CAUTION! LOW FLYING DATA.

[rmd]

I'm thinking of picking up a new wireless router, partly because I am putting more devices on the wireless net. Right now, my wireless network is publically accessible, and I like that, but I would like to have a private segment.[1]

So, here I am trying to list what I want in a wireless router:

1. at least 4 100/1000 ethernet ports
2. ability to have a guest network, ideally password-free, that has limited access (or no access) to the main wireless network.
3. ability to filter based on mac address - to hell with you, DEADDEADBEEF, no network for you!
4. ability to filter based on destination ip/port (in particular, I want to filter out most but not all tcp/25 traffic)
5. ability to handle specific inbound connections and hand them off to different hosts. (eg, tcp/8080 goes to 192.168.1.100, tcp/8081 goes to 192.168.1.101, etc)
6. not too expensive - I don't necessarily feel the need to get one of the wifi models of, say, a juniper ns5.

Suggestions/thoughts/opinions, anyone?

[1] yes, I know, "wireless security" can be defeated blah blah blah. In other security news, while the doors of my house have okay locks, the windows can be shattered and the walls are vulnerable to sawzalls.

Comments

[bikergeek.livejournal.com]

This has probably already occurred to you but I'd look at some of the open-source router projects out there (DD-WRT, Tomato, OpenWRT, others?), see if any of 'em do what you want 'em to do, and buy compatible hardware. I've got a Buffalo something-or-other that runs DD-WRT out of the box that does *most* of that stuff. The only thing it doesn't do is a split wireless network (public vs. private).

[rmd.livejournal.com]

I'm always wary of getting something that will be more of a hobby than an appliance.

It does look like dd-wrt is reasonably ready for prime time, however.

[whitebird.livejournal.com]

My understanding of dd-wrt is that is is actually fairly robust and mature. Realistically, almost all routers are, most are very much set them and forget them.

For brands not Apple, I do like Linksys (although they did something weird recently about automatic updates or content sniffing or something, be wary) and NetGear.

[bikergeek.livejournal.com]

It's definitely more ready for prime time than, say, MythTV. The Buffalo thingy I have runs a modified DD-WRT from the factory and that's definitely something that the manufacturer would expect an Average Consumer to run so it comes with sane default settings and so on.

[deguspice.livejournal.com]

For separate public/private nets at home, I use two WiFi routers. The WiFi router that is part of my cable modem is open to the world. I then attached(via ethernet) a second WiFi router and switch to the cable modem and used that for my internal network.

[rmd.livejournal.com]

That's sort of what I've done in the past with a hard wired net behind another firewall than the wireless (until the hard wired firewall died so now everything's on the wireless box)

I was thinking of doing that, but figured I'd see how much it would be to get an all-in-one that did both.

[whitebird.livejournal.com]

I really like the Airport Extreme base stations, I'm fairly sure they can do all that you ask above, and include the ability to hook up a USB printer, and if you use a hub, even share USB hard drives.

Also, they're easy to configure.

[rmd.livejournal.com]

Interesting. You're just trying to lure me further into the apple ecosystem! (as it is, i may see what the price point is on the 13" retina macbooks, since my 6 year old laptop is starting to show the strain of keeping up in the world.)

[whitebird.livejournal.com]

Well. I can go more than a year without having to poke any of my Apple network gear. I currently have one AirPort Express base station being cranky, but haven't done anything about it because I'm being horrifically lazy with my home network. And I have enough redundancy that it's not too annoying of a loss.

I do not have the simplest network known to mankind, I have a G, an N2, and a N5, depending on what various devices can connect to. I also have a few network extension setups. Apple wireless routers can extend a network the most easiest, but I can't stand how slow that gets. I need to install a hardwire cable from downstairs to upstairs one of these years, but, again, lazy.

There currently is not a 13" "retina display" MacBook Pro yet. There's a 15", and there will likely be a 13" in, oh, 6 months at a guess.

[rmd.livejournal.com]

I assume they'll be announcing the 13" retina next month, at which point I can figure out if the price point is worth it for me. It's showing up in benchmark testing, or so macrumors tells me. :)

[bryant]

I was using Linksys for a few years and I finally got tired of replacing them and went to an Airport. It's solid and easy.

[mjosephb.livejournal.com]

About 6 months ago we replaced a six year old wireless router with a CISCO Linksys EA4500. It actually provides 3 wireless networks, 2 normal and 1 guest. The guest has the option to use a password by way of web page and I think you can disable the password all together. It can sort of do the rest of your requirements.

However, it randomly decides to slow down. Works best if I reboot every few days. Sometimes I have no clue what it is doing. It is hard for me to recommend.

[pywaket.livejournal.com]

I've had good luck with the D-Link DIR-601 running DD-WRT. I've deployed a few of these, and they've been reliable and secure. DD-WRT is easy to install, and simple to configure.

[evwhore.livejournal.com]

Well, I work for Aruba Networks now, so I might be biased :-) But anything we'd have probably fails #6,

[klcklcklc.livejournal.com]

The Cisco/Linksys routers have built in guest networking, but... You can only set it up using the wizard. Any manual changes you make will break the wizard and you won't be able to change guest network settings thereafter without doing a reset of the router. I can't recall what control you do manage to get over the guest network but you can probably disable the password. Much of what else you might want to set is probably not available.

I use a router from "My Essentials" which is some weird consumer line of Belkin's. It has guest networking you can actually control in a fairly normal way. The only thing I don't like about it is that it reveals the status of the network before requiring a login, so someone can see your IP, etc. Still it was very, very cheap and generally works well. I don't know if they are still making this though; mine is pretty old at this point. Mine is 802.11g. No idea if they'd have a wireless-n version.