LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   DD-WRT / Tomato (http://www.linuxquestions.org/questions/linux-networking-3/dd-wrt-tomato-747112/)

linuxbird 08-12-2009 05:06 PM

DD-WRT / Tomato
 
I would like to have a 3 NIC firewall. Specifically, I would like one NIC to go to a insecure switch on my side of the firewall, for things like VOIP, stream serving or whatever. Then I would like another NIC to go to the normal network on my side of the firewall.

Does anyone know if DD-WRT or Tomato will effectively permit something like this, where all the LAN connections are not necessarily with the same connectivity?

Thanks.

mushroomboy 08-12-2009 06:40 PM

DD-WRT has a lot of options, but the main thing with any of this would be what router are you using. The WRT54G v5 sucks, and a lot of cheaper routers suck just as bad. They limit the flash size on the router, so you have to install crippled versions of the software. I would suggest going to the DD-WRT forum, I use it myself but I have the WRT54G v5 router and am very disappointed with it. Cisco screwed us on this one, and there is nothing I can do except get a new router if I want better options.

nowonmai 08-13-2009 03:53 AM

Quote:

Originally Posted by linuxbird (Post 3641054)
Does anyone know if DD-WRT or Tomato will effectively permit something like this, where all the LAN connections are not necessarily with the same connectivity?

Thanks.

To an extent. You can't do L2 or L3 management, as it's just a basic switch, but you can enable QoS, which will prioritise certain traffic on specified ports. You can't actually block or segment ports though.

mushroomboy 08-13-2009 04:56 AM

Quote:

Originally Posted by nowonmai (Post 3641585)
To an extent. You can't do L2 or L3 management, as it's just a basic switch, but you can enable QoS, which will prioritise certain traffic on specified ports. You can't actually block or segment ports though.

You could possibly edit dd-wrt to deny ports? But that's why I said it should be asked in the dd-wrt forum, as they probably know how to modify the firmware more than most of us. =P Really it's just a version of linux, just hacked up a little.


Though I would warn you, if you mess with QoS you'll want to get a decent router.

linuxbird 08-13-2009 08:38 PM

My topology is a linux box with two NICs, one to the cable modem, and the other to a Netgear FSM7352S.

I'm thinking of adding a third NIC which would feed another FSM7352S that I have, and off that would be devices I can get "dirty" such as VoIP ATAs and a standalong webserver.

So I'm wondering if any package such as DD-WRT or Tomato or whatever would work, such that LAN 1 would be the "dirty" connection, and LAN 2 would be the more heavily firewalled connection. I figure the smarts for all that should fit in a router size box.

I've started reading the DD-WRT stuff, and it looks like I would probably have to hack it a bit.

Another motivation to see if I can get it into a router platform is to keep the power draw down.

mushroomboy 08-14-2009 06:35 AM

Vituralization of networks? Have 2 vitural networks, one that has a firewall and one that doesn't? I know you can do vitural networking with dd-wrt and specify what ports are on what vitural networks. Does that help at all?

Oh and by ports I ment LAN1, LAN2, ect... I didn't mean network ports I was talking physical haha

linuxbird 09-19-2009 03:50 PM

Quote:

Originally Posted by mushroomboy (Post 3641633)
You could possibly edit dd-wrt to deny ports? But that's why I said it should be asked in the dd-wrt forum, as they probably know how to modify the firmware more than most of us. =P Really it's just a version of linux, just hacked up a little.


Though I would warn you, if you mess with QoS you'll want to get a decent router.

In the meantime, I've gotten a Linksys with DD-WRT and am playing with that. It would be nice to have an equivalent which is a CLI based version...to see how they accomplish some things.

Was your QoS implementation with diffserv?

(My Netgear FSM7352S supports diffserv.)


All times are GMT -5. The time now is 02:01 AM.