Forum OpenACS Q&A: OT: Best home-office router?

Posted by Andrew Piskorski on
What is the best cable-modem/DSL router for a home office? I can't find any definitive information on what I should buy, so I'm asking here...

Incidentally, in browsing around I found this Linksys FAQ by ESR. Apparently, the Linksys boxes (which also run Linux inside and let you upgrade their firmware via tftp put) support some subset of SNMP, and software like linksysmon uses that to log messages from the router and take action when the IP address changes. Maybe other stuff too, I'm not sure.

Years ago I used a Linksys router of some sort. This was back when the Linksys was almost the only such under $200 router available. When I wanted 80211.b as well I switched to a D-Link DI-714; I've used two of these in different locations. (I never upgraded firmware, but what I have appears to be the latest.)

Basically, I'm not happy with the DI-714, mostly because of various reliability problems:

  • Every once in a long while (weeks or months) the router clearly goes insane and needs to be rebooted - ping times to the router of 4 or 5 seconds (normally 0.5 ms!), web pages that load but at what looks like 2400 baud speed, etc.
  • I sometimes experience short connectivity outages which are clearly my ISPs fault, not the router's (e.g., I can ping the router and the cable modem but not my ISP's gateway router that the cable modem talks to).
  • However, I also experience intermittent connectivity problems which look like dropped packets: Frozen ssh connections, web pages that spin forever but when you hit reload they load immediately, etc. These could be either my ISP or my router, I suspect some of both. But I STRONGLY suspect that it's my router's fault at least some of the time.

For those and other reasons, I want a new router. I don't know which one though. Here's what I want in my new router, listed roughly from most to least important:

  • MUST be completely reliable. No dropped packets, no locked up ssh sessions, no mysterious periods of lousy performance, none of that crap. If any of that bad stuff happens I want 99.9% confidence that the problem is UPSTREAM of my router (modem or ISP), NOT the fault of my router.
  • Must be able to do 80211.b wireless with WEP of some sort, in some fashion. Ok if this means buying a separate wireless box and plugging it in, I don't care.
  • Must support all the usual generic features I need (pretty much all these boxes seem to now):
    • Set Ethernet hardware MAC address to whatever I tell it to use (for cable modem networks that use this as an identification key).
    • PPPoE with username and password (for DSL services that use it).
    • NAT with port forwarding ("virtual servers").
    • DHCP client and server.
    • Etc.
  • Very nice if it's also inexpensive. But reliability, and to a lesser extent features, are relatively more important.
  • VERY nice if the router handles TWO wide area networks, so I can hook it up to both a cable modem and DSL. Hawking "" a cheap one of these, there are others. I've no idea how well they work though.
  • Nice if the wireless allows using a passphrase rather than entering hex numbers on all the clients. VERY nice if router has admin interface it let me assign DIFFERENT passphrases to different users and expire them at will, e.g. for visitors and the like.
  • Web management UI is nice, if it's decent. Should let you configure EVERYTHING correctly, not just 90% like on the DI-714.
  • telnet or ssh command line management UI very nice, if it works. Should let you configure everything, not just 90%, etc.
  • SNMP support sounds very useful.
  • Any kind of halfway intelligent way to run scripts on the router itself would be very cool. (I hear many Cisco routers run Tcl internally...) E.g., to run dynamic DNS update scripts on the router itself rather than on a Linux box on my LAN.
  • Minor: If "" is running on a server "linuxserver" on the LAN behind my router, and I'm currently on the LAN too, hitting should still work, even though that means the request has to go out through the router to the cablem modem, and then back in through the router to linuxserver. Some routers seem to support this (although it's slower, obviously), some don't. It's not that hard to hit http://linuxserver:8001/ or whatever instead, but you shouldn't HAVE to do that.
Any advice and recommendations would be greatly appreciated!
Posted by Janine Ohmer on
I don't have any suggestions, not being a hardware guru.  But I do have a gotcha - if you happen to have an Apple system with an Airport Extreme wireless access card, stay away from Linksys wifi hardware.  Apparently there is some kind of incompatability between the two and they just don't talk to each other.  I ran into the problem when staying in a hotel that had one;  I could join the wireless network but had no actually connection to the Internet.  Mike subsequently found the problem documented somewhere in the discussion boards.
Posted by Michel Henry de Generet on
I did install and use some linksys routers. They are very cheap and seems quite reliable. Upgrading to the latest firmware is important because it will solve some little bugs.
they have:
  • well reliable
  • 128 bits wep + MAC list on wireless lan
  • 100% admin
  • telnet or ssh admin 0%
  • SNMP: never tried
  • works
  • but

  • no intelligent script, but why? you could specify the DNS server
  • some reboots(3 or 4 times on a 2 years period)
  • good fit for the money, The latest I install was a 4 WAN ports + wireless lan.

    Last but not least, Linksys was bought by CISCO

    Posted by Jerry Asher on
    At first I was thinking that you're looking for too much in a home router -- (BTW You can get home routers + firewalls for $10.00 and shipping now after rebate from Tiger. (I think I read about that at openacs.))

    You want, a lot.

    But check out /. today, someone's got a linux distro for a linksys wireless broadband router. 80211g and only one broadband connection.

    Wow, that's just about what you want! Inexpensive but brand name hardware and r0ll your 0wn linux goodn3ss!

    Posted by Andrew Piskorski on
    Jerry, hacking the Linksys WRT54G router like that is certainly interesting, thanks for pointing that out. But I don't want to do that. For that matter, I don't want to build own Linux router out of old PC parts either, although presumably I could. I just want a toaster-like box that works, preferably also with no fans to fry, no hard drives to crash and be corrupted, etc. etc.

    Keep in mind that roughly the whole second half of my bullet list above are basically "nice to have if it's available, but I doubt that all this is available" features. Cool features like running scripts on the router would be nice. But reliability is much, much more important.

    Usefully handling two broadband WAN connections would also be much more important. In particular, since I know there are products out there that do that, I'd like to find out more about how well they work. But if I don't, so far it sounds like my fallback plan is to buy a standard one-WAN-port Linksys, ditch the D-Link, and see if that works more reliably. Two WAN connections sounds awfully attractive, though... (Heck, if both cable modem and DSL are available at all, in most areas both together probably cost less than buying cable TV plus HBO and the other pay stations.)

    Posted by Jerry Asher on
    I almost completely agree with you.  Five years ago, I picked up a sonicwall, a pretty reasonable home router + firewall for cough, hundreds of bucks.  And I got that because I didn't want to convert an old, noisy, power hungry PC into a router, and I didn't want to spend my time babysitting it.

    And it's been good.  Silent.  Of all things, once a bug in the Sonicwall's understanding of HTTP exploited by ACS 3 was fixed, it stopped crashing (needed a CR only got a LF).

    But it has had bugs, it came with a limited number of hosts licenses I could put on my lan (price discrimination to get me to buy the more expensive model), and it hasn't stood the test of time in terms of being a modern DHCP host (understanding for instance how to remap port translations when hosts come on line at different DHCP given addresses.)

    I think a linux distro on good home router hardware is ideal.  Small footprint, no fan, i/o and peripherals intended for the job.  And linux seems stable enough for the job as a router.

    No weird CISCO OS to learn, deal with, pirate, upgrade, ....

    Here's why I really like it.  I would like to give these things away to libraries.  Libraries have limited budgets but all sorts of requirements so right now many small public libraries have tens of thousands of dollars budgeted for PCs and internet access and yet they cannot find the $80 for a WAP that would enable two to four times as many users to use their resources as they have now.  And by the time you toss all their concerns and requirements into the pool you're left thinking that they really do want a boingo like WAP + server authentication system.

    At $150 a pop, I'd be johnny wifiseed giving the damned things to the libraries where I want access.  But at $1,000 a pop, plus the reality that they won't install it as they don't have enough control over it, it just becomes a wish for the future.

    The problem with most home/home office wifi broadband routers is that it's very hard to put a wifi authentication scheme on it that doesn't require a separate linux server.  So you can either try to keep everyone out but one or two machines you manually set up, or you can just open it to everyone.  And at the library you want to block port 25 to some folks, maybe everyone, but maybe just some folks.  And you want some folks packets to head straight for the gateway, but you would like other folks to have different policies, or to be able to use VPNs.

    I would love to play with this linksys and put a wifi authentication/ip tables rewriting system on to it, perhaps using storage on an NFS's exposed network drive, perhaps just using RAM.  That would be the perfect low cost, low maintenance wifi router for libraries and places where they need some wifi authentication but also need very low sysadminning.

    Oh well.

    Posted by Andrew Piskorski on
    Jerry, if you do that, let me know, I will probably want to buy one from you.  :)
    Posted by Andrew Piskorski on
    Oh, and a WiFi authentication scheme that does require a separate Linux server is ok for my needs in at least some cases. So if you happen to have links or tips for that handy, please post. (I haven't looked into or even googled that yet though.)
    Posted by Jerry Asher on
    For wifi authentication servers, google for nocat. The nocat folks themselves can be found at where they are "developing NoCatAuth, the centralized authentication code that make shared Internet services possible."

    There are others too.

    Why no cat? Albert Einstein, when asked to describe radio, replied: "You see, wire telegraph is a kind of a very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Do you understand this? And radio operates exactly the same way: you send signals here, they receive them there. The only difference is that there is no cat."

    Posted by Andrew Piskorski on
    I imagine there must be some combination of Cisco router hardware that would support dual WAN access (both cable modem and DSL) for a home office, and there's all sorts of used Cisco equipment on Ebay. But, Cisco's product line is utterly cryptic, and I haven't the slightest idea how to figure out what, if any, Cisco hardware would let you do a dual WAN setup. So no idea what it might cost either.
    Posted by Michel Henry de Generet on
    Surfing the web about this, I found it could be great to build a mini linux system using
    • VIA EPIA CL Mainboard miniITX with 2 RJ-45 LAN port (17cm x 17cm card)
    • one WIFI PCI card
    • one IDE flashcard drive as the booting device
    • some memory
    • a case and a power supply.

    Maybe overkill for such usage...

    Posted by Andrew Piskorski on
    Looks like Jerry's wish already came true some time ago. Since it runs Linux, many people have been hacking the Linksys WRT54G. Sveasoft's alternate firmware gives you ssh and a whole lot of other stuff, and appears to be quite popular. (Googling showed that Cringely gave it some publicity recently too.) Apparently there are other Linux distros for the blue box too.

    At least one guy is sort of running NoCatSplash from RAM (but not yet from flash) directly on his WRT54G. I think that's just the front-end though, I wonder if anyone is also running the back-end user/password stuff all on the WRT54G.

    And now I'm wondering whether anyone's running the back-end all of and what sort of software it would take to chain two WRT54G's together in order to intelligently use two WAN connections - good bandwith sharing and automatic failover between both a cable modem and a DSL connection, for instance.

    Posted by Andrew Piskorski on
    Hm, seems you can get an Edimax BR-6541 router with four WAN ports for $250, or the similar BR-6524 dual WAN model for $144. I could only find one review of these, but he does mention a QOS feature which keeps ssh sessions lag-free even during large downloads. Looks promising. No idea how it works internally though, and unlike the (single WAN port only) Linksys boxes, no detectable hacking community surrounding it.
    Posted by Jonathan Ellis on
    mmm, lag-free ssh...

    I'm developing technolust.

    Posted by Jade Rubick on
    Janine, the Linksys/Apple issues have been resolved:

    Posted by Andrew Piskorski on
    I've been using the Edimax BR-6524 dual WAN router for a while now. It seems to basically work fine, however, I have not really tested out its QOS or dual WAN features much yet.

    One thing it does not seem to have is any easy way to say, "Heh router, please send this particular request out over WAN 2, not WAN 1." That can be important, because I've noticed some latency sensitive applications (rdesktop, VNC) perform noticeably better over DSL than cable modem.

    The router does let you statically map particular LAN IP addresses to different WAN interfaces. That's a pretty blunt instrument, but I know it's possible to assign multiple IP addresses to a single ethernet interface in Linux. So, maybe I can do that, then somehow control which IP address gets used on the Linux box, whenever I invoke wget or the like.

    A few other fancy features of this router that I've noticed:

    • It works as an NTP client, but unfortunately you can only give it one NTP server to talk to, and you must enter the IP address of the server, not a host name.
    • It is set up to dynamic DNS with either or, but I haven't tried that.
    • A stateful packet inspection firewall feature, which I also haven't tried.

    Unfortunately, AFAICT you can't telnet or ssh to this router, the only way to configure it is via its web UI. No SSL on the web UI, just plain http. Also, you can't even see the router status page unless you first type in the admin password, which is foolish and annoying.

    Posted by Jonathan Ellis on
    Thanks for the update.

    Now I just need to convince my wife that I need a second broadband line... :)

    Posted by Andrew Piskorski on
    Jerry, you might want to check out the Click modular Open Source router from MIT.

    Interestingly, the MIT Roofnet project is using Click for real-world wirless 802.11 mesh networks (not running on Linksys WRT54g boxes though).

    Posted by Jaime Presley on
    My LinkSys Router constantly drops the connection to my cable modem. I'll NEVER buy another LinkSys.

    Coincidentally my son bought a LinkSys and had the same problems. Its so darn irritaing. He threw his away. And I'm going to do the same.

    There are long threads on the web about Linksys routers dropping connctions. it happens sometimes every two minutes. I'd rather be on a dial up that stays connected than a LinkSys attached to my high speed cable.

    At least it would be reliable.

    Posted by Gilbert Price on
    I've been using Netgear Wireless (4 - Port Wired) routers for the past 4 years or so. I moved from a 4 port Linksys and haven't had a bit of trouble from the Netgear...
    Posted by Robert Taylor on
    We use linksys ddwrt-54gl routers with DD-WRT latest firmware flashed onto it.

    Definately the best way to go ... having a customizeable linux on a cheapy router will give you quite a bit of wiggle room if you want to add tools to it and make it do funky things.

    Posted by MaineBob OConnor on
    Just wanted to share my experience... I've been using Linksys gear for years now with two wireless routers set up on my home network. One does the DHCP for the whole network, the latest one is WRT54G and yes initially there were problems solved with firmware upgrades... I connect to roadrunner cmodem and my laptop is often connected ssh (secureCRT) to a linux server for days without dropping the connection. I think my record is 7 days of solid connection wirelessly.