Re: Pros and Cons of Using an Old Box as a Router

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Bryan.ONeal@asu.edu
Date:  
To: plug-discuss
Subject: Re: Pros and Cons of Using an Old Box as a Router
Ok, I will tell you why I used and old box before and will do so again.
1)    Cost, the old box is free, the $60 router is $60 This is of course under
the assumption you have an old box lying around I have found early Pentiums
and even 486's do a very good job if tweaked correctly.
2)    Addition functionality:
a.    My old box has three NIC's (because that's what I had lying around) and so
I have the WAN connection and Two separate networks, which is nice since one
has a hub and several loud computers on it that almost never talk to the out
side. (Think Myth Boxes, I could (if I get them up again) have several front
ends nosily chatting with the Myth server and not have to deal with the
traffic on the rest of my network) Even with the built in switches, you having
your backplane tied up and thus the device is not performing as well for other
end-to-end requests.
b.    I also really liked having my own Squid server on that border box.
c.    Since that box was always on it made a nice file server for stuff I used on
every computer in the house.
d.    And when/if I have kids I believe I will be able to fine tune their
internet access far better from my own -old- box then one of the $60 jobs.


I am sure there are more but those are my reasons for the old box. But fan
noise, power consumption, and time may easily tip the scales toward an
appliance solution


On Wed, 16 Feb 2005, Craig White wrote:

> On Wed, 2005-02-16 at 20:09 -0500, Craig Brooksby wrote:
> > Hi all -- seeking advice / pointers to where I can read up... my two
> > questions are numbered, below.
> >
> > My home network is through a D-Link wireless router, to the Cox cable
> > modem. It works fine -- I am not an expert. For security, I did
> > stuff like the following:
> >
> > 1) Turned WEP on, at 128-bit
> > 2) Turned on filtering by Mac address
> > 3) Added WPA-PSK authentication.
> >
> > The router seems to be able to do more -- firewall stuff, etc. At the
> > same time, I know people use old boxes + Linux to do all these things.
> > So here's what I'm wondering:
> >
> > 1) Are there clear reasons why running an old box + Linux as a router
> > / firewall / etc. is *better* than just using the features in the
> > little $60 router? (I mean, the *fan noise alone* from this old box
> > is enough to tilt the scales for me :-)
> >
> > 2) Do people plug in Wi-Fi adapters into the old box and use it to
> > control a wireless network? Or is all that better left to the D-Link?
> > I ask because my son's Win XP box is currently wireless.
> >
> > I want to learn more about networks. I am resourceful and like new
> > challenges, but if such things are better left to people with long,
> > deep experience / formal training -- network "engineers" and people
> > who relax by readin manpages -- please advise.
> -----
> It's all possible by the average person - it's just that the average
> person isn't interested in devoting the time and energy to learn this
> stuff.
>
> - Don't know about your wireless router but generally, you only have
> both WEP & WPA-PSK available when you are in 'mixed-mode' meaning you
> are allowing WEP & 802.11b connections and are allowing WPA-PSK &
> 802.11g connections. Do you need both? Do all your machines handle
> 802.11g? If so, then use the 802.11g because it is 54Kbps versus 11Kbps.
>
> WPA is stronger encryption but not backwards compatible. I can't
> conceive that any of these cheapo boxes support both WEP & WPA-PSK
> simultaneously but I've certainly been wrong before.
>
> The restriction/filtering by MAC Address is probably a good thing to do
> - as long as you can manage it and if you can manage that, you can
> probably do anything else you've set your mind to doing.
>
> The wireless router, if kept up to date with firmware updates is
> probably as secure, if not more so than your own box router. Your own
> box router can be more versatile and employed to do other things such as
> dns but of course, that concept weakens the security of the box.
>
> You could conceivably do this...
>
> <cable modem> - - <wireless router> - - <linux router w/ firewall> 
> public IP          192.168.1.0/24        192.l68.2.0/24

>
> and your linux router had two network cards 1 on the 192.168.1.0 network
> and one on the 192.168.2.0 network and then all your computers plugged
> into a hub/switch with the 192.168.2.0 network card of the linux router
> and all had different 192.168.2.0/24 addreses.
>
> then you could drop the WPA/WEP & filtering/restrictions by MAC Address
> altogether if the linux router considered the wireless router as part of
> the big bad untrusted traffic area sometimes referred to as the
> internet. Then you could set up a vpn (ipsec/openvpn/cipe) so that a
> wireless connection couldn't get on your local network without using
> VPN. That would ensure encrypted traffic from your laptop or desktops
> using wireless if they connected through to the network because their
> only ability to connect to the network would be through the vpn channel.
>
> This would be in my opinion, the 'optimal' method for using with high
> security.
>
> Craig
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>


---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss