[Leaplist] advice on wifi router please

Richard F. Ostrow Jr. kshots at warfaresdl.com
Wed Jul 18 08:50:40 EDT 2007 

Ok, I'll concede that a re-flashed device can be made to do just about
anything. We have any options for those beyond that $84 item someone
previously mentioned? Personally, I'm not all that interested (I have a
machine that handles all that rather well), but I'm sure someone would
appreciate it.
-- 
Life without passion is death in disguise

On Tue, July 17, 2007 6:23 pm, Andrew wrote:
>
> On Jul 17, 2007, at 12:32 PM, Richard F. Ostrow Jr. wrote:
>
>> Well, among other things, a separate box does the job much better.
>
> That may be true of vendor-supplied firmware images (especially some
> of the initial vxworks-based firmwares that the V5 and newer WRT54G's
> shipped with), but I don't think you'll find that to be true of
> openwrt-based devices.
>
>> DHCP - impossible to set NTP, TFTP, and similar settings under one of
>> those "routers". Sure, it gives you an address... and that's it. It
>> doesn't tell your DHCP client where to find the NTP server, won't
>> tell it
>> where it can find a kernel to load over the ethernet (diskless
>> machines,
>> utilizing TFTP), and quite a few similar problems.
>
> Check out dnsmasq -- it does all of this. http://
> www.thekelleys.org.uk/dnsmasq/doc.html  The scripting support can be
> used in rather interesting ways.  You can even run multiple instances
> of it, and pass out different settings to each network if you don't
> bridge your wired LAN from your wireless.
>
>> NAT - What if you wanted to do QOS? Guarantee a certain service has X
>> amount of bandwidth no matter what else is going on on the network?
>> One of
>> those "routers" simply won't support that.
>
> iproute's tc does that with kernel module support, and you can also
> do policy based routing via iproute's ip command.
>
>> Firewall - Give me a break... these things offer a very basic
>> firewall.
>> They are getting better, but they still aren't all the advanced. I
>> have
>> yet to see a "stateful" firewall on one of these things.
>
> Does iptables with ip_conntrack count? :)
>
>> DNS - Frankly, just too easy to knock offline. Either set your own up
>> (highly recommended if you have a dedicated machine somewhere) or
>> point to
>> something outside your network. I haven't found a "router" that I
>> really
>> trust the DNS service on.
>
> This one is hard to deny.  Bind has a very big footprint for embedded
> work, and dnsmasq can get into a "confused" state from time to time
> and require a kick, but for basic DNS proxy work, it is adequate.  I
> wouldn't want to try to host a domain on it, though.  I have not
> looked at any of the other embedded DNS options to be able to express
> a qualified opinion on them.
>
> The latest version of openwrt has an impressive list of packages
> available: (http://downloads.openwrt.org/kamikaze/7.06/brcm-2.4/
> packages/), and you would be surprised just how much you can stuff
> into 4MB of flash.
>
>
>
> _______________________________________________
> Leaplist mailing list
> Leaplist at leap-cf.org
> http://lists.leap-cf.org/mailman/listinfo/leaplist
>

More information about the Leaplist mailing list