On Apr 15, 2008, at 10:51 AM, Grant Robinson wrote:
On Apr 15, 2008, at 9:36 AM, Kimball Larsen wrote:
So, like many of you, I've got some servers set up at my house to
do things like serve my personal domains and handle my email, etc.
I currently use a somewhat old Netgear FVS318 (Version 1 - about 4
years old) to act as my firewall/router - it works pretty well, but
I have 2 issues with it: first, I can only forward 16 ports with
it - which means I occasionally have to decide on which services to
disable to be able to enable others. Secondly, it does not work
properly with transferring files over IM, which is a tad annoying.
In the past I've used a full linux box as the router, and while
that was more flexible, it was harder to set up initially and tweak
when needed.
So, I'm interested to know what sorts of routers everyone has set
up? Items that are important to me include:
Ability to forward as many ports as I want (tcp/udp
differentiation as well)
Web-based configuration over ssl
Cheap(ish) ( < $100)
Intrusion detection/prevention
DOS attack detection/prevention
My suggestion doesn't fit in the < $100 price range, but my favorite
general-purpose router that I have ever used is a Soekris[1] box.
They are about the size of a your typical home router (such as a
linksys wrt54g). Setup is pretty simple:
1) Download image of m0n0wall or shorewall or other firewall/router
distro
2) use dd to copy it to CF card
3) insert CF card into Soekris box, and power on
You can find better directions than that on the web, but you get the
idea.
They cost more than your average home router, but they also are MUCH
more stable. Just to give you an example, I have one hooked up to a
fiber connection that serves a block of public IP's, and acts as a
firewall and router for those IPs. It sustains a pretty consistent
load of 3-5 Mbps, with spikes up to 20 or 30 Mbps and has not needed
to be rebooted in a LONG time. In fact, I don't remember EVER
having to reboot it, which means if it has happened, it hasn't
happened very often. I run m0n0wall, but you can run a variety of
operating systems on it. m0n0wall is FreeBSD-based, has a web
configuration, and can do just about anything you would want and/or
need.
If you aren't down with the price, a good second choice is to use a
Linksys WRT-54* (WRT-54GS, etc) model that allows you to use
OpenWRT, and use that as your router. I've had much better
stability with OpenWRT on consumer-grade routers than with the built-
in software.
Grant
[1] <http://www.soekris.com/>
Thanks, Grant. I'll look into this.
- Kimball
http://www.kimballlarsen.com
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
