# Need a new router



## hat (Jul 29, 2009)

My Linksys WRT54GS mysteriously took a tablet of e-cyanide today and I need a new router. I was looking at the D-Link EBR-2310, but natrually, I trust the collective intelligence of TPU more than my own limited networking knowledge.





The features I'm looking for are:
*DMZ (ABSOLUTELY MUST have this, unless the router has no firewall)

*If the router has firewall, ability to DISABLE the firewall in router controls, as I may be getting another computer, and if I do, I need it to be wide-open as well as the pc I have now

*DNS support, like dyndns.com (another must)

*Cheap

*I would like to stay AWAY from wireless, as I have no use for it and it's a potential security hole (listen to me talk about security and disabling firewall at the same time )


----------



## mrhuggles (Jul 29, 2009)

WRT54GL running openWRT + X-Wrt [whiterussian]

100% performance/stability, plus you have full control of *everything* it makes the idea of a firewall or anything like that very obsolete.

i cant imagine going back to anything else.


----------



## hat (Jul 29, 2009)

I don't want a wireless router... 

and that router costs a pretty penny

I just bought a bunch of PIII parts off a someone here. It will be a complete rig soon. I can stuff it full of network cards... need a software router that runs *in windows*

nat32?


----------



## mrhuggles (Jul 29, 2009)

you can disable the wireless
and erm, how cheap are you looking for, in the 20 dollar range?


----------



## mrhuggles (Jul 29, 2009)

not in windows, openWRT has an x86 release

uhh you can KIND of use windows as a router! ICS, internet connection shareing

just out a curiosity, what windows do you plan on using for that?


----------



## hat (Jul 29, 2009)

oh lord nat32 is SWIMMING in bloat and it's WAY over my head to find my way out or even try to use it

Yeah, $20 would be great, but the cheapy routers on newegg drop packets, overheat, or just plain don't work out of the box (gotta use software... I would rather turn a computer into a monster router)

It needs to be in Windows because I want to host a Quake server on it as well, and run LogMeIn on it so I can get into it without boogering around with my monitor/keyboard/etc. It would be Windows XP Home.

crap. untangle was looking good until I saw it needs 1GB ram to operate properly... the p3 setup only has 192mb


----------



## mrhuggles (Jul 29, 2009)

untangle? dude i just told you use ICS
itl work. window XP 32bit

WRT54GL should only be about 50 bux, but wtf man you got a good p3 box there, turn it into a router  it'l be a lot of fun!


----------



## hat (Jul 29, 2009)

Yeah... but internet connection sharing doesn't have security...

The only software routers I know of are Untangle, which I've read needs about 1GB RAM to function properly, and NAT32 which is... way, way over my head


----------



## hat (Jul 29, 2009)

you know what, to hell with routers

I will use my P3 (when I get it) as a router with ICS and a joe-blow firewall like ZA

thx for your continued suggestions mrhuggles


----------



## mrhuggles (Jul 29, 2009)

yeah, a software firewall combined with ICS is probably actually going to be better in the long run than ANY router security wise, and fun wise.

oh yeah and also a p3 will have enough CPU power that if you wanted to you could use deep packet inspection for some real security.


----------



## hat (Jul 29, 2009)

I'll probably not have much in the way of security. The PIII will be running a quake server too so I can't get too involved in tight security


----------



## hat (Jul 29, 2009)

Hey,

If I use this PC I have coming (P3 setup) to link other computers to the Internet with ICS, would I be able to use another computer (my gaming comp) to host a server that others can connect to?


----------



## mrhuggles (Jul 29, 2009)

yes but just like a router you have to forward the port, forwarding ports in ics is weird, but not impossible, google how to do it.


----------



## hat (Jul 29, 2009)

I want all the ports to be open...


----------



## Disparia (Jul 29, 2009)

Are you sure you want to give away your address while openly admitting to having lax security?

You no longer have a quake server / router. Welcome to the botnet!


----------



## newtekie1 (Jul 29, 2009)

Hat, what you are trying to do(open all ports to multiple computers) is impossible.  And port forwarding in ICS is a really pain in the ass, at least it was the last time I used ICS a few years ago.

I'm going to have to suggest the WRT54GL also, but with the Tomato firmware.  It is just as stable as OpenWRT, but less complicated to set up, which I like.

And if you are talking about the original Quake, you don't need to open all the ports to host a server.


----------



## hat (Jul 29, 2009)

doesn't look too bad
http://forum.portforward.com/YaBB.cgi?num=1134525903

I've had nothing but bad luck with routers, I'd rather just use my 2nd computer. It would always be on anyway. The only thing I'm doing is removing the router from the picture. Besides, I can forward as many slots of ports as I want in ICS, all the routers I've ever seen only do like 10 slots

So if I entered ports 1 through 65535 and set it to the IP of the PIII setup (host server) those ports would only be open for that pc?


----------



## newtekie1 (Jul 29, 2009)

The WRT54GL+Tomato will allow you to forward as many ports as you want.

And yes, if you did that those ports would only be open for the PIII PC.  It is impossible to open the same port for more than one PC, it is networking law when dealing with NAT.


----------



## hat (Jul 29, 2009)

man, thats... crap.

I understand that the same port can't be used more than once, but could I open all ports for my gaming pc and PIII (host) pc? This would be done because my gaming pc may host servers for... lets say BF2 for example, but the PIII host pc would *always* be hosting Quake servers, and an FTP server.

What if I just disabled the firewall?


----------



## Disparia (Jul 29, 2009)

It wouldn't know where to go.

FTP for example, your router needs to know where to send incoming traffic, so port 21 needs to be forwarded to the computer hosting the ftp server.

Same goes for the game servers. Quake ports need to forward to the quake server and BF2 ports need to forward to BF2 server. And you don't even have to use the default ports, can even make them easy to remember like 20000 (first Quake Server), 20001 (second Quake server), and then a different range for BF2, 30000, 30001.

As long as your router (in whatever form it takes) forwards those ports to the correct machine and that machine is listening on those ports you should be fine, generally speaking. Some game servers may have quirks, some need more than one port open, etc.


----------



## Pinchy (Jul 29, 2009)

Hmm the last time I used ICS in winxp, I could only use it to share ONE connection from ONE other connection.

I remeber trying to share the incoming wireless internet connection with two hardwire LAN connections (Wifi AP motherboard), but I could only set it up with one hardwire. Dunno if I was doing anything wrong because I only spent 10 mins setting it up, but it could be a limitation.


----------



## newtekie1 (Jul 29, 2009)

hat said:


> man, thats... crap.
> 
> I understand that the same port can't be used more than once, but could I open all ports for my gaming pc and PIII (host) pc? This would be done because my gaming pc may host servers for... lets say BF2 for example, but the PIII host pc would *always* be hosting Quake servers, and an FTP server.
> 
> What if I just disabled the firewall?



If you open all ports to your gaming PC and PIII, then all the ports would be in use twice...which is impossible.

And disabling the firewall doesn't really do anything, as you are still behind what is called a NAT firewall regardless.



Pinchy said:


> Hmm the last time I used ICS in winxp, I could only use it to share ONE connection from ONE other connection.
> 
> I remeber trying to share the incoming wireless internet connection with two hardwire LAN connections (Wifi AP motherboard), but I could only set it up with one hardwire. Dunno if I was doing anything wrong because I only spent 10 mins setting it up, but it could be a limitation.



I believe you are right, that is a limitation of ICS, at least in XP, never tried it in Vista/Win7.  However, if you have a switch then you can share it with multiple PCs.


----------



## hat (Jul 29, 2009)

Well I guess I can manage with that...


----------



## hat (Jul 30, 2009)

What's all this about the limitation now? I want to use it like this:

Modem to NIC1
NIC2 to my PC
NIC3 to mom's


----------



## mrhuggles (Jul 30, 2009)

man you are just not getting it arrg! heh i think i can explain this....
an NAT works like this, a bunch of computers go to 1 computer[or router] and then the router supplies them with half of a connection, they can make outgoing connections, and then when they connect to a website or something, the data comes back and the router/computer will decide which computer to send the data to based on the outgoing connection

now if an incoming connection happens, like say someone wants to connect to you on port 21 [ftp] then it will come to that main computer/router that is on point, that computer can "forward" the connection to a specified computer, thats called port forwarding, it will forward ALL connections to port 21 to that specified computer it can only point port21 to 1 computer, being that it it would be impossible to tell which ppl on the internet were trying to get to which computer inside your network. it all looks the same just a connection on port 21.


----------



## newtekie1 (Jul 30, 2009)

hat said:


> What's all this about the limitation now? I want to use it like this:
> 
> Modem to NIC1
> NIC2 to my PC
> NIC3 to mom's



The limitation with ICS, or at least it used to be a limitation in XP, not sure about Vista or Win7, is that you can only share the internet connection with one NIC in the computer.

So basically, You have the modem providing the internet to NIC1, then you share the internet with NIC2 out to your PC.  It will not allow you to share it with NIC3 also.

However, the simple solution to this is to have:

Modem to NIC1
NIC2 to Switch/Hub
Switch/Hub to Your PC
Switch/Hub to Your Mom's PC

It isn't an ideal solution, but it works that way.

As for the port/DMZ/Firewall issue, let me try to explain it in an easy way:

Lets assume there are only 5 ports(I know there are ~65000, but lets just assume there are only 5 for this example).  And lets assume we have two computers, Computer A and Computer B.

When you forward a port, you are telling the router to send all incoming traffic on that port to a specific computer.  So lets assume you forward Port 3 to Computer B.  What this does is send any incoming connection requests on Port 3 to Computer B.  If you did not foward the port, obviously all incoming connection requests on Port 3 would be completely blocked because the router does not know what it is supposed to do with that requests.

Now, if you then try to forward port 3 to computer A also, the router would get confused.  It would not know to which computer it is supposed to send incoming connection requests on Port 3.  Now I know you are asking:  Why not just send the request to both computers.  The reason it is not done this way, is that both computer might respond to the incoming connection request, and if this happens and both computers attempt to open the data connection on the same port, the router would likely lock up or the wrong computer might respond blocking the correct one. Now there are a enterprise class routers that can handle this type of situation, however if the WRT54GL is out of your price range, then they are way way out of your price range.

Now, if you assigning Computer A as DMZ, you are in effect forwarding ports 1 through 5 to that computer.  What this does is tell the router that any incoming requests on any port get sent to that computer.  The only exception is ports that you have specifically fowarded to another computer.  So lets say Computer A is DMZ, and your forward Port 4 to Computer B.  Then all connections requests on ports 1,2,3, and 5 go to Computer A, but any connection requests on Port 4 go to Computer B.


----------



## mrhuggles (Jul 30, 2009)

that would require him getting more than 1 ip address and might not be possible. [or might cost more moneys]


----------



## newtekie1 (Jul 30, 2009)

mrhuggles said:


> that would require him getting more than 1 ip address and might not be possible. [or might cost more moneys]



What would?


----------



## mrhuggles (Jul 30, 2009)

Modem to NIC1
NIC2 to Switch/Hub
Switch/Hub to Your PC
Switch/Hub to Your Mom's PC

that means that each one is getting its own ip address right? switch/hub to both boxes means they each get an individual ip from modem?

          modem
              |
          switch  
              ^
        box1  box2


EDIT: arrg that doesn't work even tho when i go to edit my post it shows it how i put it o well u get the idea still i think.


----------



## newtekie1 (Jul 30, 2009)

No no no, sorry I should have been more clear.

It would go modem to his PIII's NIC1.  Then he would use ICS to share the connection with NIC2.  Which would then connect to the switch/hub, and the switch/hub would connect to the other computers.

Modem
|
PIII "router"
|
Switch/Hub
/\
Computers


----------



## hat (Jul 30, 2009)

What about a NIC with 2 ports?

What if I stuffed a NIC in my pc and did it like this

Modem - NIC1 on master pc
NIC2 on master pc - NIC1 on my PC
NIC2 on my pc - mom's pc

I have a 10Mbit hub I could use... but I'd rather not, as it's slower than 100Mbit and it has some annoying lights on it 

Invalueble place this is...


----------



## newtekie1 (Jul 30, 2009)

You could do it like that, but going through 2 NAT translations isn't ideal, and I don't know if it would even work, as I think the ICS computer has to have a certain IP address, and if both computers are running ICS they would both have the same IP, which doesn't work.

You could use the 10Mbit hub for the time being, but you could also just pick up this dlink 100Mbit switch for $19.99 after shipping, $9.99 after MIR.


----------



## hat (Jul 30, 2009)

Yeah but what about a NIC with 2 ports?

The 10mbit switch would be fine if I HAVE to use it. My internet is only 5Mbit so it's not like it would cripple my speed


----------



## newtekie1 (Jul 30, 2009)

It depends on how the NIC shows up on the computer.  If it shows up as two seperate NICs then no, it wouldn't work.  If it shows up as a single NIC, then it would work.  However, I would think a NIC with 2 ports would be just as expensive as buying a WRT54GL or a nice Gigabit Switch, they are kind of specialized.

Edit: Yeah they are pretty expensive: http://www.newegg.com/Product/Produ...ption=&Ntk=&CFG=&SpeTabStoreType=&srchInDesc=


----------



## [I.R.A]_FBi (Jul 30, 2009)

mrhuggles said:


> WRT54GL running openWRT + X-Wrt [whiterussian]
> 
> 100% performance/stability, plus you have full control of *everything* it makes the idea of a firewall or anything like that very obsolete.
> 
> i cant imagine going back to anything else.




What he said


----------



## Pinchy (Jul 30, 2009)

newtekie1 said:


> It depends on how the NIC shows up on the computer.  If it shows up as two seperate NICs then no, it wouldn't work.  If it shows up as a single NIC, then it would work.  However, I would think a NIC with 2 ports would be just as expensive as buying a WRT54GL or a nice Gigabit Switch, they are kind of specialized.
> 
> Edit: Yeah they are pretty expensive: http://www.newegg.com/Product/Produ...ption=&Ntk=&CFG=&SpeTabStoreType=&srchInDesc=



Yeah, I would think a dual port NIC would come up with two connections in windows anyway.


To further newtekie's DMZ/firewall/port thing, I will just tell you how it clicked in my brain (ironically, found this out from newtekie myself )

I host my website on my server. Hence I opened port 80 on my servers internal IP address. So when you connect to my external IP address via HTTP (port 80), my router sends you to my server (as its the servers internal ip address that has port 80 clear).

If I tried to forward port 80 on my PC as well, and you went to my external IP via HTTP (aka my website), my router wouldn't know whether to send you to the website hosted on my pc or the website hosted on the server, because there is port 80 forwarded on two internal IP addresses.


----------



## hat (Jul 30, 2009)

newtekie1 said:


> It depends on how the NIC shows up on the computer.  If it shows up as two seperate NICs then no, it wouldn't work.  If it shows up as a single NIC, then it would work.  However, I would think a NIC with 2 ports would be just as expensive as buying a WRT54GL or a nice Gigabit Switch, they are kind of specialized.
> 
> Edit: Yeah they are pretty expensive: http://www.newegg.com/Product/Produ...ption=&Ntk=&CFG=&SpeTabStoreType=&srchInDesc=



lol, crap

To the hub!


----------



## Pinchy (Jul 30, 2009)

hat said:


> lol, crap
> 
> To the hub!



It's a shame you dont live around me. 

I got this Netcomm VPN 10/100 router just laying here. I got no power cord for it but would give to you for postage.


Have you tried ebay? I got some dlink 10/100 router with wifi for $30 shipped to me.


----------



## wiak (Jul 30, 2009)

what the heck is this
just get a wireless 11n router with gigabit switch

my setup is like this
ADSL2+ Modem > D-Link DIR-655 11n Gigabit Router > File Server >  Switch > My PC
                                          | 
Laptop 1 (11n)  Laptop 2(11g) HTPC (11n) Printer (11g)

basicly all my wired and wireless computers can talk to everyone domt mess with a dedicated firewall why? there is built in good firewalls in new wireless 11n routers nowa days


----------



## FordGT90Concept (Jul 30, 2009)

hat said:


> *DNS support, like dyndns.com (another must)


I have a DGL-4500 (DIR-655's bigger brother) and DynDNS ain't working so, I wrote a Windows Service to do the updating for me that runs on my server.  If you got a Windows computer that is always running, I can hook you up with it.


----------



## wiak (Jul 30, 2009)

FordGT90Concept said:


> I have a DGL-4500 (DIR-655's bigger brother) and DynDNS ain't working so, I wrote a Windows Service to do the updating for me that runs on my server.  If you got a Windows computer that is always running, I can hook you up with it.


you can find DynDNS clients anywhere hehe ;p


----------



## FordGT90Concept (Jul 30, 2009)

Not Windows Services. 

Making it a service means no tray icons or windows.  The service is configured via XML document and all notices are placed in the Application Event log.  Unless you go digging for it, you don't know it is even running. 

Oh, it also makes note of when you don't have internet access in the log.  I used the log as evidence against my ISP because of the downtime I get. 




hat said:


> *DMZ (ABSOLUTELY MUST have this, unless the router has no firewall)


DMZ is a NAT rule that basically says all incoming packets that don't have a designated local IP go to this IP.  It isn't a firewall but NAT is a good way to deny a lot of unwanted traffic (make it get lost in cyberspace).




hat said:


> *If the router has firewall, ability to DISABLE the firewall in router controls, as I may be getting another computer, and if I do, I need it to be wide-open as well as the pc I have now


Again, that is a NAT issue.  You can only DMZ one IP.  I recommend using Virtual Server/Port Forwarding over DMZ.  DMZ is only used when all else fails.  You can packet sniff to figure out which ports need to be forwarded.




hat said:


> *I would like to stay AWAY from wireless, as I have no use for it and it's a potential security hole (listen to me talk about security and disabling firewall at the same time )


You can always turn the Wireless Radio off.


----------



## wiak (Jul 30, 2009)

FordGT90Concept said:


> Not Windows Services.
> 
> Making it a service means no tray icons or windows.  The service is configured via XML document and all notices are placed in the Application Event log.  Unless you go digging for it, you don't know it is even running.
> 
> ...


you can set the wireless on on day and off on night


----------



## hat (Jul 30, 2009)

I'd rather use the PIII computer as I already bought it and don't want to get a router when the computer can do it just as easily


----------



## mrhuggles (Jul 30, 2009)

hat: don't listen to them they are being confusing probably not on purpose, if you get a nic with 2 ports or just put 2 nics in it you will be good to go.

i hear what your going for and it will totally work without issue.


----------



## hat (Jul 30, 2009)

I was going to use the 3 nics idea (one for modem, 2 for other pcs) first anyway, just cause. I'd really rather not use the hub if I don't have to.


----------



## mrhuggles (Jul 30, 2009)

think of the p3 box as your router, you can host game servers and stuff on it too yay


----------



## FordGT90Concept (Jul 30, 2009)

Problem is, a Pentium 3 computer consumes a hell of a lot more power than a consumer router (4+ times more).  The Pentium 3 is probably in the neighborhood of 100-150w while a router is 20-30w.  A consumer router, therefore, pays for itself over time.


----------



## mrhuggles (Jul 30, 2009)

its what he wants to do, no need to rain on the guys parade


----------



## hat (Jul 30, 2009)

The PIII was going to run 24/7 anyway as a Quake server. So I actually _cut out_ that 20/30w by using an existing setup as a router and not getting another. Maybe I will stop global warming?


----------



## FordGT90Concept (Jul 30, 2009)

Ah, usually a network server has only two NICs (one WAN, one LAN) with a managed or unmanaged switch on the LAN.  A router is basically three things: an internet gateway, packet routing, firewall, and switch.  YoI assume you already got the internet gateway and packet routing parts covered using software and I imagine you are looking into the firewall aspects (or Windows Firewall).  The switch as you suggested, could mean additional NICs in the computer or a managed/unmanaged external switch.  I would always recommend the external switch because they are cheap, simple, and effective.

I've been using this one for at least a year now and it is awesome (albeit hot):
http://www.newegg.com/Product/Product.aspx?Item=N82E16833129025


The real disadvantage of what you are aiming for is that it will require a lot of micromanagement.  If you don't have software that can act as a DHCP, you'll have to manually assign IP addresses for all NICs.  Additionally, your software will probably need to be PPPoE capable in order to interface with your modem/bridge (depends on your Internet connection).  If not PPPoE, you'll have to interface with the modem through a default gateway IP.

ICS (the page is old) should be able to handle DHCP.


What really gets me is that a good switch costs about as much as a decent router.  You only need to share the connection with three computers which is what all decent routers support (less the headaches).  If I were in your shoes, I'd go with a router DMZing the server if absolutely necessary (make sure it has a firewall enabled if you do).


Consider this (or the router you originally suggested):
http://www.newegg.com/Product/Product.aspx?Item=N82E16833127241

Just don't use the disk that comes with any router--they be worthless and create more problems than they fix.


----------



## mrhuggles (Jul 30, 2009)

lmfao, assigning ips is a chore? ugh you guys are going crazy, thats just all there is to it.

ever tried clocking yourself setting a static ip?


----------



## FelipeV (Jul 30, 2009)

Using the P3 and some kind of program like MikroTik wouldn´t be a solution too ?


----------



## hat (Jul 30, 2009)

Manually assigning IP adresses... I do that already. I have to. I can't expect to host a Quake server with 2 computers and auto IP assigning. What if I have it forwarded to 192.168.1.100 and my mom's pc got that address and I was put on .101? Wouldn't work too well


----------



## mrhuggles (Jul 30, 2009)

forgive me if you already said so but i couldn't find it... which quake are you hosting a server for?


----------



## FordGT90Concept (Jul 31, 2009)

My server is a DNS so it has a static, dedicated IP (reserved in the router as well).  All the other computers/printers are on DHCP.  Even computers on DHCP, I've never had a problem of computers changing IP addresses.  The potential obviously exists but in almost 10 years of using D-Link routers, it has never happened.




mrhuggles said:


> ]ever tried clocking yourself setting a static ip?


It takes less than one second for the router assign it an IP.  Obviously it takes much longer to not only set a static IP on the machine but also reserve it in the router so DHCP doesn't try to use it.  There's no comparison.


----------



## newtekie1 (Jul 31, 2009)

hat said:


> I was going to use the 3 nics idea (one for modem, 2 for other pcs) first anyway, just cause. I'd really rather not use the hub if I don't have to.



3 NICs won't work.  You have to use a hub or switch.  Trust me.



hat said:


> Manually assigning IP adresses... I do that already. I have to. I can't expect to host a Quake server with 2 computers and auto IP assigning. What if I have it forwarded to 192.168.1.100 and my mom's pc got that address and I was put on .101? Wouldn't work too well



One of the good things about going with a router like the WRT54GL is that you can set up static DHCP address, so certain computers will always get certain IPs. No need to manually set IPs.


----------



## mrhuggles (Jul 31, 2009)

lol, no need to reserve them, DHCP will already be configured to use ips 100 and above, if you want a device to have a static ip and not worry about that set it to something low


----------



## newtekie1 (Jul 31, 2009)

mrhuggles said:


> lol, no need to reserve them, DHCP will already be configured to use ips 100 and above, if you want a device to have a static ip and not worry about that set it to something low



Yes, you can do it this way.  Having the router handle static DHCP IPs, instead of manually setting them is much better.  At least it is for me, as I want all my computers inside my network to always have the same IPs.  However, when I take my laptops out and try to connect them to another network, my manual IPs almost never worked.  So it became a real pain to keep manually setting the IP and then disabling it when moving my laptops.

With the router handling static DHCP, when my laptops are connected to my network, they get the proper IP that I want them to have.  When I take them with me somewhere else, I don't have to worry about it not working.


----------



## hat (Jul 31, 2009)

mrhuggles said:


> forgive me if you already said so but i couldn't find it... which quake are you hosting a server for?



The origional 

I have no need for DHCP, really, I don't take my computer anywhere. Ever.


----------



## mrhuggles (Jul 31, 2009)

yeah besides its like i just said, its standard practice [default] for the first 100 ips to not be used by DHCP for home networks

plus you can have 2 configurations anyways


----------



## FordGT90Concept (Jul 31, 2009)

Every router (mostly manufacturer dependent) has he DHCP range set differently.  For instance...

D-Link IP: 192.168.0.1
DHCP Range: 192.168.0.100-192.168.0.199

Netopia IP: 192.168.1.254
DHCP Range: 192.168.1.0-192.168.1.99

You can usually change the range in the device configuration.


----------

