[olug] iptables behind router

Ken MacFerrin lists at macferrin.com
Tue Sep 14 16:48:03 UTC 2004 

William E. Kempf wrote:

> On Tue, September 14, 2004 11:14 am, Ken MacFerrin said:
> 
>>William E. Kempf wrote:
>>
>>>Here's my network topology:
>>>
>>>[cable modem (cox)]<--->[router]<--->[comp A]
>>>                                <--->[comp B]
>>>                                <--->[WAP]<--->[laptop]
>>>
>>>The router is a Linksys router, and the built in firewall is
>>>minimalistic
>>>(well, at least what's readily available with out hacking... [snip]
>>
>>Well, the easiest solution might just be to do a little hacking..  If
>>it's a Linksys WRT54G then just update the firmware to a custom kernel:
>>http://www.sveasoft.com/modules/phpBB2/index.php
> 
> 
> I'm aware of this, and actually referred to it in a round about way in my
> post (I can understand why you didn't recognize it, however).  But, I'm a
> cheap bastard and dare not risk having to buy new hardware because I screw
> up somehow.  The research I've done on this subject suggests that if you
> screw up this can render the hardware useless, and as remote as the chance
> is of this happening... I've been reluctant to try this.
> 
> 
>>Took me all of 10 minutes to install and now the box has twice the
>>features and genuine ssh access.  From there you can forward as many
>>ports as you'd like right from the router..
> 
> 
> Yes, this is indeed very enticing... I just can't bring myself to try it. :(
> 

There is some risk but I can honestly say it's very negligible.  I 
managed to "brick" mine a couple times (while experimenting with other 
things, not during normal install/use) and have always been able to 
recover using one of the resuscitation methods listed here: 
http://docs.sveasoft.com/SV-RecoveringFirmware.html

In an extreme case; it's not the most honest approach but the retail 
giant you probably bought the thing from will typically exchange one 
with no questions asked.  In my experience about 1/20 of consumer grade 
routers/hubs/switches arrive defective or DOA.

As far as being cheap, the stable version (currently Satori-4) is GPL 
and free.  You only need to subscribe ($20) if you want the pre-release 
packages.  This way you get to save yourself the cost of another NIC, 
add the security of having a standalone router/firewall, and free up 
your other linux box for more fun things like an IDS.

Just my two cents..
-Ken

More information about the OLUG mailing list