Forum OpenACS Q&A: OT: Best home-office router?
Incidentally, in browsing around I found this Linksys FAQ by ESR. Apparently, the Linksys boxes (which also run Linux inside and let you upgrade their firmware via tftp put) support some subset of SNMP, and software like linksysmon uses that to log messages from the router and take action when the IP address changes. Maybe other stuff too, I'm not sure.
Years ago I used a Linksys router of some sort. This was back when the Linksys was almost the only such under $200 router available. When I wanted 80211.b as well I switched to a D-Link DI-714; I've used two of these in different locations. (I never upgraded firmware, but what I have appears to be the latest.)
Basically, I'm not happy with the DI-714, mostly because of various reliability problems:
- Every once in a long while (weeks or months) the router clearly goes insane and needs to be rebooted - ping times to the router of 4 or 5 seconds (normally 0.5 ms!), web pages that load but at what looks like 2400 baud speed, etc.
- I sometimes experience short connectivity outages which are clearly my ISPs fault, not the router's (e.g., I can ping the router and the cable modem but not my ISP's gateway router that the cable modem talks to).
- However, I also experience intermittent connectivity problems which look like dropped packets: Frozen ssh connections, web pages that spin forever but when you hit reload they load immediately, etc. These could be either my ISP or my router, I suspect some of both. But I STRONGLY suspect that it's my router's fault at least some of the time.
For those and other reasons, I want a new router. I don't know which one though. Here's what I want in my new router, listed roughly from most to least important:
- MUST be completely reliable. No dropped packets, no locked up ssh sessions, no mysterious periods of lousy performance, none of that crap. If any of that bad stuff happens I want 99.9% confidence that the problem is UPSTREAM of my router (modem or ISP), NOT the fault of my router.
- Must be able to do 80211.b wireless with WEP of some sort, in some fashion. Ok if this means buying a separate wireless box and plugging it in, I don't care.
- Must support all the usual generic features I need (pretty much all
these boxes seem to now):
- Set Ethernet hardware MAC address to whatever I tell it to use (for cable modem networks that use this as an identification key).
- PPPoE with username and password (for DSL services that use it).
- NAT with port forwarding ("virtual servers").
- DHCP client and server.
- Very nice if it's also inexpensive. But reliability, and to a lesser extent features, are relatively more important.
- VERY nice if the router handles TWO wide area networks, so I can hook it up to both a cable modem and DSL. Hawking "http://www.hawkingtech.com/" a cheap one of these, there are others. I've no idea how well they work though.
- Nice if the wireless allows using a passphrase rather than entering hex numbers on all the clients. VERY nice if router has admin interface it let me assign DIFFERENT passphrases to different users and expire them at will, e.g. for visitors and the like.
- Web management UI is nice, if it's decent. Should let you configure EVERYTHING correctly, not just 90% like on the DI-714.
- telnet or ssh command line management UI very nice, if it works. Should let you configure everything, not just 90%, etc.
- SNMP support sounds very useful.
- Any kind of halfway intelligent way to run scripts on the router itself would be very cool. (I hear many Cisco routers run Tcl internally...) E.g., to run dynamic DNS update scripts on the router itself rather than on a Linux box on my LAN.
- Minor: If "mysite.com" is running on a server "linuxserver" on the LAN behind my router, and I'm currently on the LAN too, hitting http://mysite.com/ should still work, even though that means the request has to go out through the router to the cablem modem, and then back in through the router to linuxserver. Some routers seem to support this (although it's slower, obviously), some don't. It's not that hard to hit http://linuxserver:8001/ or whatever instead, but you shouldn't HAVE to do that.
Last but not least, Linksys was bought by CISCO
You want, a lot.
But check out /. today, someone's got a linux distro for a linksys wireless broadband router. 80211g and only one broadband connection.
Wow, that's just about what you want! Inexpensive but brand name hardware and r0ll your 0wn linux goodn3ss!
Keep in mind that roughly the whole second half of my bullet list above are basically "nice to have if it's available, but I doubt that all this is available" features. Cool features like running scripts on the router would be nice. But reliability is much, much more important.
Usefully handling two broadband WAN connections would also be much more important. In particular, since I know there are products out there that do that, I'd like to find out more about how well they work. But if I don't, so far it sounds like my fallback plan is to buy a standard one-WAN-port Linksys, ditch the D-Link, and see if that works more reliably. Two WAN connections sounds awfully attractive, though... (Heck, if both cable modem and DSL are available at all, in most areas both together probably cost less than buying cable TV plus HBO and the other pay stations.)
And it's been good. Silent. Of all things, once a bug in the Sonicwall's understanding of HTTP exploited by ACS 3 was fixed, it stopped crashing (needed a CR only got a LF).
But it has had bugs, it came with a limited number of hosts licenses I could put on my lan (price discrimination to get me to buy the more expensive model), and it hasn't stood the test of time in terms of being a modern DHCP host (understanding for instance how to remap port translations when hosts come on line at different DHCP given addresses.)
I think a linux distro on good home router hardware is ideal. Small footprint, no fan, i/o and peripherals intended for the job. And linux seems stable enough for the job as a router.
No weird CISCO OS to learn, deal with, pirate, upgrade, ....
Here's why I really like it. I would like to give these things away to libraries. Libraries have limited budgets but all sorts of requirements so right now many small public libraries have tens of thousands of dollars budgeted for PCs and internet access and yet they cannot find the $80 for a WAP that would enable two to four times as many users to use their resources as they have now. And by the time you toss all their concerns and requirements into the pool you're left thinking that they really do want a boingo like WAP + server authentication system.
At $150 a pop, I'd be johnny wifiseed giving the damned things to the libraries where I want access. But at $1,000 a pop, plus the reality that they won't install it as they don't have enough control over it, it just becomes a wish for the future.
The problem with most home/home office wifi broadband routers is that it's very hard to put a wifi authentication scheme on it that doesn't require a separate linux server. So you can either try to keep everyone out but one or two machines you manually set up, or you can just open it to everyone. And at the library you want to block port 25 to some folks, maybe everyone, but maybe just some folks. And you want some folks packets to head straight for the gateway, but you would like other folks to have different policies, or to be able to use VPNs.
I would love to play with this linksys and put a wifi authentication/ip tables rewriting system on to it, perhaps using storage on an NFS's exposed network drive, perhaps just using RAM. That would be the perfect low cost, low maintenance wifi router for libraries and places where they need some wifi authentication but also need very low sysadminning.
There are others too.
Why no cat? Albert Einstein, when asked to describe radio, replied: "You see, wire telegraph is a kind of a very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Do you understand this? And radio operates exactly the same way: you send signals here, they receive them there. The only difference is that there is no cat."
- VIA EPIA CL Mainboard miniITX with 2 RJ-45 LAN port (17cm x 17cm card)
- one WIFI PCI card
- one IDE flashcard drive as the booting device
- some memory
- a case and a power supply.
Maybe overkill for such usage...
At least one guy is sort of running NoCatSplash from RAM (but not yet from flash) directly on his WRT54G. I think that's just the front-end though, I wonder if anyone is also running the back-end user/password stuff all on the WRT54G.
And now I'm wondering whether anyone's running the back-end all of and what sort of software it would take to chain two WRT54G's together in order to intelligently use two WAN connections - good bandwith sharing and automatic failover between both a cable modem and a DSL connection, for instance.
I'm developing technolust.
One thing it does not seem to have is any easy way to say, "Heh router, please send this particular request out over WAN 2, not WAN 1." That can be important, because I've noticed some latency sensitive applications (rdesktop, VNC) perform noticeably better over DSL than cable modem.
The router does let you statically map particular LAN IP addresses to different WAN interfaces. That's a pretty blunt instrument, but I know it's possible to assign multiple IP addresses to a single ethernet interface in Linux. So, maybe I can do that, then somehow control which IP address gets used on the Linux box, whenever I invoke wget or the like.
A few other fancy features of this router that I've noticed:
- It works as an NTP client, but unfortunately you can only give it one NTP server to talk to, and you must enter the IP address of the server, not a host name.
- It is set up to dynamic DNS with either dyndns.org or tzo.com, but I haven't tried that.
- A stateful packet inspection firewall feature, which I also haven't tried.
Unfortunately, AFAICT you can't telnet or ssh to this router, the only way to configure it is via its web UI. No SSL on the web UI, just plain http. Also, you can't even see the router status page unless you first type in the admin password, which is foolish and annoying.
Now I just need to convince my wife that I need a second broadband line... :)
Interestingly, the MIT Roofnet project is using Click for real-world wirless 802.11 mesh networks (not running on Linksys WRT54g boxes though).
Coincidentally my son bought a LinkSys and had the same problems. Its so darn irritaing. He threw his away. And I'm going to do the same.
There are long threads on the web about Linksys routers dropping connctions. it happens sometimes every two minutes. I'd rather be on a dial up that stays connected than a LinkSys attached to my high speed cable.
At least it would be reliable.
Definately the best way to go ... having a customizeable linux on a cheapy router will give you quite a bit of wiggle room if you want to add tools to it and make it do funky things.