DD-WRT / Tomato
 

I would like to have a 3 NIC firewall. Specifically, I would like one NIC to go to a insecure switch on my side of the firewall, for things like VOIP, stream serving or whatever. Then I would like another NIC to go to the normal network on my side of the firewall.

Does anyone know if DD-WRT or Tomato will effectively permit something like this, where all the LAN connections are not necessarily with the same connectivity?

Thanks.

DD-WRT has a lot of options, but the main thing with any of this would be what router are you using. The WRT54G v5 sucks, and a lot of cheaper routers suck just as bad. They limit the flash size on the router, so you have to install crippled versions of the software. I would suggest going to the DD-WRT forum, I use it myself but I have the WRT54G v5 router and am very disappointed with it. Cisco screwed us on this one, and there is nothing I can do except get a new router if I want better options.

To an extent. You can't do L2 or L3 management, as it's just a basic switch, but you can enable QoS, which will prioritise certain traffic on specified ports. You can't actually block or segment ports though.

You could possibly edit dd-wrt to deny ports? But that's why I said it should be asked in the dd-wrt forum, as they probably know how to modify the firmware more than most of us. =P Really it's just a version of linux, just hacked up a little.


Though I would warn you, if you mess with QoS you'll want to get a decent router.

My topology is a linux box with two NICs, one to the cable modem, and the other to a Netgear FSM7352S.

I'm thinking of adding a third NIC which would feed another FSM7352S that I have, and off that would be devices I can get "dirty" such as VoIP ATAs and a standalong webserver.

So I'm wondering if any package such as DD-WRT or Tomato or whatever would work, such that LAN 1 would be the "dirty" connection, and LAN 2 would be the more heavily firewalled connection. I figure the smarts for all that should fit in a router size box.

I've started reading the DD-WRT stuff, and it looks like I would probably have to hack it a bit.

Another motivation to see if I can get it into a router platform is to keep the power draw down.

Vituralization of networks? Have 2 vitural networks, one that has a firewall and one that doesn't? I know you can do vitural networking with dd-wrt and specify what ports are on what vitural networks. Does that help at all?

Oh and by ports I ment LAN1, LAN2, ect... I didn't mean network ports I was talking physical haha

In the meantime, I've gotten a Linksys with DD-WRT and am playing with that. It would be nice to have an equivalent which is a CLI based version...to see how they accomplish some things.

Was your QoS implementation with diffserv?

(My Netgear FSM7352S supports diffserv.)