ip address on lan getting hijacked

Rashkae ubuntu at tigershaunt.com
Mon Jun 2 13:22:04 UTC 2008 

Bart Silverstrim wrote:
> Derek Broughton wrote:
>> Bart Silverstrim wrote:
>>
>>> Derek Broughton wrote:
>>>> Reconfigure?  Don't you have backups of the settings?  Get a Linux
>>>> router,
>>>> and treat it just like your PCs.  If mine fails, I'll just drop the
>>>> config files from this one onto the next one.
>>> This is one way to do it, I'm talking about dropping in a SOHO router to
>> So am I.  There are a few different Linux routers available.  I currently
>> use the older Linksys WRT54Gs (before they lost their minds and went
>> proprietary), but if you check the OpenWRT website, you'll see they support
>> Netgear, D-Link and ASUS models, too.
>>
>>> The router I have now handles my wired network (it's a switch), my
>>> wireless, a bank of DHCP serving, and routing, and cost in the
>>> neighborhood of $50 or $60 bucks, and won't need a keyboard or mouse or
>>> monitor if something goes snarfed.
>> My Linksys routers cost about the same, and are no more difficult to
>> maintain - but they give me the added ability to get right into the
>> software guts.
> 
> To do what?
> 
> I'll ask the same thing of you that I expect from vendors that like to 
> keep calling me at work. What will OpenWRT do above and beyond the basic 
> default system that makes it worth the extra effort of altering the 
> firmware?
> 
> 
> 

All kinds of fun stuff.  A few idea from the top of my head:

Ability to track connections with true conntrack, as opposed to the
default router behaviour of timing out NAT entries after so many
minutes.. (If you have apps that needs to keep an open tcp connection
and don't have keep-alive packets, this is important)

Custom IP tables for security.  For example, I recently had one client
who needed to share their internet with WIFI, but the internet was also
connected to their internal network which must not be accessible to the
wifi users.. Utimately, all the SOHO routers were unable to block all
traffic from crossing between the networks while sharing internet, so I
ended up building an old discarded computer into a router.  However, I
think Linksys OpenWRT would have been a better solution overall.

I've never done it, but I can only speculate that OpenWRT has an option
for traffic shaping, so you can prioritize priority protocols (like
VoiP, or telnet, or whatever) to prevent other clients from flooding the
cable/dsl modem with bandwidth blocking upstream traffic.

More information about the ubuntu-users mailing list