dslreports logo
site
spacer

spacer
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


view:
topics flat nest 
Comments on news posted 2012-03-20 16:14:57: Router lockups have been a problem for me ever since I got my first 802.11G Router in 2004. ..

prev page · 1 · 2 · 3 · 4 · next


espaeth
Digital Plumber
Premium,MVM
join:2001-04-21
Minneapolis, MN
kudos:2
reply to bdnhsv

Re: Great article

The ClearOS development team has put together some very clever solutions for packet handling within Linux. I actually followed a lot of their ideas when I scripted together my personal solutions for things like multiwan handling.



tenpin784
I Went To The Dark Side?

join:2001-03-30
Brierfield, AL

Plain old Ubuntu

I am running a plain jane installation of Ubuntu for my router, on an old laptop. I have an onboard 10/100 NIC for the WAN, and put in a 10/100/1000 expresscard NIC for the LAN. Not only is this my router, it is also the media server for my PS3.
--
Dream as if you'll live forever, live as if you'll die today.

Disclaimer: These are MY comments, my employer cant be held responsible.


bdnhsv

join:2012-01-20
Huntsville, AL
reply to espaeth

Re: Great article

I think it rocks. I find new things I can do with it all the time, and the moderators and developers on their forums are very active and helpful. I've had much better performance since I switched, but I do have to say that I spend a little more time maintaining my COS UTM - in particular the intrusion prevention (aka snort) turns off sometimes when my cable modem flaps - but it's easy enough to turn it back on.


Emiya

join:2006-03-30
Southington, OH

1 recommendation

reply to 45612019

Re: What is this guy talking about?

Uh-huh. Lets see you run Snort on that. DD-WRT is great for turning a Linksys into a ghetto managed switch with an access point but it's implementations of just about everything have a lot of bugs in it. Even running Optware your still lacking a lot of features like intrusion detection.

QoS is barely usable when it's not broken. Your lacking the ability to throttle individual IPs or subnets, unless you want to get into some advanced scripting.

Also, unless your running Kong's builds, WAN routing throughput sucks and if you've got more than 50mbps down DD-WRT will be a bottleneck. Tomato is superior in this respect.

Don't get me wrong, it's fine if it works for you. My wireless AP is a E3000 with DD-WRT, but compared to my pfSense box it's a toy. Just because it fits your needs doesn't mean there is no room to improve for users who have the skills or those looking to learn.


elefante72

join:2010-12-03
East Amherst, NY
reply to bdnhsv

Soekris Engineering

Soekris engineering has been doing this for a very long time. You can add wireless modules to them if you want. Mine takes 5 watts.

Website still is crappy after all these years...

Soekris.com

Since they use x86 procs normal distros and router software mentioned works.

Go check it out.


Emiya

join:2006-03-30
Southington, OH
reply to majortom1029

Re: pfsense and untangle

I'll second pfSense. I'm running it on a Dell PowerEdge 1850 with dual Xeon 3.2 processors and 2GB of RAM. Sure it makes a bit more noise in my bedroom than a Linksys but heck, it's worth it. I run Snort (intrusion detection) with a lot of rules in the highest performing memory mode without choking it.

I like the easy Certificate generator which makes setting up OpenVPN a lot easier. The traffic shaping works a lot better than anything else I've used, especially if you use the wizard to set up the queues. Another benefit is using it as a DNSSEC resolver with Unbound.



cdru
Go Colts
Premium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7
reply to espaeth

Re: Not worth it

said by espaeth:

Newer hardware is significantly better, particularly the Intel Sandybridge CPUs. A G630T system w/ DDR3 ram, SSD storage, and high efficiency power supply will idle around 20W and absolutely obliterate an Atom processor in benchmarks. Most handy if you want to run snort and other services on the box.

Wait...you're suggesting using that hardware for a router? Crap. I just had almost that exact same hardware (G620T instead of the G630T) delivered today as my entire HTPC.


David
hours are m-th 1130-10p central
Premium,VIP
join:2002-05-30
Granite City, IL
kudos:96
Reviews:
·DIRECTV
·AT&T Midwest
·magicjack.com
·Google Voice

Dual Wan applications

I have been looking at PFsense for a while now, which others in the article would be able to do Wan1 and wan2 failover or load balance?

For my dd-wrt router currently I have an AMD athlon 1.4Ghz with 256MB ram.

According to PFSense's minimum requirements this would be good for a while.

Ryan711 is correct you get a lot more building your own then buying out of the box. I got tired of lockups and such and wanted WOL, and traffic metering (make sure I don't cross the cap). I also wanted Dual-Wan so I can be on my neighbor's network as need be (always breaking something on his machine or installing something) and I don't need to go beating on his door to work on the pc remotely.

Things I am looking for

traffic metering (for caps purposes)
Dual Wan with/and fail over and or load balancing
WOL (wake on lan)
--
If you have a topic in the direct forum please reply to it or a post of mine, I get a notification when you do this.
Koetting Ford, Granite City, illinois... YOU'RE FIRED!!


BiggA

join:2005-11-23
EARTH
reply to belawrence

Re: Not worth it

That makes more sense. A full Pentium system doesn't. The best would be one of those fanless VIA systems that you can get down to about 8 watts.



Snakeoil
Ignore Button. The coward's feature.
Premium
join:2000-08-05
Mentor, OH
kudos:1

Thank you

Thanks Ryan711, some interesting info there. I may give it a whirl, as I have an old P3 ^00 laying around.


chgo_man99

join:2010-01-01
San Jose, CA
Reviews:
·AT&T U-Verse
·Mediacom

Where is recommendation for best used Cisco router

with switch for power home user? Chances are if you have WAN connection with less than 20MB/s and don't require LAN faster than 100mb, u can get very decent quality Cisco routers with advanced IOS features.

Of couse for those new Cisco guys/gals who might find it useful to have Cisco gear for other uses than lab. As long as you understand IOS and commands, u can configure a lot depending on firmware version.

And you don't necessarily need 2 NIC cards. You can run network on 1 NIC if you have managed switch that can run VLANs.


severach

join:2002-09-12
Jackson, MI

Router lockups

A few fixes and mods makes many formerly unreliable models crash free. Using quality parts gets me off the 2 year replacement cycle.



Noah Vail
Son made my Avatar
Premium
join:2004-12-10
Lorton, VA
kudos:2
Reviews:
·Bright House
reply to pnh102

Re: pfSense

said by pnh102:

every time I've run in on an AMD-based CPU, weird things happen,
I was wondering if anyone else had similar problems.

I have 2 running x64 version - 2.01 and 2.1 dev and both are stable.



--
The Dark Tower's Skynet evolves from 4chan.


KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK
reply to ConstantineM

Re: Pentium 4 3GHz is the worst hardware for a home router

Click for full size
You guys ever heard of the RaspberryPi? Unfortunately it only has one NIC, however. Still, hardware similar to this.... could surely fit the bill.
--
"Fascism should more properly be called corporatism because it is the merger of state and corporate power." -- Benito Mussolini


Noah Vail
Son made my Avatar
Premium
join:2004-12-10
Lorton, VA
kudos:2
Reviews:
·Bright House

1 recommendation

reply to ConstantineM

I run a Pentium 4 3GHz HT for my home router

But then I have a mail server here and 2 Hyper-V servers hosting 12 VMs that users RDP into.

My pfSense router is on an old Dell P4HT that absolutely rocks in performance.

It fends off between 15k and 50k spam attempts every day.

I can have multiple instances of uTorrent with the QoS keeping my VoIP and RDP solid 100% of the time.

My uTorrent and Spam blocking require just under 500k CIDRs tabled in memory. They get referenced against most every packet.

At the same time I have squidGuard running as a content proxy and Unbound delivering DNSSEC to every machine here.

All the while my CPU avgs ~4-8%. I'm not sure an Atom would keep up with the demand.



--
The Dark Tower's Skynet evolves from 4chan.

bn1221

join:2009-04-29
Cortland, NY
reply to chgo_man99

Re: Where is recommendation for best used Cisco router

I like the Checkpoint Edge/ Safe@office line of UTMs. 14Ws and you can get them reasonably cheap on Ebay.



Routers4U

@bell.ca
reply to severach

Re: Router lockups

I have a dual atom board, 2 1 gig ethernet ports, ssd and 2gb ram. This thing pairs nicely to my 24 port switch. I run multiple subnets, 4 different isps (WAN). Load balanced, failover. Even a vpn into a diffent country for geoip reasons setup as a 5th gateway. I have a guest vlan, that I throtlle and limit p2p on. It current handles 390000 states, but that is the default max, I have no idea how many it can handle. I can country block/permit on firewall rules. I'll be adding dns and ids and vaps to it soon. all in a tiny 1 u case router on a stick config. pfsense is the best router I have ever had and I've had a few more expensive consumer/commercial ones that I have found lacking one way or the other.


coreyography
Premium
join:2010-01-15
Clute, TX

Yet another take

OpenBSD on a Soekris. No web GUI (don't need one), but 10-minute install and the most advanced version of pf available. (Heck, OBSD pf is arguably the most advanced open-source firewall extant; I have yet to come across a commercial home router or a linux distro that let me prioritize TCP ACKs, which truly does wonders for responsiveness while heavy downloads are going on.). It's running a SOCKS proxy, local split DNS with external caching resolver and internal authoritative DNS, and Snort (mostly to play with). For DSL speeds the Soekris can handle it all.

Not sure I'd do the Soekris again; it works, and I admire the guy designing it and all, but it still has kind of a "garage-built" feel to its documentation, and they've had a few hardware design issues (though to their credit they've offered fixes). A mini-ITX Atom system would be more flexible and probably cheaper.

For wifi I have OpenWRT on a Netgear WNDR3700. OpenBSD does wifi, but the Linux access-point implementation is better at the moment. It's also a backup firewall; since I'm too cheap to run CARP'd redundant firewalls at the moment, I can plug the Netgear directly into the DSL modem temporarily if I need to work on the Soekris.

Total power draw: 25W.



geeknik

join:2000-04-30
Luther, OK

Hmm.

pfSense and m0n0wall are based on FreeBSD, not Linux. I didn't bother reading all of the replies, so my apologies if this has already been pointed out. =)



Simba7
I Void Warranties

join:2003-03-24
Billings, MT
reply to espaeth

Re: My Router

I'd love to cache the DNS root servers. Seems that the gov't owns them and can do whatever they want with them.


willr

join:2012-02-26
High River, AB

I find myself greatly curious how much problem's you'd have browsing with even just 1month old records.



espaeth
Digital Plumber
Premium,MVM
join:2001-04-21
Minneapolis, MN
kudos:2
Reviews:
·Vitelity VOIP
reply to Simba7

said by Simba7:

I'd love to cache the DNS root servers. Seems that the gov't owns them and can do whatever they want with them.

*sigh*

»www.root-servers.org/


Noah Vail
Son made my Avatar
Premium
join:2004-12-10
Lorton, VA
kudos:2
Reviews:
·Bright House

1 edit

One more Distro: IPFire - Lightest weight - Works w/Hyper-V

IPFire is an option worth considering.

quote:
Requirements are minimal: an Intel Pentium I compatible CPU (i586), 128 MB RAM, and 1GB disk space.

For routing, at least 2 network interfaces are required.
It will run as a Hyper-V guest without any special integration tools.
Actually, it was the only distro I could get to run under Hyper-V - way back when.

Below is the text from their feature page.
You can find a list of selected addons below. Or take a look to the List of all Addons!
File Server
 
    The Samba addon offers a fast file server for Windows or heterogeneous networks.
 
    The NFS server offers the possibility to share files over the network.
 
    CUPS is a standard, open source, printing system over the network.
 
Mail Server
 
    The Mailserver that IPFire uses, is a mixture of Cyrus-IMAPd, Postfix and Openmailadmin.
    Additionally you can choose: Fetchmail, Spamassassin and ClamAV or other virus scanners.
 
Multimedia
 
    MPFire (TESTING) adds jukebox features to IPfire.
    Icecast streams the output of MPFire to the network.
    Gnump3d is a server for streaming MP3- and OGG-files.
    VDR (TESTING) is a video recording / streaming server for digital TV cards.
    Videolan (TESTING) The VLC player is a streamingserver solution - see more at : http://www.videolan.org
 
Voice over IP
 
    Asterisk (TESTING) is the ideal platform for Voice over IP - have a look at: http://www.asterisk.org/
    Teamspeak offers you your own VoIP communication server at home. Brilliant for SWTOR or WoW Raids ;-) - find more at: http://www.teamspeak.com. (It is also possible to install a Teamspeak 3 Server)
 
Security
 
    Guardian analyzes Snort-files and ssh-Logfiles and blocks the Source IP (so the IDS can be upgraded to an IPS).
    Tripwire is a Host-Based IDS System, t.m. it monitors local changes.
    Lynis is a Commandline Auditing Tool for a local scan of system and software.
    Cryptsetup with Cryptsetup and the Kernel Module “dmcrypt”, is it possible to create encrypted devices.
    PPTP (TESTING) VPN access through PPTP.
    mdadm (TESTING) With mdadm is it possible to create software RAID devices.
 
P2P-Clients
 
    RTorrent Bittorrent Client for ncurses written in C++ : it's small and fast.
    Transmission A Bittorrent Client with webinterface.
 
Miscellaneous
 
    Sane allows you to scan documents via the network with a webinterface.
    Qemu virtualization for guest OSses in IPFire - 64bit hardware and Hyper-V is recommended.
    Dirvish is a backup solution for IPFire (no regular IPFire addon!!!).
    TinyWebGalerie is a free PHP based WebGallery for IPFire.
    Apcupsd is a tool to monitor APC's Uninterupted Power Supplies (UPS).
    NUT TESTING Network UPS Tools.
    miau a bouncer for the IRC network.
    watchdog TESTING Watchdog daemon.
    pound TESTING Reverse proxy and load balancer.
    Tftpd IPFire as a Tftpd server.
    SideMenu EX Extension of IPFire´s Side menus (not a regular IPFire Addon!!).
    BackupPC Backup solution with webinterface (not a regular IPFire Addon!!!).
    Cacti Tool for visualization of network data with RRDtool and SNMP.
    Nagios powerful tool for the monitoring of complex IT infrastructures.
    EGroupware EGroupware is a powerful communication solution for companies and groups (not a regular IPFire Addon!!!).
    Xen Paravirtualization of guest operating system
    mdns-repeater - mDNS repeater daemon (in progress)
 
Networktools (command-line)
 
Some tools to optimize your network and for trouble shooting
 
    iperf test your network speed (LAN oder WLAN).
    bwm-ng is a bandwidth monitor
    nmap is a versatile (and very mighty) ip/port scanner - see: http://nmap.org for further details
    tcpdump is a tool to watch and control your network connections
    iftop is a realtime bandwidth monitor
    traceroute is a network tool used to follow your packets through the internet
    Wireless IPFire with hostapd
 

--
The Dark Tower's Skynet evolves from 4chan.


Noah Vail
Son made my Avatar
Premium
join:2004-12-10
Lorton, VA
kudos:2
Reviews:
·Bright House
reply to espaeth

Re: My Router

said by espaeth:

said by Simba7:

I'd love to cache the DNS root servers. Seems that the gov't owns them and can do whatever they want with them.

*sigh*

»www.root-servers.org/

They'll all be Owned by Anonymous any day now - or right after Ron Paul assumes the Presidency.
--
The Dark Tower's Skynet evolves from 4chan.


michieru
Premium
join:2009-07-25
Miami, FL
reply to cowboyro

Re: In the end it's cheaper to just buy a good router

Same here, I have a DIR-628 from D-Link with default firmware and it has been running for months and recently took it down to simply install a new UPS I bought.



jelabarre59

@comcast.net

Wake-on-lan

Nothing in the review about how well any of these support wake-on-lan. Perhaps any of them will work, but haven't seen it listed on the spec pages for most of the router distros listed here (other than m0m0wall). Would like to be able to leave my system at home off most of the time, yet be able to power it on from work


Joe12345678

join:2003-07-22
Des Plaines, IL
reply to ConstantineM

Re: Pentium 4 3GHz is the worst hardware for a home router

USB E-net is a big cpu hog and no way to get gig-e out of that.


lanforallA4

join:2011-03-25

Router alternative for a DIY router

I run an RV110W from Cisco. For $80 it does everything I need.


ConstantineM

join:2011-09-02
San Jose, CA
reply to KrK

RaspberryPI is a bunch of BS and binary blobs from Broadcom

RaspberryPI is a bunch of BS with no documentation and, subsequently, no open-source support (if you don't believe it, google what Theo de Raadt had to say about it).

If anything, the standard arm linux off-the-shelf routers are more available and are both cheaper and have better support than RaspberryPI.

The advantage of going x86, however, is that most of the router solutions featured over here don't run on the off-the-shelf arm-based routers at all. Most people praise pfSense (based on FreeBSD) or straight pf on OpenBSD, and both require x86 (unless you have some rare non-x86 hardware like landisk that OpenBSD does support, too). Personally, I think netbooks (w/ USB GigE sticks) is as best as you can get to the state-of-the-art DIY home router for the average home, both in terms of open architecture, price, space, power consumption, flexibility and, last but not least, the free integrated UPS. (-: (Of course, if you are a true power hungry user or simply have real broadband internet (like nearly noone in the US has — 18/1.5 is not broadband), a netbook processor and USB GigE may easily be the bottleneck.)

I'm looking forward to the time when someone will come up with a USB 3.0 to 4-port GigE switch, as well as USB 3.0 making it onto the netbooks. (-:



David
hours are m-th 1130-10p central
Premium,VIP
join:2002-05-30
Granite City, IL
kudos:96
Reviews:
·DIRECTV
·AT&T Midwest
·magicjack.com
·Google Voice
reply to jelabarre59

Re: Wake-on-lan

said by jelabarre59 :

Nothing in the review about how well any of these support wake-on-lan. Perhaps any of them will work, but haven't seen it listed on the spec pages for most of the router distros listed here (other than m0m0wall). Would like to be able to leave my system at home off most of the time, yet be able to power it on from work

You and me both... that is where m0n0wall shines and dd-wrt excels I think. I needed WOL and wanted a bandwidth meter. dd-wrt fitted the bill here. as far as I know dd-wrt doesn't do dual wan which I kind of wish they would.

Now I am looking for a requirement for the following

• bandwidth metering on Wan1 and Wan2
• Wake on Lan
• static DHCP (seems to be a theme with most of them)

Since everyone here uses webmail only (no, no email servers here, either they use yahoo webmail, gmail, aol Imap, or ISP email. Primary seems to be gmail.
--
If you have a topic in the direct forum please reply to it or a post of mine, I get a notification when you do this.
Koetting Ford, Granite City, illinois... YOU'RE FIRED!!