Slashdot Mirror
Home Router For High-Speed Connection?
soulprivate writes "My cable company has recently begun to offer Internet access plans with speeds over 30 Mbps (60, 80 and 100 Mbps). However my D-link router is unable to go beyond 30 Mbps if I use NAT; it reaches 60-70 Mbps only if NAT is disabled. Is there any recommendation for a brand/model of residential router that is able to get more than 70 Mbps with NAT enabled? I have been looking for benchmarks or comparisons, to no avail. Does anyone know one? What are your experiences at home?"
Just get a cheap router like a WRT54GL and run OpenWRT on it. I have a couple of them in a WDS network. They're very manageable, and you can set up DMZs and such, and you can do basically anything you would do on a normal Linux system.
The reason I would expect most brand-name ones to is the public embarrassment if they were caught out like that.
Now everyone is going to check their routers and if the Belkins and Linksys-by-Cisco and others are all super-slow when NAT is on it's going to cause some major embarrassments for the industry.
I expect you either have an inferior manufacturing run, an inferior model, or an inferior brand.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Vyatta...use it for home and enterprise environments.
I have one of these, flashed to DD-WRT. Gigabit router, QOS, and awesome.
Second of all, shouldn't a gigabit router give you what you need? Or am I completely off-base here and missing something...?
My ISP links to http://www.smallnetbuilder.com/component/option,com_chart/Itemid,189/ which has throughput numbers for common home routers.
The long and short of it is that a lot of these devices have pretty poor performance, and can get away with it because they're used on 1.5mbps lines. However, there are some out there that are decent.
Of course, there's the build-it-yourself approach with m0n0wall or pfSense or something else. With a spare PC laying around you'll likely get reasonable performance, although electricity usage is quite a bit higher than an appliance.
... and use pfsense. My Intel CPU mini-itx board, with processor and ram was $100 and it works better than any consumer grade, BestBuy special router.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
What website do you expect to give you more than a 30Mbps connection?!
You may need 100Mps internal to your house, but a switch or even dumb hub would be sufficient for that. Why do you need to route at that speed?
I have a 100/10 mbit (fiber, no modems etc) line at home and use a Linksys WRT-160NL. When I do heavy file transfer (downloading, mainly from big FTPs like universities and such) the speed is around 90 mbits (~9.5 Mb/sec).
I highly recommend it. And if you're extra geeky, I know that there's a OpenWRT port being worked on, but it's not finished yet.
Check out ebay for a used Cisco router.
The replies you've got so far seem to think that just because a router has gigabit ports that it can do NAT at gigabit speeds, which of course you've already figured out is nonsense.
For a standalone firewall box you might need to look at something like a Cisco ASA. Not cheap but they will at least specify the actual NAT throughput for whatever model you pick.
The other way to go is to roll your own on a decent PC with Linux which will get you a few hundred Mbps easily. For example a Mac Mini or FitPC will be fast enough.
A little overkill perhaps, but something like this (around $500) is a good option.... http://www.juniper.net/us/en/products-services/security/ssg-series/ssg5/ Alternatively, pretty much any PC with two network interfaces running something like Smoothwall or IPCop should do the trick: http://en.wikipedia.org/wiki/List_of_Linux_router_or_firewall_distributions
I have an old Dell PowerEdge 350 that I used for quite some time as my home router/Asterisk box. Just recently retired it - replaced it with a VMWare ESXi 4.0 box with a single VM running my router/Asterisk instance. Works like a charm too.
Find someone who has an old rack mount server for sale (eBay is your friend, so is CraigsList), install a Linux Distro of your choice and unless you are trying to run a BGP instance with a full view, you should be fine.
Ron Gage - Westland, MI
Are you seeing the performance degradation over a wired network, or over wireless? Of course, I don't think I've ever even seen more than 54Mbps over a wireless connection on my own, to the router that is, so I it may not even matter, really.
Get one with gig-e ports as they have more power
Like another user stated use pfsense. We had this problem at work. We are a library and just got 100/100 fiber service. Couldnt afford to buy some $10,000 router and our $1000 router couldnt handle the speeds. Downloaded pfsense and put it on an old server and get full 100/100 speed. Its open source , has snort and everything. ITs free to use and they have a pay for support option as well.
The newly released Cisco 891 is definitely what you want. It has a good CPU which can do NAT at high speeds and many many flows
http://www.cisco.com/en/US/products/ps10194/index.html
I thought everyone on Slashdot built their own firewalls using Linux and / or OpenBSD. WTF? I guess they'll give an account to just about anyone these days.
Help save the critically endangered Blue Iguana
You could do what I do: use a compact computer with two NICs (motherboard NIC plus a PCI 3Com NIC) as the firewall. Run Devil-Linux from a read-only device. Then, the inside of your firewall can be a gigabit switch. Devil-Linux is pretty easy to configure, although perhaps not quite as easy as a consumer firewall/router with a good web-based GUI. You can boot Devil-Linux from a CD drive, with a write-protected floppy holding your settings; you can roll a custom CD with the settings burned onto it; or you can use a write-protected USB flash drive for everything. No hard drive is needed.
Pro: Fastest possible throughput and lowest latency; excellent security.
Con: Will consume more electricity at idle than a consumer firewall/router box.
steveha
lf(1): it's like ls(1) but sorts filenames by extension, tersely
pfSsense has a good interface and support for built in wireless if you want. It'll take up more space and use more power, but the feature set is immense. If you don't want to get something big and power hungry, you can put together a smaller ALIX box that runs pfSense too. But those are 10/100 ethernet jacks, so there's less room for growth.
IPCop is also good, I just switched to pfSense because we use it at work. And we use it at work because IPCop doesn't do multiple WAN interfaces which wouldn't really matter for home use anyways.
Anything should do. I guess your d-link is a few years years old? I worked for D-link support (yes, yuck) around 5 years ago when people started getting 100/100 at home, and we got plenty of complaints about specifications vs reality. But that wasn't a problem with the "new" models back then, and I can't imagine any home router for sale now that can't handle 100Mb with NATing and Firewalling etc.
Don't worry about speed, look at the price, support (do you have to a broken unit to china or can you get it replaced in the store?) and features instead.
Or even better: bring up an old computer with two NICs from the basement, install Linux or FreeBSD and add a cheap switch. That beats any home router in price and features!
http://www.smallnetbuilder.com/component/option,com_chart/Itemid,189/
I found this a few months ago... seems what you are asking for.
Take a look at the Routerboard 750 and 750G, they're great routers and once you see the flexibility of configuration you won't want to go back to off the shelf routers.
I bought a little router from these guys:
http://www.logicsupply.com/categories/firewall_systems
I've been happy with it so far, though I regret getting one with fans in it. Can be noisy during summer.
It's louder than my mac mini.
I ran into similar problems, except at 10 megabits most consumer level routers/firewalls tip over well before 10 megabits (several thousand outgoing NAT connections and they die, several hundred and they usually start crawling, plus none had real VPN capabilities). Honestly, your choices are basically: re-purpose an old PC with OpenBSD or Linux (I like OpenBSD because you can set it and forget it), or spend some serious cash on a properly firewall/router/NAT box (an old PC is $1-200 and will give you infinitely more capabilities in any event). If you wanna go small/no moving parts that's easy on the power consumption that's easy, just get a soekris box or a routerboard/routerstation pro device.
Mikrotik Routers, despite some bad press, are good. They are inexpensive, can be build with commodity hardware, and easily handle that level of traffic.
hardware specs on mine: 2.4Ghz P-IV, 512MB Rambus RAM, 1 * T100 Ethernet port (motherboard)connected to modem, 5 * 10/100/1000 ports (NICs) connected to home network and one 802.11g wifi NIC (operating as a hotspot), 1 256MB flash card in IDE adapter.
FIOS connection gives me 60*5 with one IP, and regularly sustains that with as many as four separate machines running BT at any given time, 2 public game servers, as well as various other uses. 60+ firewall rules, full NAT with 20+ port forwarding rules, it runs like a champ.
http://www.mikrotik.com/
If you already have the hardware laying around doing nothing, go ahead and give them a look.
Pretty much any home router in a box that you can buy is going to be rubbish. To be fair, it is pretty impressive what you can get for $30-$50; but intense price sensitivity and competition have pretty much leveled the home router field. You can either get the (impressive for the money; but not good enough) basic model, or you can go cry.
The Ciscos and Junipers of the world will probably cut it(with the distinctly possible exception of older used ones. If you get something from the era where routing a 10Mb lan into a T1 line was Real Serious Stuff, bittorrent over a 30Mb line is going to make it cry expensive enterprise tears); but they are expensive, even used, and many of their features are probably overkill for home applications.
Your best bet might be to run m0n0wall or pfsense. Depending on your tolerance for fan noise, you can either get a basic intel atom board for ~$80 or an embedded x86 board from soekris or pcengines or similar.
That combination will be pretty featureful, quite a bit more powerful than your basic home box, and cheaper than any business box that isn't seriously antiquated.
I'm on an unmetered 100 Mbps line, bursting up to 300 Mbps from time to time. Just like you, I had a tough time finding consumer-grade hardware able to keep up with speeds > 30-50 Mbps. After going through most of what's on offer here in the EU, short of DIY routers, I ended up with D-Link's "Wireless N Gigabit router DIR-655". Believe it or not, but I have actually seen throughput close to 150 Mbps (using NAT) on the WAN while on this network.
Of course, YMMW, but my search ended with this piece of hardware.Of course, it's priced slightly higher than the average router, but IMHO it's worth it.
On a side note: I personally, had no luck what so ever using Linksys offerings, including the WRT54*. Most "premium" hardware platforms in the consumer sphere only offer throughput close to 30-40 or even 50 Mbps while on NAT.
Good luck. And enjoy the speeds you have been blessed with, son.
Like most technology, they assume it's never going to be used to its potential. Take my laptop -- only when I actively cool it or balance it precariously several inches off the desk can I max out both cores. Try that with it sitting on its little rubber feet, and it overheats and throttles itself to 800 mhz. Try that when using the video card for anything stressful at all, and it shuts off.
Anyway, more on-topic, I've had a Linksys router (WRT54G) crash repeatedly when I attempt to run BitTorrent through it to a 100 mbit fiber connection. The solution was to replace it with a Linux box, and let the Linksys router only handle the wireless.
It's the same mentality that they've used to sell you 100 mbits -- works great if you just want to browse faster, maybe watch the occasional YouTube video. Sucks if you want to actually use it -- BitTorrent, maybe a Freenet node, or just transferring files between two machines connected to 100 mbit Internet -- before you know it, they're throttling it and bitching that you're a "bandwidth hog". In other words, they wanted to sell you 100 mbits because it sounds faster than 30 mbits, not because they expect people to actually need it.
Don't thank God, thank a doctor!
The Asus RT-N16 should be up to this task, as it has a rather unusually powerfull cpu on board.
http://www.asus.com/product.aspx?P_ID=WAa6AQFncrceRBEo&templete=2
Well, the Cisco ASA 5505 is not that expensive anymore. Does 150Mbps according to Cisco.
Even alcohol can bend the room...
If you use something with decent power management, and boot it off of a thumbdrive instead of a mechanical hard drive, you should be able to get the power usage down to where it is tolerable (though I agree you won't be able to get down to the level of a typical consumer router). Alternatively, if you're into any of the distributed computing projects (e.g. Folding@home), run a distributed computing client on it; that way at least you're doing something with the extra watts.
We have a SMC2804WBRP-G router for our home net, with a 100/10 WAN connection through a fiber switch. It handles our traffic smoothly using NAT and firewall with both wired and 11g wireless LAN connections. We've had it for almost 6 years now, and upgraded our WAN connection during that time. The SMC2804 was not particularly expensive, but cost about 50% more than the Netgear and Buffalo trash of the time. Typically, there are 3-4 PCs, a multifunction printer, and a headless server on our wired LAN, and there may be another PC or two on wireless from time to time. The firewall rules prevent the headless server and printer from calling home, among other things.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
They do not get gigabit speeds WAN to LAN if they have to do any type of processing.
Maybe slashdot would do well to affiliate itself with a site with regular tech support forums and point such questions that way...or maybe the editors could just pick a forum and point people to it. Arstechnica and Anandtech both have forums with lots of archived threads on all sorts of technical issues and questions, for example. Doubtless there are others.
Someone submitting such a basic question should be pointed to "How to ask questions the smart way" and google. Theyd do well to learn how to do things on their own a little bit.
By and large, language is a tool for concealing the truth. -- George Carlin
If you want to route things at speed why use something based on an anemic ARM chip running a few hundred megahertz when you have a multi gigahertz cpu at your disposal? I just dual-port my main computer and have it route and nat things. Routing works at least to 700 Mbits/sec. If I ever move to a country where gigabit ethernet to the home is available at a reasonable price (like in Japan where it is ~$100), then I'll have to revisit the routing situation.
(My setup is an athlon64 at 2Ghz, two linksys pci gigabit ethernet cards, fedora and iptables doing the NAT-ing. The computer is on 24/7 anyway because it serves web pages and accepts my email, so having it do the routing doesn't really increase my power bill. If power ever becomes an issue, I'll just move the server to an old laptop which will cut my power from 80watts to 20watts. That admittedly still isn't as low as an ARM chip, but you do get quite a bit more performance for your money.)
look here: http://www.smallnetbuilder.com/component/option,com_wireless/Itemid,200
PFSense with an Alix mother board is a bit difficult to setup, but can handle a lot more traffic than many of the other commercial routers. I wrote up the process to install here : http://techimpact.crgmedia.com/techimpact/entry/does_it_make_pfsense
I can do 100Mbps full speed with a cisco 2801 through NAT. Sure it's not cheap (average eBay price is around $500), but you get what you pay for. In addition to being able to push the 100Mbps you need you get all the extra feature of IOS (IPSec tunnels, IDS, SNMP management, QoS, ...)
R.
http://www.actiontec.com/products/product.php?pid=189
This may be what you're looking for. Offers 10/100 WAN ethernet interface, NAT, the whole she-bang.
You can find them used on eBay for under $40 shipped. I personally used a pair to utilize a coax line in my office for hard-wiring my desktop as my wireless was being spotty. Through put is better than 802.11g and ping times are in the 3ms range.
While WRT54G and a few others are good routers, they are a little bit underpowered. No 802.11n. No gigabit. Only 4MB flash and 16MB ram (if not 2 and 8 for the worst revisions). 200 MHz CPU. No 5 GHz radio.
May I suggest :
Asus RT-N16 :
Gigabit switch, 802.11n, USB, 533 MHz CPU (probably the bottleneck on your dlink), 128MB RAM, 32MB flash. DD-WRT supported. OpenWRT support WIP.
Only downside is that it does not support the 5 GHz frequency so I wouldn't use it in a large appartment building.
Other good choice :
Netgear WNDR3700 : 680 MHz MIPS CPU, 2.4Ghz+5GHz simultaneous radios, Gigabit switch, USB, 64MB RAM, 8MB Flash. It's supposed to come with an old (linux 2.6.15) version of OpenWRT out of the box.
If you want to stick with cheaper and older hardware, one of the best is the Asus WL-500g Premium v1 :
mini-PCI wireless-G (I replaced mine with an atheros 802.11abg), USB, 266 MHz CPU, 8MB flash, 32MB ram. OpenWRT and DD-wrt supported.
I'm sorry. I can't offer any advice because I'm too busy being jealous that you're ISP actually gives you good connection speeds.
pfSense Handles multiple WAN links handily (though your modems needs to have a sane failure mode (e.g. when the line is dead, drop everything) my cheapy DSL modem gets saturated by torrents and dies but still lets pings and other little heartbeats through making the router think all is well, the results are very strange. Has add-ons like BandwidthD: pretty traffic graphs and a graphical version of nTop: you may not know who's stealing your bandwidth, but you will once ntop is on the case. I have mine running on an old Athlon64 (my eldest box, a P3 is busy with Asterisk), runs great, but I have a deployment on a PII-350 with 128MB of RAM elsewhere. Oh yeah... you lucky sonofabitch!
i use a jetway NC92 series IPC board, its got a dual core atom processor and 1GB of ram. Use a small CF card for a hard drive with an IDE adaptor. You can get a very small case for such a board with an external laptop style power supply, it draws very little power anyway.
I also grabbed the 3 gigabit port riser card jetway offers for this board, giving me 4 gigabit NICs on board.
For software i use PFsense, the 4 interfaces are set up as WAN,LAN,Wifi and DMZ. Pfsense also handles several other tasks such as openVPN.
At the end of the day i found no other solution for $250 that could provide 20mbit/sec throughput with all these features. The setup has been running without reboot for around 8 months now, couldn't be happier and the web interface is very easy to use and very easy to add plug ins to.
www.pfsense.org
Problem solved.
---- Booth was a patriot ----
Any one those cheap Linksys / D-Link routers will be limited to 30-40mbs because there is really only one 100mbps MII interface to the CPU. The uplink and LAN interfaces are separated out through VLANing with the built-in switch. So basically, all traffic has to go over the same 100mbps interface *twice*, thus halving the throughput. You can get an old Sun Netra X1 with dual NICs off of eBay for like $50.
I've had fantastic luck with m0n0wall on a Soekris Net5501 box - The hardware was basically built for routing, switching and firewalling and m0n0wall is a great distribution.
Hit www.soekris.com for info on the products. (I have no financial connection whatsoever, just a satisfied customer)
I don't have an answer to your problem (other than "get a computer"), but you have my deepest sympathies. It is so hard to hear of my fellow human being having such horrific adversities inflicted upon them, and I cannot help but wonder: could this misfortune fall upon me some day?
I can only hope that you overcome the terrible burden of a 100 Mpbs internet connection thrust upon you and your residence, and somehow, god-willing, find a reason to keep on living, in order to set an example for others who may some day suffer the same fate. No matter how dark and hopeless things look right now, don't give up! If you can survive this calamity, maybe I can overcome my own problems as well.
Bless you, my friend, and good luck!
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I have had a very good experience with my D-link DGL-4100. Lan connections max out at whatever the respective hard drives can read/write at, Usually between 55 - 80 MB/s. It has a lot of advanced features, almost everything you'd expect from a custom firmware like DD-WRT. Too many for me to list, look up the demo interface on their website to see what it's got. My internet package is rated at only 30mbp down / 5mbp up, But when running bit-torrents at that speed, I burnt out several routers before landing on this one, which was able to withstand the punishment of that many connections. I'm sure almost any router out there can muster that speed in a single connection, but multiple connections are really what bog it down. I have also been able to achieve burst download rates of about 35 - 40mbp (during off-peak hours). My router is definatley no longer the bottleneck of the system. It does appear pricey for a router, but I can attest that it is worth it for someone who likes to keep a lot of constant traffic in and out of their network.
I would recommend that you check out the list on the following website:
http://www.smallnetbuilder.com/component/option,com_chart/Itemid,189/
The list is a WAN to LAN throughput list, where you can see how much WAN to LAN throughput the different routers can handle. Personally I ended up buying a DIR-655 (fastest available 2 years ago when I bought it). Its a very fast router, that enables full 100/100 speeds on my internet connect where I peak at around 11mb/s.
I've given up hope on those cheap routers. Sure, DD-WRT and Tomato are decent products, but they don't come close to a box with pfSense. Just pick up the smallest, cheapest and least power consuming ITX box you can find and install pfSense on it. You can control it all from the web browser. Best of all, it's based on FreeBSD.
http://www.vyatta.org/ I've been using this for some time now and it's very capable. Just get yourself some old hardware (my first box was an old laptop).
I'm flat out getting EIGHT megabits a second in this webforsaken country below the equator (guess which one!... Australia...).
Admit it. You post strawman arguments as AC so you get modded Insightful for refuting them, rather than Troll
I'm looking at the NetGear RangeMax WNDR3700 Dual Band Wireless-N Gigabit Router. Haven't tested it yet and like to know how it performs. I got 50mbits at home as well, going up to 80mbits this year and I want Wireless-N at high speeds (2 meters distance, ethernet ports WILL break if you plug it in daily).
I can recommend a router from the routerBOARD series (www.routerboard.com). I have one of their cheaper models, the RB433. It can handle my 100/5 cable connection at home just fine even though I have quite a few NAT rules, a strict firewall policy as well as extensive QoS bandwidth shaping. I highly recommend it.
If you're looking for something a little bit more "mainstream", look for a D-Link DIR-855 or one of the Linksys/Cisco 200€-class routers.
Go buy the cheapest 1U Hacom box here
It's even cheaper if you get the box bare-bones and get the memory, CF card, etc... from newegg.
Then go load pfSense on the flash card and turn it on.
The setup is easy and you get more of a commercial-grade firewall than a home firewall. It'll handle gigabit speed easily.
There's no place like
Home Router For High-Speed Connection? .. err .. for high-speed connection?
...
HomeR outer For High-Speed Connection?
Homer out er For High-Speed Connection?
Homer out
I got nothing.
I've had pretty good success with the community version of Endian firewall, as well as the "commercial" 25 user license. It's got a handy little web accessible interface, can handle up to 6 interfaces (and I use all of them), has baked in snort capabilities, etc. Depending on the hardware route you go, it can support the high speeds you are looking for. I haven't conducted extensive bandwidth tests, however I was able to cap out my FiOS WAN connection at 35/15 Mbps with a 10/100 d-link NIC. Internal tests across gigabit NICs have hovered around 300Mbps, however there's several network devices in play that made it hard to determine the actual choke points. The community version is easily install and play-able, the commercial version as well (but with customization is soooooooo awesome). The downsides are that it doesn't come with a lot of hardware (wireless cards?), and to support that you have to "spin up a development server" to compile the driver into a binary for it to work. (yes, even with the commercial version *grumble*). The Endian company also sells hardware appliances, if you wanted to contact their sales team.
The community version is free, but offers only forum support.
The commercial version (25 user enterprise) runs about $450.
Both can be found at: http://www.endian.com/
This space intentionally left blank
Can anyone comment on the latency of using iptables?
Awhile back I was in the process of moving, so I packed up my NAT/samba server and went with just an old SMC router for awhile. I noticed that while using the router, my latency seemed to be a bit better for some games etc
Overally bit-rates were unaffected, but my ping-times seemed lesser with the router. It may just be my firewall rules/configuration though, or the NIC that's on my NAT box.
Anyone else notice a difference? My current NAT box is a mini-ITX PC with a C7 processor and dual gigabit RTL-8110SC/8169SC NICs.
MSI RG54G3 does 100Mb/s with NAT, URL filtering, port mapping, etc, etc (LAN part). I can get as much as much as 11MB/s with torrents - no crash, no freeze. WiFi works extremely well too.
Mine is 4 years old - and I have NEVER had any problems with it.
I have 25/25 FiOS with the actiontec router. The Actiontec would often lock up after heavy BitTorrent sessions. (something about memory leaks in the routing tables i heard) Anyway I had the internet connetion switched from Moca (cable output) to ethernet and I run it through an old pentium 200 with 3 nics running ipcop 1.4.21 a 24 port switch and hung the router on after for wireless and Moca for the stbs. It has yet to crash, been up for over 2 years and I get full bandwith on nat on the clients . and over 10/10 on the wireless.
wanted: one clever sig,apply within
I have a Linksys WRT150N with dd-wrt on it. When I used it on my school connection, at RIT, I could get a bit over 100 mbit on speedtest.net.
Any wireless router that can handle 802.11n had better be able to do 100 Mbps with NAT enabled or it'll be laughed off the market.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
If you're already running a server to do MythTV, printing, file serving, or whatever, just run the appropriate firewalling on it. I'd recommend OpenBSD if you don't need to Linux instead, since it will be exposed to the net.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Can you explain that in car analogy?
Preferably in non pizza delivery vehicles.
Junk x86 machine with two NICs + linux = very fast router
Lots of open TCP connections will load down the router more than raw bandwidth usage. 20 Mbit/s of bittorrent is far more demanding for the router than 100 Mbit/s of FTP.
Any fairly modern home router can probably handle a 100/100 as long as you don't load it down with heavy bittorrent usage. If you need more power, you could use an old laptop with m0n0wall. Laptops are often quite power efficent and not very noisy.
I have an older Pentium dual-core that runs OpenBSD and has four NIC cards. One NIC card is for the WAN, the second is for my DMZ, the third is the LAN, and the fourth connects to WAP. I loaded the Operating system on a flash card and removed the HD to save power. Not quite as power efficient as the Linksys but much more flexible. The LAN and WLAN operate on 10.0.1.0/29 and 10.0.2.0/29 respectively. The DMZ has publicly available addresses. OpenBSD handles NAT, Firewall/Routing, and IPSEC, OpenSSH Tunneling, and OpenVPN.
Get a $270 1U Supermicro server from Newegg and Vyatta. Problem solved and TONS of additional benefits.
Something with 64MB of ram and a PII-400 or faster should be enough to run packetfilter for a 30mbps or faster connection right?
In my experience, I've had great success with the Buffalo WHR-HP-G54 with Tomato in my house, and I've personally setup an OpenBSD box with pf for a coffee shop. I don't have the connection at home to really saturate much of anything at the moment (I have a Comcast 22 Mbps connection myself), so I can't really comment on how well the router would scale up with a faster connection + NAT. But OpenBSD + pf works extremely well with 20-30+ users all hitting up YouTube; before that, the coffee shop had a D-Link router which faltered within two hours of it being reset (by this time, it has to be power cycled again, ad nauseum.)
As other posters have said, be sure to get at least one 1 Gbps NIC card from Intel or 3Com. I'd personally get two of them and leave the motherboard NIC untouched; I've found that a lot of the lower cost motherboards with low power CPU's usually only have a 10/100 Mbps port, which should be more than enough for most internet connections, but could possibly peter out in real world scenarios.
"Hegelians, who love a synthesis, will probably conclude that he wears a wig." - Bertrand Russell
I recommend you get an device that supports Tomato. http://www.polarcloud.com/tomato
Or you could always go the extra mile and make yourself an Linux router. Personally this would be my pick as it has many advantages.
For example you could run an Torrent / Usenet client on it or use it as a Bitlbee server. http://www.bitlbee.org/main.php/news.r.html
http://www.calcentron.com/Pages/unicom/unicom_networking_equip/unicom_fast_enet_switches.htm
I use these and they are not only small but work flawlessly.
I use a FreeBSD box as my home router on old equipment with a commercial grade WAP interface for my wireless an old 3com managed switch that hasn't failed me yet -- it also acts as a firewall in 10 years It hasn't failed me OS wise although I've had hardware burn out on me causing a rebuild it works flawlessly
no matter how good it is, it is human nature always wants to make things better
Making and selling goods that by design don't perform as advertised is a lawsuit waiting to happen.
I hope the stockholders of the companies involved are aware of this and value their shares accordingly.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
When we got 100/100 fiber we had a lot of problems with our router. Eventually the ISP actually sent us a very nice router as an excuse for a couple of things.
The router is a Dlink DIR-655 Xtreme N Gigabit Router and the internet has worked flawlessly ever since.
Although it doesn't sound like a SOHO solution, Cisco's ASA5505 would be a good choice. It will do up to 150 Mb/s of firewall throughput, or 100 Mb/s of VPN crypto. If you have a small network, the model you want is ASA5505-BUN-K9, which can be bought from many online retailers for under $400. If you aren't comfortable with Cisco's CLI (specifically PIX/ASA), the ASA line now also has a very good GUI which can be used to configure almost anything on the firewall. It mangles object names and such for CLI junkies, but it works well if you always use the GUI.
There are a few feature restrictions on the base-model 5505, such as a maximum of 10 "inside" hosts getting to the Internet at any one time. Also, while the 5505 base supports 3 VLANs, one of them is restricted and can only really be used as a "guest" segment, and not a true DMZ. None of the restrictions should cause you much concern if you have a 'typical' (geek) home network of a few internal hosts and a couple ports opened into internal machines.
http://www.smallnetbuilder.com/component/option,com_chart/Itemid,189/
You need some packet lube to get them flowing smoothly again!
---
"I can't complain, but sometimes still do..." Joe Walsh
Mikrotik (http://mikrotik.com/) makes the RouterBoard (http://routerboard.com/) series of routers than can route 100mbps. Their entry level model is just $40, but I can't tell if it will actually handled 100 meg through it's NAT. http://routerboard.com/pricelist.php?showProduct=56
I'm a bit concerned that so many slashdotters are using D-link, etc.
I thought everyone here, run iptables and built their own boxes...
anyhoo, as far as the OP's question goes, get yourself and old PC and run RouterOS on it or take a look at Mikrotik's Routerboard line of products.
Incredibly powerful feature sets (actually 90% of the functionality will be overkill for home use). These are Cisco killers for an eighth of the price (maybe even cheaper than that)
You will need to do what you are doing though as set up is not just point and shoot. There are some very good guides around though.
RouterOS: http://www.mikrotik.com/software.html
Mikrtik Routerboards: http://routerboard.com/pricelist.php?started_from_home=1
Comment removed based on user account deletion
We also had similar expirience with home routers, but then tried monowall, pfsense, ip cop, and mikrotik. All of them work nice, have more or less user frendly web interface (or something similar), and also differ in price (monowall, pfsense, and ip cop are free). In all cases we were serving a mixed wireless-wired network of 50+ users, using NAT, DNS, firewall, port forwarding and some other features, depending on "router/firewall/whatewer" software mentioned.
At hardware side, we tried several hardware configurations, from 125MHz ARM-based routers, to 333MHz celeron or over 2GHz AMD processor-based PC's, and maybe most interesting was an Alix board with 500MHz AMD Geode x86 processor. Runs at low power, it's small, and gives all advantages (and other things :) ) of a PC. Trying several homer routers (Linksys, Buffalo, Planet, TP-link, etc) proved what other posts already pointed out - they are good-enough for aDSL lines, and speeds up to 10Mbps. Nevertheless, several Thompson and Siemens routers performed badly (instability is their middle name), but they are out of your league anyway and some of them are not available any more. Worst firewall in our experience came from Microsoft (ISA), and while being stable, it introduced huge packet delay and a number of "features" that made us bitter many times.
We also tried several Cisco routers and firewall, and to say the truth, were not impressed by what you get for the price, as beforementioned solutions provided same or better level of service for much less money. I don't say that they suck, but just that they are some kind of reference, so we tried them.
For last 2 years we settled with 1.6GHz AMD Turion based PC with 4 network cards, and one wireless card, 512MB RAM, system is on 256MB CF card, running one of mentioned software packages, while logging is done on separate machine. Going with CF (notice that nothing gets written to it) instead of HDD, provided us with increased stability, as hdds do fail more often. Good UPS is also a plus.
Doing a good job is like spilling coffee on a dark suit, you feel warm all over, but nobody notices.
A few years back I was Sick of burning through Linksys WRT54-G Routers at the rate of one every nine months. I said to hell with it and tried out the "Buffalo" WHR-HP-54G. It started to show some signs of slowing down in the past six months, so I tried to replace it with a WRT54-G, a Linksys Wireless N, a Netgear wireless N, and a D-Link Wireless N. None of those routers gave me the throughput that my 4 year old Buffalo did. The Buffalo stock firmware leaves something to be desired, but it was easily flashed with DD-WRT.
Now, I admit that this is a little pathetic, but my in-laws really treat me quite well and despite being over 30, still drop $200 or so dollars on my wife, her two siblings, and me for Christmas despite the fact that they are not even close to being rich. So, my list included a few items with the new Buffalo WZR-HP-G300NH. Sadly, that is the cheapest Buffalo with 10/100/1000 speeds on the LAN ports. While I have not tried this router yet, my past experience with the Buffalo Routers has been so positive that I have no problem recommending that you try it out.
Another crazy thing with Buffalo, I was browsing through the reviews of a Buffalo product on Amazon or Newegg or some other website. One of the guys from Tech support had popped in to answer some questions and also tossed his own EMAIL Address out there for people. It was really early one morning (3 AM central) and I had quick question so I threw it out there. I got a response from the guy 30 minutes later. That was pretty wild. I wouldn't expect that kind of service all the time for a low end consumer product, but it gives me confidence that their support team takes some pride in their work.
Note that I have never worked for Buffalo or am affiliated with them in any way... I've just been very impressed with them in my (albeit small) experience with their products.
NETGEAR FIREWALL ROUTER FVS336G or something similar. Add a gigabit switch and your are set. If you are upgrading networking equipment, may as well add a hardware firewall and not depend on operating system firewalls.
I'd say it depends on the details of that d-link router you have -- is it a cable modem itself or something your just hookiing up to your cable modem.
If the later, Vyatta will work wonders with some old x86 hardware....
I use FeeBSD 8 as a router and also have a Slackware box configured. Both work equally well. My old netgear router only handled 12mb and my cable can hit 35mb/s. Either linux or freebsd or openbsd for that matter make a great router os. If you look around a bit you will find all kinds of howto's on the net. You can also make the box a samba shared drive and a print server if you are up to it. All you have to do is put fwo ethenet cards in medium power system (almost anything with work cpu wise 512m ram will also work fine), install your flavor of linux, enable ipforwarding, iptables, and setup your routing. You will be amazed at the speed increase.
Ok this one was dissed due to being advertized as "open source router". However, I looked at the specs and from all the cheapie routers this one actually seems to have the best hardware specs. It's got a apparently quite fast cpu (broadcom 4718 at 480Mhz, supposedly mips 74k core said to be much faster than the older broadcom 470x chips), it's got 8MB flash, 64MB ram. Might not be open source but should run dd-wrt... For what it's worth, netgear advertizes it with 350mbit wan to lan throughput, make of that number what you will...
sonicwall tz210
Time Capsule and the (square) AirPort Extreme Base station are capable of achieving exceptional throughputs, well beyond 100 Mbps+.
P90 or whatever, add Linux, shake, have fun :)
OpenBSD seems to have bottomless routing performance in my installations. Any variant thereof should do the trick. OpenBSD is fairly user friendly to setup in these configrations compared to other systems like FreeBSD and Linux.
POKE 36879,8
FreeBSD 8.0 and a couple of Intel Pro100B nics or Gigabyte NICS installed on any x86 system
built in the last 10 years should do just fine as a router.
http://www.freebsd.org/
What most dont appreciate is that a common $50-60 router would do everything the OP wants, and use low double digit watts while running, while "your old computer and some open source s/w" approach wastes more than that in power supply inefficiency.
While a 6 year old computer gives you fabulous flexibility, as usual the total costs and support limitations are lost on the typical slashdot poster.
Drat, I wish the writer had said what kind of D-Link router he's using. Our own Internet service was recently upgraded from 21 Mbps to 50 Mbps and we have been having issues with it since then. We also use a D-Link router (DIR-655) and haven't figured out if the issue is the modem (had to trade in our Motorola Surfboard 5100 for a new Arris that supports DOCSIS 3.0), the router, or the service itself since it is a new speed range for our provider, maybe they haven't gotten all the bugs worked out yet.
It will work great part of the time, sometimes it seems to be connected but service moves at such a trickle most things time out, sometimes resetting the router fixes this, sometimes we have to reset the modem, and it happens quite often late at night when it's hard to get support for the issue.
it doesn't work very well with my ps3. I've got it running on an old p4-2.8gz machine with gig interfaces. handles my 60Mbit connection at full speed
Get this: http://www.geeks.com/details.asp?invtid=8189-P3U-LNX-1R&cat=SYS
Add a few extra GB NIC cards and install IPCOP or M0n0wall.
It's been more than 4 years since 100Mbps connections became popular in Korea. Nowadays, almost all routers sold in Korea are 100Mbps ready. Best selling local brands like Iptime or Anygate and impoted models like Netgear WGR614SS are all advertised to support a 100Mbps connection. It's been discontinued, but even a new version (can't remember the version number) of Linksys WRT54G with 100Mbps support was introduced in Korea couple of years ago.
I've recently discovered DrayTek routers - they're apparently popular outside of the states. The 2930 series is rated up to 70Mbps, the 2950 series 90Mbps. There might be beefier solutions in their lineup, but these are the two I was looking at. I came across them looking for a Dual-WAN router - I eventually settled on the 2930 router (non-WiFi) to load balance my Cable Modem and DSL connections. The combined upstream/downstream bandwidth on both connections was more than most entry-level Dual-WAN routers could handle.
I have a 50Mbit up/down connection to my home and found my old go-to, the wrt54g/gl/gs to be lacking. I have a pile of those routers and they just couldn't perform - I decided I would need some headroom. I went out and got a wrt300n (the one with the awesome satellite dish sticking out of the top) and it has performed admirably with the help of dd-wrt.
A 50Mbps connection is the greatest thing ever bestowed upon man. May we all have them soon.
or else!
As I recently discovered, the WPA performance is limited, so only wired and open WiFi will get full performance.
Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
In some countries, like here in Sweden, this was a problem 8-9 years or so ago (when we started getting 100/100mbit at home) and was under much discussion then, but I fail to see how it is a problem now. There are plenty of consumer home routers now that can handle this. I can highly recommend the more expensive DLINK routers, yes I know, the cheaper ones are ... not very good. Have a look at the DIR-655 or all of the DIR8xx series, excellent in my and many others experience. Stable, fast, never needed a reboot and has no performance problems for high-speed downloads, be it direct downloads from a single source or hundreds/thousands of connections in torrents. Have no problems maxing out my 100/100 connection. Even has traffic shaping so your downloads or uploads don't interfere (noticeably) with your gaming or browsing etc.
Pfsenese or m0n0wall might be more fun though, but if you don't run it on some small embedded device (but still have to find one powerful enough) it will draw more power than a small modern above average home router.
See this chart of actual WAN-LAN throughput for home routers: http://www.smallnetbuilder.com/component/option,com_chart/Itemid,189/
Mind you you will have to use wired not wifi for those speeds.
I'm starting to install clearos because it supports dual-wan. I don't know how well it works yet. But it seems to be the first open source, free, project to support dual wan. I'm in a cybercafe in Sao Paulo, the connections here go down occasionally, so we have two ISP's. Have been looking for a dual-wan, fast router for a while. ClearOS used to be ClarkConnect, which had only a paid version. They restructured their economics and went open source.
Build your own energy sources from scratch. http://otherpower.com/
I use a Linksys RVS-4000 between two local LANs, NAT speeds over 250Mbps no problem (will likely go higher, it's just windows file sharing peaks at 250-350Mpbs). Used also to use ASUS SL500 in the 100Mbps days reaching over 90Mbps, though seriously would not recommend their user interface (I'm not sure if something got lost in translation between the design engineers, or what, but it has the most unintuitive interface I have EVER seen).
Linksys is a joke, especially since a word Cisco is written on it. I bought WRT150N and it didn't work over an hour under torrents load with its default firmware. The router hanged and had to be hard reset. And that with just 6 Mbit/s ADSL. Right on Linksys support forum I read about alternative firmware from some guy who had the same problem. I flashed dd-wrt on it and never had hang ups again. But maximum bandwidth in LAN I can get is about 25 Mbit/s. After such experience would never suggest buying Linksys to anyone.
Get an Alix or a RouterBOARD. You will love it.
http://ubnt.com/products/rspro.php
I't's build for the embedded market. The ARM cpu (MIPS 24K ISA) is clocked at 680 mhz, and is overclockable to 800 mhz. It ships with OpenWRT. pfSense is in alpha now. Ubiquiti just had a $200k contest for a better UI
I am running pfSense on an 8 year-old PC with two network cards. It can gets throughput like that.
If you want ultra-low power, you can use the Embedded version of pfSense running off a CompactFlash card and then you will not have a hard-drive running.
The Apple Extreme Router can maintain very high speeds, with or without NAT. It's a Gigabit Router.
I stayed in a hole-in-the-wall town in February 2006. The motel had a fat-pipe kiosk in the main office. I was grateful to have it, because the cell phone service in the area was horrible.
I've been pretty happy with my Cisco 1800 series at home.
Alternatively, you could do the whole PC-Wirewall/router thing.. if you do, sink time into getting a few real NICs.. not all NICs are equal!
----- The internet has given everyone the ability to have their voice heard equally as loud.. even if they shouldn't be
There is a software out there that runs linux on a PC. The Software is called smoothwall. http://www.smoothwall.org/ I have played around with it a few years ago. The breakdown of it... take a PC a Pent 3 or so with two NIC cards. One will hook up to your cable modem. The other one will hook up to a switch (not a hub needs to be a switch) like a Dlink or something that has 4/5 ports. A normal Router is a router and a switch built all in one. I hope this helps you out some.
My D-Link something-or-other (Wireless-N, Gigabit Ethernet) started dying last month, so I upgraded to a Buffalo WZR-HP-G300NH. The main reason I went for the Buffalo is extended range... this sucker really does put out 500mW or more, rather than the usual wimpy http://www.smallnetbuilder.com/wireless/wireless-reviews/30889-buffalo-nfiniti-wireless-n-high-power-router-a-access-point-reviewed
-Dave Haynie
Where do I need to relocate to in order to get a 100mbit residential connection? As far as I'm aware, the only things "widespread" in the US is Verizon and Comcast, and they only go up to 50 mbit it seems. I know Japan's got it all over the place, I'm curious where you guys are getting it from.