Using as a PC as a Router/Gateway device, how many of you do it?

[nsafreak]

I've toyed with doing this a few times as it would give me a more versatile gateway edge device than my current router. My D-Link DIR-615 is performing quite well and if I really wanted to it'd be no big deal to flash it to DD-WRT or another firmware. I just like to tinker with my network and was thinking of converting my Amahi box into a ClearOS box and possibly make my network performance even better, or perhaps it'll stay the same. I was thinking of throwing in along with another gigabit network card (has one built in to the motherboard) a pair of wireless network cards (one 802.11 G and one 802.11 N) so that B/G devices on my N network won't affect the wireless N network's device speeds. There are some other nice perks that I see in possibly using this OS. So how many other folks setup a PC this way or do you all just use a router with custom flashed firmware?

 

[Jimmah]

Funny you mention this, as right now (as in this second) I'm working on a Zeroshell AP for local filesharing in my neighborhood. I've also got a Smoothwall box running an epia PD6000 as my main router.

How are you liking your HDA? Really loving mine, enjoying GH and the ease of the built-in VPN.

 

[nsafreak]

I've been really liking my HDA which makes me hesitate in reformatting it for this use. I really like the apps that are available for it and the ease of VPN tunneling into my network it gives me. I may just see about building another box (low energy use) for this purpose.

 

[drebo]

Nope. It's pointless. Uses more power and no compelling reason. A used $25 Cisco router on ebay gives you more features and better reliability.

Every time I see a business running pfsense or a similar linux-based "firewall", I just have to laugh. They're fine for playing around with, but in reality, they're mostly useless.

 

[Emulex]

pfsense - you can run it in a VM on your quad core multi-purpose system and it can do NAS, transcoder, pfsense (advanced dual wan support!) all at the same time. since i'm doing downloads/playing htpc (7mc hdhomerun)/slinging with airvideo/steramtome- sharing smb, adding the role of routing is no biggie. By keeping a gigabit switch in front of the pc - you can avoid unnecessary traffic, then an extra rosewill gigabit to the cable modem(s) to segment traffic. you will find that under $2K there is nothing better than a pfsense router - very powerful - also DD-WRT is for sale for pc's too if you like that style more - VERY powerful as well but $$ per license.

pfsense can do CARP where you have two PFsense running and if one fails another can take over duty if you can wire that up for double redundancy. then throw in a super fast access point or two and you have a badass setup.

Want to run IPS/IDS? you have the power. Want to run it on your linksys? hell no ain't going to happen. Heck even at 100megabit (comcast) i see the linksys routers are slowing down the stream when you put too many firewall rules/qos/etc.

Plus with 512 meg of ram that is almost 10 times what a Linksys E4200 or WNDR4000 has (8 * 64 actually) so you can run torrents till you die. hell run them on the firewall and don't feel the pain of windows half-open tcp connect limit.

I can run a business off a pc as a router - 5 9's uptime. i would not say the same with a linksys. wouldn't want to bet my business on it (ip telephony quality, etc). we're talking 50+ seats.

 

[drebo]

Have fun creating a GRE tunnel on your pfsense box.

Oh, wait...you can't. Ah, well. At least you created yourself some job security, as no one else will ever want to touch that house of cards.

 

[bobdole369]

In a pinch once (after a "hotbrick" dual WAN VPN firewall failed (power supply)) and that same day a Netgear SSL VPN box also bit the dust (firmware failure, bricked) I installed Untangle on one of our spare mini-PC's (We used Mini-ITX boards inside Mini-box.com m350 enclosures for a tiny footprint) http://www.mini-box.com/M350-enclosure-with-picoPSU-80-and-60W-adapter

Hooked up 2 USB NIC's and along with the onboard one, had a cheap (to us, the PC was a test unit that was an RMA'd motherboard from the mfr and couldn't be sold as new) fast, and working dual-wan (failover) solution. As an added bonus, it webfilters categories, virusscans outgoing and incoming SMTP/POP, and for a license fee, can do ssl VPN. It also gave you a checkbox that disabled protocols (bittorrent, irc, AIM, etc) and it did layer 7 filtering for those. I never investigated GRE capabilities, the SSL VPN was sufficient for that office of about 30 folks.

The cost is right (a spare VM would have performed just as well as a dedicated machine, had I an ESXi up at that office)

I would never consider it in the environment I'm working now, (enterprise with 8 branch offices).

They have their uses. Back in the day my roommate had a box out in the living room that served as a DVD player (complete with an MPEG-2 card LOL) and a TV out. He installed NT4 Backoffice to work on certs, and used that to route out the "Telocity" DSL newly available in our area to our respective rooms. 1.5m/256k baby!

Back in those days it was perfectly reasonable to dedicate a machine to routing. Now it doesn't make that much sense.

 

[Geofram]

I love it at home. Not sure that I would do it for a work, but at home, they have plenty of features and tons better reliability than the SOHO ones.

Personally I have an Atom computer running Astaro right now, doing all the routing duties at my home. It does web filtering, firewall work, etc, and I never have to reboot it. Calling it pointless is certainly overstating. If *all* you want it to do is routing, I'm sure a Cisco product will be a lot better. If you want it to do basic routing, VPN, web filtering, firewall, antivirus, etc, then they are pretty nice. I can even get Astaro to integrate with my home Active Directory and limit users internet access based on who's logged in; not just by computer.

Not bad for a free download. Especially since it was replacing whatever linksys/Netgear/etc piece of crap. I went through quite a few of those in my life before going the PC-as-a-router route, and they were all unstable. I never owned one that didn't require fairly regular reboots to keep it running.

 

[chuck2002]

Have fun creating a GRE tunnel on your pfsense box.

Oh, wait...you can't. Ah, well. At least you created yourself some job security, as no one else will ever want to touch that house of cards.

You can have a house of cards with any firewall device given the right fool that did the setup and rules (mis)management.

 

[Fardringle]

Have fun creating a GRE tunnel on your pfsense box.

Oh, wait...you can't. Ah, well. At least you created yourself some job security, as no one else will ever want to touch that house of cards.

I don't know about pfsense, but it's no problem at all on a Smoothwall box.

 

[Ghiddy]

The only way i'd ever run a PC as a firewall/router is if I had free space somewhere out of sight to run it, and didn't have to see cables running to it, and had cheap electricity. Just seems like a lot of effort and resources for something an $30-$80 can do. I know routers back in the da used to be pretty unreliable, but over the past 7 years the routers I've had have all been rock solid. Never require reboots or anything.

 

[Emulex]

i'm not following on vmhost 1 you run one software router and on vmhost 2 you run the other using CARP so there is not single point of failure. smoothwall looks pretty good too. The problem with cisco is their dual-wan technology is 1990's for smb.

has cisco come up with better smb static route dual wan polling?

 

[Nothinman]

A used $25 Cisco router on ebay gives you more features and better reliability.

Not at all, sure it's cheaper but those cheap SOHO routers aren't nearly as reliable as say an ASA5505 and a Linux installation will have infinitely more features and configurability. I currently have an old PIX 501 at home, but it does so much less than the Linux box it replaced that it's not funny. And I don't just mean because of Cisco's licensing, it only does SSH v1, there's more NAT/PAT restrictions, no decent bandwidth monitoring like NetFlow, etc.

 

[wirednuts]

i think cheap routers are great for light traffic, just a couple pc's in a house. but ive noticed when i have like 3 or 4 pc's all maxing out their network connections my budget routers stop working normally. slowdowns are common, they sometimes drop the connections and they can go into 'funk' modes where they work but some features dont, and it requires a powerdown/powerup to resolve.

if youre doing filesharing for a whole neighborhood, i could see why you would want a linux box. that said, a good $150 router would probably be better anyway if for nothing else but the power savings.

 

[Gryz]

If you wanna talk about reliability, anything without a HDD will be a zillion times more reliable than something with a HDD. So imho a dedicated router will usually beat any homebrew PC-based solution with a HDD.

ISPs are fanatical about keeping anything with a HDD out of their POPs. At least they were when I talked to them. Which was many years ago. I know HDD reliability has gone up. But I don't think it has gone up enough to make this rule of thumb not true anymore.

 

[Nothinman]

If you wanna talk about reliability, anything without a HDD will be a zillion times more reliable than something with a HDD. So imho a dedicated router will usually beat any homebrew PC-based solution with a HDD.

ISPs are fanatical about keeping anything with a HDD out of their POPs. At least they were when I talked to them. Which was many years ago. I know HDD reliability has gone up. But I don't think it has gone up enough to make this rule of thumb not true anymore.

That's only one aspect of reliability though. You may have a device that will run constantly 24x7 indefinitely, but if it shits the bed any time you start up a torrent or >3 people try to use the Internet, I wouldn't call that reliable. And a lot of cheap SOHO devices fall into that category.

 

[Icecold]

I have a Dell GX260(2.4GHz Pentium 4, 1GB ram) running IPCop at my house. When I got Timewarner Wideband internet(50mb down, 5 mb up) my wrt54GL running dd-wrt couldn't keep up. Switched to Tomato and it was better(dd-wrt wouldn't go over ~20mb download speed, tomato was around 45) but decided to try out IPCop on my spare PC. Didn't cost me anything as I had the PC and extra network cards.

Now I never get less than 51mbps download, never freezes no matter what I do, and all in all performs great. Will soon setup the VPN functionality on it and see how it performs.

I don't think using a pc as a router is pointless at all and like the flexibility it gives me.

 

[Gryz]

but if it shits the bed any time you start up a torrent or >3 people try to use the Internet, I wouldn't call that reliable.

That has nothing to do with reliability.

That is a matter of feature-set. You need a decent queuing strategy/implementation on your router. WFQ or whatever. You could call it performance or features or whatever. But it has nothing to do with reliability. (To be complete, you need that on the other side of you link too. And that depends on the equipment of your ISP.. Actually, queuing probably depends more on your ISPs equipment than your own).

 

[Lemon law]

I followed this thread with total confusion, but the fact is and remains that using windows ICS and a cross overcable cable makes the windows host computer act exactly like a router.

My wife and I have been using exactly that ICS strategy for six or seven years and counting with total rock solid reliability. In short, no expensive and problem prone router needed in any way. If I had a nickle for every router that failed on this forum, I would be a very wealthy man.

I first started out with ICS when dial up was my only internet option, but it allowed my wife and I to connect to the internet at the same time for only the cost of a crossover cable. When I posted my results on this forum, I was universally attacked by the pro-router folks. With dire warnings that turned out to be nothing but ole wives tales.

Then in terms of ole wives tales, some conceded that ICS might work with dial up, but it could not possibly stand up to the higher demands of broadband. In late 2009, I finally got a chance to put that ole wives tale and use broadband in the form of EVDO 3G from a nearby Verizon tower newly activated. Guess what, when I went to much faster 3G Verizon EVDO, my former ICS connection preformed equally well and has proved rock solid. In short another pro-router ole wives tale argument that has proven to be total bullshit. And even worse, when we talk about wireless or hard wired routers for 3 or 4G, those routers don't cost a mere $30-$50, the costs of such 3G or 4G routers jump to a $100.00 or more.

I don't want to be totally anti-router, because ICS works in only the two computer user household. Which perfectly describes my household consisting of me, myself, I, and my wife. But when some household is in the 3 or more different user computer situation, then a router may be needed.

 

[Nothinman]

That has nothing to do with reliability.

That is a matter of feature-set. You need a decent queuing strategy/implementation on your router. WFQ or whatever. You could call it performance or features or whatever. But it has nothing to do with reliability. (To be complete, you need that on the other side of you link too. And that depends on the equipment of your ISP.. Actually, queuing probably depends more on your ISPs equipment than your own).

Um, no. If the router shits the bed when even the slightest bit taxed, then the router is unreliable because you can't rely on it to pass traffic. And you don't need QoS to deal with Bittorrent traffic, although it helps other services' performance. If I can replace a $30 SOHO router with a 2 decade old P5 running Linux and the P5 handles the traffic better then something is definitely wrong with that router and sadly that's the case with most cheap SOHO hardware. The issue isn't usually with traffic priority or anything, it's just that those "routers" can't handle all of those connections being initiated at once or something. I actually don't understand it because a standard Linux build can handle it just fine, so I'm not sure what Netgear, Linksys, etc do to their builds to cripple them like that.

But in the end, reliability is based upon the user experience. So if my Internet connection does whenever starts a certain program up and rebooting the "router" fixes it consistently, that router is indeed unreliable.

 

[jlazzaro]

I don't want to be totally anti-router, because ICS works in only the two computer user household. Which perfectly describes my household consisting of me, myself, I, and my wife. But when some household is in the 3 or more different user computer situation, then a router may be needed.

this statement summarizes your entire post...blissfully ignorant. i would argue why ICS is a poor choice, but I don't think you would care or (more importantly) understand.

 

[Ghiddy]

I have a Dell GX260(2.4GHz Pentium 4, 1GB ram) running IPCop at my house. When I got Timewarner Wideband internet(50mb down, 5 mb up) my wrt54GL running dd-wrt couldn't keep up. Switched to Tomato and it was better(dd-wrt wouldn't go over ~20mb download speed, tomato was around 45) but decided to try out IPCop on my spare PC. Didn't cost me anything as I had the PC and extra network cards.

Now I never get less than 51mbps download, never freezes no matter what I do, and all in all performs great. Will soon setup the VPN functionality on it and see how it performs.

I don't think using a pc as a router is pointless at all and like the flexibility it gives me.

While that may be the case for the routers you tried, I think it depends on the model. I have the same wideband service as you and I achieve the max possible 50/5 down/up on my 2 routers. I only have 2 because the 1st one had crappy wifi in the original location so I demoted it to a WAP only, moved it to a central location to improve overall wifi signal, and used a 2nd high quality (but non-wifi) router one i had lying around as my main router. Both of the routers regularly hit the max speeds and sustain them. THe 2nd one even provides VPN capabilities.

I'm guessing either your old router hardware was not able to keep up or the combination of the hardware + ddwrt/tomato wasn't able to sustain the full bandwidth of the connection.

 

[Gryz]

I don't want to make a big fuss about terminology. Because that is what we are discussing here, what a term like "reliability" means.

If the router shits the bed when even the slightest bit taxed, then the router is unreliable because you can't rely on it to pass traffic.

Your comparison suggests that a truck is an unreliable car compared to a Porsche. The Porsche can drive 250 km/hour. When I try to drive my truck at 250 km/hour, it fails. So I can't rely on my truck to drive fast. Therefor my truck has low reliability ???

There are many different aspects to decide whether a product is good or bad. Performance. Price. Featureset. Amount of bugs. Reliability. But they mean different things. Reliability means: can I depend on the fact that what it does today, it will do tomorrow as well ? In other words: will it break down ? The example you can up with has nothing to do with reliability as used in computer science. In your example the router has low performance. Or bad design. Or lacks features. But it has nothing to do with the concept of reliability.

http://en.wikipedia.org/wiki/Reliability_%28engineering%29
Well, I'm sure you'll find a sentence in that wiki page somewhere that makes you believe that a wrong design is automatically an unreliable design. I'm sure I won't be able to convince you.

 

[Modelworks]

It doesn't matter if it is a pc or a router you bought they both are doing the same thing, running OS on a cpu. Poke around inside that router you have and it will likely be running linux or uclinux. How someone thinks that running the same software on a pc somehow invalidates that software I can't understand. The only difference would be power requirements because the embedded gear uses less power. Take a SBC and attach a compact flash card and run pfsense and you have the same thing as a hardware router you buy off the shelf.

 

[Geofram]

It doesn't matter if it is a pc or a router you bought they both are doing the same thing, running OS on a cpu. Poke around inside that router you have and it will likely be running linux or uclinux. How someone thinks that running the same software on a pc somehow invalidates that software I can't understand. The only difference would be power requirements because the embedded gear uses less power. Take a SBC and attach a compact flash card and run pfsense and you have the same thing as a hardware router you buy off the shelf.

The problem is when the thing you buy off the shelf keeps needing to be rebooted, drops your internet connection, freaks out when you're moving files between computers over the switch component, etc. That's the behavior I've seen personally on SOHO routers. Maybe they have crappy CPUs, or not enough RAM, or whatever, but basically, my experience with my SOHO routers was always "high use = bad things happen".

My little Atom machine eats more power than one of them; but not enough more to make it worth putting up with the problems I had with them. So, basically, if the end result is different, aka stability of the connection, then there is SOMETHING different in the devices. I wasn't looking for reasons to use a PC as a router. I started using one as a router because of my bad experiences with the routers.

One comment about the earlier comparison of a truck to a
Porshe - if what you bought a vehicle for was to drive 250 km/hr then indeed the truck could be called unreliable at doing that, and you'd be stupid to buy one to do it.

My experience with the SOHO routers is that they are designed for Grandma to check her email and light web surf over, maybe watch a netfix video, but if you put more stress on them than that, they are doing what they are not "designed" for and therefore, unreliable.