I've got an opportunity now to replace my Linksys BEFW11S4 AP/router (i.e. I'm thinking of palming it off on someone). I could just get the current Linksys similar thing, but there's one thing it does that I wish it did better, and that's filtering.
I leave my home network open, as I don't mind if the neighbours use it for a bit of casual web browsing or Messenger or whatnot, but recently people have taken to running P2P over it and soaking up all my bandwidth. So I set up filtering: BEFW11S4 can drop UDP or TCP traffic by port number. I filter out all non-privileged ports except the ones Messenger uses, and no P2P traffic gets through. The problem is, it filters out both incoming and outgoing connections indiscriminately, so when the filter is on, I can't SSH in from work, because although the remote (home end) SSH port is privileged and allowed, the local (work end) port is random, so the traffic gets dropped.
So does anyone have a recommendation for an AP/router with smarter filtering, or another way to solve the problem? Separate filter settings for incoming and outgoing connections would solve the problem (all incoming connections other than SSH are already dropped, as only the SSH port gets forwarded anywhere), as would separate filter setings for different local IPs (as the drive-bys all DHCP and end up in a different range than the statically-addressed PC I'm trying to SSH to).
What would be best of all, I suppose, would be traffic shaping per IP range, so I wouldn't need to filter anything, and could just restrict the drive-by IPs to 10% of the connection or whatever. But I bet only expensive enterprise-grade AP/routers do stuff like that. How simple are these replace-the-stock-Linux-firmware APs to set up? I really want this stuff to just work and have no appetite for tinkering with it...
Peter
Previous Topic
Index
