[nzlug] IPCop box retiring. Getting NetGear DG834 ADSL Router. Comments? Wise move?

Howard howard-nzlug at fox.co.nz
Fri Nov 3 09:39:39 NZDT 2006 

on 2/11/2006 7:32 p.m. yuri wrote:
> Currently I *hate* any configuration whatsoever other than plugging it
> in and turning it on.
> I realise I'll have to enter my ISP details to connect, but other than
> that I'm sick of futzing.

Then pretty much any cheap DSL router will do that.

> What advantage would IPCop+PCI ADSL modem give me over a linux based
> hardware firewall?

Obviously this depends on the hardware router unit.  I don't know of any 
good open source software that goes in an embedded DSL router, so it is 
only as good as the manufacturers make it, and they are unlikely to add 
new features.

I have a couple of Linksys WRT54G units with the DD-WRT firmware, and 
this is fantastic, but I don't think it supports any of the DSL variants 
yet like the WAG54G etc.

Things I like about my IPCop (with internal ADSL card) compared to most 
embedded hardware routers I've seen are listed below.  Note that 
hardware routers are catching up though:

- Logging is nicer and more comprehensive
- Nice big Proxy caches (Squid) transparent or not (depending on hard 
drive size)
- Can be an NTP server (so can some routers I've seen)
- Port forwarding is very easy to set up and comprehensive.  You can 
tick and untick boxes to turn forwarding on and off as need which is useful.
- How many embedded routers allow 4 firewalled subnets? (Green, 
Red/Internet, Orange/DMZ, Blue/Secure Wireless)
- I have 1000 base network cards for traffic between subnets
- Snort for intrusion detection (if you like that sort of thing)
- Team that puts it together is very focussed on security updates and 
updates are easy and quick (often with no downtime/reboot)
- Lots of addons for such things as web site blocking, time access (e.g. 
you have kids), filtering viruses on the fly to your network, managing 
UPSs, caching MS Windows updates etc...
- Better support for Dynamic DNS than most routers (you can add your own 
Dynamic DNS sites if needed)
- Traffic shaping (although some embedded routers do this).  Easy to 
turn off and on again on the fly for different protocols.
- Encrypted config backups (if you're paranoid ;)
- Traffic/System and other item graphing.  Stored for long periods of 
time (depending on hard drive space...)
- Good VPN support for various VPN methods
- Can be managed via the web interface, or just shell in and modify files.
- It is open source

> Also, could I still use the POTS modem in the IPCop box to run a
> faxserver+POTS answerphone while still using it as a firewall?

It is Linux, so anything is possible.  I wouldn't want to try and use 
IPCop here though as it is designed as a standalone appliance distro. 
You could easily roll your own router/faxserver/firewall though with 
pretty much any distro that has mgetty/iptables etc

It even looks like there is an Asterisk addon for IPCop, so you may be 
able to easily make it a fax server as well.  I'm not a major IPCop 
addon fan through, as I like it to do just what the IPCop team designed 
it for i.e. a robust firewall with a few extra management features.

There are other distros for making a 'do many things' AND 'be a 
firewall/network gateway' box which may suit, such as SME Server (?), 
clarkconnect etc.

> Also, are there any PCI ADSL modems on the shelf in Christchurch that
> will *Just Work* with IPCop with no futzing?

Not sure about Christchurch, but Pulsar from Traverse works very well 
for me & I got it from the manufacturer.
You could buy a simple ADSL router cheaper though...
http://www.traverse.com.au/productview.do?product_id=21

cheers
Howard

More information about the NZLUG mailing list