Recently, a friend of mine introduced me to dd-wrt. For those of you who dont want to RTFA, it is basically linux for many popular wireless/wired routers (ie: linksys, netgear, dlink, etc). It includes many features that come with more popular Linux firewall distros, only it runs much lighter to fit on a router. So, reminded of the original firewall distro thread, I thought I'd bring it up. So, getting to the point... I'd like to think what some of the more educated people on these forums think of dd-wrt vs PfSense/IPCop/M0n0wall. What would the benefits be for a home user to have IPcop installed on a full 300W K6-2 box over a Linksys WRT54G with DD-WRT (See features here and here). [ot]I was considering posting this under War Zone but I assume we can keep our wits about ourselves this time, right? :chk: [/ot]
Very good question. I'll list some of the areas where the WRT54G(L) has the advantage, and areas where a 300Mhz K6 would be better. Pro-WRT54G(L): The WRT54G uses a lot less wattage than a traditional DC power supply A lot better than a standard plastic home router Only costs about $50 USD When flashed with the open firmware, has quite a lot of features Built-in wireless Built-in switch Very small footprint Easily replicable in case of hardware failure Pro-whitebox Even a 300MHz K6 would be faster than the WRT54G Enough RAM to support many times more traffic, with the capability of adding more (a K6 supports up to 256mb of SDRAM) as compared to the 8mb of static RAM on the WRT54G A much larger storage capacity, even in the case of a 2-4gb HDD, for added features and logging Handles many more types of VPN connections, and more simultaneously due to better hardware Capability to re-purpose existing ports to meet different requirements (e.g. DMZ, semi-trusted LAN, trusted LAN, WAN) and/or add new interfaces Can handle about 2x the throughput of the WRT54G on each network interface More robust traffic shaping SNORT for detailed log analysis Robust proxy and content filtering capabilities White-box hardware will likely be a lot more reliable than any plastic router, including the WRT54G/L So, even with a crappy old PC with a K6, it would greatly overpower the WRT54G(L) in several respects. If you had an old P3 or the like for this purpose, it'd be even more dramatic. On the other hand, even a small form-factor PC is big and unwieldy compared to the little plastic WRT54G(L). Also, in a home router you're not likely to be able to push the hardware to its full capacity, so a lot of the disadvantages are moot. I'd say the biggest reasons to go for the whitebox with your choice of open-source firewall distro over the WRT54G(L) would be the openness of the architecture, the added flexibility, stability and especially the DMZ. If you're not planning on using any of these assets (e.g. hosting your own webserver like me) and you don't mind rebooting your router every day or so, it probably makes more sense to go with the WRT54G(L) instead -- especially if you don't already have the hardware to throw at a white box. In either case, one important thing to note is that the WRT54GL is much a better choice for this purpose than the WRT54G, since the hardware is now crippled after version 4 of the hardware. The WRT54G now only has 1.7mb of flash space and a few MB RAM, so while it can run an extremely limited build of the dd-wrt firmware, it's not really a big advantage over the stock firmware. The WRT54GL ("L" as in Linux) is exactly the same as the early WRT54G which made the line so famous.
For the record, I do not plan on using dd-wrt as my future firewall distro. I very much like the flexibility and functionality of a whitebox router. But I also think dd-wrt can, properly set-up, be a huge benefit to many home networks without some of the worries of a whitebox (however minor they may be). And as a point of interest, here is another link to tutorials, displaying a few more features of the OS (given some tweaking). All-in-all a well thought out comparison - much appreciated. Now, I can't help but anxiously await Mega's reply
