dslreports logo
 
    All Forums Hot Topics Gallery
spc
view:
topics flat nest 
Comments on news posted 2012-03-20 16:14:57: Router lockups have been a problem for me ever since I got my first 802.11G Router in 2004. ..

page: 1 · 2 · 3 · next

bdnhsv
join:2012-01-20
Huntsville, AL

bdnhsv

Member

Great article

That's a great article. I would also recommend ClearOS to anyone researching this sort of thing. I've been using it for a long time now and it has a lot of useful features.

delusion ftl
@comcast.net

delusion ftl

Anon

Re: Great article

Plus one to clear OS. Great for home DIY and small business users.

UHF
All static, all day, Forever
MVM
join:2002-05-24

UHF to bdnhsv

MVM

to bdnhsv
+1 Been running ClearOS/Clarkconnect for 10+ years, since version 0.6.

SpaethCo
Digital Plumber
MVM
join:2001-04-21
Minneapolis, MN

SpaethCo to bdnhsv

MVM

to bdnhsv
The ClearOS development team has put together some very clever solutions for packet handling within Linux. I actually followed a lot of their ideas when I scripted together my personal solutions for things like multiwan handling.

bdnhsv
join:2012-01-20
Huntsville, AL

bdnhsv

Member

Re: Great article

I think it rocks. I find new things I can do with it all the time, and the moderators and developers on their forums are very active and helpful. I've had much better performance since I switched, but I do have to say that I spend a little more time maintaining my COS UTM - in particular the intrusion prevention (aka snort) turns off sometimes when my cable modem flaps - but it's easy enough to turn it back on.
elefante72
join:2010-12-03
East Amherst, NY

elefante72 to bdnhsv

Member

to bdnhsv
Soekris engineering has been doing this for a very long time. You can add wireless modules to them if you want. Mine takes 5 watts.

Website still is crappy after all these years...

Soekris.com

Since they use x86 procs normal distros and router software mentioned works.

Go check it out.

woody7
Premium Member
join:2000-10-13
Torrance, CA

1 recommendation

woody7

Premium Member

Nice Read

I have been using "nix" solutions for years. been experimenting, and by no means expert, but getting comfortable. I wish this article had been around when I started. I like Devil linux also
majortom1029
join:2006-10-19
Medford, NY

majortom1029

Member

pfsense and untangle

We use pfsense on our network here at work. we had to use it ebcause we have a 100/100 network and couldnt find a decently priced router that we could afford that can handle those speeds with 50 - 100 users all using it.

we have it running on a spare server (we had it running on a p4 desktop which was also able to handle the speeds) . IT runs beutifully.

We use untangle as our wireless network router and it hosts the captive portal. Its very user friendly but some of the more advanced features have to be paid for.

Software firewalls are great BUT keep in mind desktop pc's usually use more power then hardware routers.

JigglyWiggly
join:2009-07-12
Pleasanton, CA

JigglyWiggly

Member

Re: pfsense and untangle

I use pfsense it is the best thing ever. I have multiple internet connections, load balancing them, and failover to a DSL line and games go throught the DSL line.

So customizable and it's not even too hard to use!

untangle sucks do not use it. needs insane machine to run, slow, and not very configurable through the GUI.

ALso I am a home user, no IT experience or any of that crap. I actually dunt get the hype with Cisco when pfsense does everything and more. Vlans, vpn, all that stuff.
Emiya
join:2006-03-30
Southington, OH

Emiya to majortom1029

Member

to majortom1029
I'll second pfSense. I'm running it on a Dell PowerEdge 1850 with dual Xeon 3.2 processors and 2GB of RAM. Sure it makes a bit more noise in my bedroom than a Linksys but heck, it's worth it. I run Snort (intrusion detection) with a lot of rules in the highest performing memory mode without choking it.

I like the easy Certificate generator which makes setting up OpenVPN a lot easier. The traffic shaping works a lot better than anything else I've used, especially if you use the wizard to set up the queues. Another benefit is using it as a DNSSEC resolver with Unbound.
45612019 (banned)
join:2004-02-05
New York, NY

1 recommendation

45612019 (banned)

Member

What is this guy talking about?

I've had an Asus RT-N16 for years now and I'm a hardcore gamer. I push terabytes of traffic every month. I just checked and its uptime is 183 days. It's only an $80 router and it seems to be getting the job done just fine.

Just get one of these these things, toss DD-WRT on it, and call it a day.

Going to the effort of building your own router and configuring a Linux install is rather ridiculous for the home user. I am the definition of a power user and this stock router with DD-WRT has served me just fine.

MxxCon
join:1999-11-19
Brooklyn, NY
ARRIS TM822
Actiontec MI424WR Rev. I

1 recommendation

MxxCon

Member

Re: What is this guy talking about?

said by 45612019:

I am the definition of a power user and this stock router with DD-WRT has served me just fine.

that definition created by you.
Do you use ipsec point to point vpn tunnel? or 1:1 nat? how about outbound firewalling rules? captive portal? ldap authentication?
how many users are on your network? how big is your states table? how many concurrent connections do you have right now?

just because RT-N16+ddwrt is enough FOR YOU, doesn't mean everybody should be using it.

tomato
@rr.com

tomato to 45612019

Anon

to 45612019
Yep, awesome little white box. It only goes down quarterly when I reboot it to update the Tomato build (Toastman). QoS allows me to keep my VoIP line, web browsing, and gaming unaffected by BitTorrent traffic. I run an OpenVPN server off the box, which allowed me to shut off a PC I kept on for that purpose. Finally the print server means I don't have to keep that same PC on for network printing.
Emiya
join:2006-03-30
Southington, OH

1 recommendation

Emiya to 45612019

Member

to 45612019
Uh-huh. Lets see you run Snort on that. DD-WRT is great for turning a Linksys into a ghetto managed switch with an access point but it's implementations of just about everything have a lot of bugs in it. Even running Optware your still lacking a lot of features like intrusion detection.

QoS is barely usable when it's not broken. Your lacking the ability to throttle individual IPs or subnets, unless you want to get into some advanced scripting.

Also, unless your running Kong's builds, WAN routing throughput sucks and if you've got more than 50mbps down DD-WRT will be a bottleneck. Tomato is superior in this respect.

Don't get me wrong, it's fine if it works for you. My wireless AP is a E3000 with DD-WRT, but compared to my pfSense box it's a toy. Just because it fits your needs doesn't mean there is no room to improve for users who have the skills or those looking to learn.

Davesworld
join:2007-10-30
Thermal, CA

Davesworld

Member

Re: What is this guy talking about?

Snort? Why would you run Snort on anything? Most of the rules end up being bogus plus you waste 100MB of memory per monitored interface.

Quake110
Premium Member
join:2003-12-20
Ottawa, ON

1 recommendation

Quake110

Premium Member

Not worth it

I do not really see the purpose of having a Pentium 4 router for home internet connections. They're power hungry plus the cpu usage will be minimal at best, I mean, how many active torrents will someone have at once?

An ASUS RT-N16 router with the Tomato or DD-WRT firmware is more than enough in my opinion, your electricity bill will thank you.

odog
Minister of internet doohickies
Premium Member
join:2001-08-05
Atlanta, GA
Nokia BGW320-505

odog

Premium Member

Re: Not worth it

said by Quake110:

I do not really see the purpose of having a Pentium 4 router for home internet connections. They're power hungry plus the cpu usage will be minimal at best, I mean, how many active torrents will someone have at once?

An ASUS RT-N16 router with the Tomato or DD-WRT firmware is more than enough in my opinion, your electricity bill will thank you.

good point... I had no idea how much money I was spending until I switched back from a monowall box to a Netgear WNDR3700.... it was costing me about $10 a month to power it!

belawrence
They'll never let you in
join:2000-08-06
Santee, CA
ARRIS WBM760
(Software) pfSense
Ubiquiti UniFi AP

belawrence

Member

Re: Not worth it

My Atom-based pfSense w/Compact Flash storage, gigabit LAN + WAN ports, and 1GB RAM draws 14-18 watts, depending on the situation. It's worth it to me as I can't find a similar spec'd device that can run Snort, multiple ipsec tunnels, NUT, and QOS without needing constant reboots. The only time I reboot it is after one of the infrequent firmware upgrades.
BiggA
Premium Member
join:2005-11-23
Central CT

BiggA

Premium Member

Re: Not worth it

That makes more sense. A full Pentium system doesn't. The best would be one of those fanless VIA systems that you can get down to about 8 watts.

SpaethCo
Digital Plumber
MVM
join:2001-04-21
Minneapolis, MN

SpaethCo to odog

MVM

to odog
said by odog:

good point... I had no idea how much money I was spending until I switched back from a monowall box to a Netgear WNDR3700.... it was costing me about $10 a month to power it!

Newer hardware is significantly better, particularly the Intel Sandybridge CPUs. A G630T system w/ DDR3 ram, SSD storage, and high efficiency power supply will idle around 20W and absolutely obliterate an Atom processor in benchmarks. Most handy if you want to run snort and other services on the box.

I actually run my linux router image as a Xen VM on a box that I use for home NAS to get the biggest bang for the buck.

cdru
Go Colts
MVM
join:2003-05-14
Fort Wayne, IN

cdru

MVM

Re: Not worth it

said by SpaethCo:

Newer hardware is significantly better, particularly the Intel Sandybridge CPUs. A G630T system w/ DDR3 ram, SSD storage, and high efficiency power supply will idle around 20W and absolutely obliterate an Atom processor in benchmarks. Most handy if you want to run snort and other services on the box.

Wait...you're suggesting using that hardware for a router? Crap. I just had almost that exact same hardware (G620T instead of the G630T) delivered today as my entire HTPC.
intok (banned)
join:2012-03-15

intok (banned) to odog

Member

to odog
Are there not ARM builds for any of these? The newer models are getting quite quick, the Cortex-A15 is designed to be a 2.5Ghz quad core with a GPU that supports OpenCL, would make for a fairly high performance per watt box.

If not I'd look for board built around an AMD Z-03 or Z-01 for as low power an x64 system as you can really get.
BiggA
Premium Member
join:2005-11-23
Central CT

BiggA to Quake110

Premium Member

to Quake110
Exactly. This stuff is awesome, but you need something like a low-power Mini-ITX machine or a laptop to run it on.

cowboyro
Premium Member
join:2000-10-11
CT

3 recommendations

cowboyro

Premium Member

In the end it's cheaper to just buy a good router

The computer and distro may be free, but the electricity it uses isn't.
Even with only 50W used (old computer, minimal fans, no hard drive) it add up to 438kWh/yr. At the typical $0.11/kWh that's some $50/year - or up to $150/yr in expensive places.
It may be way cheaper in the long run to buy a quality router - or just install a custom firmware.

Oddly I've never experienced locking issues...


142 days puts it right at the snowstorm we had in October.

fifty nine
join:2002-09-25
Sussex, NJ

fifty nine

Member

Re: In the end it's cheaper to just buy a good router

I use an atom box, 20-25w tops. I can get it lower if I take out the hard drive and use a CF card.

I like using a pfsense router because it gives me maximum flexibility including a guest zone with layer 7 filtering (I filter out p2p on the guest LAN).

My ultimate goal is to get one of those plug computers and use that as a router. Fun.

michieru
Premium Member
join:2009-07-25
Denver, CO

michieru to cowboyro

Premium Member

to cowboyro
Same here, I have a DIR-628 from D-Link with default firmware and it has been running for months and recently took it down to simply install a new UPS I bought.

Davesworld
join:2007-10-30
Thermal, CA

Davesworld to cowboyro

Member

to cowboyro
You worry about 50 watts yet ignore how much power your refrigerator uses in KW not to mention the several hundred watts your TV uses? Electricity was a great discovery and it would be hell to live with a killjoy worrying about a damn 50 watts. This is akin to someone in a Hum Vee lecturing a person in a Geo Metro about ways to save fuel.

This supposedly cheaper to operate router with a wallwart power supply likely can only pass 20mbs or so through the firewall yet it probably still consumes more than you would think.

I'm sure your definition of good router is much different than mine. None that fit my definition are contained in a small plastic case.

My project is an adaptation of IPCop (IPCop is a fork from Smoothwall with many of the original Smoothwall devs) specifically for Cobalt x86 hardware. This is dubbed Raqcop. The Raq3 and Raq4 draw about 12 watts typically. The Raq4 with it's 450mhz processor can throughput as much as the 100mbs nic will allow and was the same going through the firewall as bypassing the Raq4 entirely. You'll never get a full 100mbs out of any 100mbs nic due to overhead. 92mbs usable is what we've seen.

The Raq550 with it's PIII 1.26mhz processor draws about 32 watts running Raqcop. The cobalts have always used mobile versions of the processors which only differ by using the thinner cores of the time thus requiring less core voltage for the same amount of work.

I had a few Raq3's that came with 300mhz processors. They draw as much as the Raq4's 450mhz due to the newer processor having a thinner core. I put K6-III's in them and resoldered the voltage and multiplier settings. The newer processor had a very thin core for the time and I had to drop the core voltage to 1.8. I set the multiplier at 5.5. I could get 600mhz by setting the multiplier to 2 as this is actually 6 on the later K6-II and III. I prefer firewall/routers to be headless yet have at least one pci slot and a character display such as you see on my avatar.
Angrychair
join:2000-09-20
Jacksonville, FL

1 recommendation

Angrychair

Member

The problem

Good article. Have had friends who ran low end linux machines as routers since the 90's. My problem with these is the power consumption.

Even the lowest end of normal computers tend to draw a significant amount of power more than appliance routers do. (~50+ watts for a headless linux machine compared to ~5 watts for an appliance)

Not to even mention your linux machine being used as a router is a target, unlike an appliance router.

A compromised linux machine is a real problem, so it just seems like a lot more admin work and power use than most people would want in the long run.

fifty nine
join:2002-09-25
Sussex, NJ

fifty nine

Member

Re: The problem

said by Angrychair:

Not to even mention your linux machine being used as a router is a target, unlike an appliance router.

A compromised linux machine is a real problem, so it just seems like a lot more admin work and power use than most people would want in the long run.

Isn't that what you have a firewall for?

I run Snort IDS on my firewall too.
Angrychair
join:2000-09-20
Jacksonville, FL

Angrychair

Member

Re: The problem

Yes, of course you have a firewall for intrusion protection, isn't that axiomatic? My point is it's just a point of extended risk compared to an appliance.

Davesworld
join:2007-10-30
Thermal, CA

Davesworld to Angrychair

Member

to Angrychair
said by Angrychair:

Not to even mention your linux machine being used as a router is a target, unlike an appliance router.

Excuse me? How is Linux running in your cheap appliance (almost all of them) less of a target? Your assertion makes absolutely no sense!

ropeguru
Premium Member
join:2001-01-25
Mechanicsville, VA

ropeguru

Premium Member

Great to see ASG listed

I use Astaro at home as I am a power user that runs my own web site and email server. I like having the virus scanning and spam filtering built in and the ability to lock down my network from inside out and outside in.

I will agree that it can be daunting, but for free and being able to learn a REAL firewall it is great.

BTW - You could run it on its own VM and not have to have dedicated hardware. I have done this and it works just fine.

SimbaSeven
I Void Warranties
join:2003-03-24
Billings, MT
·StarLink

SimbaSeven

Member

My Router

I have a Dual Pentium III @ 1GHz with 1GB of RAM and a 18GB Hard Drive. I am thinking of shoving in 4GB of RAM and caching the entire DNS root servers.

..I also have 2x Quad Port Sun Gigaswift cards, 2x Digital DE504's, a dual port Compaq NC3131, an old SMC 8432BTA 10BT/AUI/BNC card, and an Allied Telesyn AT-2560FX.. See below (Router).

This sucker handles DNS, DHCP, VPN, IPTables, Dansguardian, and a handful of other services. It runs Gentoo (at the moment) and runs rather well.

•••••

KrK
Heavy Artillery For The Little Guy
Premium Member
join:2000-01-17
Tulsa, OK
Netgear WNDR3700v2
Zoom 5341J

KrK

Premium Member

It's a great article

Good job.

And obviously this is if you need something more powerful or configurable then a regular stock home router.

I've had an excellent Netgear WNDR3700v2 for over a year and it's been excellent, (I've never had a router lockup) but my requirements are mundane and so that's fine.

Thumbs up this article!

pnh102
Reptiles Are Cuddly And Pretty
Premium Member
join:2002-05-02
Mount Airy, MD

pnh102

Premium Member

pfSense

I've used pfSense for quite some time and it is great. One odd thing I wonder though... every time I've run in on an AMD-based CPU, weird things happen, like stuff doesn't work, I get random lockups, etc.

But when I run it on Intel-based CPUs, things work fine.

Now granted, it could be that all my older AMD-based setups are junk, but I was wondering if anyone else had similar problems.

Noah Vail
Oh God please no.
Premium Member
join:2004-12-10
SouthAmerica

Noah Vail

Premium Member

Re: pfSense

said by pnh102:

every time I've run in on an AMD-based CPU, weird things happen,
I was wondering if anyone else had similar problems.

I have 2 running x64 version - 2.01 and 2.1 dev and both are stable.


prairiesky
join:2008-12-08
canada

prairiesky to pnh102

Member

to pnh102
I have it on 6+ routers. It's fantastic!
this is my record so far before i did an update

It's now at 274 days. All running on an old p3 800 dell optiplex 110.
stable as a rock!

joebarnhart
Paxio evangelist
join:2005-12-15
Santa Clara, CA

joebarnhart

Member

pfSense for me

I also have to recommend pfSense for those whose needs are not well met by off-the-shelf routers. I run it on platforms as small as the Alix boards from PCEngines to Core2 Duo based systems. Nothing I've used has anywhere near the capability of pfSense. It is truly enterprise-class software available for free.

Vchat20
Landing is the REAL challenge
Premium Member
join:2003-09-16
Columbus, OH

Vchat20

Premium Member

Smoothwall

When I originally toyed around with the idea of x86 router distros, I settled on smoothwall and loved it. The user mods/addons really made it stand out to say the least. And I'd probably go back to it as well if I jumped on that bandwagon again.

Original setup was an old Compaq machine with a K6-2 processor, 256MB ram if memory serves, and 15GB disk drive. Red interface was a cable modem with a 768/128 connection and green was fed to two DD-WRT'd routers set up as switch+AP boxes. Adding in user addons for tight squid caching control, detailed QoS with virtually unlimited rules, and web filtering for specific family members made it worthwhile. Not to mention little novelties like playing particular tunes out the PC speaker for power up/power down notifications. Nothing like playing the Adam's Family theme over the PC speaker when the router came back up after a reboot. :P

Next run through playing with an x86 based router I'll probably hit pfSense first, but Smoothwall is always going to have that attraction for me.
GraysonPeddi
Grayson Peddie
join:2010-06-28
Tallahassee, FL
Ubiquiti EdgeRouter PoE
Ubiquiti UniFi AP-AC

GraysonPeddi

Member

I'm using plain iptables i my Debian server.

And I'm using hostapd for wireless networking.

I wonder if I could integrate iptables with anti-virus for unified threat management?

I am running Debian Sid+Experimental with some things like file server, DNS server, web/mail server, Asterisk PBX, and any other things that I can think of .
ConstantineM
join:2011-09-02
San Jose, CA

1 recommendation

ConstantineM

Member

Pentium 4 3GHz is the worst hardware for a home router

The hardware advice in this article is really as bad as it could possibly get. Pentium 4, with upper clock speeds, is most certainly at the top of most power consumptive processors out there. Unless you get free electricity or live somewhere where it's always cold and using Pentium 4 as a space heater would make sense, It'll probably be cheaper to buy some used enterprise hardware than run a Pentium 4 as a router for just a couple of years.

For people looking into self-made x86 routers, I would highly suggest exploring the cheapo netbook market: for a mere 200 bucks new, plus a 20-dollar USB GigE stick, you can get yourself a nice little router with a free UPS, a free keyboard and "diagnostic display", and a pretty low power consumption and tiny size to top it off.

If you're getting the internet from an ONT (fibre-to-the-premises usually comes with an integrated UPS), this means, provided you do a wireless access point right out of the netbook-turned-router, you'll even have wireless internet when the power goes down, without any personal investment into any UPS solutions whatsoever! (-:

••••••••••••

redxii
Mod
join:2001-02-26
Michigan
Asus RT-AC3100
Buffalo WZR-HP-G300NH2

redxii

Mod

Probably a time out problem

I know Linksys set the connection timeout to 5 days (instead of around 120 seconds) so in order to use the router again it had to be reset (or wait 5 days), torrents and server lists didn't take much to fill up the table and lock it up. Had to use a 3rd-party firmware to lower the timeout to 120 seconds. You can specify up to 4096 connections, but my WRT54GL became very slow around 1024.
axiomatic
join:2006-08-23
Tomball, TX

2 edits

axiomatic

Member

Shuttle XG41 with ClearOS

Good timing guys. I am deploying a ClearOS install this very weekend on a Shuttle XG41. It's got dual NIC's and only draws 65w max on power.

Should be a nice upgrade from the limitations of most home wi-fi routers. I have an ASUS RT-N56U and it still doesn't do all I want it to do.

I've loaded ClearOS on an older PC already so I know ClearOS does what I need it to do but that old PC had a 1000w power supply in it, so that was only the test as that power supply was total overkill.

Hoping this Shuttle XG41 gets me the best of both worlds at a tolerable power footprint and then I can put the ASUS somewhere in the middle of my house as just a WAP instead of in the wiring closet in the far corner of the house as a router.

tenpin784
I Went To The Dark Side?
join:2001-03-30
Brierfield, AL

tenpin784

Member

Plain old Ubuntu

I am running a plain jane installation of Ubuntu for my router, on an old laptop. I have an onboard 10/100 NIC for the WAN, and put in a 10/100/1000 expresscard NIC for the LAN. Not only is this my router, it is also the media server for my PS3.

David
Premium Member
join:2002-05-30
Granite City, IL

David

Premium Member

Dual Wan applications

I have been looking at PFsense for a while now, which others in the article would be able to do Wan1 and wan2 failover or load balance?

For my dd-wrt router currently I have an AMD athlon 1.4Ghz with 256MB ram.

According to PFSense's minimum requirements this would be good for a while.

Ryan711 is correct you get a lot more building your own then buying out of the box. I got tired of lockups and such and wanted WOL, and traffic metering (make sure I don't cross the cap). I also wanted Dual-Wan so I can be on my neighbor's network as need be (always breaking something on his machine or installing something) and I don't need to go beating on his door to work on the pc remotely.

Things I am looking for

traffic metering (for caps purposes)
Dual Wan with/and fail over and or load balancing
WOL (wake on lan)

Snakeoil
Ignore Button. The coward's feature.
Premium Member
join:2000-08-05
united state

Snakeoil

Premium Member

Thank you

Thanks Ryan711, some interesting info there. I may give it a whirl, as I have an old P3 ^00 laying around.
page: 1 · 2 · 3 · next