[clug] ADSL Provider Questions

Brian Morris brian at netspeed.com.au
Mon Mar 8 23:39:46 GMT 2004

Daniel makes some good points here.

I would second his recomendation of using a "black box" router for most home
users.  For linux folks however I would probably recommend that you "roll
your own"  - most home users arent smart enough or dont care enough to get
into the guts of routing and firewalling and they just want something that
will share their connection with the kids in the other room.  If you are
into linux, use it!  It rocks as a router and a firewall and you can
schedule and configure so much more cool stuff than you can on your standard
$110 router.  But!  If you are looking to save some money - a $110 router
will probably run cheaper in electricity bills over time beacuse it doesnt
have a 250 watt power supply to run it.

Like most options there are valid benefits in both.  For our office LAN we
use a BSD based router;  mostly for its configurability but also becuase
most cheap routers wont handle DMZ's or symmetrical bandwidth links, let
alone anything over 1.5Mb/s.  At home I use a DynaLink (wireless) router.
Both work fantastically and do the required job very well.

Finally.  Be careful with cheap 'routers'.  Some of them simply will not do
proper routing and insist on doing NAT for everything.  This can cause
havock if you want to run multiple web servers, or multiple anything servers
which use the same IP ports.  A Cisco router will do almost anything - but
they cost more than an old pc running linux :)


Brian Morris

----- Original Message ----- 
From: "Daniel McNamara" <daniel at codefish.net.au>
To: <linux at lists.samba.org>
Sent: Tuesday, March 09, 2004 9:34 AM
Subject: Re: [clug] ADSL Provider Questions

> I really should clarify. I usually work with static links not home ones
> and as such don't rely on the NAT function of these routers what so ever.
> Even if I was I certainly don't rely on them to protect my machines which
> all run their own firewalls in any case.
> However generally speaking I've not had a problem with routers. Yes some
> have a deserved reputation for having security holes, taking ages to get
> fixed and other nasties but there are ones out there that do an excellent
> job. Cisco for example makes an extremely nice DSL router (admittedly it's
> out of the price range of the average consumer however). Most of the ones
> I've worked with have been D-Links which have never been any problem for
> me, security updates have always been well released and their mid range
> routers work very well as bridges (for example a D-Link DSL 500 running as
> a bridge on my 512/128 net link with an assigned /29). The one thing these
> black box routers will always out do versus a pc running your os of choice
> is noise, size and (yes this is debatable) reliability. With a router
> there are little or no moving parts and they tend to be very hard to kill
> (at least all the ones I've brought have been).
> Just as with anything else routers are fine as long as they are set up
> correctly. James makes a good point about changing the default password
> and any decent router will not expose the administration http/telnet port
> to the WAN side by default but it's worth making sure. Oh and any decent
> router will have a CLI.
> Easiest thing to do is do your research, figure out what meets *your*
> needs and set it up. One big advantage with doing this with a pc rather
> than a black box router is that you get to learn a lot about networking
> and firewalls in the process and learning new things can only ever be a
> good thing.
> Cheers
> Daniel
> > Jepri wrote:
> > <schnipp>
> >> As for hardware, I second the suggestions about black box routers.
> >> You  plug 'em in, connect to their webpage, type in your
> >> username/password  and boom! you're online.  Sure beats stuffing
> >> around with iptables (not  that it isn't a great product, bow scrape).
> > <schnipp>
> >
> > Stand alone routers are very convenient, and I do use one myself. But
> > they are no substitute for a good linux firewall. They do NAT, but most
> > are still susceptible to address spoofing and various other attacks. The
> >  code that they run is proprietary and potentially full of bugs.
> >
> > and /please/ change the default password on the router, and also disable
> >  WAN port side administration.
> >
> > I would reccomend router + ipcop for true peace of mind.
> >
> > cheers,
> > -james
> --------------------------------------------------
>            Sent from Code Fish Web Mail
>            Code Fish - Fishing for clues
>            http://www.codefish.net.au
> --------------------------------------------------

More information about the linux mailing list