Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[lotacus]

Some features/changes I would like to see in the router, balancing SOHO and Corporate.

LAN Side Routing.

The feature IS there, verified by looking at the source. At least what the img.bin would let me see in a hex editor. It's just disabled/hidden. Grabbing some hidden URL's, also pointed that routing to the LAN ports IS possible and a choice.

VLAN support

Limited by 3 virtual VLAN's. Understanding how a router works, I want to try and increase throughput on the lan side. For example, VOIP hardware on it's own VLAN, gaming systems on their own VLAN, and regular computers on it's own VLAN. This would reduce unessessary "talk" to every device on the network, therefore increasing bandwidth to those devices, as marginal as it may be.

Better implimentation of rules

The rules I talk about is for restricting upstream traffic by ports. For example, The only way to restrict web browsing is to create multiple rules to apply to one policy.

Policy name: Allow WEB Only

Ports to Dis-Allow

Filter: block 1 to 52 (allowing port 53 for dns)
Filter: block 54 to 79 (allowing port 53 for dns)

Filter: 81 to 442 (allowing port 80 for web)
Filter: 444 to 65535 (allowing SSL on port 443 for web)

It would be more efficient to also include an drop down of allow/disallow in the port range area. IE:

Name: Allow Port 80   Port Range: 80 - 80      Method:TCP  Access: Allow
Name: Allow DNS       Port Range: 53 - 53      Method:TCP  Access: Allow
Name: Allow HTTPS    Port Range: 443 - 443  Method: TCP  Access: Allow

We *could* even go one step cleaner and have something like this for commonly used ports.

Name: Allow Web Access  Service Type: HTTP/HTTPS can be a variable Access: Allow (choices: Allow/Deny)

So from this, we are allowing HTTP/HTTPS traffic. If HTTP being a choosable option from a pull down menu, which would actually be a variable as well to set the appropriate ports, it would allow port 80,443, AND DNS traffic on port 53.
DENY rules will ALWAYS have priority. So if one were to DENY Service Type: HTTP/HTTPS it would take precedance over the allow rule, in which case, we may stillwant DNS. Then we would have to create a custom RULE to DENY only port 80 and 443. The rule would then look like this:

Name: Deny Web Access Service Type: HTTP/HTTPS Access: Deny Allow DNS: Yes (determined by a check box or radio element.)

This would free up all the extra entries in the policy so we can apply other restrictions under that same policy if needed, without creating an additional policy.

The old way.

The new way.

Ignore the last column. It would no longer be there. I had a brain fart and forgot to edit that out. The explaination is a little off as well. I changed the Allow DNS to Include DNS, meaning whether or not to include DNS as part of that rule, seeing that the otherway around would be a conflict with allow/deny scenerio when deny takes precedence over allow.

New Submenu type under Status:

Connection List.

This will list all computers connected to the network, both LAN and Wireless. With an identifier to associate the two methods. From here, because it is now under the new Admin menu, we can now logically administer these connections. Kill a wireless client, revoke/reserve IP addresses.

This would be a lot easier than jumping from one page to another between stat's and administration, for wireless and wired computers. We would be able to see ALL connections in one place and eliminate the duplicate entries in their current placement.

Support for OpenDNS

Would be great to add support for OpenDNS in the DDNS settings. (yay!)

Seperate Rules for 2nd SSID

For those that make use of the second SSID regardless if it's encrypted or open, it could be benefitial to have separate policies apply to that second SSID. As of current, it allows all web access, but not access to the internal network. However, this means that these clients can still hog all the bandwidth and do as they like using HTTP. It would be great if a policy could be constructed to allow only http/https/dns, restricting these clients from using p2p services and other services that could harm the WAN traffic.

Portal for 2nd SSID

A landing page for those who connect to the 2nd SSID informing them of the restrictions. With a "continue" button the sends them to a pre-determined URL configurable by the admin.

Network filtering / Website Filtering

Include a feature to read from a list of ip addresses to disallow incoming communication. As well as reading from a list of unsafe website addresses. All this as opposed to entering everything in manually. This way, one could download a list from the internet that has already been generated, usually by 3rd party applications. This would also effectivly block those addresses that embed advertising in their pages, that may or may not be offensive.

[EddieZ]

Not arguing the validity of your list for the more PRO oriented networking users, but I think you might want to consider a different model. Looking at the price of the router and other routers that (with standard firmware) offer these features you'll find that they're in another segment.

I guess you have used or are using DD WRT, since those firmwares are highly customized for this purpose. To be honest, the basic, no nonsense 655 customer will have a heart attack looking at those options and will be given an endless array of ways to screw up...That's why they invented the different models and customer segments 

[lotacus]

All your statements are true. I have used DD-wrt. Suffice to say however, the linksys routers have poor peformance, even with dd-wrt. Well, maybe not poor, but certainly not the best performance around. Seeing the dir 655 going down in price, after spending $160.00 just last summer, I feel a little ripped off.

[EddieZ]

Seeing the dir 655 going down in price, after spending $160.00 just last summer, I feel a little ripped off.

That's how things go, that's what you get as an early adaptor wanting the latest technology. Once the EOL is halfway in sight, prices will drop. 6 months is about 1/3 to 1/2 of the product's lifecycle. I would advise you to get over this feeling to prevent serious issues  Otherwise you will never be able to buy a plasma, LCD, PC or about any other product without feeling ripped off.

[lotacus]

LMAO.

So true! Payed as much for a 720LCD that I could have got a Early Adopter 1080P this years model.

Anyways, To add to follow up on the OP, they are mere suggestions, yea, some would be scratched out moreso than the others, otherwise there would be no room for market, which i'll get to in a moment. LOL.

The requests were broad, and perhaps spending 500.00 on a managed switch may be better for me, which i will get to in a second as well.

I DID notice that the DGL series of routers have lan side routing, and a MUCH more impressive, cleaner interface, especially in the routing, filtering areas. There doesn't seem to be any restrictions to the amount of filting that can be done, unless it's a hidden limitation. (still no indication of turning off logging). heh.

So, the question about my upgrade...DLINK marketing strategies at work, do I spend the near 300.00 on the DGL-4500 or the DIR-825 or learn from the past and get a sub-market managed switch, keeping the DIR-655 in use?

[EddieZ]

I'd go for the last option (sub-managed switch). Dedicated devices do a much better job and the DGL series are positioned as gaming routers (which is also purely for marketing prurposes ofcourse). So go with dedicated stuff I would say. Pay a bit more, get more.

BTW, it's not only Dlink marketing working, it's all manufacturers' marketing strategies. Simply because it works.

But appraciate the suggestions. If they only pick up on some of them it's 'progress' 

[lotacus]

after writing that I started looking at what DLINK had to offer. I started getting side tracked with the features which then I ended up looking at 1000.00 ones. :S

I basically want to future proof the network. It's just a home network but it's nice to dream one day it will be a home enterprise. LOL. NOT.

the DWL-210 looked nice, browsing the firmware emulator for the dwl-200 seemed nice, it had a lot nice features for mid 500.00, but no indication if it was Gigabit ethernet. I did find what seemed to be a discontinued product that had hardware firewall, two wan ports for load balance and fail-over that was just about the same price as the DGL series (which is probably why it's EOL) that looked very promising. But it seems in order to get the best of both worlds, i'd have to spend 1000+ plus. *sigh*

In the time it will take me to upgrade devices, I would have spent around the same price for the 1000.00 dedicated device, even of opting for purchasing 3 routers to separate the network. which then I loose manageability and increase cost, and still don't get features I'd like out of the network.

oh well.

[EddieZ]

Since when is money an objection? 

[Lycan]

I think you're referring to the DFL-210? AWESOME hardware device, HORRIBLE for anyone thats a gamer/MM guy. No UPNP and port rules can be a pain. Killer granular control. You are correct it DOES NOT have gigabit. IT's a gateway device, the switch in it is intended to be connected to other switches. I keep begging for a gigabit version though, it'd be AWESOME.