of info on getting that old 486 to work as a router. I had mine running fine until about two months ago when I was able to get a Netgear router for $30 (easier for parents as I was leaving for college).
See www.linuxrouter.org for more information.
Steinkuehler's EigerStein was the distro I used - worked very well.
-Doughnuthole
I was using an old mac for a while with ipnetrouter. The software is pretty full featured although I think it costs $50. I eventually got sick of the noise and electricity and ended up moving to a link-sys. Its a pretty decent unit, but does lack some of the features I've seen on the d-link routers that cost about 10-20 less. It also works nicely with my apple airport that serves macs, windows and linux machines in my house. I'm eventually trying to phase out all the ethernet in my house and I'll go wireless. Its a much less cluttered solution.
--------------------------------------
in a world without bounderies or fences, who needs Gates anyway?
I personnaly gave a try to SmoothWall, here :http://www.smoothwall.org/gpl/
An amazing number of features in a so little Linux distribution. Well, find an old PC (almost any might be enough), install SmoothWall on it, then you've got your personal router/firewal/NAT/almost-whatever-you-want.
All being controlable through a web browser.
My 2c
An easy solution is to get:
486DX, $10-20
16mb ram $10
2 nics $10
floppy drive $10
Total: $40-50 (plus the geek effect)
Goto coyotelinux.com and download their software. There are FAQs (for ip_masq and ip_chains) and anything else you would ever want to know availible. Also, if someone knows how to setup NCFtpD (with specified ports for PASV) for behind a NAT router I would appreciate a reply. Thanks.
Check the Netscreen-5 10 IP version. At 500 bucks it is _full_ featured and uses less juice than a walkman.
www.netscreen.com
I have used them for two years without one hiccup. And no, I don't work for them.
I have a SonicWall SOHO/10 that works great. It supports the tricky protocols (NetMeeting, for instance), that Linksys models can't handle, and has lots of configuration possibilities (static NAT tied to ethernet address, for example). There's a model with a DMZ port if ya need it, and you can do VPN between SonicWalls if you need that.
Nice box. It was pricey, though, at about $400.
-glenn
I love the IP forwarding of the linksys. All connections to port 80, 443, 21 and 22 are reditected to my Linux box, and all other ports that involve games and *apster clones are redirected to my Game box. Remaining ports are blocked.
I use an old P133 (overkill, I know) running OBSD as my firewall/gateway/ntp server/dhcp server. I could have gone out and spent money on a nice compact unit, but I like the fact that I can upgrade my OS, tweak my filters and above all: learn more about OBSD, networking and OS hardening.
Wooden armaments to battle your imaginary foes!
Set up was a snap, it works rock solid, and I have only had to reset it once, when I physically moved it to another room.
Four friends in town also have them, and they also have had trouble free usage... maybe you got hold of the one bad unit out there.
Department of Homeland Security: Removing the rights real patriots fought and died for since 2001
Put GNATbox light on it. It's free (as in beer). Register it and you get 5 internal IP addresses, 200 concurrent connections, stateful packet inspection, email gateway, etc. etc. Pay 50 bucks and you get a DMZ feature added.
Oh, and it's ICSA certified - not something you're going to find in any other nice cheap answer.
John 17:20
Lighten up you miserable shit.
What - just because you were already shown how to tie your shoes, no one else should get to hear it too?
I can't vouche for the quality compared to other products, but I own a Linksys router with wireless built in. The product is simple to administer and has worked flawlessly. Their homepage has all the manuals in PDF format available. I was able to read before buying one that it would do anything I planned to do plus has enough features and flexibility to offer growth into things I would like to do in the future. I've been very happy with how it has performed. I had it installed an up and running in minutes. On a side note, an awesome distro for a simple to configure and use for basic home services on a PC is e-smith ( http://www.e-smith.com and http://www.e-smith.org ). It's a no nonsense install of Linux that is quick to set up and administer. It's been handling my home web, file and print services flawlessly. It's very, very plug and play.
Bel, the mostly sane.. "Of course I can't see anything! I'm standing on the shoulders of idiots." -- Me
I've got a befsr81
and it's one of the worst wastes of money, brains, and time I've ever encountered. It has moronic timeouts which are completely unconfigurable. A housemate has a similar router, which doesn't include a switch. Both are plagued with similar problems, the documentation is nearly non-existant, and LinkSys lies about firmware upgrades fixing it.
It does, however, work well as an overpriced 8-port switch.
I think most geeks/nerds (or similar people) think that a PC box running this-or-that OS with dual NIC's is the best router/firewall setup. But for most people (the rest of the world), it's not that simple.
Even though there are "router-on-a-floppy" distributions available, it is still not as simple to set up as a dedicated router "thing".
A dedicated computer box is a bit messier to set up, takes up a lot more space, makes more noise, generates more heat, and so on. Plus, you probably won't need a separate hub either.
Most people don't need all the spiffy features you can get from the router PC. NAT, DHCP and some basic firewalling is enough. And those dedicated thingys can do just that, and really well too. If I didn't use my router/firewall PC setup as a server for a few things, I would have changed it for one of those, easily.
But I still don't have a clue as to which one is the best. Sorry.
There are 010 kinds of people. Those who understand octal, those who don't, and 06 other kinds of morons.
You don't need a hard drive for a firewall/router made from an old machine. Check out the LRP for a solution that fits on a single 1.44 mbyte floppy that can be write-protected and just needs to be power-cycled to be reboot.
Compaq 486/66: Free
2 old NICs sitting on shelf: Free
OpenBSD: Free
Laughing at hax0rs trying to hack your Bridge Firewall: Priceless.
I put on my robe and wizard hat.
I do not have any servers, but this works well and has the following features...
- DHCP server
- NAT
- RJ-45 for connection to Cable/DSL and a DB-9 for connection to a modem.
I particularly like the fact that it can do Cable/DSL and Dial-up. Since I am moving a lot, I never know what is going to be available. You can even use the dial-up as a backup, should the Cable/DSL fail. Web based administration is straightforward. But I can't comment on that beyond the basics.
Power consumption is low (22W I think) and it is a lot quieter and much smaller than a PC.
It is good for my simple needs, but you may need more for your servers.
Here is a link to the product page. You can download the product brochure and check it out for yourself.
Remember, You are unique...just like everyone else.
I have a netgear router myself, and have locked it down pretty well with the advice I found.
The above post is an editorial, the poster cannot and will not be held responsible for all or in part for it's contents
Well, I can say that Coyote Linux is the sweetest Ive used,
http://www.coyotelinux.com
Take a 486, 12 megs ram, 2 NIC and less than 5 minutes and youre DONE , too sweet
I have 6 months uptime on the one, I keep forgetting its there, IMHO that the kind of router to have , one you forget is there because it works right %100 of the time,
I hacked a custom box for it too, one of those mini cases,
board, NIC, floppy, no video keybd or mouse, on Yep of all machines a packard bell P-75, Did anyone else know those things would run headless ?
We have the Linksys router/8 switch combo at work and have been very happy. The changeable MAC was a nice feature and works fine with our DSL line.
Since the poster seemed concerned about power, does anyone know details about how to reduce power consumption on a motherboard? One would assume that, since it is being used as a router, APM Sleep/Suspend is out of the question.
I recently upgraded the Motherboard in my router (an old 486 w/ Pentuim Overdrive) because I eventually want to run Apache on it (and 4MB 30-pin SIMMS are expensive compared to SDRAM!) I got my hands on an AT motherboard with USB (I had to make some "creative modifications" to the case, since the new MB had higher heat-sinks.) I got the lowest-frequency K6 chip I could find, and a cheap 64MB Memory stick. I have no clue how much power Its wasting while I'm here at work, and would be interested in knowing how to reduce it further.
...about all these responses is that they're doing exactly what they're asked not to do. Basically, the writer is saying, "Yes, I know I could just use a standalone machine, but I don't want to. What's the best of the available options?"
90% of responses sound something like this:
"uh, yeah. me and my buddy forgnl have our own p90 with 200 megs of ram and a 500 meg hard drive and configured our own slackware setup and we run that. it's so cool. we rock so much. it only took us 5 minutes to set up, but would probably take you about 5 hours. it'll cost you more in the long run, but we are soooooo damn cool!"
I've been thinking long and hard about the Cisco 827 ADSL router. True you need DSL, but for $500 it seems like a steal. Provides NAT, stateful packet inspection, VPN's with IPSEC 3DES. Might be overkill for Joe gamer, but if you're working from home or running a business, I think it's worth the $500. You can check out the stats here.
there are no stupid questions, but there are a lot of inquisitive idiots
I've got the linksys router intergrated with a WAP and a 4-pt switch. Works great for most things, but for some reason it just absoulely hoses UDP traffic on 27005 whenever WAP is enabled and it polls for wireless clients. Only a problem for people trying to play half-life (cs) behind it - but it's really obnoxious to have huge lag spikes. This is a well known issue, not just my defective box, unfortunately. Moral of the story - cs/tfc players, don't get the linksys. Of course, you can just forward all UDP packets, but you could also just get a NAT box that doesn't suck.
I use a Netscreen-5 device for my cable connection. It DOES do stateful packet inspection, NAT, inward port and IP address forwarding, is SNMP manageable, has an SSH server built in, has a Web UI, and can create LAN-LAN and LAN-client VPNs. It gives wirespeed 10 MBit throughput, and can do 3DES at about 5 MBit. Not cheap, but about $300 or less on eBay. Oh yeah, and it can log via syslog.
I want to delete my account but Slashdot doesn't allow it.
Sheesh!
The guy says he doesn't want a pc, then everyone recommends a pc.
He specifically requested NAT plus static, which at least the first 20 posts didn't mention. Linksys supports that. You can also set up a 'DMZ' with Linksys and tell it which machines are exposed to the Internet.
For those of you with no *nix talent whatsoever could try the solution I found:
I have a P-90 with 48 MB RAM and a 4GB hdd running *gasp* Windows 98se (my wife runs Caldera, so we had an extra license). Connect the DSL modem to the hub, set up Internet Connection sharing and *poof* instant psuedo-router.
The cons are it is probably less than secure, needs to be rebooted every month or two, and sucks up power like you wouldn't believe, but if your budget and *nix talent are on the low side, it might be the solution for you.
Interesting side note: I've seen the damn thing keep routing for weeks after the GUI has locked up.
I've used a Netgear 311RT for the past year, and am quite happy with it--does DHCP, NAT, and port forwarding. BTW, you don't configure it via a web interface, instead you telnet from inside and work through the simple ascii menus.
None of the various home routers ship with a real manual--you have to download it off the manufacturer's website. That should answer more pre-purchase questions about functionality than reading the outside of the box.
Remain calm! All is well!
Features I like
A dual homed separate computer running bsd/linux firewall will do the job, but it will be more expensive to implement. Plus you have to buy a hub, and it will take up more space.
My Linksys router has to be reset every week or so, and seems to have problems "bouncing" packets back into the intranet; instead they seem to get lost. (ICQ doesn't work reliably between machines, for instance.) I'm strongly considering switching to another company's router.
It's what I've done at my home - and it works great. I took a spare Pentium 166 I had and underclocked it to 120 then put a fanless heatsink on it. I then clipped the leads to the fan in the power supply. The hard drive is set to spin down after a few minutes. Result: a totally quiet, fairly low wattage (35-45 watts I think) router/firewall.
As far as software goes, after much deliberation, I finally settled on Debian GNU/Linux. The main reason I chose Debian is because you can't beat "apt-get update; apt-get upgrade" for pure ease of system management.
I know you'd prefer an "off the shelf" solution, but when you use an old PC you get so much more. Not only can it do all the routing functions you require, but you also get a print server, a file server (MP3 shares anyone?), a Freenet node, etc.
It's more work, but it's fun and it's worth it.
On our home network we used to use WinProxy (Windows 98 can be incredibly stable), but found that software - at least all the windows ones we tried - restricted internet gaming.
Went out and got a Linksys DSL/Cable Router (http://linksys.com/products/group.asp?grid=5). This has worked incredibly well. One computer can be made a DeMilitarized Zone (DMZ) and has almost no firewall - internet games work great. Althuogh it can act as a DHCP server, you can assign static IPs and forward ports to certain IPs. It's avalible in several port versions (4 and 8 are the ones i remember) and as a switch, too, if my memory serves me right. We've had no problems with it - more than I can say with proxy software (of course, we didn't have an old machine to put BSD on as someone else has already commented).
You can also get wireless versions - we decided to hook up another wireless reciever - and even a print server built in. As I remember, it ran about $100 USD. I highly reccomend it.
Old PCs will certainly work for this type of application, but it's more interesting to hear about applications for these new devices.
I recently replaced a DEC Multia with a Linksys BEFSR11 (it'll do static routing and port forwarding with a dmz host feature). The most compelling reason for me, living with my computers 3 feet from my bed, is the absence of *any* noise. Most of the "old P90" machines have nasty, noisy fans. It was well worth the $100 for the peace and quiet.
I've had experience with the Linksys cheapy router/firewall combo (BEFSR41) and the Netgear RP114.
The Linksys unit worked fine until the power supply died, and I realized that it came with an offbrand voltage and offbrand connector, so I couldn't easily get a new one (and there is no such thing as Linksys tech support to speak of), nor could I easily cobble a new unit together. (Linksys has since changed to a more standard connector, from what I can see, so I can't even buy a new bottom-of-the-line unit and swap out the p/s). So I went and got a Netgear and never looked back -- very nice and P&P.
I tried the PC-based solution but since the unit sits in my bedroom, I wanted something really small and quiet that wouldn't disturb the missus.
Both units are reasonably easy to set up. One of the nice things about the RP114 is that it can be configured either through a GUI or through a telnet interface (although it is text-menu based -- ick!)
I am the Lorvax, I speak for the machines.
I don't grok Unix. I wanted something in a box with negligible maintenance, I had no time and I had adequate money. My ISDN LanModem and hub were 3Coms, so I bought their baby firewall; OfficeConnect Internet Firewall 25. You'll need the link - 3Com's site is impossible to navigate.
I liked it. Seemed robust, and dead easy to admin. Setting up logging was a little awkward, as it needs to log to a remote external box.
Blew up inside a year (I think it may have been mains-surge related, and the firewall was one of few things I didn't have off the UPS). No one is interested in warranty claims 8-( Maybe I was unlucky.
I found this firewall eval site helpful.
This is the first I've heard of this, how does it compare to e-smith? It seems like it doesn't have the extras, but might be great for straight firewalling.
Link Sys
This
The project is excellently documented, support is widely available on websites and newsgroups and setup and security is not much more difficult than in an average Linux distro (command prompt though).
The only problem I encountered was the recognition (and subsequently configuration) of network interface cards on my old 486 box. But with plug 'n pray capable Pentium systems that should not be an issue anymore since you can have the NICs recognised in 'normal' circumstances first, copy the settings and use them in your router setup.
Succes!!!
The nice thing about Windows is: it does not just crash; it displays a nice little dialog box and let's you press 'OK'
I have had a Dlink 713p router. The Dlink 713p suports NAT/DHCP and static routing all at the same time. as well as sporting a printserver and a 3 port on borad not to mention ability to hook up a modem to incase you dont have broadband in to the house. if you would rather not have the printserver with the router dlink also has a standard 713 i belive. but it has everything you need to ip filtering to port maping and accesscontrol... oh i forgot to mention that it is also a wireless access point. i got mine for just over $200 from cdw.com (i think thats where i got it). Dlink has been great about getting patches out for there device and providing documentiation.
Zyxel makes the Zywall, and I believe Netgear uses their products and just puts their name on it.
m
;)
More info is at: http://www.zyxel.com/product/firewall/zywall10.ht
Just a quick overview - http interface if you want, stateful inspection firewall, pppoe (oa too?) support, and multi-NAT. I like the last feature since I hve a few pcs...
I guess you could do the linux box if you wanted, and I've done it before. It's just that I like how small a box like this is, and the fact that it doesn't make any noice, and reboots extremely fast. Also, and this is my problem, I was tempted to play with the Linux one too often
Hope the info is of use,
Christina
Using old computers for a rounter/firewall really doesn't take as much power as the above suggests. Recently, my local newspaper had an article on power consumption. It noted that a modern PC takes about as much power as an alarm clock; not much at all. Older equiptment (486 or Pentium) will probably do better, especialy if you can find a low-end power supply to go with.
For what you want, I suggest two boxes. Both can be between a 486 DX 50 to around a P100. You could even do a 386 DX if need be, but I've found that 486s go for around the same price anyway. I suggest the DX processors because I simply don't like the idea of math coprocessor emulation having to sit in my kernel. Give them both a floppy drive and an old hard drive (You can squeeze a good GNU/Linux distro into 40 MB if need be, but be careful of bloated distros like Red Hat; use Debian or even some form of BSD). If you don't want to waste those good 10/100 NICs on this, don't. A simple 10 Mbps NIC has more then enough bandwidth for a cable modem or DSL (except for the very very high speed DSL solutions, which nobody has yet anyway). The second box only needs one NIC (can also be 10 Mbps), but should have a larger hard drive. From this one, run stuff like DHCP, caching DNS, etc.
Personly, I have a 486 DX/4 100 with a 200 MB drive running Debian 2.2r2 and a Linux 2.4 kernel and an IPTables NAT firewall. This has two 10 Mbps NICs and a modem (I'm currently on dial-up, but the second NIC is there for when I finaly get cable or DSL). Another box runs a DHCP and DNS server. Yet another box is a small file server (using Samba) and also runs an FTP and HTTP server.
Not a typewriter
I've had a linksys router/firewall (BEFSR41) for about a year now, it does a nice job, and supports PPPoE, which i really like, but can't handle the complex task you are asking for
I have a linksys cable/dsl router and it works extremely well. Couple that with good firewall software such as Norton Internet Security and you've got a solution.
I have a DL-704 (or is it DI-704). It was very inexpensive, and has a lot more features than my friends' more expensive routers from Linksys and Netgear.
It'll do all of the port mapping you need, but I don't know that it will "host" several IP addresses (my networking knowledge isn't that great). However, I would think the port mapping would be all you would need.
Ignorantly,
Kevin
I run smoothwall. Very slick and easy to configure and manage.
Return the bells of Balangiga.
It's got probably everything you're looking for: NAT, DNS, port forwarding, hardware firewalling, and support for everything from PPPoE to static IPs on the ISP side. Plus it's got a nice HTML interface plus a UNIX-style Telnet interface (with lock-down support, of course) and even support for a serial cable so you can Telnet to it as a dumb terminal if the Ethernet's down. And the documentation, while not super-thorough, isn't drool-proofed. The only real complaint that I have with it is the way the firewall works; it blocks unopened ports if there's no outgoing packet to correspond with incoming ones. This is only a problem if you're serving something, but more software works like a server (as far as the router's concerned) than you may expect; it was a little weird having to manually open up AIM's port so my little brother could use AIM without having to initiate the conversation.
The main disadvantage is price and availability -- I don't know how easy these are for end users to get their hands on these, and it'll probably run upwards of $300. If you're lucky, your ISP might have some, but I've heard of ISPs giving out these routers and with the remote administration password-locked so people don't (ahem) accidentally enable NAT without paying for a static IP first.
i have, in turn, purchased a RT311 and a Linksys 1-port router (okay, so it's two ports, whatever). It turns out that they're pretty much the same hardware, and completely different ROMs.
Ups: The Linksys product was by far the simplest to configure. easy, embedded HTTP server makes config chores simple and fast. It's easy to screw up the password, tho, however recovery is easy. I thought that even though the Netgear was significantly more difficult to use (relying on CLI-based menus and a powerful yet byzantine trigger-based rule system), it had the most configurability.
Downs: This is why I'm using an OpenBSD box to do my NAT. Both routers rely on similar hardware, which, unfortunately, isn't up to the task of a 10Mbit cable modem or a 6Mbit DSL link. The peak rates I got out of each box was south of 490KBps, or right about 5 megabit. On my cable modem, it seriously throttled my downstream bandwidth, and I found it simpler to just take the time to really lock down my workstation and plug it straight into the cable modem.
My $.02
I was in the same situation, maybe I can help... I just finished a quick'n'dirty write-up on a PC w/Linux based solution. It's available at this link.
I previously had a netgear rt311 on my network in my apartment at school..and when I graduated, I decided I wanted a wireless router, since I've got a couple of laptops, and my girlfriend has one as well. I looked at all the wireless offerings, and it came down to the D-link and the SMC..they're made by the same manufacturer..but the SMC has both a lifetime warranty and mac address restriction of the wireless network.
0 4awbr.asp
In one $200 box, I get:
o wireless access point supporting, i believe, 255 users.
o 3 port 10/100 switched hub, plus the wan port.
o firewall/router with plenty of configurability
o print server, which works in both linux and windows.
the administration interface is easy to use, can keep pretty good logs if you want, and allows for the network to be buttoned up pretty tight.
it'll even hook up to a modem via a serial port, if you want to share a modem connection..
here's a review at practicallynetworked:
http://www.practicallynetworked.com/reviews/smc70
Well, I personally use FreeBSD running on an old P90. There's a great how-to available at DeepFriedPackets.com. Mine also doubles as an apache webserver and runs great.
Ya know...I never really noticed(until King Sean posted) that if you look really closely at the /. logo, in small print, it says: "News for Nerds for those who are better than others. Stuff that matters to only the coolest." I never noticed that before.
Thanks Sean for making us realize that you are so much better and smarter than the rest of us!
-- Now more the mirth, scrape here in the face...
I know the asking party mentioned the power requirements of an old (or, I guess, new) PC as a NAT/Router/etc., but the power drain ain't too bad (unless you leave a monitor on for this server...). Besides, not only can you easily set up (see the How-Tos at Linux Documentation Project) a server to do NAT (great for multiple boxes sharing a "one connection only" xDSL/Cable modem connection), DHCP, cipe tunneling to secured office computers, but also to enable a web server (it's actually a last-hope backup server to one of our production systems), SSH "telenet" server for remote access, FTP daemon. With a little care a simple PC will give you tremendous network services that far surpass the capabilities of these network devices. And the investment in terms of $$$s may be much less (in time, more, but what's the fun of not learning?).
-- @rjamestaylor on Ello
Wow, its amazing how many people suggested that you should use an old PC. I guess no one read your whole post, or the 57 posts that said the same thing before they posted.
First off, I've done the old PC thing myself. It was very flexible and I really liked having a linux box I could tunnel to. OTOH, it also sucked electricity and space which are 2 precious commodities here in California.
I eventually switched to the BEFSR41 from linksys. I picked it up for $100 (BestBuy just had them for $79) and its worked out wonderfully. Low power, silent, and very, very small.
One word of warning: if you intend on hosting any type of game server (quake, half-life, etc...) you should do a search on google first to make sure there aren't any weird problems with the device you decide on. For instance, I can run a half-life server behind the box, but it tends to kick people randomly.
http://www.masturbateforpeace.com/
I am using the SMC Wireless Broadband Router
(SMC7004AWBR)
http://www.smc.com/smc/pages_html/products.html
It's 802.11b compliant, NAT, and a couple of ports for wired Ethernet.
I am very pleased with this product.
And yet you still read news on this site. You must be one very clever individual!
For information and reviews of some of these items, try SpeedGuide.net or Practically Networked.
Just Call me Mr. Been There, done that...
Sure, an old PC with *nix on it is cheaper, but this is quieter and requires less power. It's got a browser configurable setup, serves DHCP, allows for 10 users expandable to 50 users (4 ports, but you can daisy chain another hub off it) and is self updating.
A pretty cool unit for a home network. They also sell units for 100+ users, for small to mid size offices.
"History doesn't repeat itself, but it does rhyme." Mark Twain
I have a lynksis router myself, and it's pretty good. Extremely easy to set up through a web interface, and nice and secure! Does forwarding, etc.
Sure, you COULD build a cheap, old box and set it up with *nix and configure its firewall and..... Scream....
With the lynksis, you:
A) Save power - it uses like 15 watts.
B) Save time - plug it in, enter your username and password (for DSL, anyway), and set your computers to DHCP and BAM! You're up and running.
C) Save space - It's small.
D) Save hassle - No complex config, no shopping for cheap parts...
Doing NAT and other types of masquerading is cpu-wise surprisingly simple. I personally have a 16 MHz 386 with 4 megs of RAM routing 7 computers and an ADSL, and the CPU is bored to death! The only problem I faced was the fact while 4 megs is more than enough for routing, some swap space is needed to run the initialization scripts, but given 8 or more, you'll have no trouble at all.
We are very happy with our Barricade. Turn it on and it does the job. The 8 port is a nice metal job as opposed to the 4 port in plastic. Applying the patches is fairly easy. Better logging would be good but still it's a great little box. And the built-in print server is very handy. Oh and it's a switch not a hub. All at a reasonable price.
I have the BEFSR41, which is the router plus a 4-port 10/100 switch. It was about $100 from CompUSA.
Dislikes: the web-based interface is a bit wonky with Netscape 4.7 on *nix. It works, but has some weird errors on occasion.
Likes: it works as advertised. I fought with PPPoE on an OpenBSD box for several hours -- I could not figure out why it wasn't working, and none of the so-called "How-tos" helped.
So, I went and bought the Linksys, and within one hour (including the time it took to buy the thing), I was passing bits around the Internet.
The web-based interface does work somewhat with Lynx, but is very cantankerous when used so. I have ssh'ed into my server and then used Lynx to reconfigure the router.
You can forward ports to particular internal IPs, i.e. "all requests for port 80 goes to the computer at 192.168.1.100", and can even put one computer (one IP address) in a "DMZ", where it is completely open (all ports are available to answer).
If you want to do complex filtering or firewalling, it doesn't do such. If your needs aren't really complicated, it will work for you.
Potato chips are a by-yourself food.
When I got dsl I went for some stupid promotion that waived my setup fee. What I didn't know is that the dsl "modem" they gave us would only get one computer online (no NAT or anything).If I wanted to get my roommates online too (which was a key part of my plan to pay very little for dsl) I was told that I'd have to buy additional IP's for each pc. And there would be no firewall or anything, so their win98 boxes would be open to the world.
That sounded like a bad idea to me (security wise), and I didn't want to pay for the extra IP's anyway, so I picked up a retired server from a local bussiness (dual pentium II 120's w/128mb ram and a 6gb hd) and installed redhat. My isp included a new nic with every dsl setup, giving me the second card I needed for the server.
I've got very little networking experience previous to this, but it wasn't hard to find decent documentation online. Now I've got it doing IP Masquerading and I've got a decently simple setup for routing ports to internal IP's. I opted not to setup DHCP, though I may in the future.
It was a learning experience for me, and I've certainly got a lot more control over my setup than any of those web-interface standalone setups.
___
The way to see by faith is to shut the eye of reason. --Ben Franklin
God, do all you "old PC NAT box" folks have fears about your manhood or do you just not read? The man clearly stated that he was looking for info on router appliances, and just as clearly excluded homebuilt PCs as a topic of discussion, but everybody and their brother still has to trot out the damn things, perhaps to demonstrate their questionable 1337tness by tossing it off so casually, as if it were a trivial solution (which it can be, in terms of technical difficulty. But the man mentioned $$$ and watts).
God help us when you all have actual beowolf clusters in your basements to brag about at every opportunity...
Well, doing consulting and having setup a lot of NAT environments across many platforms, I would say that these "all-in-one" solutions are a great idea. That is, however, if you get the right one.
Certainly the first suggestion I have when I see a home business paying for extra ips, is to take an old machine and setup ip masqurading on a linux box. However, I have found that many people are "scared" of linux, and some don't have dedicated machines. Others want a firewall, public servers, and of course the full web/email site setup. While some businesses look at this as opportunities for recuring fees to unknowledgeable users, I try to lay it all out for the customer. Advantages and disadvantages, ease of administration, power consumption, maintenance. In most cases, customers LOVE the all-in-one solution devices.
For power users that want to control all aspects of filtering, routing, port forwarding, and hosting, this is not the best option. However, it can be a *good* solution. I have up until recently been a Linksys advocate. It is actually a great product, and can perform NAT, DHCP (may toggle off and use an internal DHCP server), "DMZ" port forwarding, and flashable firmware. However, don't be fooled by the claim that it is a "switch". I spent many hours trying to find out directly from Linksys what some specifications were on the advertised "switch". First of all, it does not have a backplane. Anyone that knows what to look for in a switch, will first want to know how much data can be shared. When there is no backplane in any specs, and the "engineers" at Linksys don't seem to know what you are talking about, one tends to rethink their purchase. There is no mac table, nor is there anyway I have seen to find any specifics about how it "switches". Does anybody know what these devices really are? They have to be some sort of "smart" hub. What i have ended up doing, is purchasing NAT/router devices, and separate switches that perform like switches. I have found some D-link and Addtron switches with backplanes and viewable mac tables.
Also, the only way to configure any options on a Linksys device, is through a web browser. I have been able to use lynx before, but this one particular 8-port switch/router had broken tags in the config. I flashed the firmware, and tried just about every browser, but each time I would get java erros and broken tags. When I called tech support, they told me to take it back to my retailer. What they don't know, is that I had just replaced it, because the firmware flash died halfway through, and fried the device. This is not very reliable IMHO.
Netgear, however, allows you to telnet in and configure via command-line, which IMHO, is the most important feature of a configurable network device. JetAdmin or telnet for managing HP printers? Are you kidding me? I'll take command-line anyday. We need a low-end cisco device is what we need.
Are there any other command-line configurable NAT/routers that have actual backplanes for the switching component and has flashable firmware (other than a cisco switch) aimed at this market?
"The more you suffer, the more it shows you really care, right?" -Offspring
I'm suprised nobody's mentioned this product yet. Has anyone had experience with it? (I've installed it but haven't got it working due to unrecognzed-but-allegedly-tulip.o NIC.) Look at Mandrake SNF. They have ISO dnlds on their site. -ed
ACHTUNG! Das computermachine ist nicht fuer gefingerpoken und mittengrabben. Ist nicht fuer gewerken bei das dumpkopfen.
It's a small box, 64 meg 'o ram, Compact Flash slot, MiniPCI / Normal PCI slots, as well as 3 ethernet interfaces.
If my web logs are any indication, it has been installed by over 7000 cable and ADSL owners so far, and the amount of tech support I have to do is very minimal. If you have an old PC and two ethernet cards, you're half-way there.
Check it out and let me know what you think..
-John
I just think its a function of your language in the region, rather than one way is right or wrong.
Example 2: processor: "praw-cessor"... up there is "pro-cessor" Probably more true to how its spelled.
K
Being a Cisco guy myself, I'd have to say if money isn't an issue, and security is the main idea, go with Cisco's PIX Firewall. It's actually not that bad if you compare it to their higher end gear (small office 506 is $2K, 515R is at least $3K, and it goes up real fast from there). Plus, you can run IPSEC and connect to anything else running the same (or even PPTP/L2TP). The thing I like is that all of the PIX line runs the same code, so anything you can do on a big ISP-size 535 you can do on 501. Plus, the new 6.0(1) code adds the ability to load the new PDM code (PIX Device Manager) which is a Java-based SSL web interface to allow easier programming in an interface very simular to Checkpoint's Firewall-1, etc.
Any Cisco security engineer-wannabees should really consider this option, since it's a cheap way to practice with the exact same interface as the high-end gear.
"Performance
The Cisco PIX 501 Firewall provides competitive performance in a compact form-factor:
* 10 Mbps cleartext firewall throughput
* 6 Mbps DES VPN throughput
* 3 Mbps 3DES VPN throughput
* Supports 3,500 concurrent connections
* Supports up to 5 VPN/IKE peers concurrently
PIX 501 10 User/DES Bundle, PIX-501-BUN-K8, $595
PIX 501 10 User/3DES Bundle, PIX-501-BUN-K9, $695
"
Oh, and compared to some of the "Cable/DSL" routers out there like Linksys, this is a huge step up. You can do NAT/PNAT from multiple external pools to specific internal ranges, or even port redirection so that multiple global addresses forwards different ports to multiple internal servers, or one-to-one static NATing if you require, or even "NAT 0" (internal and external addresses are the same) but still firewalled. Built-in DHCP, basically everything and anything you could want or expect from a firewall middle-box is here.
http://cisco.com/go/pix
urgh. Slashcode 2.0 does ugly things to urls after post... Simply try this: http://www.dubbele.com
The downside: Its a bit more pricey.
K
Don't forget that many of the firewall/routers
are also switches. I have a netgear RT314 which
is a 4-port 10/100 switch, and I am completely
happy with it. Way better than getting an
old PC, two network cards and then buying a
switch too.
I have a Linksys, and I think I ask too much of it. One of my boxes is DMZed to allow videoconferencing, and I have to reset it every few hours while that's running.
You don't win friends with salad.
I just got the Linksys BEFW11S4 which is the product where they mated the wireless access point, with their cable DSL router, and threw in a 4 port switch I think the router alone is a 3 port hub? or maybe a switch. It was easy to setup using it's web based interface. It allows you to make one of your clients a DMZ Host for video confrencing, gaming etc. I'm assuming it forwards all ports to the Host when that is enabled, the docs doesn't say what it does and I have not tried it yet. Also it gives you the ability to set up port forwarding for specific ports or ranges of ports to up to 10 machines. It supports PPPoE, PPTP pass-threw, ipsec pass-threw, has mac address cloning. and has a build-in DHCP server. I'm pretty sure that it only supports 1 IP address. It would be cool if you could assign multiple ones and forward based on IP and Port. And don't forget it's a wireless access point, yay! It's been on sale the past 2 weeks for $199 at Best Buy, and Comp USA. It's priced lower than the Wireless Access Point. Go figure, that's all I wanted, I bought a WAP and got a router free.
Having a foam-rubber sound absorber box in which to enclose my old PC WOULD HAVE been great (running FreeSCO). But, my (relatively new) Linksys router has no fan and is ultra quiet. Plus, I don't worry about the hard drive, the CD Rom, or whatever other component that old PC had failing and bringing down the box.
Unitarian Church: Freethinkers Congregate!
one thing you can do is get a small hub/switch and put that immediately after the dsl modem. attach the two static ip pcs and the router to the hub. then set up your internal lan on the router. one problem here is that the two external computers will be firewalled out from your lan. that, however, can be easily remedied by adding a second nic to them and also tie them into the internal lan.
another thing to keep in mind is that on most (maybe all) routers you can forward specific ports to internal computers. this works really well when you only have one computer you want to use for any one task. when you want to have to web servers, for example, you would have to have to do something like router port 80 goes to pc1 port 80 and router port 87 goes to pc2 port 80. but if you don't mind that then this would be the cheaper solution.
"They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety."
-Ben Franklin
the question wasn't "so guys, what do you recommend I use for routing purposes" ...so keep your personal prefs just that, personal. If the guy writes /. this question, chances are he ALREADY KNOWS that the free unices can do it. Don't you spammers and trolls realize that you're ads won't get modded up to most readers thresholds?
For those that don't have the time to figure out how to build your own router, or know how but just want something that is guaranteed to work. I own a Linksys router, and if you upgrade the firmware, it works great does evrything I want it to do and a whole bunch of thing that I will never use but are pretty damn cool.
We use the Bintec X.1200 for this. Dual-Ether and ISDN, runs NetBSD, IPsec available, extremly convenient to remote administration. Loads of debugging features. It's a german company, so its probably unknown in the US. (Their site is down, first time I ever seen this, and we use their hardware with approx. 400 installations since approx. 1997)
I've been using a Netgear RT314 for almost a year now and it works great. NAT features, port-range forwarding, etc. It doesn't have a "true" firewall but the NAT does offer some protection.
I'd recommend getting the FR314 that has firewall capabilities. Check out Practically Networked for reviews on hundreds of models.
I'm using a Linksys BEFSR41. It's a 4 port 10/100 switch, and a router. I used this to replace my hub and install a router all in one fell swoop. It's worked very well for me. It's a very simple product, and uses a web-based configuration system. It works just fine with my DSL modem, as well as both Windows and Linux machines. You can change a few things...but it is not a very sophisticated router. It's got DHCP (which you can turn off), NAT, port and IP blocking, and it works with PPPoE. It was about $120 at the time that I bought it. They've also got a 1 port version, if you don't need the extra. I'd strongly recommend it, unless you really want all the goodies to play with.
yrs,
Ephemeriis
"Work is the curse of the drinking classes." -Oscar Wilde
It's what I use and I have had ZERO problems with it. I don't know if it will actually support being a DHCP server while it is doing it's other tricks (like routing all incoming to a designated DMZ machine, or doing selective port forwarding, or packet filtering to specific IP addresses inside, etc. - has a lot of tricks). Has anyone done that? I doubt it would mind as long as you keep the fixed addresses out of the range it will be generating addresses in.
But, even if it doesn't, why not just have one of your dedicated servers be the DHCP server too? Once a box is handed an IP address, everything will work just as well as if it had a fixed one.
Me, I didn't bother - all my boxes have fixed IP addresses, but I'm guessing you have a notebook you want to shuttle from work to home.
Anyway, that's my $0.02 - just make sure you use a switch instead of a hub if you move good volumes of data around.
I need to restart my D-Link DI-704 once in a while too. Somewhere in the manual I saw that this is intended behavior: "our hardware will die when it'll be unable to handle attack to your computer". I don't really believe this, but it hangs more often when I use gnutella.
sure, its more work and it might
cost a little more.. but dump
the right distro of *nix or BSD
on it and you get web, mail,
shell and ftp servers for free.
run samba and you get an internal
file server for free too.
Even if I go the dual-nic PC route (pun intended) I've still got to have a box to plug the local LAN stuff into... So I put the switch in the front room with the kids' PCs and then I'm stuck with only one PC back in the office where the cable modem and server are.
A little SMC 4-port jobbie was just the ticket. Now I can jack in a couple of laptops in the office while the kids are having a battle net party in the front room.
Sure, you can build one out of an old computer and spare parts. But, think about the physical size, noise of the fans, and electrical consumption. Plus, you could use that old computer for something else. I got a D-Link DI-804 for $51 from Amazon.com this week. $80.00 - $30.00 rebate - $10.00 online coupon + 11.00 S/H. It seems to have all the features you want. It has a simple web interface for basic stuff but it also has a telnet interface for more advanced features. Look at the D-Link site for the product (http://www.dlink.com/products/broadband/di804/).
Note: The picture on the D-Link and Amazon.com websites is of an older design where the four switch ports are on the front, and the WAN port is on the back. On the one I received yesterday, all ports are on the back (much less messy). I emailed them telling them that the picture didn't look anything like the actual product and so they apparently pulled the webpage for the product temporarily.
The setup was painless (basically, just plugged it in, attached network cables, renewed my IP leases, and changed the admin password). I even upgraded the firmware in less than a minute. It is also silent (no fan) and it is about the size of the area of a keyboard between the [ESC] and the right-alt key. It is working great.
It has four ports in the built-in switch. Port one can be used either as a normal switch port or as an uplink. It also has a serial port that you can attach an external modem to share as a backup for then your cable/dsl connect goes out.
For $51, it is basically the same price as the 486 solution that someone else cited as $45, and it even comes with a one-year warrenty (apparently, D-Link used to have a lifetime warrenty but I guess they don't do that for the consumer stuff any more).
CPU 32bits ARM RISC CPU
Memory 512 Kbytes Flash Memory
4 Mbytes SDRAM
Standards IEEE 802.3 10Base-T Ethernet
IEEE 802.3u 100Base-TX Fast Ethernet
IEEE 802.3x Flow Control
ANSI/IEEE 802.3 NWay Auto-Negotiation
Protocols Supported
TCP/IP
NAT
DHCP
UPD
PAP
CHAP
MSCHAP
RIP1/RIP2
PPPoE
Virtual Server
VPN Pass Through Function*
PPTP
L2TP
IPSec
Firewall Protection: Built in NAT firewall using stateful packet inspection
Management: Web-Based - requires a PC, Mac, or Linux based computer with a Web Browser capable of running Java script.
Firmware Upgrade: Web-Based - requires a PC, Mac, or Linux based computer with a Web Browser capable of running Java script.
Ports:
4 x NWay 10BASE-T/100BASE-TX Fast Ethernet LAN
Port 1 has Uplink/Normal switch
1 x 10Base-T WAN
1 x RS-232 (230 Kbps, male DB-9) - for back-up analog modem connection
LED's
Power
WAN
Console
Link/Act. (Link / Activity)
10/100 Mbps
Power DC 5V 2A
Operating Temperature 0 C ~ 40 C
Storing Temperature -20 C ~ 70 C
Humidity Max 95% Non-condensing
EMI Certification FCC part 15 Class B in US
I used to use a Moreton Bay Nettel (now it's named Snapgear) until lightning killed it; GREAT unit, I highly recommend it.
I now use a Linksys DI-704; good feature set, built-in 4-port hub, inexpensive at $99, but somewhat lacking in remote logging capabilities. Still, I recommend both units.
"My strength is as the strength of ten men, for I am wired to the eyeballs on espresso."
I found old Pentium laptops to make excellent firewalls. They are a little more pricey than the old PC but they have a few advantages:
Built in battery backup
Low power consumption
Few (if any) noisy fans
Small, and fit nicely in a rack shelf
Built in collapsible console
Look around and you can find one for about the same price as the small NAT routers. The only real shame is they only have typically two PCMCIA slots, so you can't have a DMZ or wireless net interface seperate from the internal and external interfaces.
The Netopia R-series routers will do what you want. They have NAT, and multi-NAT. Multi-NAT is the feature involving multiple public IP addresses mapped onto different internal machines, for a port, ports, or all ports. This is how you can get more than one webserver through the routers. I don't think most home routers will do that. The Netopia R-9100 (ethernet to ethernet) is what we have at work. It has an 8-port hub. They work quite well, and run about $450. Netopia has other routers with ADSL or SDSL modules (or ISDN or T1 for that matter) instead of a second ethernet interface.
Astaro makes a great distro of linux that is ONLY a firewall. It installs without a GUI and allows you to make some basic default selections during the initial installation. Once installed it presents a web based interface to control the unit. You just need to access the page from an internal machine and enter your settings. It will install on a base modem pentium, the only disadvantage is that it does require 1.6 GB of HDD space I think. Makes a great production box, sans monitor and basic peripherals.
this is a really good discussion, and i need to sort through all of the posts, but i've found everything here pertains mostly to unix flavors. can someone focus on windows firewalls as well?
also, are there a few basic problems that make a firewall necessary that someone could describe? i don't quite understand the basic issues of why a firewall is needed on a windows system?
i've been heavily involved w/PCs for the past 20 years, but never got into networks because, well, i never found it interesting, or i didn't have the time/neurons to spend. now that i have no choice but to learn about firewall safety for my own needs, things are unmanagebly huge compared to the token-rings of 15 years ago!
a summary of the main reasons why a firewall is needed, i think, would be pretty useful to other people in the same boat as i.
thx in advance,
s
https://www.accountkiller.com/removal-requested
I was wondering if any sort of IP Accounting is included in those standalone boxes ? ;-) ;-)
I've written alot of scripts to do per-routed-ip accounting of the network traffic using ipac and then some own scripting to automatically disable routing for boxes that exceed the quotas.
It is a sloppy solution that works well with that old 486
Are there any features on standalone routers that do this hassle free ? Because thats the main reason I use a custom linux box every time ! ( cause mine are *almost* hassle free
blaah !
My SMC Barricade (SMC7004AWBR) is a godsend. It does FireWall, print server, 3-port 10/100 Mbps dual-speed switch, and 802.11b (AirPort) wireless access point. And you can find it online for around $220-$240 (Buy.com, Amazon.com, etc). I have never had a problem with it and have been using it for over 4 months. The interface is HTML. A $25 rebate for it currently exists until the end of the month.
Anyone know of any routers (ie: Netgear, SMC, etc) that allow flexible port mapping?
Most of the models I've seen only map an external port number to an IP address on the internal network.
I'm looking for one that will allow me to map any arbitrary port on the external interface through to a specific IP/port on the internal network.
Any suggestions?
At work I use a Multitech RouteFinder. It's got a built-in 4 port hub, nice config utility, monitor software so you can see all the activity, and the convenience of being able to reboot it through the software. At home I use an SMC 4 port. What I really like about it is that it configs through a web browser, and lets you clone your computers mac address (some highspeed providers only let you log in from one mac...go figure...). Both of these have all the usual features (NAT, ip forwarding, blocking...), but the SMC was signifigantly cheaper (on sale at CompUSA, plus mail in rebate, it only cost me $50. The Multitech was like $225)
do not read this line twice.
Proof one shouldn't post under the influence of glowing phosphors. Make that a D-Link DI-704, NOT Linksys...
"My strength is as the strength of ten men, for I am wired to the eyeballs on espresso."
There's also a 2 Wire (www.2wire.com) Homeportal device.. Has HPNA, and you can get a wireless version as well, has NAT, Firewall, will work with DSL, only downside i know of is the limited Ethernet ports.
Art is not a mirror, art is a hammer.
If you are planning on having multiple people running networked games in your house, I would recommend caution when thinking about a hardware router. For example, Linksys (among others) has problems when two people in a household play Q3 and want to connect to the same remote gameserver. As was said before, PracticallyNetworked.com is a good place to investigate before buying.
Alternatively, an old Mac IIcx makes a great router. Two NICs and a video card, old 20mb drive, IPNetrouter software, and there you go! Pretty much unhackable, because with System 7.5.5, you can't even address the Mac's file sharing via tcp/ip. I've got just such a beast running our office because our Linksys died. And I'm really cheap.
If you are albe to build your own why would you use something out of a box.
In our house we have 3 people living their with one DSL line coming in. The DSL router is used for low level protection. Routed to a KRUD linux box then Internal network.
We have since added a Wireless network as well and moved to have a 3rd network card in the firewall and added VPN to keep the WEP airsnort kiddies away from the wireless.
AC
I've seen a lot of these broadband routers, which assume that you're plugging into a device that has Ethernet out. So that's, what, some DSL and some cable modems. How about dialup and ISDN users?
We use a dedicated PC. It sits in the basement, and it runs 5 year old ISDN hardware. Total cost of the equipment is hard to calculate, given the age of it (old Pentium, older ISDN card from US Robotics). Can't use Linux, unfortunately, because of the ISDN card (otherwise, I'd be harddrive-less w/ LRP). Heat and power consumption are minimal. Size of the packaging is irrelevant for our use.
With as often as we cycle through PC hardware around here doing upgrades, there's no reason for us to pay extra money for a router.
the netopia router will do every thing you want to do.. if you need any information go to www.netopia.com and or u can e-mail me
..
i have one its da bomb..
The one feature I would really like isn't available in any of these devices: PPPoE relay. The Roaring Penguin PPPoE client for UNIX has this feature, although I haven't tried it as I'm already hooked up via a Netgear RT314.
FYI - what is PPPoE relay? Well, one of the features of PPPoE (which my telco enforces for DSL) is the ability to connect to multiple ISPs without changing anything. PPPoE relay allows a PPPoE connection from a computer on the LAN to go through the router and thus allow individual PPPoE connections in addition to the one being maintained by the router. Thus you can connect to multiple ISPs, or even multiple connections to the same ISP (my ISP - Sympatico - allows two IP addresses for free). The benefits of getting two IP addresses might be more obvious or appealing to some people. We actually wanted multiple ISP access for a while: the university that my wife was attending had a dedicated line from the CO, and allowed highspeed access to their network using PPPoE. We just switched our username and password to access this, but it did mean having to access the internet through their network. I would have preferred that my wife make her infrequent connections directly from her computer without effecting the whole LAN.
Oh, BTW, I think my Netgear RT 314 is great. I've had it almost a year. It sits on a shelf doing it's thing. I don't even think about it. It took only a few minutes to set up. Time (and expense) wise, a lot less effort and much more convenient that finding an old computer and conifiguring that, although Coyote Linux looks very simple.
The CPU fan doesnt work. The harddrive stops spinning soon after booting- so i have have to physically smack the side of the box if I want
to log in and change things.
Theres about an inch of dust inside the case.
Its running a 2.4 linux kernel with iptables, and
a custom firewall script which allows multiple battlenet connections behind the firewall (which was impossible with 2.2 kernel) as well as port forwarding, and a special rule to remasq web connection to my cannonical domain name.
Other than the occaisional problem with pump (redhat dhcp client) Its been working flawlessly
for 6 months.
I have DSL and use a D-Link DI-804 ($89 from netlux.com at last look) that is a firewall, NAT router, 4-port 10/100 switch, static IP or DHCP client, multiple machine DHCP server all in one, and includes a serial port for modem dialback in case your broadband goes down. I have no complaints in 4 months of use; you plug it in, spend 5 minutes setting your numbers, and go.
I have convinced 3 co-workers, two with Adelpha cable modem and one other with Ameritech DSL, to use this box as well. All are extremely happy with performance.
It also does offer you the ability to static IP-route traffic to specific boxes, although on a limited basis (only 8 or so machines, I think).
SlashSigTheorem: Humorous, Political, Critical, Constructive- If you have a
Not. You just can't see them because they happen to be firewalls.
The Geocrawler mail-list archive of OpenBSD misc has nothing but doubled from 1996~2000.
Speaking of which, is Geocrawler out of business? there are no messages showing up for September...
"BSD is about people pissing each other.." (Moid Vallat)
The 10 finger interface is the only way to be completely secure. You don't even need any network hardware, such as NICs, hubs, etc. And it's completely wireless.
Downside is its throughput--depending upon your "config", it can vary widely.
Those who can, do.
Those who cannot, teach.
Those who think they can but cannot, manage.
-xEN
n0carrier.net
I use Freesco. See other posts for why it's great.
not even funny.
The biggest advantage to using Linux or even BSD or any other UNIX is that you can configure the firewall as an actual gateway/router/firewall, DMZ whatever you want to make you feel safe on the net.
iptables is pretty easy and if you already understand ipchains going to tables makes things easier. As you can specify an interface to forward from to. -i eth0 -o eth1 kinda thing...
Only 'flamers' flame!
This is a fine box, 7 port + uplink, web-based admin (http://192.168.0.1), firewalled out of the box, and you can open common ports through a drop down menu. It Just Worked until the phone company figured out that the MAC address of the machine they set us up with had changed. Tech support was great and cloning a MAC address is simple.
I don't get the "use an old box" idea. How many ISA NIC's do you have lying around? You're going to want at least a 5 port if you're that much of a geek to set up a Pentium to do this, which negates the Pentium. And do you love the electric company that much to buy another 100W from them?
It's an interesting project, but save that Pentium for a diskless workstation or something.
These people still have them, and they have quick service. I buy from them 3-4 times a year and I've never had a problem with them.
I'm looking for a wireless version of the same thing to use at home, so I can keep my neighbors off of AOL. Any suggestions?
...Time is the best teacher, unfortunately it kills all of its students.
is about the same, and cheaper
Noo doot aboot it, eh?
I got the SMC 7004ABR last month. I use @Home cable internet and the performance is great. I set up a static IP on the WAN side and DHCP on the LAN side. Two machines are stationary and I have a laptop I boot to Win2K and Mandrake 8.0. DHCP works great.
The Print server is great. I have a Epson Photo 700 I can print to from all machines. It isn't a true print server, more like a virtual printer port. Works great in Win98 and Win2k, but the instructions for Linux are outdated and I can't get it to work:(
The firewall is basic NAT protection with limited hack logging. You can secure ports or map them individually in the Web/HTML setup screen. You can also turn off ping replies.
I'm beginning to think that the logging feature is broken with the new software upgrade available. It logged tons of stuff till I ran the upgrade.
One thing to really boost performance in Windows is to go to SpeedGuide.Net patch section and run the @Home patch and the generic patch. My download speed quadrupled from 400K/s to 1600K/s.
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
People who are not interested in being linguists have a right to speak Russian too! Rise up and overthrow they Tyrany of Ihgnorance!
Friends don't help friends install M$ junk.
I use an SMC Barricade. The deciding factor was it could do custom application port settings while still acting as a DHCP server. It's been reliable, easy to use, and pretty cheap (I think $100 now). My home "network" is dirt simple though (a Mac and a PC using web & email connected to Telocity DSL w/fixed IP).
I've got a Cobalt Qube as my router/firewall, and the only problem I've had with it (and this is a _big_ problem) is that it is impossible to administer it offline. I thought I was cracked once, and there was no way to check it without exposing the rest of my network to the crack attack.
So, my advice is to get something with a CD-rom, monitor and a keyboard. If you get cracked, you want to make it easy to recover. And if any vendor says they are immune to being cracked, run away!
I bought one of these last year, and it has been working great..
The interface is a webpage built into the router (to get to it, you just go to http://192.168.1.1). When I used mine, I had a linux box running apache, and I could forward all requests to port 80 to that machines IP address, and it worked pretty good.
There is a lot of other options with it as well, but the only problem is Linksys does not provide any support beyond getting it to work, so your on your own with the more advanced stuff, but it does seem to work good so if you know what your doing you probably wont need help.
When I first got the router, I was on DSL, and my provider was pretty much crap. The DSL line would go down a few times a day, Id have to unplug and replug in my DSL modem to get it back online. There was a couple times where I had to reset the router, and plug in the settings again, but it only took a minute or so.
All in all, I like the device.. If I were to buy one today, i'd probably buy the Linksys Wireless Router, I saw this at best buy for about 120 bucks, pretty cheap for a Wireless Access Point with a range of 1000ft..
Zeno_1
---------
The more I study religions the more I am convinced that man never worshipped anything but himself.
Sir Richard F. Burton
There has been much discussion on some of our internal mailing lists about the best router. Some involve setting up an older computer or puchasing a new router. Well, I didn't want to clutter up my house with another PC, and I didn't want to spend $110+ on a router, so I used my existing Windows 2000 PC. It's easy to set up. Here are the details:
;)
You will need:
-- Ethernet cards for each of the computers
-- At least one computer running Windows 2000 (recommended for stability)
-- A crossover cable or (preferably) a 10/100 Ethernet hub
Here is the easiest way to do this.
Install Ethernet cards into both of your computers.
Connect one PC to the modem. (If you have an Ethernet-based modem, you'll need two Ethernet cards in the computer connected to the modem.)
Connect both computers to the hub, or, if you're using a crossover cable, connect them together using that.
Make sure your Internet connection is up and running on the computer connected to the modem.
Assuming you're using Windows 2000, the next steps follow like this:
Right-click on My Network Places and click Properties. Right-click on your ethernet adapter and hit Properties. Click the tab labeled "Sharing" and click "Enable Internet Connection Sharing". (If you're using dual Ethernet cards in this system, you should right-click on the adapter connected to the outside world. TIP: rename your adapters so you know which is which; "External" and "Internal" are good choices.
That's it! Both your computers should now be connected to the Internet. Total cost: two ethernet cards at $10-$20 each and a Netgear 4-port 10/100 hub at $40 for $80 maximum.
I recommend installing Windows 2000 (or heck, Windows XP Pro) if you're going to be doing file/print sharing and networking. Windows 2000 in general is a much better product than Windows 9x for network-intensive applications. Whatever you do, if you enable file/print sharing, do yourself a favor and make sure that both computers have the same OS, as you'll save yourself a lot of trouble in the long run. (It is possible to do it with 2000 and 98, but it's a lot more of a hassle than with both computers running the same variety of Windows.)
You can also do the above using Linux, but I already had the Windows 2000 computer, and Linux's version of ICS isn't that easy to set up. Windows 98 and ME also have the Internet Connection Sharing option.
If you want to do specific routing such as setting internal static IPs or setting up network printers, you're much better off going with a server OS. I've used Windows 2000 Server to do this. However, for your basic home networking setup, W2K Pro works wonderfully.
Get yourself a 486 with 24 little megs of ram (no monitor, no keyboard, and no mouse, just an old dusty 486 box)and install Gnatbox-light (www.gnatbox.com). It's free for up to 5 hosts (2 if you don't register..hey, dontcha just love marketing?) and it's based on free-BSD. Highly configurable, I use it at home and the non-light version at work and I love it.
I work at a broadband ISP and the majority of the problems I've seen occur with customers primarily come with netgear and linksys related products. I'm gonna say that these products are in anyway bad, just I've seen more problems with these then I have with others in my experience.
Fuck Ajit Pai
I have both cable and DSL. smoothwall ( http://www.smoothwall.org; free, gpl, 22 MB) and a Linksys broadband router have both worked equally well for me on both connections. I've had the linksys since it was introduced 1.5 years ago. both have simple browser-based admin pages to control forwarding, etc. both have built-in dhcp clients (though smoothwall's is off by default, so you need to set one IP statically, at least in the begining.) it recognizes generic $13 10/100 NICs with RealTek chips just fine. for easiest setup, use a PCI pentium with 16 MB RAM. if you have a box like that or can find one for ~$50 (browse regionally on ebay; no need to spend $40 to ship a $50 box) and don't mind having a whole PC sucking juice, blowing off heat, and taking up space, go the smoothwall route. if you want to spend $100 (after rebates) for a 4-port linksys, go that route. remember you'll need a hub along with smoothie. I have 3 devices in a row on my shelf below my desk-- my toshiba cable modem, a 10/100 8-port Asante hub, and the 4-port 10/100 linksys switch. I use the modem and hub as footwarmers; the linksys doesn't get warm enough. (though all 3 have similarly-sized wall warts.) feel free to contact me directly (slashdot at pixelcity dot com) for more info.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Overall, I love it. No problems with Quake III Arena, easy to set up, works flawlessly. The reasons the above poster listed are also true: with 8 ports, you can always plug in a laptop; port forwarding works well, and Netgear also has a great reputation.
Here is the product information page at Netgear. It can be had from buy.com for $155.
Every once in a while I like to masturbate a new word into my vocabulary, even if I don't know what it means.
The new ones have a 802.11 port so it can also be used as a wireless hub. A nice feature imho.
Trouble free for 6 months so far (cable).
"Smokey, this isn't Nam, there are rules." -Walter
Why screw around? If you are serious about this spend $50 extra and get a used router off e-bay. You can get a 1600 series with 2 ethernet ports of around $225 plus shipping. You get a real router, a little experience with cisco kit and with the GUI config even my dad could set this up.
my firewall/nat box recenlty used to be 386/40 with 4 megs of ram. i basically obtained the crappiest machine i could find for the l33tness factor. it ran slackware 7.1 and saturated my 640/90 dsl just fine. it made a great machine for moving packets but with only 4 megs it would start swapping heavily if you logged in or tried running any extra programs.
after a record 260 day uptime the motherboard somehow just crapped out for good (not bad for a nearly 10 year old pc i guess heh) so i replaced the guts with a 486 board i had lying around and was back in business.. ;)
btw, i've had some brief stints with those floppy routers, while they make the setup more quiet i just couldn't get used to the super minimal setup and not having all my favorite utilities on there etc..
I've got SSH on mine, and a configurable 3 legged network.
Friends don't help friends install M$ junk.
i picked up a Sohoware NBG-800 the other day at best buy for $50! it was marked clearence (wtf!?) and easily beats out the D-Link stuff... look out for this one...you can't beat the price
Granted, I had a lot of old hardware, but it cost me next to nothing either way. As for power consumption, there's no floppy, no cdrom, no keyboard or mouse or monitor connected, bupkus. There's not much power consumption there. It may not be as little as 15 or 30 watts, but its a small enough amount that I'll use this happily.
Do not meddle in the affairs of dragons, for you are crunchy, and taste good with ketchup.
LEAF, the Linux Embedded Appliance Firewall project is pretty sweet.
I built one in about an hour using old pc pieces that I had
lying around, (p75, 48mb of RAM, 2 NICs, and a floppy drive.)
Check out the site on sourceforge.
--Andy
Speaking of NetMeeting, does anyone know of a kernel module for 2.4 or 2.2 that will handle H323?
I got my Linux laptop at System76.
I was unable to make NetGear work with linux. I have netgear network adapter, and it seems to be working well. I also have Netgear FR314 DSL router. It works perfect with Windows (just tell Windows to use DHCP and you're saved), but does NOT work with linux at all. While booting, RH 7.1 stops at eth0 and does something for 1.5 minutes (probably tries to figure out network settings via DHCP). Then it usually says OK (sometimes FAILED) and continues. Sometimes there is no ping to the router, sometimes there is. ifconfig shows that interface works correctly. It even went through one time, so I was able to load slashdot. Well, actually not slashdot, but first 300 or 400 bytes of html, and then it stopped working. I don't know whose fault it is, but Linux is my main suspect. I've heard of some troubles with DHCP and now ran into them. Gotta try the same shit with freebsd.
- Cheap ($120 6 months ago)
- Virtually impenetrable
- It DOES support dyndns
- Easy to configure filtersets
- DHCP client and server
- Fast
- Low power consumption
- Solid firmware
- Small footprint
- Cool metallic blue
Seriously, it's virtually flawless.
Also my Linux server and dual-boot linux/win2k dev machine and wife's windows laptop all are happily easily connected simultaneously without any hassle.
I'm not a sysadmin by nature; having an appliance that is secure and easy has allowed me to keep focusing on the stuff I'm interested in.
http://www.netgear.com/product_view.asp?xrp=4&yrp
La via sola al paradiso incommincia nel inferno
Personally I have a linux box setup at home, but have had many experiences with these DSL/Cable Routers through installing them for friends.
The D-Link is pretty good and cheaper than most.
However the 3COM 4-port is now $50 at www.tigerdirect.com. This one will even let you connect a printer and modem to it directly. Haven't ever installed this model, but this looks like a great deal.
I've found that the Cisco 675 DSL modem is documented very poorly. In three weeks, Cisco technical support has been unable to provide a complete sample script to configure the firewall features of the 675. (The case is still open.)
Cisco makes it very difficult to get firmware upgrades, unless you have a support contract that costs more than the modem.
The 675 provides no protection in "bridging" mode. In NAT mode, it cuts off services like Yahoo Messenger and Microsoft NetMeeting, without documenting that these will not be available.
Bush's education improvements were
okay, I know it's been said before, but...
I've had my cable modem for 4+ years. I have been running OpenBSD for the last 3 years as my firewall, running originally on a P133 and now on a Ppro200 w/ 64mb ram and an old 3GB drive. For "fun", I bought a 4-port NIC from D-link and have fun doing the VLAN config and stuff. I, in fact, just installed a wireless NIC into it as well and use it as my access point (more or less)! I get about 50' in doors in 'ad-hoc' mode. OpenBSD with Ipfilter+Ipnat+DHCP works great. Why spend the $300 on a crappy "appliance" from half-rate network manufacturers or $700 from a decent manufacturer? It just doens't make sense! Sure, the machine is bigger (mini-tower case) and requires a bit more expertese, but hell this box goes for MONTHS without a reboot and I havent had 1 script kiddie / hax0r incident since I've been running it! It's a great thing!
lots of them have nic cards built in though
An Education is the Font of All Liberty
1. NIC for the DSL-line 2. NIC connects to persephone: 1. NIC connected to hades 2. NIC connected to a switch persephone is running DHCP, SAMBA, DNS for the internal network (so you just plug in all your computers and the ones of you friends
both are running linux and both have some sort of firewall / NAT. ..)
(of course you can do all this with just one computer
I prefer this solution over some sort of prebuild hardware router because it's waaay more flexible and .. more fun!
The compromise I came up with (temporarily) is to use the LinkSys, and put a Linux box in the DMZ. That way, I have an FTP/Web/Samba/Telnet server that supports Dynamic DNS. I tried building a router/firewall, but couldn't find a good HOWTO for the new kernel, so I decided to wait a while.
+-- (Score:-1, Moderator on Power Trip)
On the strength of a Practically Networked review, I had good luck with an SMC Barricade router with 4 ports and a built-in firewall a year ago, but things may have changed a lot since then. It took me only about 15 minutes to install (not counting network setup on the computer) and cost ~$100.
I learned about related topics from
How to set up a network at home: MIT guide with Linux focus.
World of Windows Networking: If Windows networking is screwing up (as it often does), go here.
homePCnetwork forum: Configuration questions answered, mostly by guy who runs the forum.
Technocopia: Overview articles on home networking.
Grant's Closet: Home LAN wiring.
Steve DeRose's guide: CAT5 wiring.
Telecom wiring: links to HOWTO and info articles on wiring.
Patriotism is the conviction that your country is superior to all others because you were born there. (GBS)
I don't know if someone said that already, but there's a very cool german linux-router project (xDSL/ISDN) focused around: fli4l
From fli4l.de:
"Fli4l is a single floppy Linux-based ISDN, DSL and Ethernet-Router. You can build it from an old 486 based pc with 16 megabyte memory, which is more than adequate for this purpose. The necessary boot-disk can be built under Unix, Linux or Windows. You don't need any specific Linux-knowledge, but this would be useful. You should have some basic knowledge about networking, TCP/IP, DNS and routing though. For extensions and further development, that exceed the standard configuration, you need a working Linux-system and Unix/Linux knowledge."
Personally I use it as a DSL Router for my 2 PCs and it works great: F***in fast, secure and easy. If you want a ISDN/DSL Router check it out., otherwise LinuxRouter ist the better choice.
X
Boycot? Blackout? Subscriptions?
I don't care!
I finally got cable, so I tossed my Linksys Router onto the LAN last night. I was looking at the logs and they look sparse using that "LogViewer" util Linksys gives out.
Any advice on a better log viewing utility for a Win9x environment?
------
Let me give you the lowdown
A damn 100W light bulb pulls more power than a computer (without monitor). Remember that the PS is a rated MAX. Average is much less. OF course, add that power hog monitor and kiss that cheap power bill goodbye.
Linksys BEFSR11 Easy to install, fast, very nice web-based control UI. I had significant ongoing problems with this unit, where it would get "blocked up" (where it would become largely unresponsive, even to pings). With sufficient perseverance once could get through to the webUI and manually force it to drop and reconnect its PPPoE connection, after which it was generally okay. There seemed to be a strong correlation between this happening and my roommate using her (darn) win95 box. The box also went similarly nutzo when the DSL connection had occassional "issues" - when the DSL was down, the box itself became mostly unresponsive, even to internal traffic. I have a two friends who also have this unit - one has perfect results, another has even worse results (all, including myself, using the latest Linksys firmware).
NetGear RP114
Doesn't have the same reliability issues that the NetGear did. Its web interface is terrible, but they do have an excellent telnet based interface, which has a lot more real-time technical info than did the Linksys' UI. Webpage performance seems (subjectively) a bit more sluggish, but raw DSL speed tests are still nice and fast. Includes a DNS server, which the Linksys didn't. Less non-techie friendly than the linksys.
## W.Finlay McWalter ## http://www.mcwalter.org ##
My bandwidth is considerably higher than 180KBytes/sec (testing by grabbing a 10MB files from RR's local FTP server shows 247KBytes/sec), and there doesn't seem to be all that much drain on the box. I think it's capable of handling much higher throughput.
I'm even using two no-name ISA NICs (older NE2000 clones with jumpers).
Mainframe/UNIX Bit Twiddler and long time Windows/Linux Hobbyist.
The Theorem Theorem: If If, Then Then.
I always had great experiences with my old ISDN Netgear router. Easy to configure, easy to open-close ports... just a nice little box sitting there tossing my packets. No real issues to speak of.
I had the Linksys DSL Router (BEFSR1 I believe is the model number) and absolutely loved it. Again very easy to configure, this time due to a web interface that was even easier than the Netgear's text based menu system.
There's just one thing. The Linksys supports PPPOE, but unless they've fixed it in the last 7 months or so their support for it is horribly broken. I had DSL through Bellsouth via PPPOE and was having to constantly reset my Linksys due to it going into Lala-Land constantly. Except for that though it was a great little box, and probably would be my pick if I hadn't been on that PPPOE connection. It does however have a DMZ option which allows you to do static routing to one machine without it performing NAT translation, btw. Don't know about the Netgear.
After I gave up on the Linksys, I decided to "do it right" and slap Linux on a 400mhz I had sitting around. I ran that option for about 6 months or so with only one small problem. (I forgot to change my device for my firewall when I went from DSL to Cable and ran wide open for a few weeks. Got hacked and had to reload. Ooops.) It works great except for a few things... takes a while to reconnect if you lose power, Ipchains/Tables is a pain to configure (Yes there are GUIs, yes, yes, yes to everything else. Blah blah blah), if you decide you want to do something like port forwarding later it's a pain to configure / recompile the kernel for that, and whatnot.
Finally said "ta heck with it" and picked up another Linksys to run on my cable. It's been plugging away for about two weeks now and I'm loving it.
(Btw, I'm not knocking Linux. I have it on my secondary workstation at work, and on my alternate system here at home. But, like the guy originally said, "Die-hards will insist that one should run a standalone box with dual ethernet cards and the appropriate routing goodies -- but these standalone boxes, at 5-15 watts and a couple hundred bucks, seem like comparatively hassle-free solution". He's right. The standalone boxes _ARE_ a nice hassle free low-power low-maintanance solution. Linux for a simple router is like using handgrenades to dig holes for potted plants)
The Cisco 1720 is a good router also, though it'd probably be a bit pricier than what you're looking for. A complete pain in the ass to configure, but it'll let you do just about anything you want to do. You could configure a pool of IPs for static access, another for DHCP, and another for NAT.
'Life is like a spoonful of Drain-O, it feels good on the way down but leaves you feeling hollow inside'
One note is that I don't have a LAN, just one computer. However, using the router allowed me to take the PPPoE drivers off of my PC and let the router handle the connection, which made my PC as fast as being on a high-speed leased line at my office.
-Josh
http://www.linksys.com/products/product.asp?prid=1 42&grid=5
:)
IIRC it will forward up to 10 (maybe it's 20) ports to any computer internally. It is fairly configurable. Allows for static or DHCP internally (as a server and a client). And for $99 it is tough to beat. Sure you can get a POS Linux / *BSD box, but this worked for me literally out of the box. DISCLAIMER: I don't claim to be a huge power user, but for what I use it for (firewalling and fowarding of web, mail and ftp ports) it is ideal and it is simple. Here at my office, I wouldn't think of using something like this on our network, but it does quite nicely for a home user who is concerned about security and just wants more blinking lights
Please give your mod points to others, Im at the cap. They will appreciate it more
I use a Linksys as my hardware solution. Works great. I then use Tiny Personal Firewall or ZoneAlarm for my PC's. I like either of these products because I'm alerted about outbound connections (trojan protection and in one case it alerted me to the fact I didn't have NAV enabled for a mail account). I previously ran a FreeBSD firewall on an old laptop. I switched to the LinkSys to reduce clutter and simplify life (I have twins and don't really have time to mess with keeping up-to-date on FreeBSD patches/etc.). I like the PPTP pass-through on the LinkSys. Previously I hung the company laptop docking station on my DMZ (I have two statics) and relied on the laptop firewall software. If I wanted to do anything internally I had to plug in the PC Card Ethernet to my network (major pain). Now, I don't need to do that. For me it was a matter of simplifying things.
I bought a SMC Barricade several month's ago. I was supposed to get a $20.00 rebate. I sent in the material requested, but no rebate came.
So about a month ago I sent an e-mail to their customer service describing the problem and they never replied.
The next people I write will be the BBB.
I really don't need the $20 dollars but I find it very irritating that I went to the trouble of sending in the coupon only to get nothing.
I will never buy anything from these people again.
Gregory Bradford
Have a look at the linux router project (lrp). http://www.linuxrouter.org. I have had it running 24/7 for about 6 months now, and not once has it crashed (not surprising, since it's based on linux). However, it also runs directly off a floppy, which means the PC you run it on is virtually silent.
I have it running on a 486-66, 16MB, no hdd, to connect my cable modem to my LAN. Of course, you can also use it with Tx/DSL/ISDN/analogue.
Sorry, this reads like an ad, but I really love this distro - it has made life so much easier.
SpamNet - a spam blocker that really works
Sigh. It's a nice box, and I wouldn't mind using it too much (I wish it were possible to bind multiple IP addresses and map to different subnets), but I hate resetting the damn thing all the time, or calling one of my roommates to have them reset it when I'm trying to ssh to my workstation.
My roommate, a win2k bitch (er, gugu), wants to use that as our firewall/router. I've gotten him to agree that if he can't make it work in a week, he'll let me drop a Linux box in front of our network.
In spite of the suggestions and all the tests that I have made, I have not cavato a spider from the hole.
I purchased the WatchGuard Soho over a year ago and it's been so-so. It tends to lock-up from time to time and when I contacted tech support they told me that it would be fixed in a future rev of the firmware. Unfortunately my one-year of firmware upgrades has now expired and I still have the problem. I could re-up with them but having a gun put to my head doesn't make me very happy. I'm now looking at the Sonicwall Soho which has the same features as the WatchGuard but includes a lifetime firmware subscription. PPPoE is critical for most DSL and NAT allows you to use one DHCP assigned address for many machines on your home network, something that most ISP's frown upon. Setup for the WatchGuard was easy through the browser and the Sonicwall offers the same. If you're real clever you could dust off one of those old P75's in the basement and install a stripped down Linux distro to perform the PPPoE, NAT and Firewall functions.
I myself run a P75, dual NICs and E-smith.
I think it does the job nicely, quick install with some basic questions to answer, no fuzz with manually editing files (altho, I have modded it a bit myself).
It seems fairly secure even tho it's based on RedHat, alot of services chroot'ed. "Built in" clients for some dynamic DNS services. Seems to have some public support too.
Anyone else here use E-smith? What do you think?
English is not my first language, so cut me some slack -: Om du kan lasa det har sa kan du Svenska
Isn't a rooter someone who breaks into your system and gains elevated security privileges?
Hmm... you have a point there. And since most routers are used to keep out rooters I think it'd be rather contradictory to call a router a rooter.
I am interested in getting a router, but I also have several old computers (486, P166, etc...). My main concern is that I would not be able to easily set up the firewall and routing part of it so that I can use programs such as mIRC, WarFTP, and Direct Connect. Would the Linksys or NetGear routers allow me to use these programs? Another word of note, I am not proficient in Linux/BSD, so using those is out of the question. Last time I tried, it just gave me headaches.
I live in a apartment and my neighbors had crappy QWEST DSL that was slow, and overpriced. I have a fast cable modem with AT&T. So what I did is convince them to by me a Linksys BEFW11S4 (Wireless AP + Cable/DSL Router w/ 4-Port Switch) in exchange I would let them leech off my cable modem for free for 1 year. They don't pay an Internet bill now and I got a free router. They are totaly happy with their quick access and are now part of our local LAN. Its a total WIN-WIN situation.
I have a Zyxel ADSL router at home and am very pleased with it. It supports PPPoE, ENAT ENCAP, and just about everything else. Also does NAT of course, supports specific TCP port NAT or relaying to a specific internal host on a port number basis, and supports port filtering including a one-step setup to keep the samba stuff on your interior network from being visible or accessible on the Internet side. Nice little box that doesn't use a lot of power or generate much heat either.
get a cheapo 486 w/ 2 cards (preferebly Intel or 3com)...and a 2 gig HD...
Install Linux-Mandrake Secure Network Fireawll (SNF)...
You get everything you've ever wanted, and guess what...A Web Interface!!!! OMG!!! So pretty too!
(sarcasm)..
If you really want a firewall, go grab FreeBSD 4.4-Release and be a man/woman(got to be political here). You can do a million more things and it's much more stable then linux and it has a better tcp/ip stack (meaning more efficient).
I'd like to resolve local DNS requests from the DHCP clients table. Are there any sub-$300 routers that do this?
I went with the BEFSR41. It has 4 ports, which in theory, should be plenty for me... though, at times, I do have to swap out one of the ports for the work laptop (damn).
Anyway, why did I go with this? Well, originally, I had a 486 with Linux Router running. This worked great. Boots off a floppy, and works like a champ. Drawbacks? Well, there is a few:
- hard to configure at first. Once configured, though, I didn't have to mess with it.
- Loud fan. With 4 other machines in the office, another fan was something I didn't need.
- IPSec. There is IPSec support, but to get it, I had to reconfigure the kernel, and setup some ipchains. I could never get it to work right for limiting it for one machine without exposing my network, so it was highly annoying.
- ISA Bus. I had two 3c509 cards that had really bad latency for network games. Bandwidth wasn't a problem. If all you are doing is downloading off the web, then it's not an issue. But, playing Starcraft was just about impossible.
After I had already had the Linux router setup, I planned to buy the Linksys 4 port router + wireless access point. But, when I bought one early this year, I had too many problems with it. I ended up exchanging it for a WAP11 model which was just the access point. I'm glad I did, because I was able to get the WAP11 for 100 bucks off, and with the greater range of the WAP11, it's worth it.
So, back to the router. Since I had the WAP11, and all of the drawbacks above, I purchased the BEFSR41. This has worked great. It stacks right on top of the WAP11, and one of the 4 ports connects straight to it. The drawback of course is that I had to spend a bit more than the combo model and I now have two boxes and one less port (the combo model has 4 ports as well).
Since then, Linksys has upgraded the firmware on the combo model. If you are looking for wireless access and a router, go with it. Otherwise, go with one of the Linksys router only boxes. There are a few to choose from.
dennis
My only DSL option forces me to use an Efficient Networks router (5851), which I should get in a couple weeks. Anyone have experience with these and wish to share opinions?
I've run a machine with ip addresses on 2 different subnets with one ethernet card. Simply ifconfig the second ip with the appropriate network id and netmask. Outgoing ip packets will use the default gateway.
Sure, some "router" boxes will let you put a machine into the "DMZ", which effectively does a 1-to-1 NAT between the external IP and that machine's IP.
But with our DSL package, we get 4 static IP addresses. Right now we are using a Linux firewall, and doing 1-to-1 NAT, so that my internal machine effectively has its own IP address, as do two other machines on our LAN. All other machines are "masqueraded" (many-to-1 NAT) out the IP address of the Linuxbox.
So, what I'm wondering is, are there any of these "routers" that will let me do 1-to-1 NAT, or that even consider the idea that you may have more than one IP address that you want to share?
Portforwarding is almost sufficient for most uses, but since we already have the 4 IPs, we might as well use them....
Jordan
It's a piece of ****. I moved in with a roommate who was using one of these for the home network (cable). He thought it worked fine, but he isn't a gamer. When I started doing some tests I realized a major problem with it. It's nearly impossible to play online games with this router - not kidding. My guess is that it does not support network packets over a certain size OR it just doesn't have the throughput to support gaming.
I got a linux box up front now with the 2.4 kernel (a bit of a pain to get that patched up for a proper masqed firewall) - but the result is 100% improvement over the Linksys.
I can confirm other reports that the Linksys router is a bit unstable. It goes offline quite often, without a reason. At one point the router refused to connect to the cable modem service for over half an hour, I got fed up, put my linux box up front, and the connection was fine.
Don't wast your money on these toys - they are not for serious networking, it is a solution for simple connection sharing for computer novices. If you know how to use Linux you'll have considerably better results with a 486 or low end pentium, with 2 network cards and a hub.
Find an old dumpy SS10 - get another nic for it and install Debian (or some support Sparc Linux distro) - you end up with this slick looking computer/firewall - and there relatively quiet (mine isn't though - because of the hd I have inside it). Anyhoo mine cost about 65$ - with a 17" screen - and I spent another 50$ on a 10/100 nic for it (on ebay) - which I use on the internal side.
:).
One thing about the SS10 is that it does ethernet IO with very little overhead on the system - which is ideal for a firewall. Even with a 40 MHz Cacheless supersparc its able to keep up just fine - and even do a lot of other services too (like ipsec - or dhcp - or web). Plus if you need more power you can just drop another cpu inside via mbus
I'm doing dynamic DNS with the Linksys 4-port router. There's a python script called ipcheck for this that supports devices from Linksys, Netgear, Draytek, Netopia, HawkingTech, Watchgard, Cayman, Nexland, ZyXEL, SMC, Compex, UgatePlus, DLink and Cisco. That should about cover it...
Just set it up to run with a cron job, and if your IP has changed, it will be updated. With the linksys router, it doesn't even need an external CGI to detect your IP address-- it can query the router. I'm sure some of the other units have similar functionality, too, but my experience is only with the linksys.
I believe the easiest way to setup a good firewall is to find an old system (or assemble one). A 486 66mhz with 16MB of ram works incredibly well; but an even lesser system is also good.
Put in two Ethernet cards, and install Coyote linux. A distribution that works off of a standard 1.44Mb Floppy Disk. It reads its config. and binaries from the disk at bootup, and never touches the disk again - to ensure the drive lasts as long as possible, as well as the disk.
This solution is so good, (in my humble opinion), that just last year me and my makeshift consulting company were selling 486 boxes configured for just this purpose at about $300CDN. 1 of the 5 boxes we sold went defunct; it's Cmos battary died. So we replaced the whole box (for nothing) to save time and still made an 'ok' profit.
The benefit to using a whole system, especially an outdated one is the amount of customization you can make to the firewall; ie: displaying attacks of a certain nature on the monitor, respond to attacks of a certain nature maliciously, and automatically. etc. etc. And it's cheap. Super cheap!
The only disadvantage to Coyote is that the distro. doesn't support HDDs, so you can't keep extensive log files.
I would only buy Hardware Routing / Firewall Devices for small business that may wish to go with another, less "knowledgable" consulting company in the near future. Otherwise, Linux boxes are the best for Networking.
Check it out:
Coyote Linux Dot Com
Ace905
[Admin] www.MyHomeTechie.com
Ace
Go for it (85$ @ outpost.com)
upgrade it (well, you should have to do something) to v2.55 build 15 (latest)
plug
Connect via webExploNesOperercapera 8)
(please remember to setup your ip. DHCP is off by default)
done.
Auto reconnect / DHCP / Static / DMZ / Virtual Server...
my 0.2 cents (+18.6% VAT)
done.
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
By contrast, my company uses the Linksys BEFSR11 and it seems to have some serious stability issues. We have to reboot it about once a week. Using the same modem in both circumstances, and they are 1/2 mile apart at the most, so I think it's safe to say that everything else is pretty much the same (a couple more computers at work, but it should be obvious with consumer level DSL and router that we're a pretty small company).
There really has been a world of difference between these 2 products in my experience. Constant reboots with the Linksys vs. not even one reboot with the Netgear. Those reboots really add up when you consider that a full reboot takes 10 minutes (to release the IP address), sometimes even longer since it never seems to work when I try to shortcut it and generally end up having to do a full reboot anyway. Of course, it seems even longer when the Purchaser, the President/CFO, and the General Manager are all standing over you saying "Is the internet working yet?" and the CEO is yelling "Why isn't my email working?" from his office...
Under capitalism man exploits man. Under communism it's the other way around.
I use a 1U rackmount Cisco 2611. It has two ethernet ports plus several expansion slots. It runs Cisco IOS, the same router OS that powers all of Cisco's routers, and thus can be configured every which way. The 2611 has two 10BaseT ports. The 2621 has two 100BaseTX ports. Both cost a fair amount, but are worth every penny.
Haha, I win. My router is a dual 800 with 512meg of ram and 60gigs of harddrive space running FreeBSD 4.3stable.
I also have a NetGear router, the RT311. The main advantages of the router over a PC are:
:)
1. Small
2. Low-power
3. Quiet (no fan)
The advantage over other routers (that I see):
4. Serial port (no plaintext passwords over the LAN)
It has syslog support, so you can use a Linux box for log monitoring or other IDS stuff. The big disadvantage is I can't run the distributed.net client on it.
The #1 reason, SMC happily supports linux. they have a linux users way of flashing the firmware, the Printer port is a standard Unix LP network printer port, it is insanely configurable, has a dial-up backup connection port, stable, and draws less than 10 Watts of power.
Drawbacks - It's ugly, connectors coming out of 3 sides makes it a candidate to be placed in a wall or under the desk on the floor.
I tried almost everything else out there. the SMC was the only one that was able to achieve 100% compatability with Linux, Apple,BeOS,NetBSD,and that obscure OS called Windows.
I am also happy with the Wireless version, although I reccomend buying a seperate firewall for the wireless side to keep surfers out of your home network.
Cisco 2600 Series
e ase122.shtml
http://www.cisco.com/warp/public/cc/pd/rt/2600/
I'm using IOS 12.2.X
http://www.cisco.com/warp/public/732/releases/rel
This sounds like a very good solution. one feature would make it nearly perfect: Does the modem connection allow for a dial in? ThanX
Also, and I cannot overemphasize this, set the password. Not only are Linksys routers administered via a web interface, and attackable that way, they accept firmware downloads via TFTP, and will accept a firmware download from the WAN side. So an attacker can patch the thing remotely if it's not secured.
The only restraint holding me back from cursing you is knowing that you lost loved ones and are in shock.
Extreme emotional states are not condusive to rational thought. It's just not possible. Why do you think terrorist can think that the answer to a problem is killing thousands of people?
I agree that the people responsible (including gov'ts harboring) should be punished. However, painting whole countries in one stroke is not the answer. How many children do you think are in those countries? How many families do you think we can destroy? Who are you to condemn millions, that's right, millions because we lost thousands? Did you ever think that this would be a great way to frame bin Laden? To incite the US to kill innocents? We need to think of solutions at a higher level then those responsible tried to. Military action is an acceptable action if it is taken against the "right" people.
Saudi Arabia is not harboring bin Laden. They stripped him of his citizenship and froze his funds in that country. I'm sorry for your losses, but please calm down and reserve judgement for a couple of weeks. this whole mass hysteria is going to get out of hand.
btw, no one knows who coordinated this attack.
IPSec over WaveLAN (encrypting the channel between client and gateway), routing to the wired LAN, acting as a masquerading gateway can easily be set up on a 3-5 years old machine. The only real problem I encountered was with really ancient hardware -- my Pentium 60 did not recognize the Orinoco adapter cards (neither PCI/ISA). A BIOS update from www.firmware.com might fix that, but they seem to insist on shipping the Flash BIOS image instead of allowing downloads after paying them.
...is the way to go. When I had DSL (sniff) I used the Cisco 675 firmware NAT to send all traffic to an old x86 running Mandrake with firestarter and IPTables, all piped through a $50 DLink 10/100 base-t 5 port hub and $20 DLink cards...no worries
My debut novel AMITY now available: http://jeremydbrooks.c
I prefer Porter-Cable myself. I see that some people on here are concerned about power consumption, so the 1 1/2 HP might be too much. Imagine confusing your geek friends when you show them your Router table.
I install dsl and cable modems for two of the big boys as a private contractor. I have had the opportunity to go back on my own time and install several different types of firewalls depending in the users needs and wants, commercial and residential. I personally use a SmoothWall box, at my home. It is an old pentium 120, 540MB HD, 4X CD, 32 MB Ram, 2X 100baseT full duplex to a 960/816 RADSL external, and a 100baseT switch internal. It has web based admin and a text based setup similar to a simple linux install. It is able to do MOST types of wan links, including @Home's dynamic crap and Dial on demand(It is amazing all the stuff it will interface to). I have yet to be able to tax this little box to its limit even with 15+ people over for an Internet/LAN party. We were able to saturate the WAN link but not the firewall. Smoothwall Rocks!
As for the dedicated stuff from Dlink, SMC and Linksys. All of these are good solutions for setup and forget if you don't have an old PC you can use. The dlink and linksys both have Web based setup and admin, very slick. I have setup several of these for people and have not had to go back to any of them, some in over 6 months.
If you have an old PC that will meet basic linux requirements (486 or higher) and a little bit of time, try SmoothWall. If you dont have a little time, and I mean a little(20 mins to setup on a working box), get one of the ready made solutions.
I bought a linksys and was generally pretty happy with it's workings. However, after a digital camera purchase and hence many large files later, I found that large files were being corrupted. Even ssh sessions that take place through the router will drop in a short time due to this data corruption issue.
The fix is to drop the 100Mbps switch down to 10Mbps. This is pointless in my opinion and removes a feature I bought the product for!
I was also interested in writing a simple app to log linksys traffic on my OpenBSD server. Sadly, a polite email to Linksys only got me as far as "figure it out yourself!". Anyway, turns out it's pretty straight forward but it took me a couple of hours of surfing to figure it out. Argh.
Anyway, I'm setting up my Dad's office and just bought the SMC router, with print server. Works like a charm (so far). Never again will I buy a Linksys product just based on the crappy software and overall attitude.
Overall, these embedded systems are all about convenience. Sure, any dope can set up a firewall on an old PC. That's fun for a while, but after a certain point, I just didn't find the futzing all that interesting. I wanted to VPN into work, surf, have my home lan work just fine, and run it all from a tiny room that can get very hot in the summer (bye-bye hard drive!).
Anyhow, this isn't really a high tech subject so much as it is a CNet review. Go check 'em out. You can't really go wrong on any embedded system.
*** Now, what I'm interested in is a cheap board with two ethernet ports that I could set up my own embedded system, and maybe even a jvm on linux! Now that would be fun! I'm no hardware guy though so any info on how to start would be cool... ***
My boss has a Linksys wireless router. I helped her with some setup problems and learned an interesting thing: The router has a built-in firewall which AFAIK cannot be configured. While you can designate one machine as a "DMZ HOST", which will allow all traffic to pass through to it, you cannot do this for a whole subnet.
The upshot of all this is that I think (someone please correct me if this isn't true) for certain things, eg online gaming or software that uses a port other than one of the common ones, one and only one machine on your home LAN at a time will be able to receive return traffic to a designated port. If you want to play whizkill 2002 from a different machine next time, you will have to designate that one as the DMZ host-- and two people can't play at the same time.
This may or may not be a big deal, and I have no idea how other manufacturers approach this. The router has thus far performed completely as advertised, and the documentation and support from Linksys has been great.
The router can act as a DHCP server, and you can limit the address ranges to allow you to have static IP's and dynamic IP's on the same network (alhtough with only one DMZ host you may not need more than one static IP, lol). It would be great to be able to set up an unrestricted subnet.
Just build one you LAZY FUCK!
For one specific reason: it supports an external modem that can be used as a backup connection.
This is less of an issue now since most of the DSL providers that were going to fail have done so, but for people using Covad who aren't confident that the company is going to live this is a good solution - you can set it up and use it as a NAT box and firewall, and when your DSL provider goes bankrupt and shuts down you can switch to a dialup or ISDN connection with minor configuration changes on the box itself.
This is also useful if it's important that you be able to get access anytime, even if the service is temporarily down.
When it's not being used as a dialup (or ISDN) connection, the serial port can also act as a single-port RAS box, supporting PPP connections into the network.
As far as having boxes outside the firewall I believe it has some support for that but it's not perfect. Specific outside ports can be mapped to particular internal machines and ports, but I don't know if it supports port ranges - I haven't kept completely up to date on the firmware updates.
For the manuals, see http://www.multitech.com/DOCUMENTS/RouteFinder/man uals.asp
fencepost
just a little off
2c
3.243F6A8885A308D313
Weird discussion, as I just got a cable modem and a router. I went with the Linksys BEFSR11 router because it had the features I wanted and was 79$ as an open item at Best Buy. The main feature I wanted for my cable modem was MAC address cloning. I know some cable companies (MediaOne) lock a cable modem down to the MAC address of the NIC they install in your computer. I don't know if Charter does this but I decided I wanted the functionality just in case. The Linksys also supports port forwarding, access/deny lists and will allow for PPTP and IPSec pass throughs. Oh yeah and one of the most important, DMZ hosting so I can play games and whatnot. I don't plan to stick Linux on it because I just don't have the fetish desire to hack Linux onto everything I own. If you plan on getting one make sure you stay away from the BEFSRU31 model instead of connecting to your LAN/PC by Ethernet is uses USB. Even under Windows I've yet to have a USB device work properly.
I'm a loner Dottie, a Rebel.
I ended up buy a Netgear RT 314 after they finally implemented port-forwarding and have had nary a problem. Plus, the top of the Netgear is flat which means you can stack your switch-box, hubs, etc. on it (the Linksys has a curved top). Netgear has substantially upgraded their firmware and there are plenty of options now, including filtering rules. It does support DDNS, but I have just been using a box running Perl scripts behind it instead.
I've heard that an old 486 is able to handle a T1, never mind a DSL connection.
Need a Linux consultant in New Orleans?
Allow me to enter mine:
I have an SMC Barricade (8 port), and it works beautifully. In addition to all the cable/DSL firewall/Router features you could want, it also does print serving and even dial-up. It is nice to be able to fail-over to dialup when the good ol' reliable @home goes down, as it often does.
The SMC will allow port mapping to static IP's in addition to DHCP on the LAN (as the poster had wanted). In addition to that, it can be configured to block out certain IP's or networks; it can be configured to "open up" a range of incoming ports when a connection is started on a specific outgoing port from behind the firewall (good for kludging support for unsupported protocols); it can be configured to allow for ftp connections to work through the firewall on a non standard port (that kind of thing usually would break ie's ftp client, for example); it can do PPPoE out of the box (for certain DSL providers), supports hostname configuration and MAC address cloning (for certain Cable providers), supports dialup through an external modem, has a built-in print server, etc., etc... very full featured.
It works with my company's VPN (I don't know which protocol it uses, but did not work with WinRoute on a PC as a firewall). It also works with Quicktime streaming (the preffered RTTP over UDP method), which again broke with WinRoute on a PC.
In addition to all that, the unit is fairly small and unobtrusive and it does not use a power brick, instead it has a built-in power supply and takes a standard computer power cord! yeah! That's one fewer wall-wort to deal with on the power strip.
Computers work fine for the routing, etc. But what if someone doesn't want any moving parts? The home routers are here for you. They are quiet (nearly silent), use less power than even a barebones PC and need less than 5 minutes of setup time to get them going?
You can setup packet filtering and forwarding in this router, along with the price tag of less than $100, you'll be pretty happy with the investment.
I have been running Mandrake's SNF on a P100 with 32mb and 2 NIC's and it runs VERY smooth. Only complaint is that the update portion doesn't seem to work so well. It has DHCP server, routing, isdn, adsl, squid, filtering of adds and content etc.
I reccomend it. Nice web interface and logging and incorporates Bastille. Not to shabby for the cost of a NIC or 2.
Crouching Taco, Hidden Smegma
SparcStation 5, 110 mhz, 32 Mb ram, 2 Gig HD. w/ 2 happy-meal SBUS network card (one for the DMZ and one for the LAN) with the built-in Lance. Running OpenBSD 2.9: IPF/IPNAT. sooo cute
nuff said
this is close to genius
SO you are stuck with the two PC Card slots (if the laptop *had* two) for the NICs, and you then run out of options.
______
Once: you're a philosopher. Twice: a pervert.
... we'd like to pass through packets for our two server machines, and use NAT/DHCP on a third address for the rest of the LAN. Nearly all the boxes advertise that they can do NAT routing, but many don't support NAT and static-IP routing simultaneously.
...
(1) If you have two servers providing the same service (listening on the same port), you'll need two or three IP addresses, a hub (connected to the DSL or cable "modem"), and either a NAT router or a way for one of your servers to do NAT.
(2) If you have different services on the different servers (e.g., HTTP, e-mail, Q3), you can have one IP address, and configure the NAT to pass the appropriate ports through to the appropriate servers
... if the protocols you want to support are NAT friendly. If the protocols specify, "Further communications will happen on such-and-such a port at such-and-such an IP address," it won't work. You're not only doing NAT (Network Address Translation), you're also doing PAT (Port Address Translation), and the "such-and-such a port" message needs to be translated.
For example, FTP clients wouldn't work well over NAT (in passive mode, I think), except that every NAT router supports client FTP. I don't know if they support server FTP. Voice-over-IP protocols (H.323 and SIP) are notorious for not working over NAT; the respective standards organizations are trying to find solutions.
If you need to support a NAT-unfriendly protocol, go back to (1).
See also this article (cached): "Network Address Translation: Not A Panacea".
--
With grief, with determination, and with hope.
Stupid job ads, weird spam, occasional insight at
You didn't ask if you should use a linux/bsd/2000 box so I won't suggest that you do.
I just bought a 3com 3C510. They've been discontinued by 3com, so you can get them for about $50 at tigerdirect.com. The use the same board as the SMC Baracuda, so you can flash the bios to the SMC bios.
This will let you use both static ips and a DHCP pool. It will also let you forward up to twenty ports through the firewall to individual servers. It also allows you to setup a DMZ, has built in PPPOE, allows multiport aplications, and grouping of permission for specific IP ranges.
It really seems to be a great deal for $50.
I had all of this running through a seperate box, but I had to buy a 4 port 10/100 hub and for 10 dollars more got thisNits one less thing for my server to do, and it fits in a little cubby hole in the wall.
IPNetRouter will run on relatively underpowered Macs, which gives you an extra level of protection, since the MacOS (before MacOS X) doesn't have many ports/services open for attack by default.
You must be referring to the last sentence of the last paragraph where it asks Which one do you use?
I, too, used a linux box to do my NATing, DHCPC and routing chores.
Then I realized serveral things:
1. I wanted to use the linux box for experimentation.
2. I wanted to support commercial, embedded linux hardware
3. I wanted wire speed encryption and additional security features
4. I wanted to use less power and space
So, my cobbled together solution include:
1. a netgear 314
- NATing(static and hide-mode)
- port forwarding
- 4 port *switch*
- obscure xyplex? operating environment
- web and cli config
2. a netscreen 5
- VPN termination at wire speed
- NATing/"virtual hosts"
3. ARM netwinder with OpenBSD
4. QNX (dns) on x86
The load seems to be nicely split and I like the fact the netscreen can sit at layer2 between the netgear and my cable modem.
Nobody's ever going to see a widespread hack for djdns on QNX and buffer overflows for a default install of OpenBSD for ARM are even more unheard of.
The only thing I don't like is the Netscreen VPN client (doesn't block otherbound access when VPNed in). Good thing I can use PGPNet.
Now all I need to do is build a honeypot box to which I can hook my 802.11b access point (with high-gain split, sectored and amped antenna plant). If I want wireless access in, I VPN to the NS5 box, which will put me on the NATed side of my net.
I do wish Checkpoint and netgear or sonic wall would get together and make a NS5 killer to which I could connect using my FW-1 gui!
Switch to UGATE
http://www.maxgate.net
I have an old UGATE-3000 and it works like a charm for 3 years now.
at Tigerdirect.com Problem solved (and no I don't work for them!)
If you are contemplating the lynksys, let me you offer my experience. I've done a Linux-ipchains box, a linksys, and a BSD-ipfilter box.
The Linux-ipchains was a pain in the ass IMHO (not to start flame wars, just my experience).
The Linksys worked beautifully.... except.... we were running ssh services for friends, and if more than one person was logged in remotely (and forwarded through the linksys) at a time... it choked. Combined with no logging and limited control we ousted it.
I'm happy with the BSD-ipfilter solution. Yes the computer is obnoxious (and if I throw my coat over it, it overheats! oops). Unfortunately flashcom.com went out of business and I'm no longer running that network.
Hope this helps you (or someone),
Stanza
no, rooter is someone like your mom.
I am a CCNA and CCNP, I work with networking equipment for a living.
A friend recently bought a Netgear MR314. It seemed okay. I rather like using my unix box to do filtering, mail, and other stuff, so I would never use one of these boxes. The http interface was fairly nice and easy to follow. Easy is good for networking novices.
One problem that I encountered was the telnet support. This one had me calling their support department, not that they helped any. They command line will only accept 8 character hostnames. My friend had a 10 character @Home hostname for his authentication, and the only way to enter it was through the http interface. That sucked. Telnet is not intuitive, like Cisco IOS, but not horribly horrible.
The MR314 is overall a good router, but I like more powerful stuff. The wireless interface was good. The construction of the box was very nice -- we took it apart. I think that it was using a Motorola processor.
I have also dealt with the Cisco 600, 700, and 800 series routers in my time. They are pretty decent. I wish that the CBOS would allow for access lists greater than 18 (or is it 16?) lines. They take set, show, and debug style commands. Pretty intuitive. Upgrading the OS on them is easy. They can do NAT and PAT very well.
Efficient Networks, formerly Flowpoint, routers are decent. They are command line based, and while help and documentation is really poor, they take some pretty good commands, do good syslogging, and a few other really neat things in their operating system. unfortunately, the commands are cryptic and you have to be a real networking pro to know what they are talking about.
Netopia routers are really great. One of the fantastic features about them is that they do IPSec (DES only, no 3DES)! That is incredible for a router of it's type. They also do GRE tunnels. The next thing up if you want to do IPsec is a small Cisco router or PIX firewall, or a unix box. Netopia's do great system logging and SNMP. Their are configured through a telnet menu interface -- no telnet. They do excellent filtering, but entering filters is sort of a pain. Good construction of the boxes.
A word about Qwest DSL. They only use DMT these days for DSL -- NO CAP. That means that you can no longer use the Cisco 675 on their networks. Use the 678 instead. If you own a 675 and move, you are fscked. I bought a 675 about a year and a half ago, recently moved, and was screwed for $300. I managed to hassle a poor Qwest tech into sending me a 658 at a very steep discount, nearly free -- it took a lot of work and insider knowledge to pull off though. CAP, DMT, and G.lite are like line codes or modem modulation types. They are the analog modulation codes that the DSL interface uses to get it's data across the line. Wrong modulation = no workie.
BTW: Are there linux 2.4 kernel driver for the Intel 2200 DSL NIC? I have two of these things that Qwest sent me, and I would love to use them in my boxen. I do not know of drivers existing though. I need to google that.
Cisco product information is here.
Old PC
1 hour spent downloading linux on cable
1 hour spent fussing with trying to find correct drivers
1 hour recompile kernal to support various IP filtering/forwarding over NAT support
1 hour spent learning how to setup NAT
1 hour spent learning how to setup DHCP
1 hour spent learning how to setup IP forwarding
1 hour spent recompiling kernal again after realizing there wasn't a feature I wanted.
1 hour spent fighting with box after experimental kernal kept crashing system.
not to mention...
1 hour spent going to frys for a hub
1 hour spent on phone with local linux guru friend
In general I value my time, at work I get paid roughly $60/hour. So far I've spent 10hrs or $600 trying to get an old $200 PC to do the job of a $100-200 router that would be up and running in under an hour. And its unreliable and crashes because of either a bad linux install or unreliable old hardware.
Oldmac
Total time: 1hr
I had to give up on it, instead I spent under an hour downloading/installing/learning/configuring IPNetrouter from sustworks.com on an old mac and that seems to support everything I wanted.
Next time I'll go buy a stupid router box, its not worth the headache building your own.
Router at parents house
Total time: 1hr
Nothing special to report, took out of box, plugged in followed menus, its a no brainer.
Final thoughts:
*IF* you have a working old PC and an expert level knowledge of your choice of *nix and everything goes smoothly, an old PC may be the answer.
*IF* You have a working old PC or Mac with OS already installed there is plenty of good software that will be much easier than installing Linux.
*ELSE* JUST BUY A DAMN ROUTER! THEY WORK!
TRENDnet sells extremely cheap NAT/DHCP/firewall devices that can be configured for pass-through routing as well (both at same time). Just bought a 4-port TW100-S4W1CA for $80; cheapest I can find at the moment is $100 from neticamall.com...
From their site:
(http://www.freesco.com)
Freesco is based on the Linux operating system and incorporates many of the features of a full operating system into software that fits on a single 1.44 meg floppy diskette. With Freesco, you can make:
Freesco also incorporates firewalling and NAT which are resident within the Linux kernel to help protect you and your network. All of these features can be used in conjunction with each other or individually.
The 3Com OfficeConnect 812 modem supports NAT, bridging, bridging firewall, multiple ATM connections, and all the features found on normal "firewalling" DSL modems.
The key feature that stands out on this modem is the ability to use NAT at the same time as using bridging (optionally with firewalling rules).
The modem has a console interface along with a web-based interface to configure with. The modem a number of other neat features that normally don't exist on DSL modems and allows a very complex DSL installation to be performed with ease.
I'm lucky enough to have a friend at an ISP that hooked me up with one to replace my 3Com Dual Connect (Ethernet and USB), and two other modems from 3Com (beta equipment... from an official beta test).
I'd recommend 3Com modems over any linksys modem any day.
- x-empt
Ever need an online dictionary?
Old HP Pavilion Micro ATX K6-166 mini tower salvaged from the company scrap heap. No hard drive, two network cards, one floppy drive. 16 megs of memory. Clocked down to 133. Boots up FreeSCO (www.freesco.org) and works like a charm. Took about 10 minutes to set up and get running, cost $0. :)
I own the SMC 7004BR and love its simplicity, tininess, and quietness of operation.
I Personally use a LinkSys single port broadband router, plugged into the 10/100 speed port of my 8 port switch. The Single port is significantly cheaper then the 4 or 8 port and you can get a reliable 8 port switch for about $30 around here. All in all it averages out to be less then a broadband router with the same number of ports.
(Score:0, Interesting)
I just got DSL from Qwest, and was provided with an Intel 3200 external DSL modem, which connects to my PC via a USB cable.
As far as I know, the Linksys and Netgear routers all use RJ-45 connections for the WAN side of the network.
Is there a router out there than I can connect to my DSL modem via USB?
Thanks.
Hi
;-) version of this and it does seem to have more firewall features.
I just bought a netgear MR314 (broadband router with wireless) I was surprised to find that its security features consisted of DNAT port forwarding (via IP on a DHCP internal subnet you can't bind to ether MAC addresses!), but no real protocol or port filtering capability. A friend of mine has the non-wireless (or wired I guess
My recommendation - fine for low risk users (I'm keeping mine) - other users should consider a real firewall
Asmo
I had a Netgear ISDN router for 3 years before it finally died & it worked like a charm for basic NAT + full PPTP server to server routing. The last is important for my DSL line because I could never get PPTP routing to work with my Linux 2.2.14 kernel & IP MASQ ... I'm sure its possible just never did.
I have never needed much the port forwarding, except when gaming, you can have all ports default to an internal IP, which is quite handy.
Also my old ISDN router would need to be power cycled from time to time, weekly maybe, so I wouldn't serve up anything mission critical behind one of these, but for SOHO access, it should be fine.
Out of all the replies I've read (probably didn't get 'em all), I'm surprised that no one seems to have mentioned Zyxel.
1 2. htm
I was a Beta tester for their Prestige-312 router/firewall. It is explicitly designed to share a DSL connection with a bunch of systems, and it has a -very- configurable packet-state inspective (new word?) firewall built right in.
I still have my P312, and it has served me very well indeed for the last two years. Granted, it doesn't do IPV6 just yet, but it does have full-featured NAT available to translate 1:1, 1:Many, Many:1, and a built-in DHCP server as well.
Here's a link for more info.
http://www.zyxel.com/product/dslcablesharing/p3
Bruce Lane, KC7GR,
Blue Feather Technologies
Power over a year's worth of uptime (based DC area power rates -- ~$0.10/KWH including taxes):
200W PC: $175.20
10W device: $8.80
A $50-$100 router seems worth it to me.
I used to run Smoothwall, which was truly excellent. Then we got given a LinkSys which is fine, does the job, and as a lot of people say is quieter and takes less power. It also frees up an old machine to experiment with. I used to be able to consistently crash my LinkSys router requiring a power cycle, but a firmware upgrade (incredibly easy, took me 5 mins using a patch from their web site) solved this. So if you are using the LinkSys router then please make sure you are using the most recent firmware patch.
Phillip.
Property for sale in Nice, France
I've previously used a FreeBSD box and NAT which worked great but it did require a bit of my time to learn how to set everything up.
Earlier this year I purchased a Netgear RT314 and I must say that I've not had problems with it and it does what I need (which is not much, considering it's just for a home network of 3 workstations sharing a cable modem internet connection).
If you've got the time or the desire to learn, I suggest setting up an old PC with NAT. If you just want something that's quick and works, get a $100 to $200 router.
Notice that if you are planning on using an old PC you have to get a hub or preferably a switch, so why not just spend the extra cash and get the combo router and switch (like the Netgear RT314).
You're Just Jealous Because The Voices Are Talking To Me.
32M CF Card w/ emBSD Preloaded CD32-em $84.50
Specifications:
133 Mhz. AMD ElanSC520 (486DX)
64 Mbyte SDRAM, soldered on board
1-4 Mbit BIOS/BOOT Flash
CompactFLASH Type I/II socket, 8 Mbyte FLASH to 1Gbyte IBM Microdrive
3 10/100 mbit Ethernet ports, RJ-45
1 Serial port, DB9.
Power LED, Activity LED, Extra LED(software programable)
MiniPCI type III socket. (for optional hardware encryption?)
PCI Slot, right angle 3.3V only. (for optional WAN board or more ethernet interfaces or maybe a HDD?)
Board size 5.5" x 5.5"
Power either 5V DC fixed or 6-20V DC, max 8W
Operating temperature 0-60 C
Software:
comBIOS for full headless operation over serial port (like running a Sparc w/ no frame buffer)
PXE boot rom for diskless booting
Designed to run emBSD and OpenBSD
Runs most other x86 operating systems
What more do you need?
I have had very good luck so far with my Netgear fr314. It has excellent logging capabilities and periodically sends all logs and alerts by email. It was easy to set up and allowed me to set up a web server behind the firewall. My main reason for getting it was that I have several computers and don't want to dedicate a computer to just being a firewall.
The Netgear allows me to block all Active X, java, and many cookies (I have Active X blocked for most sites for my roommate's windows computer).
Performance wise it seems pretty good. I havn't noticed any degredation in performance, often downloading at over 400KBps (Kbytes/sec).
It has the option of content filtering, but that's not something I want (except for things like doubleclick.net).
It has many common services already configured and allows for more to be added quite easily.
I wish it allowed some more complicated rules, however. For example, I want to allow some ports to only be accessed from certain IP addresses. I can configure the ports allowed or denied and the IP addresses allowed or denied, but not combinations of both. To handle that I run a secondary firewall on the server which allows more options.
Also, the Netgear is limited to 8 clients without buying an upgrade.
In terms of logging, I am quite impressed. It logs all port scans, attempted accesses to known trojans like netbus, pings of death, and other malicious behavior. It also classifies port scans as either possible or probable.
It also draws only around 10 watts, and here in CA where my electric rate is hitting upwards of 0.20$/kwh,
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
It sounds from your post that you will be needing to use multiple IP addresses. Most of these 'routers' will only route a single external IP address and automatically do some type of NAT. In particular this applies to all of the less then $150 routers I have seen.
When checking the specs make sure that the one you choose does support multiple routable IP addresses.
Now my problem is that my broadband comes in over 802.11b, products like the linksys AP/Router/Switch would be prefect, if they allowed the WAN to come in over the 802.11... but it doesn't. Anybody else have this trouble?
Three or so years ago when I first got DSL I already had a home 100baseT lan with nothing but Windows clients and Windows servers doing nat using a modem. Well, my first DSL was PPPoE and I was so dissapointed with the software available at the time for Windows that I decided to give Linux a try. RoaringPenguin's PPPoE and ipchains worked just great. Boy, I'm glad I made the switch. Now I have just one Windows machine in my house (my kids laptop for educational software) with the rest being RedHat Linux, Debian Linux, and OpenBSD. I learned so much from digging in and having to do kernel compiles, netfilter rules, etc. I don't mean to preach to the choir, but I had forgotten how much I missed the command-line!
Now, for the reality break. Two weekends ago I was visiting my folks who have three computers and a new DSL line -- again using the crappy WinPoet pppoe software. I brought some NICs, a spool of cat5, crimper and rj45's, and an old 3gb hdd I couldn't even give away. The plan was to turn my Dad's old 486/66 into a linux router. He kinda balked and asked about this LinkSys Broadband router/hub over at CompUSA for $99 (after rebates). After realizing how much potential work this thing would save me, I gave in and decided to give it a try. It works like a champ, even doing the PPPoE logins. My Dad is a salesman, not a computer guy! So, with the LinkSys box, instead of me having to be his on-call on-demand tech support guy for a Linux box he has no idea how to operate, he has one on/off switch to cycle if anything goes wrong. I haven't had a trouble call from him yet. Knock on titanium...
So, if you want to learn Linux and really get in to its operation (or, if you just really miss the command-line), build an inexpensive Linux machine for just that purpose. Otherwise, don't beat yourself over the head -- buy a hardware/firmware router.
I decided to upgrade my p75 nat router to a netgear RT314 nat appliance. The first think I noticed right way was a ping drop from 40 to 20ms. This was worth it due to all the online gaming I play.
The second thing, the applicance broke my nortel VPN connection, it couldnt handle the ipsec packets correctly. I hear IPSEC/VPN works on the newer versions, but I really dont want to buy a new box just for VPN. They should release a new rom upgrade.
I find the biggest problems with any applicance, not upgradable, limited amount of features, limited access lists and stupid KISS features.
I picked up one of these after reading about it on the aforementioned Practically Networked site. (You can see a picture of it here). It's serving as my DHCP server now, freeing me from always running the PC that used to do it.
The device has functioned very well for me and has lots of capabilities. It has a somewhat lame web interface, but anyone who has ever used Telnet will find it easy to configure it to do the more advanced stuff. Yes it does do NAT, and has built-in support for ddns.org. All in all well worth the ~$100 at Best Buy (which, btw, was HALF the price CompUSA wanted).
I've been running my linksys for a year and a half now and other than cuseeme not working i have been able to get anything i wanted to work with just a little work and a little reading. I have 2 win98se and 1 linux box running, dhcp turned off, and minimal ports forwarded. I have run game servers, web servers, and other types of services from behind it with no problems. As long as you keep the firmware upgraded you should have no problems...everytime they upgrade the firmware they seem to add something.
I use freesco, it's quite nice, and runs very well on my 486dx/33, and I don't notice any bottleneck with this hardware setup. I can still acheive 300k+/sec.
Get it here.
It uses only one floppy, that can be write protected,
and if console access isn't needed, you can remove
all cards (except network ones, hehe) and keyboard.
There are also packages to add features such as
syslogd, PPPoE, microhttpd, etc.
In the future I'm going to try it with those $50 solid
state disks. Could be a way to build cheap and
reliable firewalls.
I had a Linksys router, but it would need to be reset several times daily. I ended up returning it. I am still looking for a new router, but can't find any that allow incoming port ranges to be forwarded (instead of just single ports) like the Linksys router.
I currently run a home-made router box consisting of an old Pentium, two ethernet cards, and a floppy drive (literally, thats all thats in it besides the motherboard, RAM, power supply, and some cables).
The box runs Freesco (www.freesco.org) which is a Linux-based router that fits on a single floppy disk, and is quite simple to setup.
The box is used to route my DSL connection over my home network. I chose to run this because a full Linux distro has much more to it than is needed for the simple purpose of routing. Plus, the absence of a hard drive makes the box a little quieter. The box is relatively quiet right now, as the only fans in it are: small fan on the processor (inaudible) and the power supply fan (the only item in the box making noise).
So what I am wondering is would it be safe to remove the fan from the power supply? The power supply is 250watt and the case is AT. My goal is to eliminate all of the fans in the box so that it is almost like a solid-state router that you buy; quiet. My concern is that if it isnt a safe thing to do, the power supply will fry or start a fire and burn down my house.
Do they sell minimal type power supplies that put out less heat, thus not requiring a fan? I certainly don't need 250watts for this application, since its only powering a motherboard, floppy, and two PCI cards.
The Xrouter Pro from Dr. Bott (formerly of Macsense) has everything but wireless: static/dhcp combo, dmz internal routing to a host, 4 10/100 ports in addition to the WAN port, PPoE built-in, the ability to block port scanning, and all configureable through a web browser. Cross-platform friendly. I've used it happily for some time, I don't know why it's not more popular!
I currently use an old system thrown together as a NAT+firewall box. I don't like this setup, and it uses a lot of power compared to what it should, for the service it gives. I've also looked at Sun's netra x1's as a good NAT box. It doesn't use too much power, considering.
I know it was a cop out, but I really didn't have the time to learn to setup Linux on an old box and get it configured properly so it would be secure. When I saw the Linksys Cable/DSL Router available, I immediatley snatched it up. I think I paid somewhere around $149 about a year and half ago. I had a few minor problems with the box, but all in all, it is working great! I even went to a web site that checks to see how secure your internet connection is. They could not even detect that I was connected to them. It was very secure. As to your other requirments for configuring the router, well, I never needed such abilities so I've never looked into those.
Old Apple Performa's power supplies don't have fans, several other apple machines are simular. With a bit of splicing, they can be easily converted into an AT power supply (you just need to change the connector and either ground or add a voltage source to one wire, since the Performa's had soft poweroff/on). Sure, its not going to fit into a machine without drilling a few holes, but since this is a router that consists of a floppy drive, two NICs, and a motherboard/cpu/memory, there's gonna be plenty of room for the power supply.
Of course, for this solution, you go with a 486/low end pentium and a large, passive (fanless) heatsink. Don't disconnect a fan from a smaller heatsink, just find a larger heatsink that was made to run fanless.
Just my $.02
Things like the LynkSys are a useful as a front-end defence but there should a real firewall behind them.
As an example I put a "Lynksys DSL router + 4port T100 switch" box between my home network and the DSL modem. The Lynksys communicates only with a small webserver (P90/Linux) and an old 486/Linux PC that acts as the firewall for the rest of the home network. It also protects the DSL modem against bounce attacks to which the modem (Alcatel 1000) is known to be vulnerable.
The Lynksys's provides a simple stateless firewall that can be set up easily and then (almost) forgetten. I'd not want to depend on it to protect sensitive data but it consumes almost no power, produces almost no heat, takes up almost no space and makes no noise. These characteristics make it useful as a first line of defence to protect the webserver and whataever other machines are connected directly to it (in a kind of psudo-DMZ). That allows me to reduce the 24x7 energy consumption to just the psudo-DMZ machines plus a trickle of current for the LynkSys.
By routing the home network traffic through the 486 firewall I gain the protection of a real firewall. Unlike the LynkSys the 486/Linux firewall is statefull and fully configurable so I'm able to ensure that it provides much stronger protection for the home network than the LynkSys could.
In addition, I can switch off the firewall PC and isolate the home network, or power down the entire home network, without effecting access to the psudo-DMZ from outside.
On the subject of power consumption; the big advantage of 486's, at least those with "green" motherboards, is that they consume reletively little power. (Quiet, too if you do away with the hard disk by using LRP and then put a quiet cooling fan in the PSU and replace the CPU fan with a passive cooler.)
As a power saving I also use a second 486 to run the various sevices that need to be availiable all the time but which don't place a huge demand on the CPU (i.e. DNS, DHCP, NTS and NIS). I'm begining to think that a P90 might do the job better, though, as NIS responses seem sluggish on the 486.
The machine running DNS etc. also runs it's own firewall, as do the NFS/Samba server and the webserver.
They now offer specific ports to forward, port ranges to forward, UDP, TCP or Both to forward.
Latest version of bios (beta) incorporates ZoneAlarm reporting.
Executive ability is deciding quickly and getting someone else to do the work. --John G. Pollard
The Linksys logs, but its just snmp trap errors. I know, not the best loggin, but its something
Executive ability is deciding quickly and getting someone else to do the work. --John G. Pollard
Driver Date : 6/22/2001
Drive File Size : 189KB
Click Here to download firmware version 1.39
Extract the files
Read the UPGRADE.DOC for upgrade instructions
*Linksys will not offer technical support for the Pre-Release version.
Executive ability is deciding quickly and getting someone else to do the work. --John G. Pollard
'There is a Light that never goes out.'
I've got one of those Linksys routers. First of all, I don't think there's any way to sell a switch this cheap. Anyone have any information on this? Also I have one of those Netgear 8-port switches. Is this a switch or a 'switched hub'?
If I use Internet Explorer's Proxy options, can I get around the logging on the router? In other words, if I connect through a proxy, what will show up on the logs? The proxy or the actual site?
SmartBox
TigerDirect has the 3COM 3c510 NAT Router for $49, no rebates, that's the real price!
It includes:
1 port WAN (DSL/Cable Modem)
4 port 10/100 Switch
Parallel port with Print server
Serial port with FAX and dialout sharing support.
Why so cheap? It's a discontinued model.
BUT... the insides are exactly the same as models sold by SMC, D-LINK and others, and you can use the drivers and firmware upgrade from the original maker (AMIT) in Taiwan which you can find here:
http://www.amit.com.tw/download/firmware/
The printer server works with standard LPD support in Linux.
If the monitor isn't running, a computer shouldn't use more than about 10-20W. A hefty power supply is only necessary for an AGP graphics card that uses a lot of power, or when spinning up the disk drives.
get an old PC and setup a router with help from the Linux Router Project then you can get fancy and have all the features you'd ever want, throw a disk in it and it doubles as a file server, cache dns lookups and web content.
somehow it's more fun that way....or is it just me that thinks this Linux stuff is fun?
"The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
I've had my eye on a PGP 5 e-ppliance firewall. Anyone have any experience with them?
Although you're looking to go with the router/switch, you should also take a look at Mandrake SNF 7.2 (Singe Network Firewall). It has web based settings very similar to the router/switch units. All of the functionality of the router/switch is present, and it uses bastille for firewalling and squid for caching. It only needs 260Mb or so to live on, and will run on any Pentium or higher.
Installation basically consists of plugging the cd into the drive and booting. After the system has been installed, it is hardly different from the router/switch at all, except that it is probably more flexible.
Your old PC probably burns 100 watts. At a nice round but too low number of 10 cents/kwh, that's a penny an hour. So that's $1.68/week, or about $7.20/month, or $87.60/year. By contrast, most Cheap Little Routers cost under $100, so they're in the same price range. The real cost differences are your time installing the thing - if you view it as entertainment, along with the enjoyment of laughing at hax0rs, you win. If you view it as 15 minutes of your time at $200/your, you lose, unless it saves you half an hour of hauling the antique to the Computer Recycling Center, in which case you also win.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Also, rather than use your old PC as a firewall, sometimes it makes sense to use your main PC as both the active machine and the firewall and the NAT server for your other machines. This obviously only applies if your main PC runs a Real Operating System (e.g. Linux, *BSD), but it can front-end your Mac or Windoze boxes or that Beowulf cluster of game machines your kid's building.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
For an out of the box solution, it works great. It does NAT, with DHCP or Static IP's, port filtering, SPI, MAC addressing/cloning, static or dynamic routing, gateway or router designation (NAT works either way). And many other features that I have not mentioned. The 8 port also features QOS.
/.'ers responding about using a linux box* "Relax."
I have a linux router as well but if you are looking for a simple, robust out of the box solution, I recommend the Linksys. It is a great product, and you wont regret it when implementing for tech or non-tech users alike.
*All you
We all love linux, support it, promote it, but dont give it as the answer for everything. It is not the solution he was asking for.
As a professor of mine says quite often, we love the operating system because we love to use a user hostile environment.
:-( --- argh. Despair, I owe again.
I've been using the SMC Barricade Wireless to handle our home network. It provides DSL/Cable and dialup connectivity. Does all of the firewalling and redirection that I've needed so far. It also has the ability to be a print server. Finally, it does the wireless ethernet stuff I wanted. It's got a decent web-based administration.
I haven't pushed this thing to it's limits yet. But it seems to be a very small and versitile box.
Are there any problems with these routers and the H323(netmeeting) protocol?
stay frosty and alert
I've been impressed by (and like) 2Wire's HomePortals. Neat products, especially with the HPNA, 802.11b, IPSec, DHCP, VoIP etc etc rumour has are coming in the next (free) softwre upgrade.
Clarkconnect.org has an awesome, fully configuralbe PC router based on RH linux 6.2, and 7.0. I've been using it for about a year now, and my router has been up for two months. I'm very pleased with it. It allows for file sharing, printer managment (hook one printer up to the server, and share between all users on lan) remote manag via Webmin, DHCP server for lan, can be used with an old 486. My setup has easily served 10 people with a 150Mhz and 64 megs of ram, 3 gig HD and two nics.
doug
-a.thought.crushed.my.mind-
Quite a few DSL/Cable router box manufacturers have their manuals posted on their web site. It doesn't take long to get familiar with these devices' capabilities by reading the instructions. Just a few:
Linksys
D-Link
Netgear
Cisco (expensive but flexible)
Does any of these hardware NAT/Firewall units support multiple Red IP's ?
I know LRP or a linux box can handle it. But I'm looking for simplier solution (in terms of setup and maintenance) because I need to change the config quite frequently and having a web interface to do that is a real plus.
(Neither smoothwall nor clarkconnect supports multiple red ip's AFAIK)
I think this is the most value for money...
My mobile is automatically activated by the contact between the toilet seat and my ass...
Check out Zywall 10 from Zyxel.
Stateful packet inspection, etc...
I have just ordered DSL and I already have a small lan setup at my house. Unfortunatly I can't get a static IP, how can I have requests to mydomainname.tld always goto my server, even if I disconnect for a sec.(thus changing IPs)? Please give me some advice, thanks
Easy... FreeBSD. With IPFW and NATD. It's inexpensive, reliable, and works great.
I have a friend who is on the FreeBSD development/documentation team.
He is also the sysadmin of dozens of sites (including porn) across the US.
Using a FreeBSD system, with ipfw, and natd, he gets thousands of hits from
script-kiddies each and every day trying to get free porn or software.
Not a single person has gotten through yet.
When I originally asked him what Firewall he recommended, he told me to use the above
combination. He also said that he'll put up his FreeBSD firewall against any other firewall
out there (including CISCO routers)...
The day Microsoft creates a product that doesn't suck, it will be known as the Microsoft Vaccuum Cleaner!
I bought a SOHOWARE NBG800 - it's their top of the line DSL router for which I paid over $300 and it's a piece of garbage.
It goes deaf about 3-4 times a week out of the blue, not responding to pings, not routing anything, nothing. Then it would just come back again out of the blue. This caused me so much grief, and I suspected all the machines in my home network (3 PCs, 1 Ultrasparc 5 and 2 macs), until I found out it's the router.
I wrote to Sohoware about this half dozen times and they have not once responded.
Also, if you set a particular machine as the DMZ, it doesn't work, since the router still insists on blocking some ports, and you can't turn the damn thing off. A colleague of mine wrote a program that used a particular port for communication and it happened to be in the range that it blocked. I couldn't get it to stop blocking. Port forwarding didn't help. So we just rewrote the code to use another port, which wasn't that big of a deal, but it just pisses me off that some dumbass router should dictate the structure of our code. I wrote to Sohoware about this as well and again they have not responded.
I cannot believe the level of service (or the lack thereof) this company has, nor can I believe the shoddy workmanship of their product.
It came with three of what looked like Ethernet cables, and plugged one in. It didn't work, nor did the other ones. So I looked at the wiring and they were all crossovers! What the hell? Did they want me to connect only hubs onto the damn thing? Or do peer-to-peer, bypassing the need for the router?
In the original one, two of the ports were very loose and it would sometimes lose signal, so I returned it for another one, but in the new one only one is loose.
After countless times of unplugging the machine I want to access Internet with and just directly plugging into my DSL modem when the router goes blank, I just said screw it and set up a router on one of my Linux machine.
This was one of the worst purchases I have ever made, now that it's just gathering dust in my garage. I hope anyone out there who's thinking about buying this won't.
Unfortunately, a nuclear attack, wouldn't just kill your intended target.
With changes in weather pattersn (the way the wind blows, etc...), the radiation
will travel to other countries. Neighboring counties, some that are our allies, are not
even responsible at all for this attack. Within years, the radiation will even travel back to the US,
and start killing people here again.
Great solution... Immediately wipe out your enemy by discinetigrating them
(where they don't even know what happened), and then kill the rest of the world slowly,
while at the same time committing suicide. Albeit some form of retaliation is necessary, nuclear war is not the answer,
and quite frankly never will be the answer to anything.
Yes, I'm angry and what happened, but I also know that we will bounce back and once again prevail like we have in the past.
What really pisses me off, is the assholes that were dancing in the streets, cheering and stating that the US got what it deserved.
Those f*ckers need to go home and get off of US soil. They shouldn't even be here if they hate the US that much.
The day Microsoft creates a product that doesn't suck, it will be known as the Microsoft Vaccuum Cleaner!
This board could make a perfect router/firewall with DMZ, but they're still a bit pricey ...
It does not seem to support dialin, and it certainly cannot support rs232 and WAN at the same time.
Whatever you do be careful if you are considering Smoothwall.
It's really poorly put together and recently a number of exploits were made public. All of them are the result of very poor development methods (or the lack thereof) and obvious lack of understanding wrt security design.
The Winner ist FLI4L
... Easy, quick and Free :-)
Floppy ISDN for Linux
A one disc does everything DSL/ISDN Router, with
everything inside you need. Even a Windows GUI
for the configuration
http://www.fli4l.de
Go on ebay (or even read paper advertisements) and look for laptops with their screens damaged / broken. This really cuts their price down. Sometimes people even throw them out and you can get them for nothing. You can plug in a monitor while you're setting it up (most laptops, probably all, have a monitor plug at the back like the external keyboard / mouse plugs), and once it's running it doesn't need a screen anyway...
I was wondering.. how efficient is an old computers motherboard and they cheaper NE-2000 clones.. Personally i'd love to have a Linux-server that acts as a firewall and file-server for me while I toy around with my main comp for all kinds of different stuff. But.. problem is I dont really know if I can trust the speed of an old motherboard to deliver the packets fast enough. Im connected to a 10MBps University LAN and can often download stuff in excess of 800kbps. Would a firewall with cheap network cards and old motherboard slow this connection down?
#include "coucou.h"
You're way off. If this were the case, fans would not be required or used. Don't forget the inefficencies (heat) of the power supply. Each device in an old machine, from the network cards to the video card to the hard drive, as well as everything on the motherboard, all generate heat. The total draw of the components and CPU will likely exceed 50W. I think whe you throw in fans and the power supply, you're going to find it is very close to, if not well above 100W.
--Be human.
Heh, I run a FreeBSD 4.2 box with 2 NICs. Ofcourse you could get the lazy solution of a stupid box that you plug in and it works, but you'll never get similar functionality. I have natd running for NAT, and I use ipfw for firewalling/forwarding. The box runs 2 486es with 12 megs of 34 pin ram. No PCI ofcourse. This box runs many services for me which a retarded wannabe router or even a cisco router could not do. These services include: Webserver for my domain with Apache, SMPT serving with qmail, FTP, nfsd, pop3d, authd, and others. I built this box for less than 70 bucks including NICs. The fans inside are so quiet that if I turn all my computers off except for it I wouldn't know wether it's on or off. It has a keyboard attached to it for backup but no monitor. I telnet to it. The best thing is that I can go to my friend's house and still use my computer because I can set up X to my main box by forwarding. If anyone can find me a router that will do all of these for 70 bucks I'll buy 10 of em.
notten
Well, I guess I will throw my $0.02 into the ring.
:-) This really should be left to people who understand the basics of security.
As the subject says, I would recommend OpenBSD all the way. Granted, it is not really for my Gramps, but Gramps shouldn't be hooking up a box to the Net that is readily available for hacks to become based for attacks
Now, granted you will need slightly more hardware (2 NICS's plus an old PC), but the flexibility that you get far out weights the hassles of the "extra" computer floating around under the desk.
I have my old 133 A) keeping all of the bad people out (occasionally I turn on the logging to just see what is going on and I am always amazed to see just how many "attacks" I see on my box) B) NAT'ing because I have several boxes behind the Wall C) file sharing via Samba because some of the boxes behind the Wall are Windows D) printer sharing via Samba as well
I am relativly new to *NIX OS's, and I thought the install and configuring was quite simple. Just print out the FAQ pages, and follow them. Voila, your system will be up and running.
For firwalling, IP forwarding and such activity, I can't imagine using anything other that Open
BSD, but like I said, just my $0.02.
I used to have a 233Mhz machine running Windows 2000 with 2 NIC cards set up as my server. The time that it would take to install, then find out how to configure took about a day. It was done through Windows 2000's built in NAT. It did get the job done, but it did take a while to figure it out. If you are familiar with NAT and Windows 2000 it should be quick. I did see that there is more to go wrong if you have this setup, like a bad NIC card, slow computer, a non-booting computer, etc. In a whole it's kind of a pain to setup and maintain. I descided to go with a LinkSys 1 port router and connect it to my 10/100 Hub. Much better speed, quicker configuration, and if something goes wrong, just reset the Router and Cable Modem. For DSL users and other cable modems that require a login, it will support PPPoE. If you are running a server on the inside of the network then you can set up that computer's IP address to be the DMZ. Basically any incoming traffic will be forwarded to that address. If you have multiple servers that all perform a different function (HTTP, FTP, etc.) you can forward different ports to different PC's on the internal network. Hope this helps.
People are guessing about how much power is used!!!!
It is better to measure it. When I have measured power use, it has been much lower than the rating of the power supply.
Bush's education improvements were
Count me in the "old pc running *nix" camp though I know it's not for everybody. I set up RH6.2 about 18 months ago with ipchains and Roaring Penguin PPPoE. Have since done the same thing twice more for friends and family. Works fine on everything from a 486SX25 with 8MB RAM to a 486DX2/66 with 16MB RAM using 3Com 3C509, SMC and NE2000 NICs. Average cost per machine was probably $50.
Anybody had experience with ClarkConnect?
I use two different routers in my daily activities. I use the Linksys @ home, and the SMC here @ work. The SMC offers both DHCP and fixed addressing at the same time. (doing that now with my laptop which I carry back and forth) The Linksys also offers this functionality, but you have to make sure you have a later version of the firmware. /. is that SOME PEOPLE JUST WANT THEIR TECHNOLOGY TO SIT IN THE CORNER AND WORK! The "toaster" ideal of technology is appealing in many situtations, this one being an ideal. I "fix" broken technology all day, I would like to come home and "USE" my equipment. Having to deal with another box is not always appealing. The SMC cost $99.00 and had a $25.00 rebate, and it works, is small, and uses little power. I would gladly pay the $75.00 to not have to deal with an "Old Box" running just as a router.
Both routers go weeks or more without problems, in fact the Linksys has been up for 3-4 months without any issues.
The thing that I always end up saying to myself after reading threads on
then you have a router built in. Ask your telco for the specifics of the configuration, or check out Cisco's site.
Any other combo DSL modem & routers??
I know you don't want to reuse an old computer, but when faced with a similar problem that's what i did. I used a 486-133 (AMD CPU) with 16 MB RAM. I didn't have a spare case at the time, but i did have a power supply and a cardboard box. I put the motherboard and power supply in the box, which was sized so neither moves around much. I added a floppy drive, which normally is encased by an anti-static bag to keep it from shorting the motherboard (since the floppy is just laying in the case). For a graphics card i used a circa 1994 or 1995 PCI card. The CPU doesn't have a fan, and to reduce noise further i opened the power supply and removed the fan there. To keep the power supply from overheating, i left the lid off. I added 2 3Com 3C509b cards and 16 MB of RAM. I configured a floppy disk using the Coyote variant of Linux Router Project (http://www.coyotelinux.com/). Although i've set up IP masquerading and firewalling using a full-sized distribution as well as the standard Linux Router Project, Coyote makes it pretty easy so that's what i use now. I've been running the machine for over 2 years without problems. Since it is only a 486 it can't handle 100 mbit, but for a DSL line it works great. Plus i have a computer built in a cardboard box.
----- "I'm still sane on three planets and two moons."
A few years ago i was given a 486 dx2/66, 8mb ram and 120mb hd for free by a company where i was upgrading some of the workstations. I put in a second 3com 3c509 NIC, installed Slackware 3.6 and upgraded the kernel to 2.0.37, This machine ran for over a year handling a dialup connection, and later managing an adsl connection. When i moved some months ago, the total uptime.. taking into account the linux 497 days rollover, was 560 days. The machine was in the basement where the phoneline enters the building, so noise/heat was never an issue, and 4 other users who shared the connection never even realised it was there.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
In particular, early BEFW11S4 units, the ones with the 802.11b WAP built in, shipped with flakey firmware. The unit crashes and sits there with the red "DIAG" light blinking. Upgrade via the Linksys web site.
T
Yup. You got taken by a troll. Please logoff now.R
O
L
L
U wanna do some axen???? U should try relaxen.
I am satisfied with my D-Link at present. I use it for NAT only.
However D-Link has spammed me ever since I bought the product, and they just WILL NOT quit, no matter how many times I have asked.