[olug] iptables behind router

William E. Kempf wekempf at cox.net
Tue Sep 14 11:58:31 UTC 2004


On Tue, September 14, 2004 11:48 am, Ken MacFerrin said:
> William E. Kempf wrote:
>
>> On Tue, September 14, 2004 11:14 am, Ken MacFerrin said:
>>
>>>William E. Kempf wrote:
>>>Well, the easiest solution might just be to do a little hacking..  If
>>>it's a Linksys WRT54G then just update the firmware to a custom kernel:
>>>http://www.sveasoft.com/modules/phpBB2/index.php
>>
>>
>> I'm aware of this, and actually referred to it in a round about way in
>> my
>> post (I can understand why you didn't recognize it, however).  But, I'm
>> a
>> cheap bastard and dare not risk having to buy new hardware because I
>> screw
>> up somehow.  The research I've done on this subject suggests that if you
>> screw up this can render the hardware useless, and as remote as the
>> chance
>> is of this happening... I've been reluctant to try this.
>>
>>
>>>Took me all of 10 minutes to install and now the box has twice the
>>>features and genuine ssh access.  From there you can forward as many
>>>ports as you'd like right from the router..
>>
>>
>> Yes, this is indeed very enticing... I just can't bring myself to try
>> it. :(
>>
>
> There is some risk but I can honestly say it's very negligible.  I
> managed to "brick" mine a couple times (while experimenting with other
> things, not during normal install/use) and have always been able to
> recover using one of the resuscitation methods listed here:
> http://docs.sveasoft.com/SV-RecoveringFirmware.html

I had read somewhere that it was possible to muck things up badly enough
that there was NO way to flash the router any longer.  That's what I found
to be scary (no matter how unlikely it was this would occur) and is what's
prevented me from trying.

> In an extreme case; it's not the most honest approach but the retail
> giant you probably bought the thing from will typically exchange one
> with no questions asked.  In my experience about 1/20 of consumer grade
> routers/hubs/switches arrive defective or DOA.

Purchased too long ago for this to be an option.

> As far as being cheap, the stable version (currently Satori-4) is GPL
> and free.  You only need to subscribe ($20) if you want the pre-release
> packages.  This way you get to save yourself the cost of another NIC,
> add the security of having a standalone router/firewall, and free up
> your other linux box for more fun things like an IDS.

IDS?

-- 
William E. Kempf
wekempf at cox.net



More information about the OLUG mailing list