On 06/29/2015 10:43 AM, m.roth at 5-cent.us wrote: > James B. Byrne wrote: >> On Mon, June 29, 2015 02:14, Sorin Srbu wrote: >> OS 6? >>> >>> Please note: I'm not criticizing, just curious about the argument >>> behind using a regular OS to do firewall-stuff. >> >> Maintenance. >> >> A consistent set of expectations does wonders for debugging odd-ball >> occurrences. Why learn the idiosyncrasies of two distros when one >> suffices? Just start with a minimal CentOS install on your >> router/gateway and add only the packages that you know that you need. >> Any critical omission will evidence itself in short order and can be >> added then; or the source of the need removed as circumstance >> warrants. Being a longtime RH/CentOS user recently flirting with debian, I have to agree. Another advantage to using a single distro across multiple machines is the ability to compare them (e.g., does this system system file have the same size and timestamp on all my systems?). > I'm running DD-WRT on an ASUS router these days, and I'm *NOT* wildly > impressed. I mean, it seems ok, but the project is run in what I can only > describe as "amateur", in the worst sense of the word. The several > official developers release a build, and you can choose which one of > who's; people on the mailing list have "favorite builds", which is not a > phrase I have *ever* heard used with an o/s before, and I'm afraid to > update, as some of their "documentation" is out of date, or wrong. I agree on dd-wrt. Several docs and occasional forum postings say, "check the wiki." Other docs and forum postings say, "ignore the wiki, it's outdated." Finding the latest build is like an easter egg hunt. The whole project seemed to me to be very disorganized. Re: administration and docs again: My router's wifi radio seemed to go out one day (after a power outage). I couldn't connect to the router anymore via wifi. The lack of reliable docs made figuring out the settings a guessing game. And I didn't know what tools existed for diagnosing the hardware and software. I have to sympathize with the dd-wrt developers though. There are a lot of routers on the market. Most are vastly different in what hardware and features they have. And too, in most case (I'd think) they have docs from manufacturers, so have to reverse-engineer the code, and do this separately for dozens if not hundreds of routers on the market. Given these circumstances, it's amazing they've been able to do what they've done. Waxing further off-topic, a solution to this, IMO, would be something very much like a Raspberry Pi router: essentially an RPi with a half-dozen RJ45 ports. It would be nice to have the wifi built into it, but because these are country-specific, the wifi-radio would probably need to be a separate plug-in part. But having non-volatile memory on a card, as RPi's already have, would make testing and upgrading-- and also downgrading-- much easier and worry-free. > At some point, I may just get a PI, and run CentOS, or some > firewall/router distro, though that would mean not having WiFi for guests. When the radio on my wifi went out, I found it a simple matter to set up a secure wifi AP (using hostapd) on an RPi and plug it into an RJ45 on my router. > > mark