On Mon, Jan 5, 2015 at 12:00 PM, Alex Pilon <alp [ at ] alexpilon [ dot ] ca> wrote: > On Sun, Jan 04, 2015 at 01:52:23PM -0500, Peter Meyer wrote: >> Opinions please. I am looking to build/buy something that replaces my >> existing router/gateway box. >> >> My thinking is taking me in two directions. One is to replace my existing >> WRT54GL running Tomato with another embedded system running openWRT > > Why not just stock Linux? What are you doing that requires those > firmwares? Just stock linux, sysctl net.ipv4.ip_forward=1, a bit of > iptables or nftables, dnsmasq or ISC DHCPd and your favourite caching > and recursing nameserver, some static addressing and routes, and you're > done, not to mention have far more control than you could hope for. > > But first, what are your speed requirements? > >> or build a multi-port router > > How is being multi-port exclusive? > >> (raspberry pi???) > > The Raspberry Pi *isn't* multi-port. You'll have to use tagged VLANs and > a managed switch, like a Netgear GS-10[58]T to get around that. > >> with: >> […] >> 2. unique zones and policies that separate the wifi (wlan) from the >> local network (lan) and firewall both from the internet. > > iptables or nftables. Zones are an abstraction built by the *WRTs, that > produce very messy rulesets, no more. Did that with my router at home > for my two ISPs and two subnets, and it works. > >> 3. QOS controls - This has become less of an issue as my DSL pipe is >> 10/1, however I would like to add VOIP onto this network and >> prioritize its traffic above all other. > > If you want to *strictly prioritize*, and aren't worried about > starvation, you'd use the prio qdisc. The simplest would be two bands, > one for VoIP traffic, and the other for the remainder. > > Use tc (from iproute2) and a few iptables targets used to manage Linux > QoS. But before even looking at that, is your link even appropriate for > VoIP? What's the latency on it like? Low and predictable enough? Have > you tested it? > > Mind you, if you can find good tc filter documentation, you'll be in > luck. tc itself isn't very helpful when you enter incorrect rules. And > I'm sorely tempted to run Linux under a debugger just to figure out > where it's failing. > >> I've started prototyping this idea using a raspberry PI running Shorewall, > > Why Shorewall? > Some feedback on another product. I'm in the process of pulling the trigger on getting a RouterBoard RB2011iL-IN[1]. However, this version does not have wireless support so you'd have to drop a wireless AP or move to the RB2011UiAS-2HnD-IN [2]. It should offer everything listed in your original email. [1] http://routerboard.com/RB2011iL-IN [2] http://routerboard.com/RB2011UiAS-2HnD-IN -- Paul Belanger | PolyBeacon, Inc. Jabber: paul [ dot ] belanger [ at ] polybeacon [ dot ] com | IRC: pabelanger (Freenode) Github: https://github.com/pabelanger | Twitter: https://twitter.com/pabelanger