ip address on lan getting hijacked
Bart Silverstrim
bsilver at chrononomicon.com
Mon Jun 2 13:34:19 UTC 2008
Rashkae wrote:
> Bart Silverstrim wrote:
> All kinds of fun stuff. A few idea from the top of my head:
>
> Ability to track connections with true conntrack, as opposed to the
> default router behaviour of timing out NAT entries after so many
> minutes.. (If you have apps that needs to keep an open tcp connection
> and don't have keep-alive packets, this is important)
Nice, but not a feature I'd need right now...
> Custom IP tables for security. For example, I recently had one client
> who needed to share their internet with WIFI, but the internet was also
> connected to their internal network which must not be accessible to the
> wifi users.. Utimately, all the SOHO routers were unable to block all
> traffic from crossing between the networks while sharing internet, so I
> ended up building an old discarded computer into a router. However, I
> think Linksys OpenWRT would have been a better solution overall.
Ah, true enough feature, but one I don't need as a home user :-)
I'm glad it worked, and if forced to do so because of budget I'd
probably look at doing that. I would also point out that when
configurations start getting that complicated, for a business
especially, I'd look at having them get a higher end specialized
firewall or router. I don't know if the OpenWRT hardware would deal well
with a lot of traffic for extended periods of time with that setup.
Part of the reason I say that is because even with "normal" use, it's
not uncommon for SOHO routers to crap out and need a restart when they
start acting weird (for example. wired systems working fine, but my
wireless will drop out with the clients acting like they have proper
configurations and can release/renew addresses fine...just can't
actually route out). I have trouble trusting $50 hardware with critical
use in a business setting. I'd much rather build a dedicated PC and use
Linux as a router for peace of mind rather than the SOHO with a brain
transplant, unless the OpenWRT community has experiences to the contrary
with handling loads better and knowing it's a software, not hardware,
limitation.
> I've never done it, but I can only speculate that OpenWRT has an option
> for traffic shaping, so you can prioritize priority protocols (like
> VoiP, or telnet, or whatever) to prevent other clients from flooding the
> cable/dsl modem with bandwidth blocking upstream traffic.
I don't know either. My reservation would be processor power available
to handle the shaping, but again, I don't have experience in it and
can't declare that it's not perfectly usable for this purpose rather
than dedicated hardware.
More information about the ubuntu-users
mailing list