Slashdot Mirror
Replace NAT Box with Commercial Broadband Router?
hjf asks: "Three years ago, when I got DSL, I set up a 486 box, with 8 megs and a floppy drive to run FloppyFW. It has been through a couple hardware upgrades: 16Mb RAM for running the 2.4 kernel and a 100MBit PCI NIC for the internal network. It has a little UPS which lasts for over 60 minutes. The only downtime it has is when there's a thunderstorm and I unplug it. Besides that, it has been running flawlessly since I set it up.
Lately I have been kind of seduced with this product from 3Com, and other similar to it. I know it says it can handle 253 simultaneous users and all that. My home network has 4 users, but most of us run eMule and other P2P, and as many of you know, those P2P programs can beat the crap out of your router."
"For example, the default NAT table of my box wasn't enough (syslog reported TABLE FULL - DROPPING PACKET), so I made it 32768 entries and that message doesn't appear anymore. Now, what I'd like to know is, how big is that router's (or any other which does that kind of job) NAT table? Will it handle that many concurrent connections? I know I'll lose most of Linux's flexibility but I think I can live with that, but I'd surely win lots of room in the closet. So Slashdot, what's your opinion about all this?"
Whoa, you want to replace a simple, working firewall, which is open-source, understood by you, and which costs next to nothing, with a closed-source, commercial, EULA-encumbered device with arbitrary limits, unknown functionality, guaranteed to work only with Windows, but in a shiny branded box?
Damn, if you're not a manager now, you're in the wrong line of work!
I mean, you're seduced by this kind of crap?
IP functions such as PPTP/PPPoE, NAT, and DHCP enhance addressing privacy and economy
Wow! Enhanced addressing privacy! And Economy! Both in one sleek white box!
Hacker pattern detection firewall feature automatically detects and blocks denial-of-service attacks and other common intrusions
I can just imagine that sophisticated technology.. if packets/second exceed X, start dropping packets randomly....
Get a Pentium laptop, and you will still get the flexability of linux, and you will save room.
Routers such as above are designed for home use, not for anything that's user-intensive. If you're planning on beating the crap out of it, you should probably purchase a product designed for that purpose (or keep your Linux box). The general rule applies when considering buying an electronic item: read reviews and ask around.
US businesses that currently accept chip and PIN/signature
I use SmoothWall on a P200 with 384mb ram and a 10gb hdd.
There's been upwards of 20 PCs on the network and there's been a few times when 1 of us will been on the phone (VoIP), 2 of us are downloading a lot of files via p2p and another downloading ISO after ISO off of MSDN - all at the same time.
The little smoothwall box handled it all wonderfully, plus there's a fairly large community out there writing custom modules and addins for it.
The best part? Well, besides the transparent web proxy, I really like how you can have an internal-only network and a seperate DMZ network to hang your web services off of.
It's not as small or sexy as that 3com, but for me it's a perfect fit - handles a lot, plenty of ways to monitor it, and the price is right. Give it a shot, see what you think.
Looking for hardware (Currently need: Large Etch-a-Sketch) Have one? See my journal!
Do you mean your NICs get hot? Or does the machine start vibrating under the load?
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
Get one. They're dirt cheap, have plenty of CPU power, and they run Linux. Combine one with an open source OS image and you have one powerful router - you can do VPN with it, firewall, anything you want - and you can adjust the NAT table to your liking if the default isn't sufficient, and it does wireless to boot.
It'll save you plenty on your home power bill too. Seriously, a 486 or simmilar running 24x7 can cost you 5-10 bucks a month, or even more in some areas. Home routers use significantly less power.
I think that says it all. The box you have now works just fine, so why ditch it for a less flexable consumer-grade router?
Do any of those Linksys boxes have ssh? Nope. Stick with the PC.
You might check out DSLReports for some opinions on that router. One guy seemed to have trouble with P2P on it. In my experience a lot of these home-networking boxlets seem to choke on P2P.
Consumer grade broadband routers are notorious for causing problems, and are almost always badly underpowered. Using a PC based router to handle nat generally works much better, provided you have the know-how to set it up.
A few months ago I replaced an aging P133, an ancient 3com 12 port 10 megabit switch (with 2 100 megabit uplink ports, woo hoo!), and an 802.11b access point with a Linksys WRT54G.
I replaced the firmware with this. I've been very happy with it so far. I think the 200 mhz mips processor is probably a decent replacement for the P133. It takes up much less space, makes much less noise, and it's in much better condition that the old hardware it replaced. I can still ssh into it, and according to /proc/version it is running a 2.4.20 kernel.
I think it was approximately 70 dollars well spent.
About three years ago, the fan failed on my (almost entirely silent) Linux-based NAT box. I didn't find this out until the cascading failures took down the whole box.
I replaced it with a Linksys router. I've been happy ever since.
Set it up and forget about it.
I'm a coder. I've also done enough sysadmin that it pisses me off when I have to do it at work, and more so when I have to do it at home. Plug-it-and-forget-it is awfully nice.
Spending $50 on a router, is also more economical than working on one for several hours. My time is not free.
for roughly $65, you can buy a linksys wrt-54g which runs linux out of the box. add to this some free third-party replacement firmware and you get full control over the unit and loads of features - VPN, packet shaping, advanced packet filtering, captive portals, and all sorts of other stuff. the unit is very flexible, reliable, cheap, and most of all it is supremely hackable - especially if you know your way around linux.
if you do go down this route be sure to avoid sveasoft's firmware, for reasons illustrated here. basically, the guy writing it is a total cockbite. last time i questioned his (ab)use of the GPL here on slashdot he banned me from his forums, so if you do intend to send him $20 you'd better be nice.