[mdlug] Routing Situation - Suggestions/Opinions

Mark Aufdencamp mark at aufdencamp.com
Tue Nov 30 14:59:45 EST 2010 

I've used the Netopia DSL router line supplied by AT&T.  Specifically, a
3346N and a couple similar models with WIFI at clients.  I initially had
the same perspective that it was a POS, but learned to live with it and
was quite happy.  Presuming you have a small subnet, these routers do a
decent job as a CPE edge device.  

It's important to view this as an access router and not try to implement
functionality that belongs on interior security devices. I've passed
static IP's through them to Ubuntu, RedHat, and Windows servers.  It's
much better to rely on the server firewall which you control, than the
CPE from a carrier that may be updated and messed with by the carrier. 
Keep a good perspective of the separation of duties and let the vendor
equipment do its transport thing and your gear perform its security
function.

You'll actually find a decent firewall and SNMP management on the
Netopia's.  I utilize MRTG with SNMP to graph the Netopia's traffic and
Nagios to monitor the Netopia and it's next Hop router.

As for AT&T, I won't use them as a vendor after my last few battles. 
Save you time and don't bother with their support nightmare.  They
always want to escalate to paid support, or send out a wiring tech, when
they mess up the circuit or routing with an upgrade!  

> -------- Original Message --------
> Subject: [mdlug] Routing Situation - Suggestions/Opinions
> From: "Robert Adkins II" <radkins at impelind.com>
> Date: Fri, November 26, 2010 3:27 pm
> To: "'MDLUG's Main discussion list'" <mdlug at mdlug.org>
> 
> 
> We recently upgraded the DSL service at the office to essentially twice as
> fast as it used to be. Unfortunately, our older DSL Router isn't capable of
> going that fast. Luckily, they sent us a new one... and it is a POS. It is
> incpabable of performing half the routing/firewalling of the older/slower
> router.
>  
> For example, I need only our email server and two other internal IP
> Addresses to have "direct" access to the Internet and all other systems to
> be forced into going through the proxy server. The options on the new
> Netopia router include allowing me to point external ports to internal
> addresses, but otherwise everything on the inside has full, direct (and
> speedy!) access to the wild, wild, west.
>  
> Here's my thoughts:
>  
> 1. Pickup a good Cable Internet Router that can be upgraded with dd-wrt or
> OpenWrt
>  
> 2. Replace the firmware with one of the above mentioned types.
>  
> 3. Place the Upgraded Cable Modem in between the network and the Netopia
> POS, configure the routing we need and away we go.
>  
> Is this is an easily workable plan? 
>  
> Thanks,
> Rob
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug

More information about the mdlug mailing list