LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 08-12-2009, 06:06 PM   #1
linuxbird
Member
 
Registered: Feb 2006
Distribution: Slackware
Posts: 316

Rep: Reputation: 20
DD-WRT / Tomato


I would like to have a 3 NIC firewall. Specifically, I would like one NIC to go to a insecure switch on my side of the firewall, for things like VOIP, stream serving or whatever. Then I would like another NIC to go to the normal network on my side of the firewall.

Does anyone know if DD-WRT or Tomato will effectively permit something like this, where all the LAN connections are not necessarily with the same connectivity?

Thanks.
 
Old 08-12-2009, 07:40 PM   #2
mushroomboy
Member
 
Registered: Jan 2006
Distribution: Debian Testing ALWAYS!!!
Posts: 363

Rep: Reputation: 43
DD-WRT has a lot of options, but the main thing with any of this would be what router are you using. The WRT54G v5 sucks, and a lot of cheaper routers suck just as bad. They limit the flash size on the router, so you have to install crippled versions of the software. I would suggest going to the DD-WRT forum, I use it myself but I have the WRT54G v5 router and am very disappointed with it. Cisco screwed us on this one, and there is nothing I can do except get a new router if I want better options.
 
Old 08-13-2009, 04:53 AM   #3
nowonmai
Member
 
Registered: Jun 2003
Posts: 481

Rep: Reputation: 48
Quote:
Originally Posted by linuxbird View Post
Does anyone know if DD-WRT or Tomato will effectively permit something like this, where all the LAN connections are not necessarily with the same connectivity?

Thanks.
To an extent. You can't do L2 or L3 management, as it's just a basic switch, but you can enable QoS, which will prioritise certain traffic on specified ports. You can't actually block or segment ports though.
 
Old 08-13-2009, 05:56 AM   #4
mushroomboy
Member
 
Registered: Jan 2006
Distribution: Debian Testing ALWAYS!!!
Posts: 363

Rep: Reputation: 43
Quote:
Originally Posted by nowonmai View Post
To an extent. You can't do L2 or L3 management, as it's just a basic switch, but you can enable QoS, which will prioritise certain traffic on specified ports. You can't actually block or segment ports though.
You could possibly edit dd-wrt to deny ports? But that's why I said it should be asked in the dd-wrt forum, as they probably know how to modify the firmware more than most of us. =P Really it's just a version of linux, just hacked up a little.


Though I would warn you, if you mess with QoS you'll want to get a decent router.
 
Old 08-13-2009, 09:38 PM   #5
linuxbird
Member
 
Registered: Feb 2006
Distribution: Slackware
Posts: 316

Original Poster
Rep: Reputation: 20
My topology is a linux box with two NICs, one to the cable modem, and the other to a Netgear FSM7352S.

I'm thinking of adding a third NIC which would feed another FSM7352S that I have, and off that would be devices I can get "dirty" such as VoIP ATAs and a standalong webserver.

So I'm wondering if any package such as DD-WRT or Tomato or whatever would work, such that LAN 1 would be the "dirty" connection, and LAN 2 would be the more heavily firewalled connection. I figure the smarts for all that should fit in a router size box.

I've started reading the DD-WRT stuff, and it looks like I would probably have to hack it a bit.

Another motivation to see if I can get it into a router platform is to keep the power draw down.
 
Old 08-14-2009, 07:35 AM   #6
mushroomboy
Member
 
Registered: Jan 2006
Distribution: Debian Testing ALWAYS!!!
Posts: 363

Rep: Reputation: 43
Vituralization of networks? Have 2 vitural networks, one that has a firewall and one that doesn't? I know you can do vitural networking with dd-wrt and specify what ports are on what vitural networks. Does that help at all?

Oh and by ports I ment LAN1, LAN2, ect... I didn't mean network ports I was talking physical haha
 
Old 09-19-2009, 04:50 PM   #7
linuxbird
Member
 
Registered: Feb 2006
Distribution: Slackware
Posts: 316

Original Poster
Rep: Reputation: 20
Quote:
Originally Posted by mushroomboy View Post
You could possibly edit dd-wrt to deny ports? But that's why I said it should be asked in the dd-wrt forum, as they probably know how to modify the firmware more than most of us. =P Really it's just a version of linux, just hacked up a little.


Though I would warn you, if you mess with QoS you'll want to get a decent router.
In the meantime, I've gotten a Linksys with DD-WRT and am playing with that. It would be nice to have an equivalent which is a CLI based version...to see how they accomplish some things.

Was your QoS implementation with diffserv?

(My Netgear FSM7352S supports diffserv.)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
create a csr for tomato watcher69b Linux - Networking 0 02-03-2009 09:01 PM
LXer: Tasty Tomato firmware for routers LXer Syndicated Linux News 1 01-29-2009 09:11 AM
LXer: Tomato Firmware Turns Your Cheap Wireless Router Into a Powerhouse LXer Syndicated Linux News 0 10-06-2008 01:20 PM
LXer: Introduction to Tomato Firmware LXer Syndicated Linux News 0 10-03-2008 01:30 AM
QoS question with Linksys WRT54GL and Tomato kotty Linux - Networking 1 01-02-2008 02:35 PM


All times are GMT -5. The time now is 10:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration