wireless router things

[chrisvenus]

Well, hopefully soon I should have broadband in my house. Yes, its taken far too long, long story with added ranting that isn't worth going into.

This does mean though that I have to start thinking about networking the house. After talking with wimble a weekend or two back he persuaded me that I didn't need a full blown computer to act as a gateway and router and that probably one of those magic boxes that acts as a router, wireless base station and with a couple of ports for wired networking should do me fine. I think he even told me what model he had but of coure I forgot. :)

So, anybody got experience/advice on this kind of thing, perferably with reccomendations for or against kit they have experience of.

I'm also thinkign that a nice tiny media PC in the living room next to the TV to play all the anime and other random junk from would be good. I'm looking at small shuttle cases and big hard drives and probably running linux (I beleive debian is the popular thing of the day) and some media player. Is there anything I should particularly have in mind when doing this (minimum CPU, memory, drivers for hardware, etc?)

And are there any other cool gadgets I should lust after while I'm about it?


Edit: Wireless stuff as well. My current laptop is 802.11b. I'd quite like to get a 802.11g router but am not sure whether its worth it and whether there are any issues with those that do both (eg can they only do one at a time or can they support both b and g devices simultaneously? I've no idea personally... :)

Second edit: I'm getting cable so the router/wireless thing in doesn't want ADSL and I suspect in fact that having ADSL on it would confuse the hell out of it (since I expect it will assume that to be the internet connection and thus not do nat elsewhere).

Comments

[borusa.livejournal.com]

I've always found http://www.solwise.co.uk to be particularly good for this sort of thing.

[cultureofdoubt.livejournal.com]

802.11g will support 802.11b devices but the whole net will then drop to b speeds.

Of course broadband is probably sub-b speed anyway so that's not a problem, and most stuff for sale is g, so all in all it'll make no difference what you do - you'll probably end up with a g router running at b speeds which'll be just as fast as it would be if it was going at g speeds.

As for magic boxes - they're probably all much of a muchness, but maybe make sure you have the option of plugging in another antenna if the boxed one turns out to be utter tripe. Never used one myself - I just ran a spare PC as a gateway.

Oh and steer clear of anything that's Dabs Value or similar.

[chrisvenus]

Cool. I wanted to get a g thing since I'm sure all devices I buy in future are likely to be g ones but wasn't sure about the rest. Thanks for that. And I have no intent to buy anything that looks too much like a cheap piece of crap. The trouble I have is that I'm looking at http://www.scan.co.uk/Products/Products.ASP?CatID=59&FilterCategories=295 and there seem to be hundreds of things with nothing really to set them apart.

And I do have a spare computer but this will likely to be sitting in the lounge so I don't want the bulk and noise of a big computer there. And the media PC I'm contemplating will be a small tiny thing without the space to be a decent gateway. :)

[wimble.livejournal.com]

I've got a Linksys 54g, which I got from PC World (probably not the best place, but they were conveniently open when the previous hub decided to blow up!)

Selling points:
Both wired and wireless access.
Built in DHCP and NAT. (plug your upstream connection into the "Internet" port, and it just works).
Black or whitelisting Mac addresses (unfortunately, it's one list, which can be a black list or a white list, but you can't do both).
HTTP server (cf. waistcoat_mark's comments about his router, which needs to be poked directly with tcp connections).
The DHCP and NAT can be disabled, and then the device becomes a simple switch (useful if you've got a real firewall and separate network segment directly upstream from it as I do).
Individual port forwarding facilities (so you can forward different ports to different machines if you desire).

Stateful port forwarding: if outgoing traffic is detected on certain ports, then incoming traffic on certain (possibly different) ports can be redirected too. This means that, for example, that if outgoing traffic is detected on Port 4000 (Blizzard's Battle.Net port), all incoming traffic on port 4000 can be directed to that machine. Of course, all established connections do this anyway (so MSN, HTTP etc, all work), but this allows "server-like" protocols to work (such as Battle.Net, or non-passive FTP, or BitTorrent clients), without having to configure which single PC they're allowed on (of course, they still only work on one PC at a time, for any given port configuration).

[damianobf.livejournal.com]

we have one of these as well. Though we keep getting problems at the moment with it losing the connection but that might be bulldog not the Linksys. Linksys is the Cisco commercial brand if tht helps at all.

[undyingking.livejournal.com]

We have a vanilla Belkin ADSL modem / wireless router (I think the current version of it is this, which doesn't have any wired capability (I guess that would make it a bridge?) but it could have done for a few extra quid. Cheap, painless, no operational problems.

802.11g seems to be not significantly dearer than b now, and as it's backwards compatible, you might as well really. Won't make much difference unless you're planning on shuffling lots of stuff around the network, in any case.

[undyingking.livejournal.com]

Oh yes, most important thing for living-room media computer: very very quiet.

[cardinalsin.livejournal.com]

And are there any other cool gadgets I should lust after while I'm about it?

I've been lusting after smart phones recently (defined, possibly incorrectly, by me as: Phone+camera+MP3 player+PDA+email receiver type thingy). I recommend this only if (a) you are prepared to spend wads of dosh on such a thing, or (b) you are a bit of a masochist.

[diffrentcolours]

What you may want to do is have your "media pc" to be a quiet diskless box with a TV-out; I believe you can buy such "thin clients", possibly booting from Compact Flash or other solid-state device for extra quietness, for little money. Then you just stream your DivX or whatever over the network from a noisy big fileserver elsewhere.

I really would recommend against using a "magic box" for your Internet connection; an old Pentium or something running IPCop will do the job much better and more easily. If you really want, you could get a mini-ITX system or even a solid state one for extra quietness and minimal size. Using something like IPCop, as opposed to a "magic box", will give you a very nice interface, good documentation, ease of upgrade, increased security and many more features.

[chrisvenus]

will do the job much better and more easily

Could you clarify on what you mean by better and more easily?

I'm not sure how nice an interface I need since the only interfacing I can see myself needing to do is adding mac addresses to the white/blacklist type thing on who to allow wirelessly and on what ports to forward through the firewall to which computers. Is there much more that I am likely to want to do and how wrong can you go with an interface to do the above?

I very much don't care about complicated firewalling rules, I'm not intending to run any services at this time. About all I'm likely to want to do apart from deny incoming/allow outgoing, is to be able to get an ssh connection from the outside world into a convenient linux box and I can portforward anything else I want from there.

Good documentation shouldn't be hard if I only want to do simple things as described above. I've no idea about ease of upgrade since I can't see why I would want to upgrade my router (I guess when I want to go one better than 802.11g maybe...

Also what is insecure about a router/wireless base station type thing? How would a machine running IPCop be more secure?

I'm basically not sure about the whole ipcop thing since it seems I'll just be having a bigger, more complex system with a whole lot more things that can go wrong.

As for the media pc. I'd considered one of the things as you describe but having actually seen how quiet the hard drive that I recently got in my tivo is I am not bothered by HD noise. As long as I can find a quiet PSU (which I believe the mini cases tend to have) then I don't think I'll have a noise issue. Also I don't have any other linux boxes at home and so thought that I could make it a nice linux box and kill two birds with one stone. :)

If you can give me better arguments against magic boxes then I will happily listen but if I want something simple it seems pointless to get a linunx box to do it.

[diffrentcolours]

how wrong can you go with an interface to do the above?

Looking at some of the "magic boxes" I've seen, very.

Also what is insecure about a router/wireless base station type thing? How would a machine running IPCop be more secure?

According to a friend of mine who tests consumer-grade magic boxes for a living, magic boxes tend to have hastily-written custom firmware which is frequently exploitable. It's hard to find out whether your firmware is exploitable, and even harder to find a fix for it. IPCop, since it's basically Linux, has all the Linux kernel security infrastructure, automatically checks for updates to itself and prompts you to install them.

IPCop has many options for encryption over wireless, up to using VPN connections over wireless or IPSec. Most consumer-grade wifi boxes I've seen only use WEP, which is basically no security whatsoever. And again, there have been issues with the security of wifi implementations in "magic box" devices.

Basically, IPCop is just easier, as far as I can see. The entire system is designed to be as effort-free as possible, and it'll expand with your needs. I never thought when I bought a magic box that I may want to do something like running an H323 gateway, and when I did I wasn't able to due to the limitations of the magic box. If I'd had an IPCop box, then doing so would have been trivial.

[onebyone.livejournal.com]

The entire system is designed to be as effort-free as possible, and it'll expand with your needs.

I don't see how it can possibly be easier than the dedicated-hardware approach. At the very least, you presumably have to mess about finding a spare PC, making sure it at least two network cards in, getting even more cards or a separate switch if you want any wired capability, and installing an OS, so there's more physical effort than the "take the shrink wrap off and plug in" approach.

The Linksys WRT54G runs Linux anyway and the firmware is GPLed - obviously it's not a standard distribution, and unfortunately it doesn't find its own updates, but you can download and/or cross-compile your own firmware. It supports WPA, and is very widely used and hence quite well scrutinised, so it's unlikely to be the weakest point in your defence if you're (for example) browsing the web.

However, Cisco are currently sin-binned for the way they handled Michael Lynn, so I can't unequivocally recommend them.

[wimble.livejournal.com]

By better:
The least powerful option would be to use NAT and portforwarding, but only on outgoing or established connections. So you'd be able to initiate a connection from inside the firewall, but not come in from the outside (except in response to a request). That's all that most people really need: it allows outgoing SMTP, POP, HTTP and messenger connections.
The next one would be for to forward all unestablished connections, irrespective of port, to one particular machine, which allows you to have a single server as well as all the clients.
The next step up would be to have staticly configured portforwarding, so requests on a particular port go to a particular IP address, which allows you to have multiple servers, but only one for any given port number.
Then you get port tracking, such as the Linksys has, so that the portforwarding goes to "whoever" has demonstrated use of that particular protocol most recently. Although I didn't think of it in my earlier comment, in conjunction with DHCP, it's quite nice, because although you might still be forwarding to the same machine, it could now be on a different IP address.

Of course, all of those only address non-established incoming connections. If you're feeling particularly geeky, you can also mess with outgoing connections.

I redirect all my outgoing port 80 (http) and 3128 (webcache) requests to my squid proxy. I ought to have another look at redirecting outgoing SMTP connections through postfix. I don't need to redirect my DNS requests, because my DHCP server also runs a DNS server (which means I can look up my local machines by name, not just by IP address).

On the down side, when I've got a lightning strike, the upstairs hub frequently crashes. If it's particularly bad (or particularly hot), the pentium 120 which is my firewall crashes. The hub is much faster to reboot...

If you get a simple box (provided you can turn off the "Internet Gateway" mode), you can always add a full blown linux firewall later, when you find you've got a spare boxen to use.

[wimble.livejournal.com]

As long as I can find a quiet PSU (which I believe the mini cases tend to have)

My shuttle has a number of options (in the BIOS so I can't cut-n-paste them into here, but you can probably find them in the website downloads) for fan control. I'm not sure what is currently on, but when I boot (or reboot), the fan starts up to quite a noisy level, and then calms down again to effectively inaudible(*). There's a fan in the TV too. That's the noisiest one in the room :)

(*) It's either on minimum, and only controlled after the initial powerup tests, or on adaptive.

[damianobf.livejournal.com]

hmm need to check this out on my one. Though I think it is my dvd drive which makes most of the noise at the moment in it.

[danfossydan.livejournal.com]

Any wireless adsl modem router thing will do the trick, all much of a muchness. I'd have thought you'd get one for less that £80. (I think the really cheap ones I get cost about £60 + vat, don't rember the model.

Media centre PC wise. If its microsoft media centre your looking for - I set up an Athalon 2600xp some kind of Nforce 2 board with 512 meg of ram, and a digital tuner card, only 80 gig hard drive (which is my only hardware related regret) you need direct x9 compatable graphics card. Which for me ment an ati 9250. I tried quite hard to get a Geforce 2 to work, but it wasn't having it. And you need DVD decoder software. And that bits fussy. PowerDVD didn't work. Something else didn't work. The Nvidia free demo drivers work - but expire after 3 months, and they won't let you buy the things yet! Which is crazy becasue I want to as long as its cheap (becasue it works)

Of course something has gone wrong with the media PC and the guide will not update - making it totally useless - after running fine for 6 weeks. Its very annoying. Probably needs a total reinstall. An excuse to put a 160 gig hard drive in it I guess.

Great system - flawed by not working right. :(

[chrisvenus]

I'm not sure I'm meaning quite the same as you are by Media PC. I'm not wanting a digital tuner or program guide, I have a tivo for that, I want it for watching various things like anime or other such downloaded TV and maybe for watching DVDs too since my current DVD player is a piece of crap. The more I think about this though the more I realise I really don't need something to do this. Partly though I do need more storage space and transferring to laptop to plug into the TV, etc. Is very annoying.

Also I'd probably not go for MS stuff purely because I think I can get all the software I need the computer to have through a breed of linux so shelling out for an MS OS and stuff is probably pointless.

[danfossydan.livejournal.com]

Sounds sensible.

The MS stuff is nice. But expensive. I get a bunch of MS stuff 'free', so thought I should try it out really.

If you wanted to wire up a PC to watch DVD's and downloaded stuff - anything that has Svideo out would do. A P3 chip would be fine wouldn't it?

If you do set something linux based up to do everything at some point - I'd be intrested to hear how you get on.

[wimble.livejournal.com]

Wireless control of the PC. Preferably without having to have a keyboard. A wireless optical mouse is ok, but it'd be quite nice to have the extra buttons to be able to activate certain functions without having to worry about where you've moved the pointer to.

[chrisvenus]

True. Tristam used to ahve a remote control for his computer. Dunno if such things are still around and better now...

[cultureofdoubt.livejournal.com]

Still around, no better in my experience. BT mouse and maybe keyboard is probably not a bad idea, if Linux supports such things.

BT phones can be used in a pinch, software depending.

[clupea-rufus.livejournal.com]

I use a Belkin 802.11g Wireless DSL/Cable Gateway Router, which has proved to be easy to set up and very reliable. For the media PC I'd suggest some sort of small form factor PC or perhaps even a Mac Mini, running whatever flavour of Linux you prefer and using Xine as the media player (can be tweaked to deal with most/all media types). You don't even particularly need peripherals if you control the media PC from your laptop using something like TightVNC.

[cultureofdoubt.livejournal.com]

A mac mini would have a small HDD (and a slow HDD to boot) which may be less than ideal. I suspect other small form factor PCs that are prebuilt will suffer the same issues. I'd go for a bigger PC hidden in a cupboard or something.

[chrisvenus]

http://www.scan.co.uk/Products/ProductInfo.asp?WebProductID=156468 is the base unit I'm looking for to which I add memory, processor, hard disk and graphics.

I reckon that for 400 quid I've got a Athlon 2600, gig of memory, decent graphics card and a 200Gig HD. And its not a mac. :)

PC in cupboard is not an option due to lack of cupboards and the main reason for a small PC is for the small sound. A cabinet might muffle it but would unlikely silence it completely.

[wimble.livejournal.com]

Aye, that's the same as mine. D'you want to come over and have a look at the innards and docs?

Oh, and you can pick up quisalan's road tax (V10?) form, which arrived this morning :)

[chrisvenus]

Sounds like it could be a good plan. Anbd I knew that was the one that you got which is the main reason I've pencilled it in. The specs look good, not too expensive and somebody has experience of it to tell me it doesn't blow. :)

And I can pop in tomorrow if that works for you? We have a film thing starting at 6 at work so I'll be leaving work around 8 and can pop in on the way home (so about 8:30). Or failing that some other time.

[wimble.livejournal.com]

That's fine. I'll make sure I've found the documentation by then :)

[cultureofdoubt.livejournal.com]

Sounds good. I was just suggesting avoiding prebuilt boxen with too-small HDD really.

[chrisvenus]

Yup. It is a fine point.