On Tue, 21 Mar 2000 14:37:45 -0500 (EST)
Jerry Winegarden <[EMAIL PROTECTED]> wrote:
> On Tue, 21 Mar 2000, William W. Austin wrote:
>
> > I am getting ready to set up a firewall between my DSL provider and my lan at
> > home (nothing big -- 3 machines there), and have been planning to use an old
> > 200Mhz pentium machine as the firewall box. However, this weekend I saw some
> > info on a Linksys EtherFast Cable/DSL Router, model # BEFSR41.
> >
> > Its feature list looks impressive, and the street price is somewhere down around
> > 150-160 as best I can figure. The box is a 4-port hub/router with the firewall
> > built in, and it supports 10/100 Mbit lan on the local side.
> >
> > The only real drawbacks I can discern so far are that many of the advanced
> > features are not supported except through reading the manual (what a concept: a
> > manual with information :-) [no hassle], and that the only OS's they really know
> > about are apparently Win95/98/NT (2000? -- I'm not sure).
> >
> > Anyway, does anyone have any experience with this box -- it looks awfully
> > attractive at this price... Any drawbacks? Any problems?
>
> Any drawbacks to such a proprietary box? LOTS!!!
>
> 1) Price. $150 vs $30 (or so) for a 2nd ethernet card for your PII/200.
> $40-$50 for a 4-port 10/T ethernet hub if you don't have one yet.
this for $169 is a 4 port 10/100Mbps SWITCH not HUB...WAN is 10Mbps but DSL/CABLE is
only
1.5MBs usually for home...and 6-7Mbps is you pay the bucks.
> 2) Performance: Your PII/200 with linux will outperform any of the
> little black boxes that I have seen or tested (and I've tested lots,
> although I admit I haven't tried the one in question.) This may not
> be an issue for you, since you only have a couple of machines.
> 3) Flexibility: black boxes are totally fixed: what you see is what you
> get. Your own ipmasq box is a real computer - you can add cards or services
> or easily reconfigure it. You cannot do this with the proprietary box.
> The proprietary back box is totally inflexible.
good point...you are restricted to their firmware upgrades...you do lose some
flexibilty
>
> For example, if you want to run 100BaseT instead of 10BaseT, you must buy a
> new router. If you need to dial up sometimes, in case your DSL connection
> is flaky and you want a back up, you must buy another $150-$200 box.
> With your own box, you can simply add a modem and switch to ppp for the
> internet connection
> instead of the second ethernet card (only a couple of changes in a couple
> of configuration files to switch over and no changes for the PC's on your
> LAN).
this supports PPPoE or statics of course....can't do ppp though
If you needed to add a second LAN (e.g. one LAN for a "public"
> classroom and one LAN for your office machines if you're paranoid), you
> simply add another ethernet card in your box, but there is no way to do
> this the black box.
this little black box can handle route additional networks
If you need to add a service such as VPN (Virtual
> Private Network which is important in setting up a WAN), you may or may
> not be able to do this with the black box (some of them supposedly support
> VPN), but you may have a fun time trying to find out how from the company
> that builds the box (see supportablility below).
it's "reported" it can handle PPTP vpn.
>Because a NAT (or PAT)
> box is a firewall, if you want to have various kinds of servers available
> to the outside world (e.g. web server, ftp server, mp3 server, pcanywhere
> or other remote control, audio server, game server...) you have to make
> configuration changes to your firewall.
you can port-forward up to 10 ports. 6699 for gnapster, ftp, www also is easy to do.
> This is possible on a linux ip
> masquerade box (in fact often easy). It may or may not be possible on
> the black box. At the very least, you may have to do a bios flash
> upgrade on the black box to add support for additional kinds of services.
it supports ICQ, Quake, ftp so the basics are there...UT someone mentioned also works
pretty much most popular online games should work.
> Many black boxes advertise support for a web server behind your firewall.
> Some do not. However, most other things you may or may not want to be able
> to provide to the rest of the world (or even yourself when you are not
> at home) will most likely not be possible with the black box, but are likely
> on your own ipchains box.
It has a DMZ configuration...since it's a SWITCH it'll isolate it from sniffing your
internal LAN. It your www or ftp is cracked into.
>
> 4) Supportability (this may be the single biggest issue)
> What if there are problems in configuring or in operation of your
> box? Sometimes problems are with your hardware, sometimes with your
> phone company, sometimes with your ISP. There will be problems, it's just
> a matter of when. Try to get support out of the black box manufacturer
> or sales company. You may, but I've had lots of problems with various
> manufacturers of various kinds of equipment over the years. Finger pointing
> is one of the biggest problems. They will take you through a couple
> of
> so-called "diagnostic programs" and then they will try to blame your
> systems, or your phone company or ISP. If you call the phone company
> or ISP, you are REALLY SOL: they will tell you that your DSL
> connection is for ONE machine. If you put one machine on the DSL
> connection instead of your NAT box, and it works, you think you know
> that the problem is not the phone company or the ISP. However, the
> NAT box maker may still think the problem is not their box. Finger pointing.
> Contrast that with the kind of support you get out of this list. How
> many testimonies you can get of how people on this list helped in a
> fairly short period of time get a ipchains box back up and running.
this is a good point...the ipchains...I've had "no lack of support" from linux
community.
Can't be that.....here there is LIMITED support from linksys...any advanced features
that
DO NOT support as it states in there PDF manual.
>
> 5) upgradeability, especially for security or bugs.
> Upgrades and bug fixes are available all the time. The ease of getting
> notified (by subscribing to redhat-watch and redhat-announce lists
> @redhat.com), then downloading rpm via ftp directly to the box, and simply
> saying: rpm -Uvh packagename to install the update, is very important.
> You don't need to use some other box running an tftp server to do
> the bios flash upgrade of the black box. It is a misteak to think
> that the proprietary box is perfect - no bugs, no need for security patches.
true..another good point...this is just flash rom so there's no backdoors, etc. at
least
on the router (no harddisk).
> The sheer volume of users of the ipchains software under linux to beat on
> the system dwarfs the number of users beating on the black boxes.
> (Unless, of course, someone has succeeded in putting RedHat with ipchains
> in a ROM on a black box :-) Open sources means better software! That's
> the message of Linux, right?
> You avoid delays while you try to call the manufacturer, wait on hold for
> their Help Line, (if they have one), or play phone tag, ordelays with e-mail
> (or how do you read e-mail if your network connection's down?).
read many post and it's true about the wait on the phone time at least that's what I've
read.
>
> What if you want to do wireless connection to the Internet or whatever
> comes down the line 3 years from now? The PII/200 with RH and ipchains
> should allow you to keep up with the times. You don't have to buy
> another box.
anything advanced ...you most definitely want to use a ipchains or a more expensive
commercial firewall.
>
> If you are worried about configuring one, the ipchains howto at
> http://metalab.unc.edu is pretty good. Or, you can check out my own howto
> at:
>
> http://www-jerry.oit.duke.edu
>
> or (more specifically):
>
> http://www-jerry.oit.duke.edu/linux/bluedevil/HOWTO/howtolist.html
> or (even more specifically)
>
> http://www-jerry.oit.duke.edu/linux/bluedevil/HOWTO/ipchains_howto.html
>
> ***************************************************************************
> Jerry Winegarden OIT/Technical Support Duke University
> [EMAIL PROTECTED] http://www-jerry.oit.duke.edu
> ***************************************************************************
I think it suffice for the AVERGAGE home DSL/CABLE user who wants to share their
connection with their LAN. And good enough for a simple 2-5 user SOHO office.
I'm going to order one today and see how it goes...then I can use my current P166
redhat
ipchains firewall as a test machine for linux...instead of resintalling my P450 every
month. Now what to do with my 8 port switch???
I've read the product pdf manual which is 1.3MB 37pages and can be downloaded at
http://www.linksys.com/pdf/befsr41ug.pdf
A nice review of the product can be found at:
http://www.timhiggins.com/reviews/linksys_router.asp
http://www.linksys.com
http://www.outpost.com has them for $169.95 with free overnight delivery S/H.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
