ip address on lan getting hijacked

Bart Silverstrim bsilver at chrononomicon.com
Mon Jun 2 13:34:19 UTC 2008

Rashkae wrote:
> Bart Silverstrim wrote:

> All kinds of fun stuff.  A few idea from the top of my head:
> Ability to track connections with true conntrack, as opposed to the
> default router behaviour of timing out NAT entries after so many
> minutes.. (If you have apps that needs to keep an open tcp connection
> and don't have keep-alive packets, this is important)

Nice, but not a feature I'd need right now...

> Custom IP tables for security.  For example, I recently had one client
> who needed to share their internet with WIFI, but the internet was also
> connected to their internal network which must not be accessible to the
> wifi users.. Utimately, all the SOHO routers were unable to block all
> traffic from crossing between the networks while sharing internet, so I
> ended up building an old discarded computer into a router.  However, I
> think Linksys OpenWRT would have been a better solution overall.

Ah, true enough feature, but one I don't need as a home user :-)

I'm glad it worked, and if forced to do so because of budget I'd 
probably look at doing that. I would also point out that when 
configurations start getting that complicated, for a business 
especially, I'd look at having them get a higher end specialized 
firewall or router. I don't know if the OpenWRT hardware would deal well 
with a lot of traffic for extended periods of time with that setup.

Part of the reason I say that is because even with "normal" use, it's 
not uncommon for SOHO routers to crap out and need a restart when they 
start acting weird (for example. wired systems working fine, but my 
wireless will drop out with the clients acting like they have proper 
configurations and can release/renew addresses fine...just can't 
actually route out). I have trouble trusting $50 hardware with critical 
use in a business setting. I'd much rather build a dedicated PC and use 
Linux as a router for peace of mind rather than the SOHO with a brain 
transplant, unless the OpenWRT community has experiences to the contrary 
with handling loads better and knowing it's a software, not hardware, 

> I've never done it, but I can only speculate that OpenWRT has an option
> for traffic shaping, so you can prioritize priority protocols (like
> VoiP, or telnet, or whatever) to prevent other clients from flooding the
> cable/dsl modem with bandwidth blocking upstream traffic.

I don't know either. My reservation would be processor power available 
to handle the shaping, but again, I don't have experience in it and 
can't declare that it's not perfectly usable for this purpose rather 
than dedicated hardware.

More information about the ubuntu-users mailing list