Re: What's a decent modem/router for tech savy user?

Dave wrote:
My own an Intertex IX66 ADSL modem router, but it has recently died. So I replaced it with a Belkin F5D8635-4 v1, which is a wireless broadband modem router. Despite costing a fair amounts (it is far from the cheapest on the market), I'm very unimpressed with it. I would like to find something which offers a bit more flexibility. Particular things I miss from my Intertex modem are

1) It is not possible to route or deny traffic to specific ports based on the source IP address. I had the other modem configured such that port 22 (used for SSH) was connected only from specific IP address. Likewise, I had the port used for windows remote desktop only connected from one IP address in the world.

I cant seem to do either of these with the Belkin device.



Indeed that was my experinece. I set up IPtables instead on the incoming box.

We have a netgear on that site now. Thats better, but has no snp monitoring.


2) I used to run a web server on the Intertex modem. I routed port 80 through to the modem. I ticked a box marked 'Access servers from inside' then all the web sites I hosted could be seen from inside my LAN. So for example, if I went to

http:///www.g8wrb.org
I would see the site, which is one I hosted.


With the Belkin, I only see the setup page for the router. Despite Belkin tech support suggesting a pre-release firmware version, that has not solved it.


The belkin we had did redirect calls to its own external interface to the web servers automatically.

For th D-link I have nd th netgar, I found it necessary to st up a fudge DNS slave server and force the lan users to use it by wibbling with dhcp

3) The firewall on the IX66 just ignored connection attempts such as port scans. The Belkin sends back a 'connected refused', so it alerts a hacker to the fact there is a computer there.


They know therr is a router there anyway.


In contrast, my old IX66 just ignored the connection attempt, sending to reply at all.


4) The IX66 had a 'DMZ' which was on a different subnet. It was totally impossible to connect from the DMZ to the LAN. The DMZ could be made quite secure (with some effort). Although I have not used the DMZ on this Belkin product, I believe it is far inferior to what I am used to.

yes. My old D-link has the DMZ concept as well. Not that useful in such limited class.

Thee netgear has some sort of default DMZ for a single IP address

So overall, I'm pretty unimpressed with this Belkin thing. The problem is to find a better modem. Whilst Intertex appear to still be in business, I can see from their support pages that the support is a lot poorer than it used to be, so I'm a bit reluctant to spend £200 (about $300) on their latest offering.

So are there any decent ADSL modems/routers out there which are suitable if one wants to do a bit more than the basics?

Having wireless is not important, as I do have a wireless access point on the LAN. Having flexibility in the firewall is quite important to me.

TBH any commercial DSL router at a sensible price is mostly engineered for easy of numpties to set up.

The netgear comes close to what you want. But it wont route back inside the LAN - needs internal DNS server spoofing. And it dont do snmp stats, which I dislike.

But otherwise its pretty good.



I cut and pasted some stuff from their st up screns for info
----------------------------------------------------------------
WAN Setup Help

Using this page, you can set up several parameters related the the WAN connection.

Connect Automatically, as Required

Normally, this option should be Enabled, so that an Internet connection will be made automatically, whenever Internet-bound traffic is detected. If this causes high connection costs, you can disable this setting.
If disabled, you must connect manually, using the sub-screen accessed from the "Connection Status" button on the Status screen.

If you have an "Always on" connection, this setting has no effect.

Disable Port Scan and DOS Protection - The Firewall protects your LAN against Port Scans and Denial of Service (DOS) attacks. This should be disabled only in special circumstances.

Default DMZ Server

Specifying a Default DMZ Server allows you to set up a computer or server that is available to anyone on the Internet for services that you haven't defined. There are security issues with doing this, so only do this if you're willing to risk open access. If you do not assign a Default DMZ Server, the Router discards any incoming service requests which are undefined. This can be a security problem. You shouldn't check this box unless you have a specific reason to do so.

To assign a computer or server to be a DMZ server:

1. Click the Default DMZ Server checkbox
2. Type the IP address for that server.
3. Click Apply.

Respond To Ping On Internet Port

If you want the DG834PN to respond to a 'Ping' from the Internet, click this check box. This can be used as a diagnostic tool. This can be a security problem. You shouldn't check this box unless you have a specific reason to do so.

MTU Size

The normal MTU (Maximum Transmit Unit) value for most Ethernet networks is 1500 Bytes, or 1492 Bytes for PPPoE connections. For some ISPs you may need to reduce the MTU. But this is rarely required, and should not be done unless you are sure it is necessary for your ISP connection.

To Apply Or Cancel

Click Apply to update changes to the MTU Size.
Click Cancel to disregard any unsaved changes.
-------------------------------------------------------------
Firewall Rules Help

You can use this screen to create Firewall rules to block or allow specific traffic. This feature is for Advanced Administrators only! Incorrect configuration will cause serious problems.
Outbound Services

This lists all existing rules for outbound traffic. If you have not defined any rules, only the default rule will be listed. The default rule allows all outgoing traffic.

To create a new rule:

1. Click the "Add" button. (It does not matter which radio button is selected)
2. The "Outbound Service" screen will be displayed. This screen has its own help file.
3. Complete the "Outbound Service" screen, and save the data. The new rule will be listed in the table when you return to this screen.

To make changes to an existing rule:

1. Click the radio button next to an row in the table.
2. Click the button for the desired actions:
* Edit - to make any changes to the rule definition. The "Outbound Service" screen will be displayed, with the data for the selected rule.
* Move - to move the selected rule to a new position in the table. You will be prompted for the new position.
* Delete - to delete the selected rule.

Inbound Services

This lists all existing rules for inbound traffic. If you have not defined any rules, only the default rule will be listed. The default rule blocks all inbound traffic.

To create a new rule:

1. Click the "Add" button. (It does not matter which radio button is selected)
2. The "Inbound Service" screen will be displayed. This screen has its own help file.
3. Complete the "Inbound Service" screen, and save the data. The new rule will be listed in the table when you return to this screen.

To make changes to an existing rule:

1. Click the radio button next to an row in the table.
2. Click the button for the desired actions:
* Edit - to make any changes to the rule definition. The "Inbound Service" screen will be displayed, with the data for the selected rule.
* Move - to move the selected rule to a new position in the table. You will be prompted for the new position.
* Delete - to delete the selected rule.

Instant Messaging (IM) Ports

Ports to enable MSN and AOL Instant Messaging are open by default. To close these ports check the Close IM Ports radio button. When these ports are closed Instant Messaging will not function.

To Accept Or Cancel

Click Accept to update changes to the Outbound Services and Inbound Services tables.
Click Cancel to disregard any unsaved changes.




.