Remote Router Administration?

bduncan asks: "I'm wondering if the Slashdot community knows of bandwidth and remote admin friendly routers, accessible using either a telnet port or at least lynx (both from the inside network of course). I remotely admin a number of installations using Linux systems to do firewalling, email etc. and they all have dialup facilities in case the router misbehaves for some reason. This used to be easy, as the routers would normally provide a telnet port and/or a low bandwidth HTTP facility for setup, resetting etc.Unfortunately, the last installation using a major brand router was across the pond (in the UK) and provides only an HTTP interface, but uses high-bandwidth flash on top of this! Now, instead of just dialing in and using telnet or lynx to get to the router, I'm forced to set up a PPP connection into the Linux machine and then soak up most of the bandwidth with all kinds of useless Flash animation, just to make some changes on the router. Typing into the Flash forms can take many minutes to be echoed back and executed. Tunneling through to the Linux machine using SSH is an option, but of course not until the router is set up properly. Does anyone still make a low-bandwidth remote admin friendly DSL router for use in the UK (or anywhere else for that matter)?"

Name names please!

[Zocalo]

Flash on any network device is ridiculous! I'm guessing that this one of the new breed of all-in-one router come firewall devices aimed at the home broadband market. I for one would be grateful if named vendor and models so I could avoid this product like the plague! What the hell *is* this lemon?

As to remote admin over dial; if you need to do that then a CLI, or at the very least a text mode menu option should be a prerequisite. It really doesn't matter what the interface is like, since you will almost certainly only be making minor configuration tweaks with the CLI once the router is up and running.

If you can afford the price premium, I'd go for one of the established CLI's like Cisco's IOS. While they can be daunting at first they do have the advantage of being a skill portable to a huge range of devices, especially in the case of IOS, and there are dozens of places with template configurations to get you started.

On the otherhand the general consensus on the UK Broadband newsgroups seems to be that Draytek make some excellent kit. I can certainly vouch for that, since I use one myself - a Vigor 2600we to be precise, which cost about 160, but the 2600g is just out that ups the wireless support from 802.11b to 802.11g. To summarise the key features in addition to the wireless:

• Lightweight HTTP GUI
• CLI access (straightforward, but no IOS feature-wise)
• DHCP server / DDNS support
• ISDN on some models - dial directly into the router to manage it!
• Stateful firewall with content filtering & DDoS protection
• VPN support
• Management tools including, NTP, SNMP & remote syslog support

All in all a very nice bit of kit, and unlike a certain Netgear product you don't have to help DDOS the University of Michigan NTP server. ;)

Try the Linksys WRT54G

[EverLurking]

You may not need the wireless capabilities (which can be turned off), but you can administer it via a pretty simple HTTP interface, or better yet, get root access as it is running Linux with iptables and telnet into the sucker. Some have gotten it to work with SNORT or as a VPN server and other stuff as well as a SSH Daemon. There is also a way to run NoCat on it if you want to use it as a public wireless gateway. If you want to write your own apps to run on the router's 125 MHz MIPS CPU, there are pre-built cross compilers available as well.

Most of these enhancements to the stock WRT54G can be accomplished as changes to it's filesystem's ramdisk so that they are not permanent and a simple reboot of the router will get you back to the non-hacked state. If you're feeling brave however, you can try to create your own firmware and commit it to flash at the risk of messing up and creating a small doorstop out of a perfectly good router.

Unfortunately the built in capabilities accessed via it's HTTP interface are a bit slim and simplistic (ie. no SNMP router logging and the built in logging capabilities are VERY basic, only 5 port filters, no Static IP assignments based on MAC addresses, no port triggering) but par for a home/office grade router. Besides, you could always add what you want via your root linux access neh?

Reviews of the router performance have been positive, with little difference in bandwidth in running with WEP on or off (unlike many other inexpensive wireless routers, which have up to a 50% reduction in wireless bandwidth with encryption turned on).

Pretty exciting to have a little router that has the potential to do much more than the usually lukewarm manufacturer's firmware allows.

Dave

Please post what router you have.

[FreeLinux]

I am sure that everyone here would like to know which brand/model that is and avoid it like the plague.

To answer your question, almost all brand name routers offer telnet access to the CLI. They also have a console serial port offering a direct connection to the CLI into which you can plug a modem for dial-up access to the CLI. The brands to look at are Cisco, 3Com, Nortel, Juniper and many more. In fact, you should avoid any router that does not offer telnet/ssh access and a console serial port.

Some of the new home based broadband routers like the LinkSys have only a web interface which is adequate if you have physical access to the router but, as you have seen this can be problematic.

Please post which router you were stuck with.