Suggestions for hooking up cable internet. Part II

Groltz

My demeaning user rank is
Joined
Jan 15, 2002
Messages
1,295
Location
Pierce County, WA
I was tempted to just revive Joe's old thread but then decided it would be easier to start a new one that did not already have 67 posts in it.

Here we are in August '05 now and it is my turn to face, for the first time, gathering a solution as to how to share a home cable-modem among multiple PCs.

I have Comcast cable internet service and am using a Motorola SB5100 cable modem. I want to set up sharing of the cable internet using a router and ethernet cables to the machines. (No wireless)

So here are my questions:

It would appear that the router needs to be able to clone the MAC address of the host PC which Comcast uses for my ID. (Is that how that works??)

Is NAT + Stateful packet inspection, that Merc mentioned, the best/strongest in terms of hardware firewall protection these days? Is this kind of hardware firewall as comprehensive/strong/safe as the best software firewalls thus allowing me to quit running them? (the software firewalls)

Are there any other beneficial router features to consider? I am looking for quality and features as opposed to cheap pricing.

I would like to make sure the router is one that doesn't have a reputation for cutting into bandwidth/causing slowdowns due to its design. Any particular brands/models that are exceptionally good, hassle free, etc? Any that should be avoided?

It seems as that there are some routers that are marketed specially towards being used in a home cable-internet sharing capacity. Are these a good way to go?

Many thanks in advance for your guidance.

-s
 

time

Storage? I am Storage!
Joined
Jan 18, 2002
Messages
4,932
Location
Brisbane, Oz
I'd stand by everything Mercutio said in his response in the earlier thread, and I don't see any reason to change anything I said in the post that followed.

In other words, nothing's changed in more than a year!

Virtually any non-DSL router should do the job, as long as you don't want advanced features like VPN. Even D-Link should be okay <chokes>. Don't worry about Mac address spoofing - it's a standard router feature, but I don't know if Comcast requires it or not.

You might actually be better off shooting for a wireless router and just disabling the wireless; that's where the vendors concentrate their efforts and it may well be cheaper.

Quality wise, I don't really have confidence in any major brand. I haven't had Netgear stuff fail once deployed, it's just getting one that works properly in the first place ... You may fare better with Linksys.

Personally, I use DrayTek (Vigor). IMO, they're way more reliable and better designed, but thin on the ground in the US. I can see the 2014p for US$40. Like a similar D-Link unit, it doubles as a parallel-port print server (which is what I use one for, as well as a backup to my main router).

No VPN or wireless, but extensive port forwarding options and a reasonably sophisticated firewall, eg:
Code:
x Enable DoS Defense 	 	 	
 	x Enable SYN flood defense	  Threshold 300 packets / sec	Timeout 10 sec
 	x Enable UDP flood defense	  Threshold 300 packets / sec	Timeout 10 sec
 	x Enable ICMP flood defense	 Threshold 300 packets / sec	Timeout 10 sec
 	x Enable Port Scan detection	Threshold 300 packets / sec
 	x Block IP options     x Block TCP flag scan	
 	x Block Land 	       x Block Tear Drop	
 	x Block Smurf 	      x Block Ping of Death	
 	x Block trace route 	x Block ICMP fragment	
 	x Block SYN fragment   x Block Unknown Protocol 	
 	x Block Fraggle Attack
Unlike Linksys, it comes with Dynamic DNS support that actually works. This gives you external access to your network even when the cable IP address changes, eg groltz.homedns.org. And so on.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,302
Location
I am omnipresent
The truth is, Firewall + SPI is really about all you can hope for or need, unless you need to do QoS (bandwidth throttling) or a VPN end-point. If you're running XP SP2, I wouldn't recommend turning off the builtin firewall. It's simple and does very little in the way of logging but as far as I can tell there's no performance penalty to having it, either. I'm not a big fan of Windows software firewalls. In general, they are overly complicated or do stupid/useless things (Look, I'm being hacked by someone in McClean, Virginia!). The sort of person who is not bothered by the complexity probably also knows of non-Windows-software options that are less annoying to use.

Pretty much every NATting router can clone a MAC address. It shouldn't be that hard. Comcast in my area doesn't require a cloned address. I wouldn't be surprised if you could just plug something in and see it magically work.

There are routers in the world with neat "toy" features. Netgear has a model that can handle a couple USB drives for NAS. DLink has one that can be a print server.

Quality on non-Enterprise routers is very low. You will either pay $300+ for a Sonicwall/PIX, maintain a Smoothie or deal with the fact that the POS you DID buy is going to drop carrier every week or so (or more often) and die in six to eightteen months.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,302
Location
I am omnipresent
There is a real love-fest over at Slashdot for m0n0wall at the moment. Looking at the feature set I think I can see why. If you have a crap PC you can put a Firewall on, it looks like it's about a generation ahead of Smoothwall.
 

blakerwry

Storage? I am Storage!
Joined
Oct 12, 2002
Messages
4,203
Location
Kansas City, USA
Website
justblake.com
Mercutio said:
Quality on non-Enterprise routers is very low. You will either pay $300+ for a Sonicwall/PIX, maintain a Smoothie or deal with the fact that the POS you DID buy is going to drop carrier every week or so (or more often) and die in six to eightteen months.


Maybe things have changed a bit, but I've never had either my Dlink 704 or my Netgear MR814 lock up under normal use. My DLink is easily 3 years old and the netgear I believe is a year and a half.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,302
Location
I am omnipresent
That is foreign to my experience. Usually I install Netgear or Linksys hardware at customer sites. The couple of times I've done something optimistic like put an AP/router up in a drop ceiling, it's had to come down because it's stopped routing or switching or whatever.
 

Fushigi

Storage Is My Life
Joined
Jan 23, 2002
Messages
2,890
Location
Illinois, USA
I may have had 2 or 3 lockups on my Netgear routers over the past couple of years, but that's about it. They've been far more stable than the PCs connected to them or than Comcast's service...
 

Buck

Storage? I am Storage!
Joined
Feb 22, 2002
Messages
4,514
Location
Blurry.
Website
www.hlmcompany.com
Netopia, LinkSys, D-Link, Netgear - several years of no lockups. For some reason my old Netopia router is quite dear to me -- maybe because it cost so much, or maybe because it didn't have a fancy GUI (Telnet baby!).
 

Groltz

My demeaning user rank is
Joined
Jan 15, 2002
Messages
1,295
Location
Pierce County, WA
I put a Linksys BEFSX41 on order today along with a bunch of other parts that will make up my new gaming rig.

The BEFSX41 has a VPN endpoint with should let me tie my work-issued laptop into the mothership's network from home.

Thanks for the advice and experiences.

-steve
 

Groltz

My demeaning user rank is
Joined
Jan 15, 2002
Messages
1,295
Location
Pierce County, WA
Fushigi said:
Can't you just run a VPN client on the laptop?

In honesty, I'm not familiar with it Fushigi. The one thing I do know is that people at my company that want to connect to the network from home (via broadband) must use a VPN-able router. I 'spose the trial by fire will begin once it gets here.
 
Top