Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Linksys NAT/firewall--good or bad?

1 view
Skip to first unread message

LRW

unread,
Feb 16, 2004, 3:04:04 PM2/16/04
to
I have a Linksys wireless 4-port router/switch. It has port forwarding, UPnP
blocking, WAN messages blocking, MAC only security, and the like.
I've been suggested now and then to get a REAL router and not trust the
Linksys NAT...but I ask and I never get an explanation why.
It's a home network, I have no funds for a Cisco or Netiron or whatever REAL
routers there are, and I don't have a spare PC to put Linux on and act as a
router (altough I really would love to do that, being a Linux tinkerer that
I am.)

So I'm wondering if I can get explanations as to why I shouldn't trust it?
I'm using Wallwatcher to analyze the router logs and there's never any
unwanted traffic coming in, and I use a packet sniffer to randomly watch my
traffic, and I don't see anything unexpected going out.

Thanks for any info!
Liam


Matt Payton

unread,
Feb 16, 2004, 6:15:01 PM2/16/04
to

I can't really answer your question, since I personally don't see anything
wrong with Linksys and similar devices. I've used them for a few years,
mainly because I don't want to dedicate a big, noisy machine just for a
firewall, and I'm a firm believer in not running any additional services
on a firewall. Besides, just because you have one of those devices,
doesn't mean you have to rely on it and nothing else...You can still use
ipchains on a Linux box behind it if you really want to.

My only complaint with the Linksys routers relate to their logging. IMHO
it could be better. But, for the money, I don't think you can complain.
Yeah, it would be cool to have a Cisco or similar, but like you, I can't
possibly justify that amount of money for a home network. Would I
recommend one for a commercial environment ? Probably not. But I know
more than a few small companies that are using them, and I've yet to hear
of any of them being hacked.
I'd never turn on the remote admin option, which basically let's you
connect to the admin port via the Wan interface...But that's off by
default.

So, in general, I think Linksys ( and Netgear, D-Link, etc ) do a pretty
good job. AFAIK, most of them have reasonable default settings, and you
probably have to work at opening ports for access from the outside,
instead of having to work to close them...Hell, they should be required
equipment for any Windows user with broadband access.

--
- Matt -

Paddy

unread,
Feb 17, 2004, 9:23:52 AM2/17/04
to

"LRW" <dr...@NOSPAHMcelticbear.com> wrote in message
news:Um9Yb.330741$xy6.1618069@attbi_s02...

> I have a Linksys wireless 4-port router/switch. It has port
forwarding, UPnP
> blocking, WAN messages blocking, MAC only security, and the like.
> I've been suggested now and then to get a REAL router and not trust
the
> Linksys NAT...but I ask and I never get an explanation why.
> It's a home network, I have no funds for a Cisco or Netiron or
whatever REAL


Linksys is a division of Cisco so technically you do have a Cisco :)

--
Paddy


Vincent Fox

unread,
Feb 19, 2004, 3:01:16 PM2/19/04
to
The linky's work okay. BUT, customer support sucks, and the many
many firmware releases for me always seemed to be 2 steps forward
and 1 step back. Fix 2 things, break one. But if your needs are
few then they are a cheap solution.

I prefer using a little PC running the IPCop linux distro.
Custom-distro for router/firewall usage. It will let me do
web page caching with squid, full IDS, MRTG graphs of net usage
and many other things not possible with a Linky. The IDS is
interesting, first with cable and now with DSL service I can see
the intruders knocking on my door every few minutes. You
never see this detail with basic h/w router boxes.

"LRW" <dr...@NOSPAHMcelticbear.com> writes:


--
Vincent Fox
Georgia Institute of Technology, Atlanta Georgia, 30332
Internet: v...@mail.gatech.edu

LRW

unread,
Feb 20, 2004, 8:57:02 AM2/20/04
to
"Vincent Fox" <v...@prism.gatech.edu> wrote in message
news:c134mc$543$1...@news-int2.gatech.edu...

> The linky's work okay. BUT, customer support sucks, and the many
> many firmware releases for me always seemed to be 2 steps forward
> and 1 step back. Fix 2 things, break one. But if your needs are
> few then they are a cheap solution.
>
> I prefer using a little PC running the IPCop linux distro.
> Custom-distro for router/firewall usage. It will let me do
> web page caching with squid, full IDS, MRTG graphs of net usage
> and many other things not possible with a Linky. The IDS is
> interesting, first with cable and now with DSL service I can see
> the intruders knocking on my door every few minutes. You
> never see this detail with basic h/w router boxes.
>

Whoa! That IPCop is a great idea! That's so cool that someone came up with
that idea...I'm going to check that out.
Thanks for the tip!!
Liam


Ken

unread,
Feb 28, 2004, 4:57:17 PM2/28/04
to

"LRW" wrote I have a Linksys wireless 4-port router/switch.

> I've been suggested now and then to get a REAL router and not trust the
Linksys NAT...but I ask and I never get an explanation why.

Although it is difficult to do someone could contruct a packet that your
Linksys router would allow into your LAN. The Linksys router does perform
Stateful Inspection of incoming packets to see if the packets belong to an
open session initiated by a machine on the LAN.

Someone else recommended IP COP as a Linux based Firewall. IP Cop is a
rip-off of Smoothwall. If you want the best Linux based free FW that does
Stateful Inspection, Intrusion Detection, Web Caching, VPN's, and great
logging get Smoothie at www.smoothwall.org.

Ken

Michael W. Cocke

unread,
Feb 29, 2004, 8:40:18 AM2/29/04
to
On Sat, 28 Feb 2004 21:57:17 GMT, "Ken" <nhpcgu...@comcast.net>
wrote:

The problem(s) with the Linksys are:

A) It's limited to some fairly basic functions. If what you want to
do isn't basic, you're SOL. Things like having the idiot thing
respond to a ping so you can tell if it's connected and working...
It can be made to respond to a ping - after you do a traceroute (or
was it the other way around?)


B) It's buggier than a $2.00 hooker.

Get an old 486 and a minimal version of linux - it won't cost much
more than a Linksys and it will allow you to use virtual domains on
Apache, which is one of the many things that doesn't work behind a
Linksys... don't ask me why - at that point, I chucked mine and got a
firewall.

Mike-

--
Mornings: Evolution in action. Only the grumpy will survive.
--

Please note - Due to the intense volume of spam, we have installed site-wide spam
filters at catherders.com. If email from you bounces, try non-HTML, non-encoded,
non-attachments.


----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---

LRW

unread,
Mar 6, 2004, 11:20:30 AM3/6/04
to
"Michael W. Cocke" <co...@catherders.com> wrote in message
news:siq340lrtv33hsgju...@4ax.com...

>
> B) It's buggier than a $2.00 hooker.
>

LOL I hope you don't mind but I'm going to steal that phrase. =)

> Get an old 486 and a minimal version of linux - it won't cost much
> more than a Linksys and it will allow you to use virtual domains on
> Apache, which is one of the many things that doesn't work behind a
> Linksys... don't ask me why - at that point, I chucked mine and got a
> firewall.

While I'm only 50% convinced of the evils of a Linksys router, I'm certainly
convinced on the superiority of a Linux router. (Actually, I'd always been
convinced that it was best, just not convinced it was something I could set
up or what THAT much better than a Linksys.)
I'm starting to piece together a simple P-I machine, and picked up "Linux
Security Toolkit" by David Bandel.

Thanks!
Liam


0 new messages