Cheap, reliable NAT router?
April 21, 2004 11:11 AM   Subscribe

I need a cheapo NAT router to plug into my DSL bridge, stick in a closet, and ignore forever. I'm used to using a dual-homed Linux box with ipchains/ipfilter, and I have a kind of wacky network configuration, but it's time to downgrade to something smaller, more energy-efficient and quieter. Does anyone have a particular model to suggest?

A few pertinent details: I use a single static IP address on the external interface and have a DHCP server on the internal network, so DHCP client or server features are not desirable at all. I've already got a wireless bridge, so WiFi features aren't useful either. My 100baseT switch still has ports open, so I don't need a router with additional ports on it. I just want something that will do single-IP NAT (or port translation) and has one internal and one external ethernet interface.

Several inbound ports are forwarded across the existing firewall to make my servers visible -- the usual 22, 25, 80, and 443 -- but I'm planning to add a few more services and occasionally need to punch more holes on a temporary basis for Bittorrent and Gnutella traffic for particular clients, so limitations on that feature would be very bad, and it should be remotely configurable from the internal network. Hackability in terms of firmware customization might be nice, but like SNMP monitoring, it's neat but not a feature I'm going to base my decision on.

The budget for this product is somewhere in the neighborhood of $100.

I get the feeling that just about anything would be a somewhat close fit for me, but since I've been using heavy equipment with a deeply customized configuration to do the job for the last several years, picky about configurability, need more features than most people yet don't need others, and want something I'm not going to have to yank out of the closet and reset more than a couple of times a year, it seems like a good idea to Ask: who knows about one of these little "home office" type NAT routers that can replace my big, noisy, power-hungry dinosaur?
posted by majick to Technology (7 answers total)
Oh, and I need to be able to accept inbound traffic on both TCP and UDP ports for some things -- like DNS queries and zone transfers. So UDP support's another one of those things I can't do without.
posted by majick at 11:28 AM on April 21, 2004

I use an SMC barricade 7004 . Good configurable piece of kit.
It is about $40 at Amazon just now.
posted by stuartmm at 11:39 AM on April 21, 2004

wow. can a $40 piece of hardware replace my iptables!? how secure are these things? what about the dreaded ftp? how does it log? how about separating two internal networks (we've got an "insecure" wireless network and a separate "wired" network with exposed windows shares etc)? sorry to add more questions, but i'm just thinking of the time i could save... ;o)
posted by andrew cooke at 11:44 AM on April 21, 2004

"...can a $40 piece of hardware replace my iptables!?"

That's why I'm asking -- some of these little boxes are just embedded Linux setups and could probably be hornswaggled into replacing the average dual-homed host. I'm just not sure which to pick.
posted by majick at 12:03 PM on April 21, 2004

Soekris Engineering has quite a few x86 boxes that would be great for an embedded Linux router. One of them has a 486 processor and 3 10/100 NICs on it. For $170 or so.

But you'd probably want to buy a CF card to hold your software.
posted by lalas at 2:41 PM on April 21, 2004

I like the Netopia 3386. Robust VPN features, if that's what you want.

I like my m0n0wall, though. I use VoIP, and with m0n0wall's quality of service features, I no longer have to go shut down bittorrent and WASTE clients every time I want to use the phone. It works perfectly.
posted by adampsyche at 2:44 PM on April 21, 2004

I use a SMC Barricade 2804WBR. It's only $37 at J&R. You can turn off the wireless access point if you want.
posted by turbodog at 2:52 PM on April 21, 2004

« Older How do you protect your eyes when using computers...   |   Eye surgery Newer »
This thread is closed to new comments.