[Leaplist] advice on wifi router please

Andrew aander07 at packetmaster.com
Tue Jul 17 18:23:16 EDT 2007 

On Jul 17, 2007, at 12:32 PM, Richard F. Ostrow Jr. wrote:

> Well, among other things, a separate box does the job much better.

That may be true of vendor-supplied firmware images (especially some  
of the initial vxworks-based firmwares that the V5 and newer WRT54G's  
shipped with), but I don't think you'll find that to be true of  
openwrt-based devices.

> DHCP - impossible to set NTP, TFTP, and similar settings under one of
> those "routers". Sure, it gives you an address... and that's it. It
> doesn't tell your DHCP client where to find the NTP server, won't  
> tell it
> where it can find a kernel to load over the ethernet (diskless  
> machines,
> utilizing TFTP), and quite a few similar problems.

Check out dnsmasq -- it does all of this. http:// 
www.thekelleys.org.uk/dnsmasq/doc.html  The scripting support can be  
used in rather interesting ways.  You can even run multiple instances  
of it, and pass out different settings to each network if you don't  
bridge your wired LAN from your wireless.

> NAT - What if you wanted to do QOS? Guarantee a certain service has X
> amount of bandwidth no matter what else is going on on the network?  
> One of
> those "routers" simply won't support that.

iproute's tc does that with kernel module support, and you can also  
do policy based routing via iproute's ip command.

> Firewall - Give me a break... these things offer a very basic  
> firewall.
> They are getting better, but they still aren't all the advanced. I  
> have
> yet to see a "stateful" firewall on one of these things.

Does iptables with ip_conntrack count? :)

> DNS - Frankly, just too easy to knock offline. Either set your own up
> (highly recommended if you have a dedicated machine somewhere) or  
> point to
> something outside your network. I haven't found a "router" that I  
> really
> trust the DNS service on.

This one is hard to deny.  Bind has a very big footprint for embedded  
work, and dnsmasq can get into a "confused" state from time to time  
and require a kick, but for basic DNS proxy work, it is adequate.  I  
wouldn't want to try to host a domain on it, though.  I have not  
looked at any of the other embedded DNS options to be able to express  
a qualified opinion on them.

The latest version of openwrt has an impressive list of packages  
available: (http://downloads.openwrt.org/kamikaze/7.06/brcm-2.4/ 
packages/), and you would be surprised just how much you can stuff  
into 4MB of flash.

More information about the Leaplist mailing list