Slashdot Mirror


Replace NAT Box with Commercial Broadband Router?

hjf asks: "Three years ago, when I got DSL, I set up a 486 box, with 8 megs and a floppy drive to run FloppyFW. It has been through a couple hardware upgrades: 16Mb RAM for running the 2.4 kernel and a 100MBit PCI NIC for the internal network. It has a little UPS which lasts for over 60 minutes. The only downtime it has is when there's a thunderstorm and I unplug it. Besides that, it has been running flawlessly since I set it up. Lately I have been kind of seduced with this product from 3Com, and other similar to it. I know it says it can handle 253 simultaneous users and all that. My home network has 4 users, but most of us run eMule and other P2P, and as many of you know, those P2P programs can beat the crap out of your router." "For example, the default NAT table of my box wasn't enough (syslog reported TABLE FULL - DROPPING PACKET), so I made it 32768 entries and that message doesn't appear anymore. Now, what I'd like to know is, how big is that router's (or any other which does that kind of job) NAT table? Will it handle that many concurrent connections? I know I'll lose most of Linux's flexibility but I think I can live with that, but I'd surely win lots of room in the closet. So Slashdot, what's your opinion about all this?"

6 of 118 comments (clear)

  1. stick with what you've got by Anonymous Coward · · Score: 5, Insightful

    Whoa, you want to replace a simple, working firewall, which is open-source, understood by you, and which costs next to nothing, with a closed-source, commercial, EULA-encumbered device with arbitrary limits, unknown functionality, guaranteed to work only with Windows, but in a shiny branded box?

    Damn, if you're not a manager now, you're in the wrong line of work!

    I mean, you're seduced by this kind of crap?

    IP functions such as PPTP/PPPoE, NAT, and DHCP enhance addressing privacy and economy

    Wow! Enhanced addressing privacy! And Economy! Both in one sleek white box!

    Hacker pattern detection firewall feature automatically detects and blocks denial-of-service attacks and other common intrusions

    I can just imagine that sophisticated technology.. if packets/second exceed X, start dropping packets randomly....

  2. Why? by josh3736 · · Score: 4, Insightful
    from the if-it-ain't-broke dept.

    I think that says it all. The box you have now works just fine, so why ditch it for a less flexable consumer-grade router?

    Do any of those Linksys boxes have ssh? Nope. Stick with the PC.

    1. Re:Why? by Anonymous Coward · · Score: 3, Insightful

      Just an FYI, the Linksys WRT54g is just about the most hackable $60 box you can buy. I'm contemplating throwing out my sparc5 w/ 4pt ethernet and replacing it with this smaller, quieter, and cooler (temp) box.

      https://sourceforge.net/projects/wifi-box/

      http://openwrt.org/

      There's lots more out there, I'm sure.

      You can even add a serial port to it! Hack the voltage and get 200mw (or something) out of it!

      Four years ago when I setup this sparc, it was the easiest solution available for a wireless router and firewall. But now it sits on my shelf and is by far the loudest box I own. Meanwhile my girlfriend has a *silent* firewall and access point for roughly half of what I paid for my sparc. Maybe I'll make the thing diskless so it's not so noisey, but I it might be time to retire it...

  3. Your loss by aminorex · · Score: 3, Insightful

    Your loss, if you make the transition, is mostly
    the loss of flexibility in customizing firewall rules and adding edge services.

    Your gain is a reduction in maintenance, size,
    energy consumption, noise production, and portability.

    --
    -I like my women like I like my tea: green-
  4. fan failure - no network by jkujawa · · Score: 4, Insightful

    About three years ago, the fan failed on my (almost entirely silent) Linux-based NAT box. I didn't find this out until the cascading failures took down the whole box.

    I replaced it with a Linksys router. I've been happy ever since.
    Set it up and forget about it.

    I'm a coder. I've also done enough sysadmin that it pisses me off when I have to do it at work, and more so when I have to do it at home. Plug-it-and-forget-it is awfully nice.

    Spending $50 on a router, is also more economical than working on one for several hours. My time is not free.

  5. Re:FloppyFW or FreeSCO (free cisco) by Anonymous Coward · · Score: 3, Insightful

    how often to poll for device interrupts.

    What's the point of interrupts if you have to poll for them...?