[TriLUG] LAN/WAN interface question

[John Franklin]

On Feb 16, 2004, at 8:51 PM, Mike M wrote:

> On Mon, Feb 16, 2004 at 02:16:47PM -0500, Ryan Leathers wrote:
> Why not just use a Linux/*BSD box with two NICs for a
> router/firewall/VPN tunnel?
>
> You bring up good points about the consumer grade router - I don't know
> if I trust it.   It's a black box with no debugging.  I'd rather use 
> an OSS
> that let's me control every aspect of operation.
>
> The only reason I bought an applicance was that several years ago I had
> more money than time or experience and lower requirements.  Now I have
> more experience and higher requirements and old Linux boxes just lying
> about.
>
> It seems that the appliance router doesn't bring any value that can't
> be supplied by the *nix box.

There's no network functionality that can't be duplicated by a *nix 
box.  I've been using an old P100 for years now as my NOC-in-a-box, but 
I'm seriously considering getting a VPN Wireless Cable/DSL 
router/switch.  Netgear has a new one I've seen for between $135 
(outpost.com) and $190 (Amazon.)

The advantages:
	One electrical outlet instead of three (switch, wireless AP, *nix box
	Lower power draw
	Less real estate consumption
	Quieter
	Easier to set up VPN tunnels

Downsides:
	Interfaces are often lacking.
	Must port forward any inbound port you want to serve
	Don't have complete control of the box
	The more functionality they pack in, the higher the chance they 
botched something.

Cases in point with the last bullet:

* The Cable/DSL router that set its time from a hard-coded IP, and had 
a one-second timeout/retry.

* Belkin's once-in-a-while-http-redirect/hijack.

* http://www.amazon.com/exec/obidos/tg/detail/-/B0000AR8Z1/ & click 
"Customer Reviews"

jf
-- 
John Franklin
franklin at elfie.org
ICBM: 38º 56' 32.6"N 77º 24' 47.7"W Z+62m