The only "hard" router I've used that can do these network captures is the Netgear FVS338, it's a great feature. I wanted this at home, where I normally run an Apple Airport so I decided to fork out $95 and get a Linksys WRT54GL so I could flash the firmware with OpenWRT.
Flashing firmware was very smooth. What you get is a very basic web interface for configuration, enough to get up, and the ability to ssh in and do very powerful stuff with iptables.
The things I needed were:
# forward port 999 to 22 on the home linux box at 172.16.1.100
iptables -t nat -A prerouting_wan -p tcp --dport 999 -j DNAT --to 172.16.1.100:22
iptables -A forwarding_wan -p tcp --dport 22 -d 172.16.1.100 -j ACCEPT
Also, to allow for PPTP passthrough I had to:
# ipkg install kmod-ipt-nat-extra
and reboot. See here.
The hardware and software seems totally reliable so far. I hope there is more in the web interface in future. For me, what is great is that I can get a command line for pings, traceroutes and tcpdumps (there is 7Mb available in /tmp for saving the captures).
For $95 you get a very powerful router, similar to devices costing an order of magnitude more. Recommended for network geeks.
Yep, lots of love for OpenWRT around these parts.
For extra capture space you can write to an NFS mount (obviously not on the same interface you're capturing :). I did this for a while trying to get snort to run, before admitting failure. The NFS part worked fine though.
What else do I do with my OpenWRT box?
Throttle incoming SSH connections. Provide Quality of Service for my upload traffic. Provide IPv6 connectivity. Dynamic DNS registration. And lots more.
you guys are true nerds. I found DD-WRT to have a much better GUI, and much the same CLI access while running.
But it might not have all Qos and v6 glitter.
Thanks for the NFS tip Alastair, and I must credit you as the one that mentioned OpenWRT to me in the first place.
And Geo, thanks for the pointer to DD-Wrt looks very interesting too.
I'm now running DD-Wrt, it is fabulous, but the transition was not without a little drama.
I tried to flash the firmware over from OpenWRT to DD-Wrt and ended up with the dreaded power LED flashing sydrome and had to go back to my previous router for a few days.
In the end I flashed back to the original Linksys firmware with tftp running under Parallels. (It was much quicker than described in the dd-wrt wiki).
I don't have any quantitative measurements but things seem faster than on the Airport.
According to http://www.speedtest.net/ I'm getting 12,416kbps down and 236kbps up with a latency of 21ms.
Incidentally, this device appears to have IPV6 support. Not sure what turning it on means. The web UI is certainly far superior to the OpenWRT flavour.
What's missing is the support for installing packages easily. Or perhaps I just haven't found that yet..
Post a Comment