new NAT needed

[xela]

My getting on to ten-year-old Apple base station is getting to the point where it flakes out more than I'm willing to put up with. I want to replace it, and I don't especially want to pay Apple prices.

What I need:

• Like the Apple, a single NAT served simultaneously to 100baseT (or would it be 1000 these days?) and 802.11
• WPA2 support

What I'd like:

• The ability to manage the NAT from the command line, preferably via a serial console
• The ability to map IP addresses to MACs, without being locked into only using computers whose MACs I've registered with the NAT
• The ability to run a second, open wireless NAT, along with
• The ability to choke how much bandwidth to the 'Net a given NAT can use.

Suggestions?

Comments

[ken_r]

Have you looked at the WRT54GL? There are projects working on custom Linux-based firmware to let you run some random services on it. I'm not very familiar with it, but it looks interesting.

My own solution has been a NetBSD server (which I'd have running anyways for IMAP and NFS) with multiple network interfaces (one upstream, one to a switch on the local net), and a wifi base station (formerly a D-Link box, now an Apple Time Capsule) in simple bridging mode. I configure NAT and DHCP on the UNIX box, getting command-line access and reasonably fine control that way; WEP/WPA2 is done through the wifi router itself.

A server with a wifi interface built in would undoubtedly work too, assuming base-station mode is supported; NetBSD supports bridging between networks.

A second wifi net would take some more work -- probably a second wifi device, and an additional port on the server if bandwidth limitations (which I think NetBSD provides) were to be enforced. Presumably you might also want to limit what traffic is relayed to the open network, rather than bridging it to the others.

Though, the Apple Time Capsule is supposed to be capable of operating a "guest" network with different SSID and security settings. It seems to only be possible in NAT mode, not in simple bridging mode, unfortunately, so I haven't played with it. I don't know if they've loaded it up with extra hardware, or if some other 802.11n routers might have such features...

[fredrickegerman.livejournal.com]

Several colleagues use one or another of the various WRT54G hacks happily. It appears to be a pretty stable solution, and substantially lower-power than a repurposed PC or laptop. I expect you can get 802.11n support, and I think 1G ethernet is standard nowadays. Google WRT54G for the Wikipedia page, or check out openwrt.org; other hardware is supported too.