What's a decent modem/router for tech savy user?

Discussion in 'Broadband' started by Dave, Mar 19, 2009.

  1. Dave

    Dave Guest

    My own an Intertex IX66 ADSL modem router, but it has recently died. So
    I replaced it with a Belkin F5D8635-4 v1, which is a wireless broadband
    modem router. Despite costing a fair amounts (it is far from the
    cheapest on the market), I'm very unimpressed with it. I would like to
    find something which offers a bit more flexibility. Particular things I
    miss from my Intertex modem are

    1) It is not possible to route or deny traffic to specific ports based
    on the source IP address. I had the other modem configured such that
    port 22 (used for SSH) was connected only from specific IP address.
    Likewise, I had the port used for windows remote desktop only connected
    from one IP address in the world.

    I cant seem to do either of these with the Belkin device.

    2) I used to run a web server on the Intertex modem. I routed port 80
    through to the modem. I ticked a box marked 'Access servers from inside'
    then all the web sites I hosted could be seen from inside my LAN. So for
    example, if I went to

    http:///www.g8wrb.org
    I would see the site, which is one I hosted.

    With the Belkin, I only see the setup page for the router. Despite
    Belkin tech support suggesting a pre-release firmware version, that has
    not solved it.

    3) The firewall on the IX66 just ignored connection attempts such as
    port scans. The Belkin sends back a 'connected refused', so it alerts a
    hacker to the fact there is a computer there.

    In contrast, my old IX66 just ignored the connection attempt, sending to
    reply at all.


    4) The IX66 had a 'DMZ' which was on a different subnet. It was totally
    impossible to connect from the DMZ to the LAN. The DMZ could be made
    quite secure (with some effort). Although I have not used the DMZ on
    this Belkin product, I believe it is far inferior to what I am used to.

    So overall, I'm pretty unimpressed with this Belkin thing. The problem
    is to find a better modem. Whilst Intertex appear to still be in
    business, I can see from their support pages that the support is a lot
    poorer than it used to be, so I'm a bit reluctant to spend £200 (about
    $300) on their latest offering.

    So are there any decent ADSL modems/routers out there which are suitable
    if one wants to do a bit more than the basics?

    Having wireless is not important, as I do have a wireless access point
    on the LAN. Having flexibility in the firewall is quite important to me.



    --
    I respectfully request that this message is not archived by companies as
    unscrupulous as 'Experts Exchange' . In case you are unaware,
    'Experts Exchange' take questions posted on the web and try to find
    idiots stupid enough to pay for the answers, which were posted freely
    by others. They are leeches.
     
    Dave, Mar 19, 2009
    #1
    1. Advertisements

  2. Dave

    Graham J Guest

    Vigor
    Cisco
     
    Graham J, Mar 19, 2009
    #2
    1. Advertisements

  3. Dave

    Allan Mac Guest

    Draytek vigor xxxxxx? check website for latest offerings

    Allan
     
    Allan Mac, Mar 19, 2009
    #3
  4. I was a bit unimpressed when I visited the Vigor support forum

    http://www.forum.draytek.co.uk/

    There are no posts at all.

    They looked very expensive.
     
    The unknown warrior, Mar 19, 2009
    #4

  5. I was a bit unimpressed when I visited the Vigor support forum

    http://www.forum.draytek.co.uk/

    There are no posts at all.

    Is there a more active support forum?
     
    The unknown warrior, Mar 19, 2009
    #5
  6. Dave

    Guest Guest

    There are about 30,000 posts going back to 2005.

    You can't see anything without registering.
    --
     
    Guest, Mar 19, 2009
    #6
  7. Dave

    Graham J Guest

    If this is a concern then get the ethernet variety and put a basic router
    between it and the ADSL line, configured in bridge mode.
     
    Graham J, Mar 19, 2009
    #7
  8. Dave

    Phil W Lee Guest

    Or build one - an old PC running FreeBSD can do the job very nicely,
    and will support as many separate networks as you care to install
    cards for.
    Mine's an old AMD K6 500MHz, with 128MB RAM and an old 20G HD.
    It's obsolete for anything else, but makes a fine firewall.
     
    Phil W Lee, Mar 20, 2009
    #8
  9. Dave

    Bob Eager Guest

    I use a FreeBSD machine, but I built one - a low power Mini-ITX board,
    no hard disk, running off a CF card. 15 watts max.
     
    Bob Eager, Mar 20, 2009
    #9

  10. Indeed that was my experinece. I set up IPtables instead on the
    incoming box.

    We have a netgear on that site now. Thats better, but has no snp
    monitoring.

    The belkin we had did redirect calls to its own external interface to
    the web servers automatically.

    For th D-link I have nd th netgar, I found it necessary to st up a fudge
    DNS slave server and force the lan users to use it by wibbling with dhcp
    They know therr is a router there anyway.

    yes. My old D-link has the DMZ concept as well. Not that useful in such
    limited class.

    Thee netgear has some sort of default DMZ for a single IP address
    TBH any commercial DSL router at a sensible price is mostly engineered
    for easy of numpties to set up.

    The netgear comes close to what you want. But it wont route back inside
    the LAN - needs internal DNS server spoofing. And it dont do snmp stats,
    which I dislike.

    But otherwise its pretty good.



    I cut and pasted some stuff from their st up screns for info
    ----------------------------------------------------------------
    WAN Setup Help

    Using this page, you can set up several parameters related the the WAN
    connection.

    Connect Automatically, as Required

    Normally, this option should be Enabled, so that an Internet connection
    will be made automatically, whenever Internet-bound traffic is detected.
    If this causes high connection costs, you can disable this setting.
    If disabled, you must connect manually, using the sub-screen accessed
    from the "Connection Status" button on the Status screen.

    If you have an "Always on" connection, this setting has no effect.

    Disable Port Scan and DOS Protection - The Firewall protects your LAN
    against Port Scans and Denial of Service (DOS) attacks. This should be
    disabled only in special circumstances.

    Default DMZ Server

    Specifying a Default DMZ Server allows you to set up a computer or
    server that is available to anyone on the Internet for services that you
    haven't defined. There are security issues with doing this, so only do
    this if you're willing to risk open access. If you do not assign a
    Default DMZ Server, the Router discards any incoming service requests
    which are undefined. This can be a security problem. You shouldn't check
    this box unless you have a specific reason to do so.

    To assign a computer or server to be a DMZ server:

    1. Click the Default DMZ Server checkbox
    2. Type the IP address for that server.
    3. Click Apply.

    Respond To Ping On Internet Port

    If you want the DG834PN to respond to a 'Ping' from the Internet, click
    this check box. This can be used as a diagnostic tool. This can be a
    security problem. You shouldn't check this box unless you have a
    specific reason to do so.

    MTU Size

    The normal MTU (Maximum Transmit Unit) value for most Ethernet networks
    is 1500 Bytes, or 1492 Bytes for PPPoE connections. For some ISPs you
    may need to reduce the MTU. But this is rarely required, and should not
    be done unless you are sure it is necessary for your ISP connection.

    To Apply Or Cancel

    Click Apply to update changes to the MTU Size.
    Click Cancel to disregard any unsaved changes.
    -------------------------------------------------------------
    Firewall Rules Help

    You can use this screen to create Firewall rules to block or allow
    specific traffic. This feature is for Advanced Administrators only!
    Incorrect configuration will cause serious problems.
    Outbound Services

    This lists all existing rules for outbound traffic. If you have not
    defined any rules, only the default rule will be listed. The default
    rule allows all outgoing traffic.

    To create a new rule:

    1. Click the "Add" button. (It does not matter which radio button is
    selected)
    2. The "Outbound Service" screen will be displayed. This screen has
    its own help file.
    3. Complete the "Outbound Service" screen, and save the data. The
    new rule will be listed in the table when you return to this screen.

    To make changes to an existing rule:

    1. Click the radio button next to an row in the table.
    2. Click the button for the desired actions:
    * Edit - to make any changes to the rule definition. The
    "Outbound Service" screen will be displayed, with the data for the
    selected rule.
    * Move - to move the selected rule to a new position in the
    table. You will be prompted for the new position.
    * Delete - to delete the selected rule.

    Inbound Services

    This lists all existing rules for inbound traffic. If you have not
    defined any rules, only the default rule will be listed. The default
    rule blocks all inbound traffic.

    To create a new rule:

    1. Click the "Add" button. (It does not matter which radio button is
    selected)
    2. The "Inbound Service" screen will be displayed. This screen has
    its own help file.
    3. Complete the "Inbound Service" screen, and save the data. The new
    rule will be listed in the table when you return to this screen.

    To make changes to an existing rule:

    1. Click the radio button next to an row in the table.
    2. Click the button for the desired actions:
    * Edit - to make any changes to the rule definition. The
    "Inbound Service" screen will be displayed, with the data for the
    selected rule.
    * Move - to move the selected rule to a new position in the
    table. You will be prompted for the new position.
    * Delete - to delete the selected rule.

    Instant Messaging (IM) Ports

    Ports to enable MSN and AOL Instant Messaging are open by default. To
    close these ports check the Close IM Ports radio button. When these
    ports are closed Instant Messaging will not function.

    To Accept Or Cancel

    Click Accept to update changes to the Outbound Services and Inbound
    Services tables.
    Click Cancel to disregard any unsaved changes.
     
    The Natural Philosopher, Mar 20, 2009
    #10

  11. Thank you. It seems strange to configure the forum like that - its the
    first one I've come across where you cant even read the posts without
    registering.
     
    The unknown warrior, Mar 20, 2009
    #11
  12. Dave

    Chris Davies Guest

    Maybe that's a good thing. Perhaps the Vigor support department believes
    in supporting its customers, so that they don't need to share fixes
    and solutions?

    Chris
     
    Chris Davies, Mar 20, 2009
    #12
  13. Dave

    Dave Guest


    I did not really want to go to that hassle. I know Solaris well and have
    used ipfilter on that for some time. I'd much rather just buy a
    solution. Solaris will boot from a USB stick, so I could go that route,
    but it does not attract me too much.

    --
    I respectfully request that this message is not archived by companies as
    unscrupulous as 'Experts Exchange' . In case you are unaware,
    'Experts Exchange' take questions posted on the web and try to find
    idiots stupid enough to pay for the answers, which were posted freely
    by others. They are leeches.
     
    Dave, Mar 20, 2009
    #13
  14. Dave

    Clint Sharp Guest

    I like the Zyxel stuff, it works and stays working in my experience, I
    know of a couple of major UK retailers using it (I've installed quite a
    few for them) and we get very few problems apart from line or ISP
    faults.
     
    Clint Sharp, Mar 20, 2009
    #14
  15. Dave

    Bob Eager Guest

    I've been using a Zyxel P645R 24/7 since April 2002. No problems at all.

    It's being replaced this weekend because I need ADSL2+ capability....but
    it's another Zyxel.
     
    Bob Eager, Mar 20, 2009
    #15
  16. Dave

    Guest Guest

    I just got a Zyxel and the firmware is a pile of crap. It is a new model
    but what they shipped isn't fit to be called beta. If they are as good as
    you say then hopefully they will fix it. In the mean time I am thoroughly
    unimpressed.

    --
     
    Guest, Mar 20, 2009
    #16
  17. Dave

    nimbusjunk Guest

    Interesting

    we have had a variety of Drayteks which were pants
    Problems included on the 2800v with latest firmware refusing to keep
    VPNs alive without rebooting( OK when reflashed to earlier firmware)
    This sort of stupidity must be happening to other people but Drayteks
    support dont seem capable of recognising this which IMHO is useless
    for anyone who is reselling/specifing these

    to a set which flatly refused VOIP.



    We have also had a few which continuosly broke the ADSL connection
    (Fine when replaced by a Netgear)

    I personally will not use them at all in our business as but think
    that they are fine for non critical home use
    We get a far lower failure rate on netgear dg934 PNs

    The Cisco 877 has proved to be absolutly first class but at £300 odd
    is you get what you pay for
     
    nimbusjunk, Mar 24, 2009
    #17
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.