- By Jeffrey L. Taylor -
Recently I went into the computer store for an Ethernet hub or switch
and came home with a SMC 7004VBR cable/DSL broadband router. Prices
have come down so much that I could afford the right solution instead
of something that would make do....
We recently did the
upgrade shuffle at our house. The addition of color printer drivers and Microsoft's
announcement that they were dropping Windows 95 support indicated
that it was time to retire my wife's 486, even though it had over
double the original memory and CPU power. I bought myself a
fre-belching Athlon XP 1800+ running Linux and she received the dual
boot 450MHz PIII returned to its original Win98 configuration. The
486 was shuffled off into retirement. It stayed there for a month or
two before my work required a second Linux machine. My main Linux box
has always served also as our router/firewall/NAT connection to the
Internet. Except when I botched the configuration. Then the whole
household was down. A broadband router would get my Linux box out of
the critical path and remove a source of domestic discord.
The SMC router's box said all the right things: 4 ports, stateful
firewall, 20/200Mbps full-duplex on the LAN side, IPsec and PPTP
pass-through, port forwarding, a DMZ, and an affordable price ($59.99
retail). With my Linux box in the DMZ and the other two computers
behind the firewall, everybody could be happy.
After plugging all three computers into the router and the router into
the cable modem, I was ready to go. If you do not need to use the DMZ
or port forwarding, i.e. no servers, it should work right out of the
box. I run my own e-mail and Web servers, so I needed to do a little
The printed manual is only a few pages long and is
principally about the Windows setup wizard with a few pages at the
back for the Mac. It is fairly obvious how to do the setup on Linux,
just read the text and ignore the screenshots. The router has a DHCP
server for the LAN, though it can be disabled or ignored if you just
pick IP addresses outside its range (192.168.2.100 to 192.168.2.199).
The initial configuration can be done without reading the manual. Just
point a GUI Web browser at http://192.168.2.1/ and click on thru. The
Web pages are attractive and the basic setup is straightforward. In
the interest of domestic tranquility, I first checked that my wife's
Win98 box had Internet access. The weather web site loaded fine.
CBS.Marketwatch.com stopped loading partway thru. Same for the Motley
Fool's web site. And McAfee VirusScan Online tried to do an update
and that hung, too.
Switching to my Linux box, I had the same results
on browsing the Web - most sites were fine, a few important ones were
not. Not good. Switching either box into the DMZ cured the problem.
However, I had only one public IP address so they could not both be in
the DMZ and the Win98 box had no firewall and ran no servers. The NAT
appears to be the problem. (Note: the boxes in the DMZ still have
Private Class C IP addresses, so some kind of NAT is being done; maybe
two different programmers or teams?) And e-mail from some sites was
timing out after the DATA command on most messages. Unfortunately, my
main e-mail address, email@example.com, is relayed by one of those
sites. Not acceptable. Switching the Linux servers to using port
forwarding and address mapping (a WAN IP address maps to several LAN
IP addresses, perhaps a primitive form of load balancing) did not
solve the problem.
Okay, time for Google. BroadbandReports.com (AKA DSLreports.com)
hosts vendor-specific forums. Reading the SMC forums did not turn up
anyone with a similar problem, but it did reveal that several SMC
employees are in the discussion (Question to self: how do I verify
this?), and that there is a beta version (1.05, now final) of the
firmware available (but not from SMC's site at the time). Crossing my
fingers, I installed it. This fixed the Web site problem but not the
e-mail server timeouts. I posted my problem and received several
suggestions but no solutions.
Okay, time to fall back to a defensive position while I try and get
some help from my second choice, tech support. In the mean time, the
main Linux box went back to being the router/firewall with the router
behind it, configured as a switch with NAT (i.e., both computers in
the DMZ). All three computers can ping each other and access the
Internet. Good enough for the interim.
E-mail support for SMC is in India. Turn-around is overnight at best,
two days is typical, a week in the worst case. I told them about my
problems with the e-mail server and they replied with information
about how to configure my e-mail client. I rephrase and try again.
No reply. I wait a week and resend with additional details. They
reply to both messages with information on how to configure the router
virtual server features, even though I said I had already tried that.
It has been two weeks and I still have no work-arounds or fixes. I
finally gave up on e-mail support and called SMC tech support. They
also are in India. The person was polite and picked up faster that my
problem was with an e-mail server. He suggested all the same things
the e-mail tech support did and that I had already tried. He did
say that he would pass the information along to the engineers and I
should watch the Web site for firmware updates.
At the weekly lunch with survivors and expatriates of a dot-com, I
mentioned my problems. Someone had a LinkSys BEFSR41 broadband router
gathering dust that I could borrow. He mentioned that the initial
configuration needed to be done on Windows, he had no luck using Linux
until the router had acquired an IP address on the WAN via DHCP. I
took it home, read the manual on the CD-ROM, and connected it. I'm
the contrary sort, so of course I tried to configure the router from
Linux first. With both Netscape 4.77 and Mozilla 1.1 I could login in
and configure the basics, but not save my settings. Clicking on the
"save" button did nothing. So I tried Opera. That worked. (After the
initial setup, Mozilla, at least, worked fine.)
The Web pages on the LinkSys are not as attractive as the SMC's and
are slower to load. On the other hand, the LinkSys saves settings
faster than the SMC. The functionality is about the same, though the
SMC (with the V1.05 firmware) supports dynamic DNS services like
www.dyndns.org. Nice bell and whistle but first the core
functionality has to work, so I never tried it.
Now that the basics on the LinkSys work, it is time to try and break
it. What other protocols can I try? FTP works fine. Telnetting to a
MUD on a non-standard port works fine. POP3 e-mail retrieval works.
Quake 3 Arena works but seems a little jittery. I was impatient and
did not wait for a low ping server so I try again. Same result. Not
a biggie. I try everything I can think of and it behaves as expected.
The manual on CD-ROM mentions logging. You can view the log through
router's Web server. There is a Windows program,
LOGVIEWER.EXE, to view it from any host on the LAN. Not
mentioned anywhere is the fact that the log is SNMPtrap events. UCD's
snmptrapd does a fine job of logging them in a terminal.
However, directing the log to syslog shows some strange characters
when viewed with Xlogmaster. I suspect these are from the Windows
extended character set and the high bit is set. Something to
investigate in my copious free time.
Now the question is, do I want to pay money for one of these? Back to
Google. There is a LinkSys discussion forum on BroadbandReports.com.
Browsing revealed the usual problems with configuration and
understanding, but none of the angry "Model XYZ is junk" type posts I
found in the SMC forum. To be fair, the LinkSys forum has a lot more
traffic and I did not read every post on this model.
An ad for the local office supply big-box store lists this router for
$39.99, half off list! Okay, what's wrong with it? Usually this is a
sign that it is about to be replaced. Network Everywhere is LinkSys's
value line. Their NR041 has essentially the same specs as the
BEFSR41. The two visible differences are a smaller metal case instead
of the stacking blue and black plastic case and a switchable
normal/uplink port instead of the dedicated uplink port (using the
uplink port deactivates the normal port 1, so there is no operational
difference). Users report that it runs hot. Someone has already
tried opening the case and attaching a VGA heatsink. My office is
already too hot and I know the BEFSR41 works, so I stuck with it. The
one I bought was the V2 version.
The differences are a mixed bag.
The V1 power cable is a real cord with a power supply in the middle.
The V2 power cable is the usual wall wart with a skinny cord. The V2
LEDs are smaller and off-color when viewed off-axis, yellow instead of
green. The pleasant surprise is that the ragged updates in Q3A are
fixed. For Windows users, UPNP has been added, though the V1 will
support it with a firmware update.
Both LinkSys versions support dynamic and static routing
configurations. On my home network, it is not worth the trouble to
set up dynamic routing. The static routing works as expected. Before
entering the last subnet, I tried pinging across subnets. No
response. Enter the values and save. It works. Okay, I
understand what is going on. Interestingly enough, the SMC router has
no routing configuration and seems to figure it out on its own.
Another oddity, when plugging the SMC into my network,
auto-negotiation of 100BaseTx-FD happens gracefully -
mii-tools reports the expected values and the appropriate
message shows up in the syslog. With the LinkSys, the message
sometimes appears in the syslog, but
mii-tool always reports
10BaseT-HD. The front panel LEDs always reports 100BaseTx-FD for both
routers. A throughput test on the LinkSys shows 768KBps (6Mbps+),
theoretically possible with 10BaseT but very high.
The one thing I miss with either router is the partial loss of
visibility. I no longer can see all site traffic with GKrellem and
MRTG, just the portion going to my box. And Snort (an Intrusion
Detection System) also sees only the one box's traffic, not
everyone's. I think I can work around this with a hub in front of the
router connected with a read-only cable to the spare NIC on the Linux
I eventually grew tired of dealing with SMC tech support so I returned
it and saved myself $20.
Note for GUI haters: lynx does not work with the LinkSys, it does not
like logins with a password but no username. When you enter an empty
username, it assumes an empty password.
Now I can shoot myself in the foot without bringing down the wrath of
my wife. Such a deal. And for less than dinner for two in a good
Jeffrey L. Taylor is a software engineer with 25 years programming
experience: 20 years with Unix, and 4 years with Linux. He received a
B.S. in Electrical Engineering and a M.S. in Electrical and Computer
Engineering from the University of California at Davis. He has taught
programming to undergraduates and University Extension students, and
system analysis and design to MBA students.He has been writing in the
computer-enthusiast press since 1981.