headers
Joshua Judson Rosen | 6 Aug 2012 01:59

Looking for a new Linux router. Buffalo AirStation?

After 13 years, I think it may finally be time to replace
the PC that's been acting as the router/firewall between me,
the Internet, and people looking for Wi-Fi in my neighbourhood.

I've heard that Buffalo Technology ships DD-WRT pre-installed
on their devices, so maybe that's what I want. But I have a few
questions--so I'm hoping someone here can help answer them
(*someone* here must have one of these things, right?):

    * What I have right now, and what I really want, is basically
      - 2 separate wired interfaces, both of which are distinct
        from the wireless interface
      - a bunch of iptables rules to route/firewall between
        those 3 different networks

      Will one of these Buffalo let me have that?

    * Checking the listings on Amazon.com, I see a bunch
      of different AirStation models with different prices
      and different numbers in their names, but I can't tell
      what the actual differences are other than their names
      and prices. Help! What's the different? Which one
      do I want, if any?

    * Do they work well?

--

-- 
"Don't be afraid to ask (λf.((λx.xx) (λr.f(rr))))."

_______________________________________________
(Continue reading)

Permalink | Reply |
headers
Michael Lowry | 6 Aug 2012 02:39
Favicon

Re: Looking for a new Linux router. Buffalo AirStation?

I had a Buffalo WZR-HP-G300NH router for a while.  I did install DD-WRT on it (wasn't installed from
factory).  I ended up replacing it with a linux box to do my routing (even with a rack of Cisco routers/L3
switches behind me).  :)

I didn't have any problems with DD-WRT on it.  USB even worked without a problem (ext3 support I believe with
FTP and ?NFS?).  Do remember it supported vlan tagging, but didn't use the feature.  DD-WRT will support the
three networks, and iptables (a bit cumbersome to edit if my memory servers). 

Michael

On Sun, 05 Aug 2012 19:59:06 -0400
Joshua Judson Rosen <rozzin@...> wrote:

> After 13 years, I think it may finally be time to replace
> the PC that's been acting as the router/firewall between me,
> the Internet, and people looking for Wi-Fi in my neighbourhood.
> 
> I've heard that Buffalo Technology ships DD-WRT pre-installed
> on their devices, so maybe that's what I want. But I have a few
> questions--so I'm hoping someone here can help answer them
> (*someone* here must have one of these things, right?):
> 
>     * What I have right now, and what I really want, is basically
>       - 2 separate wired interfaces, both of which are distinct
>         from the wireless interface
>       - a bunch of iptables rules to route/firewall between
>         those 3 different networks
> 
>       Will one of these Buffalo let me have that?
>
(Continue reading)

Permalink | Reply |
headers
Joshua Judson Rosen | 6 Aug 2012 03:36

Re: Looking for a new Linux router. Buffalo AirStation?

Michael Lowry <41magnum <at> liberty.eprci.com> writes:
>
> Do remember it supported vlan tagging, but didn't use the feature.
> DD-WRT will support the three networks, and iptables (a bit cumbersome
> to edit if my memory servers).

Will the device do 3 separate networks without the need for vlan tagging,
though?

If I understand vlans correctly, they're great for internal networks
that are basically trusted, but I don't want to base the security
of my internal network on just hoping that nobody outside fiddles with
the vlan bits in their packets before sending them to my firewall.

> On Sun, 05 Aug 2012 19:59:06 -0400
> Joshua Judson Rosen <rozzin <at> geekspace.com> wrote:
>
> > After 13 years, I think it may finally be time to replace
> > the PC that's been acting as the router/firewall between me,
> > the Internet, and people looking for Wi-Fi in my neighbourhood.
> > 
> > I've heard that Buffalo Technology ships DD-WRT pre-installed
> > on their devices, so maybe that's what I want. But I have a few
> > questions--so I'm hoping someone here can help answer them
> > (*someone* here must have one of these things, right?):
> > 
> >     * What I have right now, and what I really want, is basically
> >       - 2 separate wired interfaces, both of which are distinct
> >         from the wireless interface
> >       - a bunch of iptables rules to route/firewall between
(Continue reading)

Permalink | Reply |
headers
Ben Scott | 6 Aug 2012 04:10
Picon

Re: Looking for a new Linux router. Buffalo AirStation?

On Sun, Aug 5, 2012 at 9:36 PM, Joshua Judson Rosen
<rozzin@...> wrote:
> Will the device do 3 separate networks without the need for vlan tagging,
> though?

  VLAN tagging is how pretty much all devices are going to implement
this.  You really don't want to do anything else -- router ports are
more expensive than switch ports.  With a managed switch, the VLANs
all happen behind the scenes.  Outside devices just think they're
talking to a regular switch.

  For these SOHO devices, the internal switch ASIC removes the tags
before emitting frames.    Likewise, when a frame is received, the
switch adds the tags for the benefit of the embedded computer.

  Although I haven't tested to see what happens if a frame with a tag
already present hits the switch in one of these things.  A proper
managed switch will let you configure the behavior for that scenario
(e.g., drop the frame), but these things are more like "managed switch
lite".

-- Ben
Permalink | Reply |
headers
Joshua Judson Rosen | 6 Aug 2012 05:14

Re: Looking for a new Linux router. Buffalo AirStation?

Ben Scott <dragonhawk <at> gmail.com> writes:
>
> On Sun, Aug 5, 2012 at 9:36 PM, Joshua Judson Rosen
> <rozzin <at> geekspace.com> wrote:
> > Will the device do 3 separate networks without the need for vlan tagging,
> > though?
>
>   VLAN tagging is how pretty much all devices are going to implement
> this.  You really don't want to do anything else -- router ports are
> more expensive than switch ports.  With a managed switch, the VLANs
> all happen behind the scenes.  Outside devices just think they're
> talking to a regular switch.
>
>   For these SOHO devices, the internal switch ASIC removes the tags
> before emitting frames.    Likewise, when a frame is received, the
> switch adds the tags for the benefit of the embedded computer.

OK, *that* I can go with. Great! Thanks!

--

-- 
"Don't be afraid to ask (λf.((λx.xx) (λr.f(rr))))."

_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss <at> mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Permalink | Reply |
headers
Michael Lowry | 6 Aug 2012 04:26
Favicon

Re: Looking for a new Linux router. Buffalo AirStation?

Tagging is optional.  You can assign a port to a specific vlan and tagging is not required.  If you want to be
directly connected to multiple networks on one interface, tagging is required.  

Michael

On Sun, 05 Aug 2012 21:36:18 -0400
Joshua Judson Rosen <rozzin@...> wrote:

> Michael Lowry <41magnum@...> writes:
> >
> > Do remember it supported vlan tagging, but didn't use the feature.
> > DD-WRT will support the three networks, and iptables (a bit cumbersome
> > to edit if my memory servers).
> 
> Will the device do 3 separate networks without the need for vlan tagging,
> though?
> 
> If I understand vlans correctly, they're great for internal networks
> that are basically trusted, but I don't want to base the security
> of my internal network on just hoping that nobody outside fiddles with
> the vlan bits in their packets before sending them to my firewall.
> 
> > On Sun, 05 Aug 2012 19:59:06 -0400
> > Joshua Judson Rosen <rozzin@...> wrote:
> >
> > > After 13 years, I think it may finally be time to replace
> > > the PC that's been acting as the router/firewall between me,
> > > the Internet, and people looking for Wi-Fi in my neighbourhood.
> > > 
> > > I've heard that Buffalo Technology ships DD-WRT pre-installed
(Continue reading)

Permalink | Reply |
headers
Ben Scott | 6 Aug 2012 03:34
Picon

Re: Looking for a new Linux router. Buffalo AirStation?

On Sun, Aug 5, 2012 at 7:59 PM, Joshua Judson Rosen
<rozzin@...> wrote:
> I've heard that Buffalo Technology ships DD-WRT pre-installed
> on their devices, so maybe that's what I want.

  I'm not sure if that's what's shipping in the box, but most of
Buffalo's current SOHO gateway products do offer a customized DD-WRT
build as a supported option.  (They also have their own flavor of
firmware.  Either can be downloaded from the Buffalo website.)  The
DD-WRT generic builds will also install easily.

>     * What I have right now, and what I really want, is basically
>       - 2 separate wired interfaces, both of which are distinct
>         from the wireless interface
>       - a bunch of iptables rules to route/firewall between
>         those 3 different networks

  Most of these SOHO boxes implement their Ethernet ports as a managed
switch.  The embedded OS sees two physical network interfaces: One
wireless radio, and one wired Ethernet.  VLANs are then used to have
one of the switch ports be the "WAN" or "Internet" port, and the rest
be "LAN".

  In terms of Linux, VLANs appear as separate virtual network
interfaces.  So you'll likely see one eth0, but you can configure that
as eth0.1, eth0.2, etc., and assign whichever ports you like to each
VLAN.

  If you have two private wired networks, one private wireless
network, plus an uplink to the Internet, you might configure eth0.1,
(Continue reading)

Permalink | Reply |

Gmane