[SOLVED] Router under MY control

[liderbug]

I'm switching from a Centurylink C2100T 15 Mbps connection to a 100 Mbps fiber line. To that end I need a router that allows me to include the source IP in any rules. I've found the specs of a AC1750 fit my needs - except "We don't include source IP in the GUI and we don't allow telnet (and your own iptables rules) for security reasons (our reasons are a secret)". - Also every other router I've looked at: "for security reasons...". Cost is also a factor - this is a home router and not a tax deduction. Suggestion as to which router to purchase or which path to take.
Thanks

 

[bill001g]

What you are talking about is more of a firewall than a router. Your best option likely is going to be some small computer with 2 nic cards. You would then use some very cheap router to use a AP and provide the wifi. It does not have to be anything real fancy even a older computer has much more CPU power than even the best routers. There are many free linux firewall images that can do what you want and more.

If you really want to use a consumer router you can get one you can load third party firmware on like dd-wrt. DD-WRT has a pretty advanced gui but you can get direct access to the iptables if you want.

The problem with using any consumer router even without third party firmware is the hardware feature that allows NAT traffic to bypass the cpu. This is how they get routers to be able to pass a gbit of traffic wan/lan. When you run traffic filters all the traffic must now pass the cpu. So now the cpu must do the NAT function as well as the traffic filters.
Just the NAT in the cpu will drop the top speed of a fast router to under 200mbps. When you add more rules it drops farther. This is why many consumer router place a very low limit on the number of filter rules you can configure, it is not just the gui that is limiting it.

Key here is look at the clock speed of the router and how much memory it has. Of course start with the list of routers that third party firmware like dd-wrt or tomatoe will run on and then go from there.

Still the best recommendation is to use a small pc or maybe buy a small firewall. Many of the cheaper firewalls are just a custom version of the free linux firewalls running on a single board computer.

 

[alceryes]

Using a residential-grade router for commercial-grade functions can definitely bring headaches, as @bill001g details.
Check out Ubiquiti products. They're decently priced and will give you the functions you want (and have the horsepower to perform those functions).

 

[kanewolf]

Using a residential-grade router for commercial-grade functions can definitely bring headaches, as @bill001g details.
Check out Ubiquiti products. They're decently priced and will give you the functions you want (and have the horsepower to perform those functions).

You need to be clear that you are referring to the Ubiquiti EdgeRouter line and not the UniFI line. Either EdgeRouter or MikroTik.