Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Replace NAT Box with Commercial Broadband Router?

Cliff posted more than 9 years ago | from the if-it-ain't-broke dept.

The Internet 118

hjf asks: "Three years ago, when I got DSL, I set up a 486 box, with 8 megs and a floppy drive to run FloppyFW. It has been through a couple hardware upgrades: 16Mb RAM for running the 2.4 kernel and a 100MBit PCI NIC for the internal network. It has a little UPS which lasts for over 60 minutes. The only downtime it has is when there's a thunderstorm and I unplug it. Besides that, it has been running flawlessly since I set it up. Lately I have been kind of seduced with this product from 3Com, and other similar to it. I know it says it can handle 253 simultaneous users and all that. My home network has 4 users, but most of us run eMule and other P2P, and as many of you know, those P2P programs can beat the crap out of your router.""For example, the default NAT table of my box wasn't enough (syslog reported TABLE FULL - DROPPING PACKET), so I made it 32768 entries and that message doesn't appear anymore. Now, what I'd like to know is, how big is that router's (or any other which does that kind of job) NAT table? Will it handle that many concurrent connections? I know I'll lose most of Linux's flexibility but I think I can live with that, but I'd surely win lots of room in the closet. So Slashdot, what's your opinion about all this?"

cancel ×

118 comments

stick with what you've got (5, Insightful)

Anonymous Coward | more than 9 years ago | (#10282798)

Whoa, you want to replace a simple, working firewall, which is open-source, understood by you, and which costs next to nothing, with a closed-source, commercial, EULA-encumbered device with arbitrary limits, unknown functionality, guaranteed to work only with Windows, but in a shiny branded box?

Damn, if you're not a manager now, you're in the wrong line of work!

I mean, you're seduced by this kind of crap?

IP functions such as PPTP/PPPoE, NAT, and DHCP enhance addressing privacy and economy

Wow! Enhanced addressing privacy! And Economy! Both in one sleek white box!

Hacker pattern detection firewall feature automatically detects and blocks denial-of-service attacks and other common intrusions

I can just imagine that sophisticated technology.. if packets/second exceed X, start dropping packets randomly....

Re:stick with what you've got (0, Insightful)

Anonymous Coward | more than 9 years ago | (#10282913)

Why is this moderated as a troll ?

Re:stick with what you've got (0)

Anonymous Coward | more than 9 years ago | (#10283543)

Maybe because of the unnecessarily snarky, sarcastic tone...?

Re:stick with what you've got (0)

Anonymous Coward | more than 9 years ago | (#10283921)

Wow! Enhanced addressing privacy! And Economy! Both in one sleek white box!


Damn that is a sleek little white box.

I want one!

Re:stick with what you've got (1)

dizzyduck (659517) | more than 9 years ago | (#10284737)

I have the said "router". It works fine with Linux. The web-based adminstration interface works perfectly.

Bullshit (3, Informative)

Quattro Vezina (714892) | more than 9 years ago | (#10289182)

guaranteed to work only with Windows

You, sir, are lying. My D-Link DI-604 router works perfectly with Linux. In fact, I don't think I've ever even touched the configuration interface under Windows.

It works beautifully, and I'd recommend one to anyone who needs a NAT. It's a tiny (5.5" wide, 4" long, 1" tall) silver box that sits in the corner of my desk, surrounded by whatever junk I have. I don't have a second machine to use as a router, and if I were to buy one, I'd be spending far more money--I bought this thing for $20. Not to mention the fact that another machine would take up far more space.

And you know what? It just works. I plug it in between my machine and my cable modem, and assuming my machine is set up to use DHCP, it's working. If I want to open some ports to my machine so I can have my servers publically accessible, it takes me about 10 seconds to do so. It's also never dropped me. Ever.

Of course, it depends on what kind of router you own. For example, I would never touch a Linksys product with a 10-foot pole. I have a friend with one...that piece of crap frequently stops working, and won't come back up for a couple of hours, even after it's unplugged and re-plugged into the wall multiple times (it's not the connection--plugging the machine into the cable modem works fine..it's just the piece of crap router that's a piece of crap). Of course, she's refused to listen to me when I constantly told her to get a D-Link router, so I've refused to ever help her on anything network-related until she does.

And I'd also say that if you do have a dedicated NAT machine, and it works, then there's no need to replace it. If it's not broken...

Re:Bullshit (3, Informative)

harlows_monkeys (106428) | more than 9 years ago | (#10293189)

Of course, it depends on what kind of router you own. For example, I would never touch a Linksys product with a 10-foot pole. I have a friend with one...that piece of crap frequently stops working, and won't come back up for a couple of hours, even after it's unplugged and re-plugged into the wall multiple times (it's not the connection--plugging the machine into the cable modem works fine..it's just the piece of crap router that's a piece of crap). Of course, she's refused to listen to me when I constantly told her to get a D-Link router, so I've refused to ever help her on anything network-related until she does

Check the environmental specs on that Linksys and your DLink, and I bet you'll find that there is a difference. I had a Linksys that consistently lost packets, and then a Netgear that consistently lost packets. I then noticed that if I blew into the vents on them while they were losing packets, they would stop losing packets for a bit. If I arranged a fan to blow over them, they were fine. Reading their specs, they are rated to 40C. I pointed an IR thermometer inside one of the vents...and it said 45C. Aha!

I then bought a DLink that is rated to 55C, and the packet loss went away. I gave the Linksys to a friend whose computers are placed where the airflow is better, and it worked great for him.

BTW, the DLink not only was rated 15C higher than the other two, it runs cooler.

Re:Bullshit (1)

prefect42 (141309) | more than 9 years ago | (#10297852)

Not quite the right procedure though. It's not rated for 40C somewhere in the innards. They've reckoned it'll be good enough at cooling itself if the ambient temperature is 40 degrees... Otherwise why not measure the temperature of your desktop CPU and try and match it up with claimed environmental specs.

DI-604 riocks ... (1)

gstoddart (321705) | more than 9 years ago | (#10297344)

My D-Link DI-604 router works perfectly with Linux. In fact, I don't think I've ever even touched the configuration interface under Windows.


I really havr to concur with the parent poster about the DI-604 routers.

I've ran one for the last two years. I can completely administer it from my FreeBSD box, and it just works without ever having to mess with it.

When they first started to become really cheap no less than about 10 people in my office have gone out and puchased them.

Once it's set up (easy to do) you just forget that it exists. From time to time I'll turn on logging to demonstrate it's dropping stuff. Once the logs fill up in a few hours I just turn logging back off and go back to feeling confident it's doing its job.

Cheers

Hmm (1)

StarKruzr (74642) | more than 9 years ago | (#10297686)

It's interesting how widely people differ on opinions of various brands of equipment. I had a D-Link DI-624+ which was absolutely terrible. Damn thing reset itself constantly and wouldn't work with any other wireless network cards other than D-Link's. Tried setting it to 802.11b-only mode and that didn't even help.

I now have a Linksys WRT54G and have never looked back. Thing functions flawlessly.

Agreed (1)

Zooka (457908) | more than 9 years ago | (#10298136)

I've been using a similar D-Link router (DI-704p) for about 4 yrs. Very easy to use, very dependable. It's excellent web interface makes DHCP setup and port-forwarding a breeze. And no, it doesn't discriminate against Linux.

http://www.dlink.com/products/category.asp?cid=2 [dlink.com]

Re:Bullshit (1)

ethanms (319039) | more than 9 years ago | (#10299831)

guaranteed to work only with Windows

You, sir, are lying. My D-Link DI-604 router works perfectly with Linux. In fact, I don't think I've ever even touched the configuration interface under Windows.


I think when he says "guaranteed to work only with Windows", he means that the manf. will only give a rats ass if your problems are under the Windows operating environment... i.e. it probably will work find w/ Linux... but if you encouter a problem, the manf. will tell you to go screw.

I had that problem w/ AT&T a while back... I had a linux machine and my cable modem went dead... they would NOT help me because I was running Linux despite the fact that the problem was lack of block sync between the modem and head-end, not my PC... so I hang up... called back, pretended that I was doing what the tech was asking me in Windows (i.e. clicking things and what not) and finally he said "Yes, I can see that we can not talk to your modem, so it's a problem on our end"

Moral of the story... it's too hard (and not cost effective) to script tech support shit for anything but Windows, so they only guarantee functionality w/ Windows.

Re:stick with what you've got (1)

Chemical (49694) | more than 9 years ago | (#10291833)

Having a Linux box as a router is so unnecessary when you can pick up a fully functional D-Link or Netgear router for $20 that does everything you need, is vastly easier to configure, takes up significantly less space and less power, and makes no noise. Linux provides a lot more functionality, sure, but a home user with maybe two computers doesn't need all that. They just want to share an internet connection for god's sake.

Upgrade to a Pentium Laptop (4, Interesting)

Anonymous Coward | more than 9 years ago | (#10282802)

Get a Pentium laptop, and you will still get the flexability of linux, and you will save room.

In MN area? (2, Informative)

kcb93x (562075) | more than 9 years ago | (#10283474)

If so, I've got about 20 Pentium Laptops sitting behind me, no HDs, otherwise most of 'em boot. I'll give them to anyone in the Twin Cities area...just speak up....
Various brands
Power supplies for most
No hard drives

I'll pay postage + a little extra... (1)

hackwrench (573697) | more than 9 years ago | (#10286433)

for you to send the lot to me in Lorain OH

Re:In MN area? (1)

KD5UZZ (726534) | more than 9 years ago | (#10288801)

What are we talking about for postage to Oklahoma? My ham radio club (www.w5yj.org) could use a few machines for some packet projects.
-Daniel
KD5UZZ
www.w5yj.org
OSU Ham Radio Club

These things are designed for home use (4, Informative)

mind21_98 (18647) | more than 9 years ago | (#10282828)

Routers such as above are designed for home use, not for anything that's user-intensive. If you're planning on beating the crap out of it, you should probably purchase a product designed for that purpose (or keep your Linux box). The general rule applies when considering buying an electronic item: read reviews and ask around.

Absolutly not. (2, Informative)

Inominate (412637) | more than 9 years ago | (#10282835)

Consumer grade broadband routers are notorious for causing problems, and are almost always badly underpowered. Using a PC based router to handle nat generally works much better, provided you have the know-how to set it up.

Re:Absolutly not. (5, Informative)

Wonko (15033) | more than 9 years ago | (#10283183)

Consumer grade broadband routers are notorious for causing problems, and are almost always badly underpowered. Using a PC based router to handle nat generally works much better, provided you have the know-how to set it up.

A few months ago I replaced an aging P133, an ancient 3com 12 port 10 megabit switch (with 2 100 megabit uplink ports, woo hoo!), and an 802.11b access point with a Linksys WRT54G.

I replaced the firmware with this [portless.net] . I've been very happy with it so far. I think the 200 mhz mips processor is probably a decent replacement for the P133. It takes up much less space, makes much less noise, and it's in much better condition that the old hardware it replaced. I can still ssh into it, and according to /proc/version it is running a 2.4.20 kernel.

I think it was approximately 70 dollars well spent.

Re:Absolutly not. (1)

gl4ss (559668) | more than 9 years ago | (#10284266)

the cheap hw routers are notorious for choking up on even "moderate" use, even when they have 100mbit ports(so they'll choke at natting something like 10-20mbit/s).

and yes usually even ~150mhz pc with decent network cards can kick the crap out of them when needing high speeds.

(this may have changed, but i doubt it. and with most home connection speeds it of course doesn't matter because not everyone has 100mbit connection to home. it does for me though.)

Re:Absolutly not. (2, Informative)

Wonko (15033) | more than 9 years ago | (#10287427)

the cheap hw routers are notorious for choking up on even "moderate" use, even when they have 100mbit ports(so they'll choke at natting something like 10-20mbit/s).

The only issue that I had with mine at all so far was that the default value of 1024 for ip_conntrack_max was too low. That caused problems with bittorrent and whatnot.

I don't have a 100 megabit link to the internet, and I don't think my p133 could nat much better than this box if that were the case. One of these days I need to install top on my WRT54G and see how much load it is under. My guess is not very much.

and yes usually even ~150mhz pc with decent network cards can kick the crap out of them when needing high speeds.

What does a 150 mhz pc have over this box exactly? They've both got a 33mhz pci bus and they both have capable processors.

(this may have changed, but i doubt it. and with most home connection speeds it of course doesn't matter because not everyone has 100mbit connection to home. it does for me though.)

Well, most of us only have a 3 megabit connection. Therefore for 99.999% of us a WRT54G is more than enough. I would bet that if all you need is NAT at 100 megabit, it is still probably good enough. If I had more gumption I would do some testing... But if I ever need to put hardware on the end of a 100 megabit WAN link it will be a piece of enterprise class hardware. And it certainly wouldn't be the fastest WAN link I've ever had :p.

Re:Absolutly not. (1)

gl4ss (559668) | more than 9 years ago | (#10290056)

**What does a 150 mhz pc have over this box exactly? They've both got a 33mhz pci bus and they both have capable processors.**

what it has over the cheap hw solution is that raw speed. and what I mean by that is that the pentium based with even fairly decent network cards can handle something like 80mbit/s going through it when the hw based one can handle just ~20-30mbit/s.

this is *regardless* of if they seem to have a 'capable processor' and 'just as fast bus'.

configurability also in most cases is much greater if using something like smoothwall, I'd check that you can do port forwardings easily in masses.

of course as you don't have a 100mbit uplink it hardly matters. but what I just don't like is these companies just slapping on a 100mbit interface on it and advertising like it could do it(and then I have to explain it to people asking "why you're running a 'full' computer for the nat?")...

nat-and-wlan-in-a-box solutions are very tempting, but not without flaws. of course, it could be just easier to get one than get a more recent computer, though.. or better nic's which might be just enough(or more mem).

(also WRT54G is bashed on couple of 'comments' sections like c-net asia's, especially it's wifi range)

Re:Absolutly not. (1)

Wonko (15033) | more than 9 years ago | (#10291117)

what it has over the cheap hw solution is that raw speed. and what I mean by that is that the pentium based with even fairly decent network cards can handle something like 80mbit/s going through it when the hw based one can handle just ~20-30mbit/s.

this is *regardless* of if they seem to have a 'capable processor' and 'just as fast bus'.

So you're saying that 200mhz mips processor on a pci bus isn't in the same class as a pentium 150? I can't speak for the NICs, because I don't specifically know the chipsets.

configurability also in most cases is much greater if using something like smoothwall, I'd check that you can do port forwardings easily in masses.

The web interface is pretty basic, but even the stock firmware does basic port forwarding, by port range. What can't be done in the web interface can be done from the command line. As far as I know the firmware I am running doesn't include shorewall, but I believe the latest firmware from Sveasoft does. I've never used shorewall, so I can't say much about that.

of course as you don't have a 100mbit uplink it hardly matters. but what I just don't like is these companies just slapping on a 100mbit interface on it and advertising like it could do it(and then I have to explain it to people asking "why you're running a 'full' computer for the nat?")...

Yes... I, like 99.999% of people on the planet have a 3 megabit link and not 100. So for us, this machine has more horsepower than we are likely to need. Go figure. As for it having a 10/100 port on the internet side... What would you expect it to have? Did you think they should go out of their way to put a seperate 10 megabit NIC chipset in the thing?

I also don't recall anything on the box calling any attention to the speed of that network port...

nat-and-wlan-in-a-box solutions are very tempting, but not without flaws. of course, it could be just easier to get one than get a more recent computer, though.. or better nic's which might be just enough(or more mem).

If I used a more recent computer, I would have to worry about more moving parts to die. I don't know about you, but I've had more hard drives die on me in this last year at home than I can remember ever dieing on me in the last 10 years. I don't want a hard drive. I don't want fans. I don't want to spend the time, effort, and cost to build something equivilent to my WRT54G.

It's my firewall. I don't want it to do much more than it does anyway. Less is more secure.

(also WRT54G is bashed on couple of 'comments' sections like c-net asia's, especially it's wifi range)

I live in a house that is over 100 years old. Some of the rooms still have the ancient plaster-over-wood-or-chicken-wire walls. I can tell which walls are old, because they soak up significantly more signal. My laptop only has 802.11b, but I get full speed anywhere on my property.

With aftermarket firmware (what's more fun than a small, hackable Linux box?) you can increase the transmit power from the stock 28mw up to 84mw. I have not had to increase mine, as a matter of fact I could get away with lowering it. I don't know how well things work at full power, I vaguely remember reading that setting it too high causes heating issues.

I guess what I am trying to say is that a box similar to this is more than enough for most people. It's still a linux box, and I can still run anything I can fit on it. Without aftermarket firmware it replaced all but one service my previous firewall was handling, static dhcp mappings.

What I use (4, Informative)

Judg3 (88435) | more than 9 years ago | (#10282847)

I use SmoothWall [smoothwall.org] on a P200 with 384mb ram and a 10gb hdd.

There's been upwards of 20 PCs on the network and there's been a few times when 1 of us will been on the phone (VoIP), 2 of us are downloading a lot of files via p2p and another downloading ISO after ISO off of MSDN - all at the same time.

The little smoothwall box handled it all wonderfully, plus there's a fairly large community out there writing custom modules and addins for it.

The best part? Well, besides the transparent web proxy, I really like how you can have an internal-only network and a seperate DMZ network to hang your web services off of.

It's not as small or sexy as that 3com, but for me it's a perfect fit - handles a lot, plenty of ways to monitor it, and the price is right. Give it a shot, see what you think.

Re:What I use (4, Informative)

ManxStef (469602) | more than 9 years ago | (#10283419)

I've used Smoothwall too, and it's great. I'll add another suggestion, though: IPCop [ipcop.org] , a free GPLed fork of Smoothwall which adds many features not available in the basic Smoothwall distro; great for home and small network use (though I'd highly recommend SW if you need any commercial support). The latest version [ipcops.net] - on release candidate 4 now, watch out for 1.4 stable any day now! - includes traffic shaping using Wondershaper, so will solve your P2P problems quite nicely. See the unofficial support forums [ipcops.net] for the latest news and plenty of help.

Of course, if you just want a standalone device, like others have said youe best bet is to get a LinkSys WRT54G/WAP54G plus alternative firmware, such as the Sveasoft one. See more info here:
http://www.seattlewireless.net/index.cgi/LinksysWr t54g [seattlewireless.net]

Re:What I use (2, Interesting)

f()rK()_Bomb (612162) | more than 9 years ago | (#10284034)

I really have to add a vote for smoothwall , where i used to work (government office) Me and rest of the IS section used to regularly beat the hell out the SOHO firewall. My sysadmin wanted to "upgrade" to a big,better,faster sonicwall product (the previous sonicwall product liked to download firmware upgrades and crash itself. Nice) I just said give me 2 hours and i will have i new firewall running. He laughed and said thats something id love to see. 2 hours later after hunting in the basement for p166 and downloading smoothwall there is very little we can throw at it that it cant handle , sysadmin is now a manager. Great }:-) Where am i ? Pretty much quit at that stage. Recently nmapped their network , ports open now include such gems as 135,137,21,25,1433 & 6669. WTF

Re:What I use (0)

Anonymous Coward | more than 9 years ago | (#10291914)

I use SmoothWall too, and if you want something that's just as sexy and compact as a Linksys or Netgear box, just go out and buy a Mini-ITX system with dual-Ethernet ports and toss in a 20 Mb. hard disk and install Smoothwall. You get the best of all worlds that way, including something that those cheap (ahem) "hardware" routers don't do: logging.

Re:What I use (1)

darkonc (47285) | more than 9 years ago | (#10292121)

The best part? Well, besides the transparent web proxy, I really like how you can have an internal-only network and a seperate DMZ network to hang your web services off of.

That's just peachy, but if he's not doing any of that, then who cares? This is spoken as someone who has something similar (but I just started with OpenBSD and my own custom rulesets). I've also built similar boxes for people who wanted 4-leg networks (hacked box isolation and diagnosis, etc.). For a relatively simple user the only real question may be: How many simultaneous connections can that pretty white box handle when you've got 4 people doing bittorrent downloads?

If the answer is 'enough', then who cares about doing things that he doesn't want to do? It's like the difference between a cargo van and an austin mini -- if all you're doing is hauling groceries for two, the cargo vans capabilities are overkill, and the extra gas bill is a waste.

Even though I've got the pieces to build 3 or 4 more 'interesting' firewalls, I'm still happy to recommend a small box router to most of my friends who don't see the value of dedicating an entire shelf to the same (
for them) functionality.

But I still would like to get rid of some of these boxes....

Huh? (5, Funny)

jazman_777 (44742) | more than 9 years ago | (#10282851)

and as many of you know, those P2P programs can beat the crap out of your router.

Do you mean your NICs get hot? Or does the machine start vibrating under the load?

Linsys WRT54G (4, Informative)

brunes69 (86786) | more than 9 years ago | (#10282861)

Get one. They're dirt cheap, have plenty of CPU power, and they run Linux. Combine one with an open source OS image and you have one powerful router - you can do VPN with it, firewall, anything you want - and you can adjust the NAT table to your liking if the default isn't sufficient, and it does wireless to boot.

It'll save you plenty on your home power bill too. Seriously, a 486 or simmilar running 24x7 can cost you 5-10 bucks a month, or even more in some areas. Home routers use significantly less power.

Re:Linsys WRT54G (3, Interesting)

eludias (124857) | more than 9 years ago | (#10284203)

Or even better, a ASUS wl500g (~$90) -- it even contains a USB connector to connect any USB device Linux can use.

It has the same broadcam chipset as the Linksys, btw. (...which is closed source, so you're bound to run 2.4 forever).

http://forum.chupa.nl/ has a forum about it for background information (custom firmware for ssh, samba, ...).

Re:Linsys WRT54G (1)

Loualbano2 (98133) | more than 9 years ago | (#10285539)

I second this. I have one and recently went through a few firmware changes. The stock firmware is actually not bad, and can has a decent amount of options.

Although Sveasoft stirrs up mixed emotions around here, you can get the image for free, and it's very good. You just can't see the forums unless you pay. I personally haven't needed the forums, but your results may vary.

http://homepage.ntlworld.com/mcmntl/satori/Firmwar e_Satori-4.0G.zip [ntlworld.com]

If you are one of those people that don't agree with Sveasoft's forum policy there's Wifi-Box on sourceforge. I installed this one too and its very good also, although I prefer the Sveasoft image.

http://sourceforge.net/projects/wifi-box/ [sourceforge.net]

There are some others floating around, but I did not try them as they seemed too alpha. Cratering my WAP isn't currently a priority.

There are 3 different models of the WRT54G actually. If you count the WRT54GS there are 4. I suggest ebay as a source for the early 20 LED (V1.0) model. This model has more flash ram than later models, and of course looks cooler with its 20 LEDs.

http://www.sveasoft.com/modules/phpBB2/viewtopic.p hp?t=1176 [sveasoft.com]

Of course there are the other WAPs based on the Broadcom chip:

Linksys WAP54G
Linksys WRE54G
Belkin F5D7130
Belkin F5D7230-4
Motorola WR850G
Trendnet TEW-411BRP
Asus wl-300g
Asus wl-500g
Dell Truemobile 2300
Buffalo Airstation WBR-G54
Ravotek W54-RT
Ravotek W54-AP
Microsoft MN700
Apple Airport ExtremG

I don't have experience with these so I can't vouch for their performance.

Have fun!

-ft


Avoid Sveasoft if looking for Open Source. (1)

edgedmurasame (633861) | more than 9 years ago | (#10286932)

I'd recommend avoiding Ewing and his company when it comes to his firmware - given his blatant violations(and admission through changing the license to correct what violations he's done). All you'll get is some person who is less than honest in his dealings with people. Just use the other distributions out there and save yourself the grief. However, if you want to take a look at what Sveasoft offers without giving him more ammunition, here's a link [slashdot.org] to the current images and source.

Re:Avoid Sveasoft if looking for Open Source. (0)

DrZaius (6588) | more than 9 years ago | (#10290682)

How is he less than honest? You can get the source code and binaries for free, just like any other OSS project.

He charges for support and beta/alpha software. Beta/Alpha eventually becomes stable and thus free. In fact the FSF [linksysinfo.org] says his model is in compliance with the GPL.

Re:Linsys WRT54G (1)

harlows_monkeys (106428) | more than 9 years ago | (#10293231)

Get one. They're dirt cheap, have plenty of CPU power, and they run Linux

Linksys home routers are only speced for an operating temperature of up to 40C. If they are in a place without good airflow, that can easily be exceeded.

I hit that in winter because the way my apartment is laid out, the computers are near a heater vent. In the summer, I hit it because I don't have air conditioning.

DLink routers are speced to 55C (and they tend to run cooler anyway, so that they would actually be OK even if only speced to 40C...I find that amusing).

I Use... (1)

the eric conspiracy (20178) | more than 9 years ago | (#10282867)

Generally I use business class products on my home network for reliability. One item I've had good luck with is a Cisco Pix 501. Comes with a full version of PIX software that makes it very flexible, for a not too bad cost through discounters like Ebuyer.

Re:I Use... (0)

Anonymous Coward | more than 9 years ago | (#10285052)

how much you wanna bet that I can build a better box (solid state, small footprint, quality software, reliabilty, even High Availability) for less than the cost of your PIX, ... on Ebay?

Re:I Use... (1)

the eric conspiracy (20178) | more than 9 years ago | (#10293342)

how much you wanna bet that I can build a better box

How about equalling the warranty, support I get, too??? Do you know how much stuff is available online + newsgroups for PIX???

Why? (4, Insightful)

josh3736 (745265) | more than 9 years ago | (#10282914)

from the if-it-ain't-broke dept.

I think that says it all. The box you have now works just fine, so why ditch it for a less flexable consumer-grade router?

Do any of those Linksys boxes have ssh? Nope. Stick with the PC.

Re:Why? (1)

fm6 (162816) | more than 9 years ago | (#10283159)

Do any of those Linksys boxes have ssh?
They don't have SSH because they don't have any kind of command line interpreter -- you administer them through a web control panel. That's not a bad thing in itself, it just limits the hackability of the box. And not everybody needs hackability.

Which is a nitpick that doesn't refute your (quite valid) "if it ain't broke" argument.

Re:Why? (2, Insightful)

fwc (168330) | more than 9 years ago | (#10283193)

Do any of those Linksys boxes have ssh? Well.... Actually... Yes, the WRT54G(S) sure can have ssh with the appropriate third party firmare.

Re:Why? (3, Insightful)

Anonymous Coward | more than 9 years ago | (#10283451)

Just an FYI, the Linksys WRT54g is just about the most hackable $60 box you can buy. I'm contemplating throwing out my sparc5 w/ 4pt ethernet and replacing it with this smaller, quieter, and cooler (temp) box.

https://sourceforge.net/projects/wifi-box/ [sourceforge.net]

http://openwrt.org/ [openwrt.org]

There's lots more out there, I'm sure.

You can even add a serial port [rwhitby.net] to it! Hack the voltage and get 200mw (or something) out of it!

Four years ago when I setup this sparc, it was the easiest solution available for a wireless router and firewall. But now it sits on my shelf and is by far the loudest box I own. Meanwhile my girlfriend has a *silent* firewall and access point for roughly half of what I paid for my sparc. Maybe I'll make the thing diskless so it's not so noisey, but I it might be time to retire it...

I used to play that game (3, Informative)

Pengo (28814) | more than 9 years ago | (#10282925)


Now I save my time and money from electricity and noise and use a little netgear router with 50mbit wireless. I do all the things that you described and never have had an outage, and it's silent.

Why use a 130wat power supply when you can use a 12, and 0 noise. Only router I have owned that routinely craps out is a linksys, I wouldn't touch it with a 10' pole. My 2 netgear routers have worked flawlessly.

Bought a hardware router... (0)

Anonymous Coward | more than 9 years ago | (#10282972)

And after a few months of pain and misery, the good ole 486 was back in place, whereas the router's up somewhere in a closet.

Re:Bought a hardware router... (1)

Micro$will (592938) | more than 9 years ago | (#10283017)

Same here, in my case I made the mistake of buying the Belkin 4 port, which didn't like DSL. I took it back and replaced the 486 with a P233MMX with 128 MB RAM and I haven't had any problems since. I suppose I could use one of those micro ITX machines if I'm concerned with electrical usage.

Re:Bought a hardware router... (1)

innosent (618233) | more than 9 years ago | (#10283589)

Exactly, and with the routing speeds we're starting to see with FreeBSD's new TCP/IP stack (1M packets/sec on a Xeon 2.8), even old hardware should easily keep up with anything you can throw at it on your home connection. Hell, my soon-to-be-replaced-with-faster-hardware FreeBSD firewall/NAT box at work supports about 60 users, running with network polling set at 2000Hz. Any 486 or Pentium can keep up with that.

Linksys WRT54G (1)

jo42 (227475) | more than 9 years ago | (#10283005)


When I upgraded to 5Mbp/s cable and my old SMC Barricade couldn't stand the load - it kept locking up and loosing its settings, I decided to replace it with one of them there broadband router/wireless access point gizmos. After checking out talk on various forums on D-Link, SMC, USR and Linksys products, I ended up getting a Linksys WRT54G. Why? People reported the least amount of problems with it and the fact that it runs a version of the Linux kernel - there are web sites dedicated to hacking this unit and it has some pretty cool features out of the box.

I thought of setting up an OpenBSD-based firewall, but who wants more noise and hassles...

FloppyFW or FreeSCO (free cisco) (1)

BrookHarty (9119) | more than 9 years ago | (#10283031)

While I've used both FloppyFW and FreeSCO (Free Cisco), I like the little nat routers for lower ping in games.

But, some advantages to a linux nat router has been advanced nat support for dcc/etc, packet logging, 3+ nic cards, binding ip's on the fly, changing routes or firewall rules without reboot

VPN had the worst support on both, but not anymore, everything seems to support VPN perfectly.

The biggest flaw to the commerical nat routers are port mapping when you try to map to different ports, say 22 external to 2222 internal. Some like the same port on inside/outside. Ranged port mapping, etc.

I'd try the linux router, so you play around with bandwidth limiting, proxy support, dns caching, iptables, etc. What kinda geek doesn't want to get his hands dirty?

But then, sometimes you just want to play CS, and fuck the configuration. ;)

Re:FloppyFW or FreeSCO (free cisco) (3, Informative)

innosent (618233) | more than 9 years ago | (#10283639)

The low ping is most likely due to network polling clock rate. Not sure how to adjust in Linux, but FreeBSD has a kernel option HZ that determines how often to poll for device interrupts. By default, HZ=100 for FreeBSD, which hurts pings significantly (adding 10-20ms) for things run through NAT or any type of pipe/queue. Bump this number up to 1000-2000Hz+, and you're probably processing packets through NAT faster than any off-the-shelf router. Commercial NAT routers are made for small businesses with limited use and no IT department. Beyond that, or for heavy home use, they become a bottleneck. Just on a ballpark guess from my experience with them, Linksys/Netgear/DLink routers seem to poll at about 1000Hz. (adding 1-2ms to pings) Personally, I like HZ=2000, which seems a fair trade-off for machines that do more than just route packets, and adds 1ms worst-case to pings. If you strictly want a router, you could probably increase that quite a bit, until you reach the point that polling takes up too many cycles. Unfortunately, FreeBSD requires a kernel compile to change the HZ value.

Re:FloppyFW or FreeSCO (free cisco) (3, Insightful)

Anonymous Coward | more than 9 years ago | (#10284925)

how often to poll for device interrupts.

What's the point of interrupts if you have to poll for them...?

Your loss (3, Insightful)

aminorex (141494) | more than 9 years ago | (#10283068)

Your loss, if you make the transition, is mostly
the loss of flexibility in customizing firewall rules and adding edge services.

Your gain is a reduction in maintenance, size,
energy consumption, noise production, and portability.

If you haven't already... (4, Informative)

dhaines (323241) | more than 9 years ago | (#10283100)

You might check out DSLReports for some opinions on that router [broadbandreports.com] . One guy seemed to have trouble with P2P [broadbandreports.com] on it. In my experience a lot of these home-networking boxlets seem to choke on P2P.

Re:If you haven't already... (1)

dizzyduck (659517) | more than 9 years ago | (#10284749)

I have the 3C857 referenced and it seems to work fine with BitTorrent (upwards of 200 connections).

DSL routers (1)

jcdick1 (254644) | more than 9 years ago | (#10283106)

I used to work for a Cisco authorized retailer, and so I got a nice Cisco 827 DSL router. It pretty much does everything but make toast. There have even been occasions where there were errors on my DSL line that my ISP couldn't quite figure out until I fed some of the details from my router's communication with the DSLAM. It pretty much tells you everything you want to know about your DSL...

Tried the 3Com, wouldn't recommend - go Soekris (1, Informative)

Anonymous Coward | more than 9 years ago | (#10283122)

I've used a 3Com OfficeConnect firewall before, albeit a higher-end one than that. It wasn't bad when it was working, but I wouldn't recommend it as a purchase. After running with no problems for a year or so, it suddenly started wanting reboots every week, then every day. This was on a standard smallish-business network, running about 25 users doing mostly browsing and mail. 3Com stopped support and updates for it after a year, and made it a real bitch to get the firmware (fill in a big export form, wait days). They locked me out of the new, featureful firmware since my unit was out of warranty.

Their web interface supported only IE, because of a brain-damaged applet authentication mechanism. Even Firefox on Windows with working Java wouldn't do it. The DMZ was switched to the WAN, not routed, so it did weird proxy ARP tricks.

It's since been relocated to a remote site, where it's doing IPSEC VPN for a few servers, and performing well in that role. I replaced it with a Soekris net4501 running FreeBSD with natd, KAME IPSEC and poptop, and it's been solid as a rock (although I might go with OpenBSD if I did it again, for the more-flexible firewall.) If you want to be rid of your NAT box, I highly recommend the Soekris boxes.

Re:Tried the 3Com, wouldn't recommend - go Soekris (1)

innosent (618233) | more than 9 years ago | (#10283604)

Don't have to use OpenBSD for pf anymore, FreeBSD 5.3 has three good firewall choices, all in the core OS, and routes packets much faster than before, and a LOT faster than OpenBSD. I have tried the betas, and I am just waiting to test the final release before I upgrade my own firewall to it.

Re:Tried the 3Com, wouldn't recommend - go Soekris (1)

Homology (639438) | more than 9 years ago | (#10284503)

Don't have to use OpenBSD for pf anymore, FreeBSD 5.3 has three good firewall choices, all in the core OS, and routes packets much faster than before, and a LOT faster than OpenBSD.

You claim that FreeBSD is now a LOT faster than OpenBSD, but that will (even if true) have no impact on a home gateway. When your broadband connection is fully saturated, the CPU usage will be just a few percent. So, even if FreeBSD is 10 times faster, it does not matter for home

Linksys routers run linux (1)

Guspaz (556486) | more than 9 years ago | (#10283140)

I'm very happy with my Linksys WRT54G router. With custom firmware you can SSH or telnet into the router and mess around with the linux install it has on it; it does all it's routing with IPTABLES if I'm not mistaken, and you can manually mess around with routes.

The custom firmwares also let you run a few servers on the router, like PPTPd.

Anyhow, I don't generally mess around with it; the router's web GUI offers what I need; forward ports and port ranges on either TCP, UDP, or both, to a certain IP, or enable DMZ for a certain IP.

Oh, I should mention, while I'm only one user, I do tend to use BitTorrent with hundreds of simultaneous connections, with no trouble; this was enough to cause my modem's built-in router to reboot, but the Linksys router hasn't had any trouble.

I have one (2, Informative)

Sklivvz (167003) | more than 9 years ago | (#10283473)

I have an OfficeConnect (but the one with 55Mb/s wifi). It works very well. My home setup is:
- 2 Mbit connection to internet
- 1 computer connected via 100Mb eth
- 1 computer connected via WiFi
- 1 pocket pc via WiFi
- 1 Kiss DVD connected via 100Mb eth

I never had any problems, even using eMule (PC), shoutcast (DVD), Skype (PPC) and browsing (notebook) at the same time.
The little critter even supports a VPN so i can remotely control it from work.

Very recomended!

Buy a router (2, Insightful)

elemental23 (322479) | more than 9 years ago | (#10283540)

A few years ago I gave up using a dedicated machine as a firewall on my DSL line in favor of a hardware router. You lose a bit in flexability, but the space savings, the lower power requirements, and the lower heat output immediately make up for it. And I've decided I like my home office looking a little neater, more like an office and less like a low-rent data center.

At first I used one of those crappy Linksys things. I don't remember what model it was, but the thing was a heap of shit. I had to hard reset it once a month or so and it would regularly stop routing packets for a minute or two for no readily apparent reason. I finally had enough and replaced it with a Cisco SOHO 91 and I've never been happier (well, with a hardware purchase, anyway). It runs IOS and so can be configured via SSH, does stateful packet filtering and pretty much everything you'd expect from a real router (except VLANs, dammit). It costs a little more than your typical home router, but not by too much. Mine was around $250 new and I'm sure you can find used one cheaper.

Never rely on them! (2, Insightful)

dimss (457848) | more than 9 years ago | (#10283552)

You should never rely on these small black boxes! Yes, they do basic NAT fine (for me). Yes, they have no moving parts. But they are stupid when it comes to packet filtering or security problems.

When you have problems with *BSD or Linux, you search through forums and maillists. You read manuals. You can upgrade kernel and userland.

When you have problems with these broadband routers, the best you can do is firmware upgrade. Will they provide security and bug fixes after year or two? I guess no.

The price of black box is comparable to an old but still strong computer. The value is much less. Commercial routers with value comparable to *nix box are more expensive than new computer.

Broadband router is quick and easy solution, but never use them for yourself! Go and buy old Pentium or Celeron without HDD and use *nix on it.

did it, regret it (2, Insightful)

kwench (539630) | more than 9 years ago | (#10283606)

I put my 3-NIC-486/100Mhz-FreeBSD-Box into trash and moved on to the new shiny world of routers, that is a 1-NIC, WLAN-enabled German Telekom router.

Configuring the network is easy and straightforward, you can even configure for things like VoIP/p2p and it works pretty well. But the configuration procedure is HTML-only and does not allow any special setup (like using 192.168.1.2 instead of 192.168.1.1 because you have a stupid Windows Box with another LAN on your LAN; or putting through connection from 192.168.2.2 which is on a LAN behind your LAN but not masqueraded, so you can play StarCraft everywhere...).
And obviously, I cannot run any servers on this box (I used to run httpd).

And then I experienced connection problems. These happen mainly when asking the router to resolve a domain name. That is why I installed my old dnsd on my main computer, just before I was able to find /. and read this article.

In one word: If your system is small enough (buy a laptop), and has all NICs you need (buy a wifi-card), DO NOT REPLACE IT!

How about a lower-power box? (2, Informative)

smoon (16873) | more than 9 years ago | (#10283842)

There's a thread just recently on undeadly.org [undeadly.org] that offers suggestions on low-power (under 30 watt) boxes to run OpenBSD.

Chances are if they run OpenBSD they will run Linux as well (although why you'd prefer the linux firewall features over the OpenBSD pf firewall escapes me).

If your main goal is lower electrical cost, that might be a good option anyway. If you are willing and technically competent enough to maintain your own box, you should. Othwerise you give up a _lot_ of flexibility (ability to run snort, dsniff, caching proxy, dns, honeypot, etc.).

Re:How about a lower-power box? (1)

Homology (639438) | more than 9 years ago | (#10284370)

Chances are if they run OpenBSD they will run Linux as well (although why you'd prefer the linux firewall features over the OpenBSD pf firewall escapes me).

Frustrations with setting up a Linux based (SuSE, actually) home gateway a couple of years ago made me try out OpenBSD, and I've stuck with OpenBSD since.

PF gateway example [openbsd.org] shows how easy it is to configure a gateway on OpenBSD.

Re:How about a lower-power box? (0)

Anonymous Coward | more than 9 years ago | (#10285087)

VIA EPIA800V based, with VIA Eden fanless CPU, low power, no fans, not very expensive... The possibilities are endless...

Flexibility. Or the art of Harry? (1, Insightful)

Fallen Andy (795676) | more than 9 years ago | (#10283912)

Humph. You have something that works for you and you
want to replace it with something that might not?

Why. Go take up pornogami or something more fruitful...

Seriously - be thankful your router complained and told you what was happening. A closed box from Cisco,
LinkSys et al would sit there silently and let you
burn half your brain power for the next milennium.

We use an intracom (local greek company) DSL router with no problems - but on the other hand
you won't have the same flexibility that a PC + linux will give you - for instance, imagine that
you want to make one machine internally an intranet web server (I collaborate with two other
very mobile business people on lot's of things both software and food related).

Right now, I'm stuck because DHCP + DNS + NAT mix
like oil and water.

If it was a linux box I *KNOW* I'd find a solution
(anyone else who has one discuss this, I bet a lot
of us would like to know...).

Re:Flexibility. Or the art of Harry? (1)

Bake (2609) | more than 9 years ago | (#10284514)

DHCP + DNS + NAT mix like oil and water.

Perhaps you could tell me what you mean by this?

I have a dedicated machine at home whose sole purpose in life is to act as a DHCP server, DNS server, NAT gateway and a webserver. The fact that I'm posting this reply is a good indicator that it's working properly. :)

Re:Flexibility. Or the art of Harry? (1)

Fallen Andy (795676) | more than 9 years ago | (#10289537)

OK, I'll start. But please understand that your'e
listening to an evolving scene. My scenario is this:

Christos: Heavily dynamic, MS solution provider , heavy hacker.

Andy (that's me): Totally agnostic, 20+ years sys
programming, firefighting and almost everything you
care to mention. And yes, I like Linux.

Manos: 20+years running a hardware business which
hosed a few months back. Old friend. Good friend.
Not really (despite his protestations) a techie.

Manos has always done import export things as well
as his "main" business. Hey, you have to pay the rent. I work for him in that as well as tech orientated things.

Christos is your classic firebrand techie. Not so
different from me, but he still needs to learn when to slow down so he doesn't melt. A wee bit
too religiously inclined to MS for my tastes...

Any one of us could potentially run a business (probably into the ground he says giggling) but
herding cats would be easier...

Yes, Mr. Ego is alive and well and living in Athens. I have no problem with this (I'm no virgin). But, please note. These are not Greeks, but (gasps) Cretans. Oh yes. Don't think life is
going to be easy to you. OK, I lie, Christos prob
isn't, but the guy paying the bill is, and much
meaner than I want to discuss on slashdot. It might frighten some of the weanies out there...
(big hint: The guy paying the bill isn't Manos, but Manolis).

Ok, so far. No. Well stop eating that mushroom and listen!
(hey it *is* that time of year isn't it)
I always forget because we've had the darndest strangest long summer here in Athens. No rain since (uh I think May). Normally we get some by now. (Had to put that in to annoy my UK friends who have lived in misery all year)

I'm faced with info overload from a large number
of directions. Worse still, it isn't just techie
stuff (I know how to integrate that) but EU legislation on Food Law and god knows what.

I might be running an Internet Cafe or a factory
manufacturing Extra Virgin Olive Oil tomorrow.
Yeah. This is seriously fun (I am a chemist by training by the way so I'm not awfully scared by
one of the threats)

I was thinking of putting up some sort of intranet
web site as a repository of our shared info (well,
it's mostly *me* doing the research).

The catch is that we have a DSL router that wants to be god and dish out IP addresses. OK, I can
persuade it of the wrongness of it's ways and turn
it into a relay agent, but that still won't allow
me to put up a local web server on our ethernet (
address allocated dynamically by DHCP) and allow it to be world visible .

NAT is wonderful, but it is a double edged sword.
The sort of collaboration I have with my colleagues is fiercely dynamic. Today Chris is in
Dublin (ok, you guessed with who's company). Tomorrow he's in Thessaloniki.

I have even worse problems with Manos.

I guess that our problem is a common one.
How to deal with this? Any help appreciated...

P.S: A quick report of what Athens is like today -
our old friend that deliciously sexy (?) blimp
is back in the sky (the Paralympics are here now).
Wish all the athletes a truly great time.

Rgds,
Andy

Holy shit (0)

Anonymous Coward | more than 9 years ago | (#10298433)

Are ALL of you fucking Greek homosexual child-fuckers so incredibly, mind-numbingly annoying?

"Stop eating that mushroom?"

What the fuck is wrong with you? Please, PLEASE slit your throat and spare anyone else the agony of having to read your asinine posts, or, God forbid, having to deal with you in person.

Re:Flexibility. Or the art of Harry? (1)

oneishy (669590) | more than 9 years ago | (#10284552)

If you had your linux box; it sounds like you would want dnsmasq [thekelleys.org.uk]

" It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of diskless machines."

I have used it more than once and been quite happy. I believe it even comes with some of the firewall distros like ipcop, but I had to add it to a mandrake 10 box.

Re:Flexibility. Or the art of Harry? (0)

Anonymous Coward | more than 9 years ago | (#10285116)

Let me just second that. DNSMASQ is one of those little killer apps that never gets any attension. I can now reach my local machines in any network app by typing 'machine.localnet'.

Yes, it does come with ipcop (which I use), though I had to make some minor config change to make it do the above trick.

Bonus coolness: Windows machines send their SMB machine names in their DHCP requests, which means that visiting machines get instant DNS names.

Re:Flexibility. Or the art of Harry? (1)

StarKruzr (74642) | more than 9 years ago | (#10299748)

That's awesome. I've been wanting to set something like that up in my home net. Did you find it difficult to configure?

fan failure - no network (4, Insightful)

jkujawa (56195) | more than 9 years ago | (#10284271)

About three years ago, the fan failed on my (almost entirely silent) Linux-based NAT box. I didn't find this out until the cascading failures took down the whole box.

I replaced it with a Linksys router. I've been happy ever since.
Set it up and forget about it.

I'm a coder. I've also done enough sysadmin that it pisses me off when I have to do it at work, and more so when I have to do it at home. Plug-it-and-forget-it is awfully nice.

Spending $50 on a router, is also more economical than working on one for several hours. My time is not free.

Umm... actually it is (0)

Anonymous Coward | more than 9 years ago | (#10287420)

While it's a popular thing to say on Slashdot, when the one using your time is ...you, I have a difficult time seeing how it is not free.

Every time you sweep the kitchen floor, do you pass a $10 bill from one pocket to the other?

Re:Umm... actually it is (2, Insightful)

darkonc (47285) | more than 9 years ago | (#10292267)

While it's a popular thing to say on Slashdot, when the one using your time is ...you, I have a difficult time seeing how it is not free.

Lemme see: 2 hours with G/F or building a firewall that really doesn't turn my crank????

For people who like playing with firewall rules, the DIY solution is (or should be, until MS makes it illegal) always going to be available.

For anybody else who judges the off-the-shelf product adequate and isn't up to building something better, then I'd say 'go for it'.

Time spent is time spent -- whether it's building a router, necking with your SO, sweping the floor, posting to slashdot or playing with 'the kid'. Choose and spend.
No refunds allowed.

Which reminds me: I've got other things to do now.

routers (1)

XO (250276) | more than 9 years ago | (#10284396)

My Tandy Sensation 2, a 486sx/33 expanded to 40MB RAM, with a pair of 100Mbit NICs, and the original 540Mb hard drive handles routing just fine, using kernel 2.0.34 (yes, I'm aware there are upgrades available, but i'm not going to muck with a single floppy distribution that works mostly flawlessly), and also does database and email services.

Then again, it probably consumes ten times as much power as a more modern device to do these sorts of things.. but.. I can't see putting money into it, since it does work just fine.

It handles a normal load of 5 computers, and also has a wireless segment attached to it, for which there's normally a couple computers attached to that, and when there's lots of people over, we'll get 10-12 people routing through that box all at once.

Get the best of two world... (1)

pruneau (208454) | more than 9 years ago | (#10284400)

Clark Connect [clarkconnect.org]

That's a redhat-based distribution that let you install a web-managed router/gateway/proxy/name it.

The home edition is free, so if you have some old hardware, then you spare the hassle of the administration.

Of course, I own a d-link router as well, and it work without problem, but of course we do not do much p2p here.

Just choose your poison... But do not forget intermediate options. And no, I do not work@/for clark connect.

Netopia R910 Router (1)

Detritus (11846) | more than 9 years ago | (#10284439)

I finally ended up with the Netopia R910 after being frustrated with the bugs and glitches of cheap routers made by SMC and Netgear. The R910 is the entry level model in a product line of real commercial routers, sharing most of its software with its more expensive relatives. It's been 100% reliable since it was installed. I've never had to reset it or cycle the power. The documentation and software isn't as "user friendly" as more consumer oriented routers, but it shouldn't be a problem for anyone with a basic understanding of networks and TCP/IP.

I did this recently (3, Informative)

Drakino (10965) | more than 9 years ago | (#10284740)

One big reason I did this. I now have two ISPs coming into the house, and my attempts to get my Linux router to use both in a stable way were not met with sucess. After several hours of pouring over documentation scraps from one site and another, hacking the kernel, and rebooting, I gave up.

In the end I spent $200 on a nice Xincom Twin Wan Router XC-DPG502. With all it's options and configuration, I got both ISPs working very quickly and got my server set up behind it with no problem.

Anything advanced for networking under Linux becomes very hard to implement, and even harder due to the fact that there are very few good documentation sites for such things. Most of your research will be from scraps of info off listserves from people attempting this before you.

MORON (0)

Anonymous Coward | more than 9 years ago | (#10294814)

(Score:5, Accurate)

What does this give you? (0)

Anonymous Coward | more than 9 years ago | (#10284783)

What, exactly, does this product do for you, that you can't already accomplish with a 486, and GNU/Linux or one of the BSD's? If you are concerned with the 486 not keeping up, maybe you could replace the motherboard and processor with an older Pentium 166MHz (easy and dirt cheap to find ancient near worthless boxen).

Have you tried BSD? (1)

myov (177946) | more than 9 years ago | (#10285477)

My BSD box, running on a P75, hasn't had a problem with anything I've thrown at it, including P2P sessions from multiple computers.

The only "failure" I've had was when I recently had a client's computer which was infected with one of those "spreads-over-port-445" viruses. The resulting traffic actually overloaded the NIC's buffer, along with lighting up my switch like a Christmas tree.

To me, it's a good safety feature as I'd rather lose my connection internally than have a box spew its crap across the net. Once the problem box was isolated (thank you Nortel managed switch), the box returned to normal without a reboot. I don't know how many consumer routers would handle that kind of abuse, or even warning you that there is a problem somewhere.

from nix to nat box and back again... (1)

1eyedhive (664431) | more than 9 years ago | (#10285953)

a few years ago I had a P200 running red hat doing NAT and the like, it developed memory issues and was replaced with a Linksys BEFSR41. I "upgraded" to a netgear wireless router when I got a ibook thanks to my school. That leaked RAM like a sieve...
Bought a WRT54G, now use that as a router/AP and the Netgear as a secondary AP (big house).
The WRT54G has issues with my NAT over BT. As such, I'm building a PII 350 to run my routing again...

linksys wrt-54g (4, Informative)

aderusha (32235) | more than 9 years ago | (#10286067)

for roughly $65 [amazon.com] , you can buy a linksys wrt-54g [linksys.com] which runs linux out of the box. add to this some free [sourceforge.net] third [narod.ru] -party [sourceforge.net] replacement [openwrt.org] firmware [portless.net] and you get full control over the unit and loads of features - VPN, packet shaping, advanced packet filtering, captive portals, and all sorts of other stuff. the unit is very flexible, reliable, cheap, and most of all it is supremely hackable - especially if you know your way around linux.

if you do go down this route be sure to avoid sveasoft's firmware, for reasons illustrated here [slashdot.org] . basically, the guy writing it is a total cockbite. last time i questioned his (ab)use of the GPL here on slashdot he banned me from his forums, so if you do intend to send him $20 you'd better be nice.

Re:linksys wrt-54g (2, Informative)

aderusha (32235) | more than 9 years ago | (#10286114)

forgot one link - to learn more about sveasoft, read this guy's journal on the topic [slashdot.org] .

My answer is: NO COMPACT DEVICE! Use Box! (1)

Maljin Jolt (746064) | more than 9 years ago | (#10286756)

I used Robotics 8000-02 Broadband Router for multiport switching, NAT and firewall for almost one year. I was very dissatisfied with the device. I really liked Robotics hardware some 15 years ago, being a high speed modem dealer in early ninetees, but this time it was a complete disaster.

Here is the list of incidents I had with it, I believe many of other so called consumer grade broadband routers have very similar symptoms:

1. Web interface

- http status/configuration pages required support for javascript in browser. Not working in konqueror at all. Sends incredibly buggy HTML code with incomplete tags, bad headers, incorrectly nested frames.

- Using links console browser to just open the index page crashed the device completely. Nice kind of trivial DoS attack from LAN side, available to everybody.

- Running for more than ten days, internal web server crashed, not responding anymore on http port (memory leak?).

2. parallel port/printer server function

- not operational with HP Deskjet. I can't imagine "more standard" parallel printer

- uPnP adds another enigmatic vulnerability, crashing caused just by rebooting random Windows boxes on the LAN side

3. Network

- incredibly big latency for LAN ports, increasing every day of operation by a small factor (table fragmentation?)

- filtering on MAC addresses not working properly

- WAN side had subtle problems with DHCP from outer side

4. In crashed state, often a power cycle was necessary with reset to reinitialize the device (bad hardware design?)

Conclusion: bad coding can ruin even an almost decently designed embedded hardware. If the coder of the Robotics 8000-02 (it's the patch 2!) firmware is to be found here on Slashdot, I have a message for you: You are lame!

As expected in 21 century, Robotics responded only automated emails to any of my reports/querries. Something like that never happened in ninetees.

After failure of power supply (once, I did not waited the necessary 15 seconds of power cycle to reset) I declared the router dead.

I replaced it with a "normal" 8-port 3Com switch hooked to decent Pentium 120 box (10 years old), running customized Slack in 32 Megs of RAM from ancient 120MB Maxtor. Yes, megabytes, it's 15+ years old drive. No CD drive, because I realised the old IDE has a 1/4 of the power consumption of the today's speedy CD drive. Ridiculous, isn't it?

I haven't need to touch the box for seven months up to now. It is still running the first power up after installation.

If it ain't baroque... (1)

tverbeek (457094) | more than 9 years ago | (#10287725)

I've been using a 486/25 running a floppy Linux distro [coyotelinux.com] for (guessing) 4 years, and I have to admit some disappointment by the appearance in the last couple years of cheap little boxes like the ones you're looking at, because it means my l33t skillz configuring this box are no longer necessary, and I can't impress my new boss by saving hundreds of dollars building a firewall/router out of old parts. {wry grin}

But I'm in no hurry to retire it. For one thing, it works. For another, I know how it works, and I have the flexibility to make it do whatever I want (laws of physics permitting). For a third, Coyote Linux is still being enhanced, so periodically I find that building a new boot floppy will make it work even better.

P.S. Why put a 100Mbps NIC on the LAN side? Not that there's anything wrong with it, but contrary to the implication of the term "router", your local traffic (e.g. workstation to file server) doesn't pass through it; only your LAN-to-WAN traffic (which I trust has a <10Mbps bottleneck at your ISP) is actually received by the router. So there's no performance advantage to a fast card.

Re:If it ain't baroque... (1)

chrisopherpace (756918) | more than 9 years ago | (#10291609)

Actually, if you have a crappy switch that either doesn't autonegotiate well, or has trouble talking to 10BT and 100BT at the same time, its a good reason to throw a 10/100 card in there.

In addition, transferring large files to your router sucks over 10BT (tar dumps of the FS, etc).

Further, some of us have seeing that puny 10BT light on our switch with all other nodes at 100BT.

Used 3com, SMC, Netgear, Linksys IPCOP and others (1)

tweedlebait (560901) | more than 9 years ago | (#10289061)

d-link also earlier mandrake mnf and snf.

These were at office environments with lax net policies allowing p2p, games, etc.

I have to say IPcop did the best job and included a lot of nice features. Not without flaws but very solid. It handled 70 computers nicely on a cablemodem including an ftp server. The IDS & firewall worked very well and helped avoid all the
worm fun of late. p2p worked generally well, but as you probably know most p2p works best beyond the firewall.

Black box units had most of the problems others noted above and Lots of rebooting problems on dsl pppoe and cable dhcp problems. p2p has not fared very well on any of them (although I have only tried a few recent models from smc, netgear and dlink) and each one behaves a bit different.

Right now I'm using 3 nodes at home on a dlink wireless (g) setup. It's ok. for some p2p apps to work the system has to be outside the firewall. most p2p apps that work do so painfully slow from behind the firewall. Also a few yahoo im feature problems (webcams for instance)

power consumption is low and noise is low too.

also the wireless features may be a motivating factor for you.

I really can't recommend the 3com though. Just too annoying and has that 'resting on our name' feel.

try it out your top pic (probably linksys) and save the receipt.

Replacing NAT Boxes (1)

dimmu (214039) | more than 9 years ago | (#10289944)

I've replaced all my NAT boxes (the one at my parents and at my home) by Cisco SOHO routers. They feature almost the same features as a UNIX NAT box.

But they are much more silent, eat up less power and can be stuffed away more easily in the house.

253 simultaneous users? (1)

bwalling (195998) | more than 9 years ago | (#10290107)

I don't think it's a performance metric. Think about a /24 subnet for a minute, and you'll see where that number came from.

SOHO stuff is a good call (1)

sparty (63226) | more than 9 years ago | (#10291173)

I'd second the recommendations to look at SOHO stuff; my personal experience at work is with a lower-end Netscreen device that is about the size of a 4-port hub, has two Ethernet ports (trusted and untrusted), does NAT, does port forwarding, has good logs, etc, and similar devices can be found on eBay in the $50-100 range. For example, this [ebay.com] is a similar firewall device. I'd expect other companies have similar offerings, where you get the benefits of an embedded device (lower power consumption, no noise, smaller size, etc) along with more of the features from a custom Linux or BSD box.

try an old notebook (3, Informative)

mqx (792882) | more than 9 years ago | (#10292494)


This is the biggest secret out there, you can pick up old notebooks of decent speed (sub 200mhz, 586, 64-96mb ram, etc) and use it as a gateway, the benefit is:

- low power, low noise, low cost, small form factor;
- cheap, get them for sub $50 or free - nobody wants them;
- built in UPS (i.e. the notebook battery);
- simply install good firewall OS (OpenBSD);
- plug pcmcia wireless in the side (take your pick: 802.11b, b+, g ...);
- use spare pcmcia slot for modem card to provide backup connectivity, or use it for fax server and even for voice mail / phone system (i.e. asterisk)
- use the USB slot for cheap-o USB DSL modem (e.g. accessrunner, etc)

The real benefit is that you can just upgrade parts of it as necessary (e.g. all the suckers on 802.11b DSL gateways are hosed while you just buy a new 802.11g card, install it, and throw the old one away), and of course, you get the confidence in a bullet proof system (e.g. OpenBSD).

Seriously, you'll get years of mileage out of it -- much more than a "closed" DSL gateway, you'll get better performance and functionality, all at a cheaper price.

Re:try an old notebook (1)

buddha42 (539539) | more than 9 years ago | (#10302542)

I keep seeing people say this, but I cannot find a p233 w/64mb laptop with a working battery (even if only 20 min) anywhere. All the ones on ebay are at least $150.

Smoothwall (1)

darkmeridian (119044) | more than 9 years ago | (#10292907)

Try Smoothwall at smoothwall.org.

It's really good stuff based on 2.4 kernel.

Solid.

Oh, for the sake of all humanity (1)

binaryspiral (784263) | more than 9 years ago | (#10293425)

Leave the commercial grade garbage for the I.T. departmentless masses who think setting up and maintaining a fully functional and secure network is an "out of the box" solution and doesn't require any of those "geeky expensive" people.

You sound smart - act like it. Stick with opensource, and just upgrade your hardware. For $100 you can have a nice Pentium 2 with 64MB of ram and a tiny harddrive running smoothwall - it can easily handle anything your four computers would ever be able to throw at it.

My celeron 333 with 64MB of ram and a 6GB HD was given to me - because it was "worthless" to the previous owner (it wouldn't run XP). Added two nics and now handles a network of ten PCs, one server, and a webserver in a DMZ over a 1MB/1MB dsl line. With constant traffic for email, web, and P2P it only goes down when the power does... I don't have a UPS yet.

Please, please - don't buy the 3com. It's a linksys, netgear, dlink, belkin cookiecutter router with no advantages over any thing else.

New Router (1)

TechSptSucks (815004) | more than 9 years ago | (#10298030)

I am using a cool router software. It is called It is based off the the linux kernel 2.4 I think. All you need a cheap box(p133 with 32mb of ram is the min) and 2 NICs installed and you have a router. It also has apache, php, samba and much more built in. Check out their website for more.

Re:New Router (1)

TechSptSucks (815004) | more than 9 years ago | (#10298060)

Oops, website is http://www.clarkconnect.com.

try m0n0wall (1)

seriphos (779992) | more than 9 years ago | (#10298148)

m0n0wall is awesome. Check it out. I wouldn't go commercial...

http://m0n0.com/wall/ [m0n0.com]
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...