• October 12, 2024, 06:31:23 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: EBR-2310 vs LEAF Firewall--But left that topic 4 posts ago.  (Read 17168 times)

neb

  • Level 2 Member
  • **
  • Posts: 30
EBR-2310 vs LEAF Firewall--But left that topic 4 posts ago.
« on: January 29, 2008, 09:27:50 AM »

I've been using a LEAF firewall (Bering-uClibc distribution) for several years. Now I'm evaluating the D-Link EBR-2310 as a simpler replacement.

Spec: D-Link EBR-2310, Hardware: B1, Firmware: 2.01
Notice: Firmware 2.01 is on the device, but only 2.00 listed for download.

Both systems support port forwarding and DHCP, but the EBR-2310 lacks a critical feature: No DHCP Static Reservation. That is, I need my internal machines to always be assigned the same IP address. Yes, I could statically assign them on each machine, but that should not be necessary.  The Bering LEAF DHCP server configuration allows me to map MAC addresses to IP addresses (outside the dynamic range). These MACs are always assigned the reserved IP address.

This feature it is absolutely critical in a NAT environment for at least two reasons:
1) Port forwards need to always point to the correct machine's IP address
2) Internal network communication between machines need consistent IP addresses

In fact, the D-Link manual for this product (as well as the help pages on the firmware) refer to a DHCP Static Reservation feature. However, the device does not include this feature. I had a very informative conversation with D-Link tech support. The representative confirmed that this feature is missing (but existed in other models), and could offer no workaround.

If anyone reading this is tech savvy, please let me know how to overcome this shortcoming. Can this feature be replaced in a firmware update? If not, how do you recommend I deal with this situation? How is port forwarding expected to be stable without this feature?
« Last Edit: January 31, 2008, 05:11:10 PM by AWDL »
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: EBR-2310 vs LEAF Firewall
« Reply #1 on: January 29, 2008, 10:08:58 AM »

To put it simply a homegrown and tailored solution will almost always be better able to fill your needs than a commercially available solution (this applies to gateways, routers,and firewalls).  The only drawback is the requisite knowledge to build and maintain it.  Which brings me to my question, if you have built and maintained a homegrown solution for several years why go commercial?

DHCP reservation is a feature that may be added in future versions of the firmware, however I know of no specific promises to do so.

As for fixes you have 4 options:
Stick with what you have as it is already configured and working in your environment.
Buy a different router that has the featureset you need.
Wait until this router develops DHCP reservation (which is not a guarantee)
Use the EBR-2310 with a external DHCP server (such as turning your LEAF box into a DHCP server and using the EBR-2310 for all else)

As for your last question, with true static IPs, which are always going to be preferred because they will still work if your DHCP server fails.  How many computers do you have that manually setting them is not an option?
Logged
non progredi est regredi

neb

  • Level 2 Member
  • **
  • Posts: 30
Re: EBR-2310 vs LEAF Firewall
« Reply #2 on: January 29, 2008, 11:25:12 AM »

Thanks for your quick reply, Fatman. All of your advice is spot-on. I'll explain my situation a bit more by answering your question.

Q (paraphrased): Why am I buying an inferior commercial router when I have already set up a superior Linux solution?

A: Reliability and simplicity. Here are some negatives of the LEAF box:
  • I love/loath tinkering with the Bering LEAF configuration. I've learned a lot, but I don't have time to tinker right now.
  • My LEAF rig is old hardware, which I'm not confident will reboot every time, especially because it is floppy-disk based.
  • The logs show strange NIC configuration messages, which make me believe the drivers aren't working 100% (D-Link supports Full-Duplex 100Mbps without driver tweaking).
  • Comparative tests have shown my network responsiveness is slower behind the LEAF box (as opposed to the D-Link or no dedicated firewall).
  • Buying the D-Link router is cheaper than buying better hardware for the LEAF box
  • The LEAF machine itself is a full-sized computer (D-Link is tiny).
  • The D-Link will probably consume less power on my UPS, and if battery power fails, will reboot upon power return (with higher confidence)

Regarding your 4 options, I want to eliminate the LEAF machine (and do not want to run a separate DHCP service -- good idea though). Regarding buying a product that has the features I need: I thought I was. The manual indicated this product has DHCP static reservations. That turned out to be a documentation error.

Your last piece of advice is well-received. It is better to use static IP addresses, because intra-network traffic would survive DHCP/router failure. Manually configuring hosts files and maintaining static IPs just sounds so old-fashioned and tedious. However, this might be the advice I follow. (I only have a handful of machines).

Nonetheless, I'd still like to express my strong desire to have DHCP Reservations on the D-Link EBR-2310. I'm not really sure how the product is expected to function without this (especially for port forwarding after poweroff/reboot). In fact, for DMZ configuration, the manual points out several times how dangerous this is.

Thank you for your insights.
« Last Edit: January 29, 2008, 11:28:39 AM by neb »
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: EBR-2310 vs LEAF Firewall
« Reply #3 on: January 29, 2008, 03:04:06 PM »

Thank you for your interest.  I know it sounds tedious and old fashioned but the manual way is my suggested option.

Additionally, this feature has been requested with PM so it may be delivered, I just can't promise it to you.
Logged
non progredi est regredi

neb

  • Level 2 Member
  • **
  • Posts: 30
Re: EBR-2310 vs LEAF Firewall
« Reply #4 on: January 29, 2008, 04:10:48 PM »

Thank you for making a feature request.

Just as an example, I thought of a situation in which DHCP Reservation would be necessary: Suppose there is a network device that obtains its IP exclusively via DHCP (e.g., VOIP, NAS, DVR devices) and is otherwise non-configurable. If this device needs port forwarding to function, DHCP Reservation would save the day. This would be much safer than DMZ, and would support multiple such devices.

I now have my machines set up with static IPs, but I still consider this a workaround. I understand the EBR-2310 is not the top-of-the-line, but I just don't understand how D-Link expects port forwarding to be stable at all.

Thanks again for the technical advice.
Logged

AWDL

  • Level 3 Member
  • ***
  • Posts: 335
Re: EBR-2310 vs LEAF Firewall
« Reply #5 on: January 29, 2008, 04:25:15 PM »

Not to pile on.

Disclaimer: I have a habit of doing things the old-fashioned way.

I use static ips for everything (/24)
computers are .20-.29 (only have 5 active right now).
Storage things are .50-.59 (only have 3 right now)
print server is .30-.39 (only have one , its .33)
IP camera are .10-.19 (7 right now, if I used more I would take space between .03 -.09)
Internet router is .1
AP/gateway/managed router (.150, .200, .90, no real logic there).
DHCP is off, radio is off unless I am connecting wirelessly, then it is WPA-PSK.

Computers have host names of Futurama characters

shoot I think I went off topic.....

« Last Edit: February 04, 2008, 11:20:31 AM by AWDL »
Logged
Meanest person you know

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: EBR-2310 vs LEAF Firewall
« Reply #6 on: January 30, 2008, 09:32:39 AM »

I think we need a new rule that Futurama is never off topic.

I wish I could claim to be so old fashioned, unfortunately I can't get the entire household to cooperate.  So instead I have a range of statics for my personal use instead of everyone else's DHCP.

We use 2 different naming schemes, my father adapted his work scheme for home, it consists of beach animals primarily starting with the word sand and the size/type of the animal shows the relative size/importance of the machine. eg. sandflea (name started before the advent of networkable phones and PDAs) is his laptop, when I was on his naming scheme my primary PC was sandshrew (yes the Pokemon reference is terrible, but I was nicknamed rat at the time).

I append the word fat to everything.  eg. fatserver, fatbox, fattop, fatPS3, fatphone.

The good news is that my home built solution will be replacing the commercial solution we currently have (just as soon as we get our new commercial cable connection to the household, yay 15/5 and 15/15 in a year with 5 statics) so out network is about to start really working.  We will have different networks for different power users.  Static IPs will become law then.  Best of all I will be running an open wireless network (a true network not just an AP) that collects MACs to be added to a banned host list for my real wireless network (no word on other possible uses for a list of freeloading macs, though I'm sure something will come up).

Now I just need to figure out how hard it will be to convince everyone to use WPA2/AES enterprise at home.

Now to finish the threadjack Neb where is that avatar from, it seems so familiar, Phantasy Star?
Logged
non progredi est regredi

neb

  • Level 2 Member
  • **
  • Posts: 30
Re: EBR-2310 vs LEAF Firewall
« Reply #7 on: January 30, 2008, 03:43:40 PM »

Good guess, but that's a Wizard from Dragon Warrior. I enjoy old-school RPG-like games (http://playawaken.com/).

Thanks for the home network discussion. Both of yours are much more sophisticated than my setup. My current plan is to simplify, rather than expand. Someday the pendulum will swing back.

My naming convention is classic arcade games (spyhunter, defender, joust, galaga, etc.).
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: EBR-2310 vs LEAF Firewall
« Reply #8 on: January 31, 2008, 10:49:46 AM »

Yeah, Lycan reminded me almost immediately where it was from.  I never got the full Dragon Warrior mojo on, I have never found a proper copy, and I never played it till I emulated it (shhh don't tell) in high school.  I still feel an idiot though.

I had actually found your game when I was trying to follow your avatar's location to get some background (which fails when you host your own site).  I will probably be taking a good look at it this weekend.
Logged
non progredi est regredi

neb

  • Level 2 Member
  • **
  • Posts: 30
Re: EBR-2310 vs LEAF Firewall
« Reply #9 on: January 31, 2008, 11:26:18 AM »

I had actually found your game when I was trying to follow your avatar's location...

Excellent Move -- I actually wondered if anyone would try that!

... to get some background (which fails when you host your own site).

Sorry, I don't understand. Could you explain what fails?

... I will probably be taking a good look at it this weekend.

Awesome! Everything on the site is rather preliminary right now. Behind the scenes, I have a nearly-complete game design and working software system (client-server). Next step is to implement/integrate the game systems. Then comes beta...

Danger: We are now officially off-topic.
« Last Edit: January 31, 2008, 11:28:18 AM by neb »
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: EBR-2310 vs LEAF Firewall--But left that topic 4 posts ago.
« Reply #10 on: February 01, 2008, 10:05:19 AM »

We have been off topic for some time, but this is a variety board and I am the mod so I think we are safe.

I was assuming that the image was hosted on a 3rd party site and you were just stealing it (nothing against you, just a common practice for avatars), in which case I could follow the URL back to a gallery from the game or some such, or the name wold be a clue.  Given you just had a folder for it on your own server, and with a generic name, it didn't give me any frame of reference.

This works more than I should probably admit.  For example thats how I figured out that the the horrifyingly familiar avatar that AWDL has up is Bruce Campbell

I had browsed through your site (very briefly) during the above escapades, and if nothing else the dev information looked like fun.
Logged
non progredi est regredi

neb

  • Level 2 Member
  • **
  • Posts: 30
Re: EBR-2310 vs LEAF Firewall--But left that topic 4 posts ago.
« Reply #11 on: February 01, 2008, 10:49:36 AM »

I have to admit, I recognized Bruce Campbell immediately -- "Come get some."

Yes, so far AWAKEN has been mostly a development effort. Soon, I'll be integrating actual gameplay. Usually the dev stats are full of revision commits, but I've been game designing for a month (see the blog). Thanks for your interest!

Regarding avatars, I tried to upload it, but your attachments directory is not writable. Remote link is fine, though.
Logged