217 lines
5.2 KiB
HTML
217 lines
5.2 KiB
HTML
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
||
|
<HTML
|
||
|
><HEAD
|
||
|
><TITLE
|
||
|
>How and where to deploy</TITLE
|
||
|
><META
|
||
|
NAME="GENERATOR"
|
||
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
||
|
REL="HOME"
|
||
|
TITLE="Linksys Blue Box Router HOWTO"
|
||
|
HREF="index.html"><LINK
|
||
|
REL="PREVIOUS"
|
||
|
TITLE="Introduction"
|
||
|
HREF="introduction.html"><LINK
|
||
|
REL="NEXT"
|
||
|
TITLE="Lost the manual?"
|
||
|
HREF="lostmanual.html"></HEAD
|
||
|
><BODY
|
||
|
CLASS="sect1"
|
||
|
BGCOLOR="#FFFFFF"
|
||
|
TEXT="#000000"
|
||
|
LINK="#0000FF"
|
||
|
VLINK="#840084"
|
||
|
ALINK="#0000FF"
|
||
|
><DIV
|
||
|
CLASS="NAVHEADER"
|
||
|
><TABLE
|
||
|
SUMMARY="Header navigation table"
|
||
|
WIDTH="100%"
|
||
|
BORDER="0"
|
||
|
CELLPADDING="0"
|
||
|
CELLSPACING="0"
|
||
|
><TR
|
||
|
><TH
|
||
|
COLSPAN="3"
|
||
|
ALIGN="center"
|
||
|
>Linksys Blue Box Router HOWTO</TH
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="10%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="bottom"
|
||
|
><A
|
||
|
HREF="introduction.html"
|
||
|
ACCESSKEY="P"
|
||
|
>Prev</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="80%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="bottom"
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="10%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="bottom"
|
||
|
><A
|
||
|
HREF="lostmanual.html"
|
||
|
ACCESSKEY="N"
|
||
|
>Next</A
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><HR
|
||
|
ALIGN="LEFT"
|
||
|
WIDTH="100%"></DIV
|
||
|
><DIV
|
||
|
CLASS="sect1"
|
||
|
><H1
|
||
|
CLASS="sect1"
|
||
|
><A
|
||
|
NAME="howandwhen"
|
||
|
></A
|
||
|
>2. How and where to deploy</H1
|
||
|
><P
|
||
|
>The Linksys BEFSR41, BEFW11, WRT54G and their siblings are designed
|
||
|
to be used as gateway boxes on a home Ethernet. Typically, you'll hook one
|
||
|
up to a DSL or cable modem, which will automatically switch into bridge
|
||
|
mode and simply pass packets between your ISP's router and the Linksys box.
|
||
|
</P
|
||
|
><P
|
||
|
>If you want to use a general-purpose PC running Linux as a firewall,
|
||
|
have fun — but these little boxes are more efficient. The nicest
|
||
|
thing about them is that they run out of firmware and, assuming you take
|
||
|
the elementary precautions we describe, are too stupid to be cracked.
|
||
|
Also, they don't generate fan noise or heat. Finally, they run Linux
|
||
|
inside and can be customized and hacked in useful ways.</P
|
||
|
><P
|
||
|
>Linksys boxes used to have a good reputation for reliability.
|
||
|
Something bad happened to their quality control after Cisco acquired the
|
||
|
company in March 2003; I had two go silently dead on me in less than a
|
||
|
year, and I heard grumbling from others about similar problems.
|
||
|
Unfortunately when I tried other low-end brands (Belkin, Buffalo) they
|
||
|
proved to have gross design errors. The Belkin had brain-damage in its
|
||
|
firewall rules that interfered with local SMTP, and the Buffalo
|
||
|
intermittently refused connections for no apparent reason. So I went back
|
||
|
with Linksys, hoping my WRT54G wouldn't turn into a doorstop within a couple
|
||
|
of months. As of mid-2006, I've been OK for about 24 months.</P
|
||
|
><P
|
||
|
>(Building one of these puppies is not rocket science. I can only
|
||
|
conjecture that the competitive pressure is driving the manufacturers to cut
|
||
|
costs to the bone by hiring programmers out of the bottom of the barrel
|
||
|
and having the manufacturing done by some low-end contract house
|
||
|
in Indonesia or somewhere. The results, alas, tend to be unstable
|
||
|
crap. Caveat emptor.)</P
|
||
|
><P
|
||
|
>Note another consequence of the Cisco acquisition: Linksys is now
|
||
|
what marketers call a flank guard, a low-end brand designed to protect the
|
||
|
margins and brand image of Cisco's commercial-grade networking products.
|
||
|
This means that Linksys boxes are no longer acquiring new firmware
|
||
|
features, and some old ones like stateful packet inspection almost
|
||
|
certainly won't be coming back. Provided you can live within these limits,
|
||
|
this is actually good; simpler firmware is more stable firmware. And, in
|
||
|
any case, the open-source replacement firnwares can give you back the
|
||
|
features abd complexity if you want them.</P
|
||
|
><P
|
||
|
>At minimum, a live Linksys box will do the following things for
|
||
|
you:</P
|
||
|
><P
|
||
|
></P
|
||
|
><OL
|
||
|
TYPE="1"
|
||
|
><LI
|
||
|
><P
|
||
|
><EM
|
||
|
>Act as an Ethernet router.</EM
|
||
|
> You can
|
||
|
plug all your lines and hubs and hosts into it to exchange packets even
|
||
|
when your outside link is down.</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
><EM
|
||
|
>Act as a smart gateway.</EM
|
||
|
> When you
|
||
|
configure the Linksys with a public static IP address (or tell it to grab a
|
||
|
dynamic IP address from your ISP at startup time), it will gateway between
|
||
|
hosts on your private network and the Internet, performing all the IP
|
||
|
masquerading and address translation required to route your traffic.</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
><EM
|
||
|
>Firewall your connection.</EM
|
||
|
> You can
|
||
|
tell it to block out all but the minimum sevice channels you need. You can
|
||
|
specify separately, for each service, to which of your internal machines
|
||
|
the traffic should be routed.</P
|
||
|
></LI
|
||
|
></OL
|
||
|
><P
|
||
|
>I give my Linksys box the standard private-network gateway
|
||
|
address, 192.168.1.1. I then give all my boxes 192.168.1.x addresses
|
||
|
and tell them the Linksys is their gateway. Everything works.</P
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="NAVFOOTER"
|
||
|
><HR
|
||
|
ALIGN="LEFT"
|
||
|
WIDTH="100%"><TABLE
|
||
|
SUMMARY="Footer navigation table"
|
||
|
WIDTH="100%"
|
||
|
BORDER="0"
|
||
|
CELLPADDING="0"
|
||
|
CELLSPACING="0"
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="introduction.html"
|
||
|
ACCESSKEY="P"
|
||
|
>Prev</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="34%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="index.html"
|
||
|
ACCESSKEY="H"
|
||
|
>Home</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="lostmanual.html"
|
||
|
ACCESSKEY="N"
|
||
|
>Next</A
|
||
|
></TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="top"
|
||
|
>Introduction</TD
|
||
|
><TD
|
||
|
WIDTH="34%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="top"
|
||
|
> </TD
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="top"
|
||
|
>Lost the manual?</TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
></DIV
|
||
|
></BODY
|
||
|
></HTML
|
||
|
>
|