[kwlug-disc] IPCop (and friends) vs hardware router
Paul Nijjar
paul_nijjar at yahoo.ca
Thu Jun 18 21:08:11 EDT 2009
On Thu, Jun 18, 2009 at 08:13:47AM -0400, L.D. Paniak wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> How many users are we talking about here? A few tens? Are you planning
> onrunning something computationally expensive like VPN/wireless
> encryption? If not, I'd be surprised if an OpenWRT router couldn't keep
> track of connections and push packets fast enough.
Maybe 150-200 computers at most.
At some point we are wanting to do OpenVPN encryption (net-net as well
as net-host).
Would you recommend OpenWRT as the firmware? Should I consider dd-wrt?
> Load the router with the Shorewall package and then you can sanely
> manage all firewall/traffic shaping functions.
>
> Logging can be done as well, but it would likely require external
> storage. With a USB-capable router like an Asus WL500g Premium, you
> could trivially extend onboard storage and have the router mail you the
> logs regularly or look for red flags.
Logging is definitely going to a syslog server. I have found that the
logs generated by most (all?) of the proprietary firmware I have seen
thus far have been underwhelming.
- Paul
More information about the kwlug-disc
mailing list