On Sat, 15 Sep 2001, Foo Lim wrote: > On Sat, 15 Sep 2001, ME wrote: > > The firewall rules are *weak* [on the LinSys WAP/router/FW]. > > > > TCP/IP implementation is not production quality (IMO, BYMMV). > > Can you clarify how you came to these conclusions? Was it the > configuration options that made the rules weak? Did you compare the > TCP/IP implementation with benchmark loads? A curious mind would like > to know! :) TIA, FL Here are a few items encountere with the original firmware. The frequecy of events has decreased, but not gone away. With linux you can do network layer redirection of traffic so incoming IP addresses are passed i the packets to the destination redirection host. This makes the log files for the said service on the destination host look "right", while application layer redirection (which seems to be what was used here) shows your connections all coming from the IP address of the application layer redirector. You have limited nubers of "checkboxes" to use for redirection of services. Want more? too bad. Funky incoming packets would kill the LinkSys. (Not something you want in a firewall for a network.) Tihs did improve with later BIOS revisions, but is not nearly as reliable as my Linux box with a hundred plus days of uptime - only having been down for a kernel upgrade, or power failure. You have checkboxes you can select or de-select items listed, but manual control is really lacking when compared to linux. There are other items, but these are the ones I can think of. Te box works well for my needs. Wireless access in my house, but not acting as my firewall - just acing as an access point and "secured" by rules on a linux box's fwrules for a 4th interface. Ca do more specifics with some time, but these are the ones that stand out in my mind. -ME
