Ethernet modem choice

Dangerjunkie · Mar 08, 2008, 08:07:44

Hi,

I'm finally ditching the hell that VM has become for a happy future with IDNet. I called BT and agreed the installation of my BT line yesterday. I've never had ADSL (always been on cable broadband) so I don't know much about it. I run a home office and have an IPCop firewall which by default is Ethernet-fed from the Internet.

I'm looking for an ADSL modem (preferably Ethernet) that doesn't do (or can disable) NAT or any messing about as my firewall does all that stuff. I'm going to start on Home Supermax so I'll only have 1 IP address but in future I may want to upgrade to Business Max Premium so I'm looking for a modem that can pass 8 IP addresses direct to my firewall to be routed. I'm intending to buy an ADSLNation XTE-2005 pro faceplate to go with the modem.

Someone on another forum pointed me at the Draytek Vigor 100 which BroadbandBuyer seem to rate highly. It's also (like Stella) reassuringly expensive (I do recognise that more often than you do get what you pay for.) I called Miriam and she said that her experience of Draytek was that their longevity might not be all there. She pointed me in the direction of the Netgear DM111P (two thirds the price of the Draytek) but said she'd seen it work well at home but never used it in a commercial environment and that I should ask here for opinions. The Netgear gets mixed reports at BB and seems to have a reputation for overheating and failure (slightly worrying since the rack it will go in is quite warm anyway.)

I can spend months at a time out of my office on the road and use my broadband for my office VPN so reliability is very important to me. I'd rather not end up in a situation where my modem fails and I have to talk my partner through installing and configuring a new one over the phone.

I'm between 1.8 and 2.8 miles from the exchange as the cable may go a number of routes. I'd really like to get at least 4MB so it's as good as my cable was when I signed up if I can so I'd like a modem with a reputation for getting the best possible speed and reliability from a line. I'm a communications engineer so I don't mind something that is a little more difficult to get working and I realise that I will spend far more on IDNet service than the modem costs so the price of the modem isn't really an object.

I'd value your comments on whether I should choose the Netgear DM111P, the Draytek Vigor 100 or something else. I would also consider a router as long as the routing, DHCP, NAT and anything else needed could be turned off to make it into a modem capable of delivering 8 IPs to my firewall raw.

Thanks for your help,
Paul.

Malc · Mar 08, 2008, 08:13:33

Hi and

Someone with the tech knowledge will be along soon.

Rik · Mar 08, 2008, 09:14:36

Hi Paul and welcome to IDNetters, have a karma to start your career.

TBH, your needs are outside my experience, but I wonder if something from Cisco would be your best bet, they do tend to me the Rolls Royce of the business, and although expensive, the reliability should pay for itself in terms of your time.

Hopefully, someone with more experience in this area will be along shortly, but you might also like to ask over on ThinkBroadband if you haven't already.

Sebby · Mar 08, 2008, 10:50:26

I'm usually quite good at recommending hardware, but I'm not certain of any particular modems that do what you want. It might be an idea to post over at Think Broadband in DSL Hardware Discussion; there are some quite technical guys over there.

I'm around 2.6 miles from the telephone exchange (as the crow flies) and sync at around 4.6Mb (with a target SNRM of 9dB set manually by BT for stability, so it would sync higher if this were not the case). That said, every line is different, and as you don't have ADSL at present, it's virtually impossible to gauge what you're likely to achieve. But, a XTE-2005 faceplate will certainly ensure that you get the best sync possible.

I hope this helps.

Simon · Mar 08, 2008, 12:05:17

I'll be of even less use, technically, but have another welcome Karma, Paul.

esh · Mar 08, 2008, 12:46:06

If you want your ADSL modem to just "pass" traffic along and act as a connection device then you need a router that functions in "bridge" mode (or a plain ADSL modem!). However, I believe you *will* want some form of routing logic, rather than just passing the data along. Does your 'firewall' do that?

As an explanation, each internal system has its own IP, such as 192.168.1.100 to 192.168.1.106 sequential. If your external range is 95.105.31.0/29 (or similar), then you're going to have mappings like

95.105.31.0 -> 192.168.1.100
95.105.31.1 -> 192.168.1.101
...

With a router in bridge mode, I think you need 1:1 NAT as routing won't be possible, so you want to set up the appropriate routes in whatever device you'll be using. DHCP is clearly not ideal with multiple external IPs, especially if you run servers! You should check your hardware can handle this if you're seriously looking at using multiple external IP's. You can still put your firewall after the routing box of course, just make sure the traffic has to pass through it. Short of a Cisco router or a Soekris box (or using an old PC with PfSense) I'm not sure what consumer level routers really offers such capability. It's not really a feature that's advertised and as such is pretty hard to identify if a device is really going to do what you want.

Edit: in one of my threads, ducky22 just mentioned that a Netgear DG834G will do the trick.

ducky22 · Mar 08, 2008, 13:42:18

I wouldn't touch the DM111P... Its the dg634 with a couple of bug fixes but not them all. The DG634 is the most unreliable piece of ADSL kit I've ever used. The DM111P isn't much better.

For what you want, the DG834G (or GT) is perfect. It is a tried and test solution and they do tend to be very reliable. NAT and DHCP can be turned off and the DG834G's firewall set to allow incoming traffic on IPs within the block. Then all you need to do is to bind the IP(s) to other devices or all of them to a hardware firewall. It does work as a proper 'no-nat' setup.

I have been able to achieve the same setup with the 3com Officeconnect ADSL Modem/router range. The draytek does work but they are exceptionally over priced for what you get. If you intend on using QoS go for one of these, if not, don't. They're ugly on the desk too :-P.

The 2wire IG1800 and HGV2700 **can** do multiple static IPs but I don't think you'll be able to bind multiple IPs to one device (certainly 1 IP will work fine). I mention this modem/router because it is very reliable on noisy lines and holds signal very well. This might be an idea in the meantime before you go for the 8 block of IPs. I think they are about £30 on ebay.

Dangerjunkie · Mar 08, 2008, 18:12:24

Hi guys,

Thank you for the welcome, the advice and the karma

OK. I'll leave the DM111P alone I think: Ducky's opinion on the software coupled with the reviews on Broadband Buyer saying it's prone to overheating and frying its innards make it sound just too risky.

My firewall is a 266MHz Pentium II with 256MB RAM that runs IPCop ( http://www.ipcop.org ) It supports 4 LANs (Red = Big, scary world, Yellow = DMZ, Green = pleasant, safe pasture where my machines can graze unmolested, Blue = Wireless APs [Green is protected from blue]), Stateful packet inspection, Snort IDS and can forward ports or groups of ports from any of the bound Red IPs to any port on any of the of the hosts. It's not limited to 1 IP to 1 machine mapping. I thoroughly recommend it. The SPI has even saved one of my boxes from having its cookies stolen by a browser exploit.

The DG834G looks good. I already have a wireless AP on the Blue LAN of my firewall. Can I turn the built-in wireless off please? Does it have a facility to save settings in a file? If so I could leave my partner with a file that makes it into a regular 834 she can load and bypass the firewall to make everything well again in case the firewall happens to go bang whilst I'm out the country (it's a bit old... [J.R.Hartley])

I quite like the idea of being able to protect bandwidth if I start using remote IP phone devices and £50 isn't exactly outrageous for the Draytek Vigor 100. My partner also complains that I turn the broadband to poo if I log in with my VPN from work and use it to bypass my customer's firewall so I can play online games. Could I use the Draytek to moderate this and maintain both of our happiness?

Someone mentioned Cisco. On quick inspection the Cisco 877 seems to be very cool (not sure whether I'd need the basic firmware or the advanced IP edition) but at either £250 or £300 I'm going to need a little convincing. I'll also need a crash course in IOS but I don't think that will be a huge problem. Would anybody argue that it was worth it?

Thanks,
Paul.

Rik · Mar 08, 2008, 18:17:12

Hi Paul

You can, indeed, save the Netgear configuration to file, and use it to restore settings. TBH, though, I've never tested that for wireless on/off, but I would hope that it included all settings. Which implies, and I'll state, that you can, indeed, disable wireless.

No idea on the Draytek, sorry. It was me who mentioned the Cisco, my thinking being that you really want an industrial strength router, and you don't get better than a Cisco. I would have thought the reliability alone would justify it as a business expense.

ducky22 · Mar 08, 2008, 18:24:36

That's quite a setup you have! I used to run multile vLANs until I moved house and didn't feel the need to go about setting everything up again. I've got a server and running a Windows 2003 domain (setup properly) so all is cool.

You can turn the wireless feature off on the dg834g. It does have a facility to backup settings and restore - used this once or twice myself!

I don't think the vigor 100 offers QoS... I believe the 2600v does. You could probably install some sort of QoS software on the server and this would likely work better and be more configurable than something you'd get on a home router.

The 877 is a fun piece of kit!! I seem to recall that you can't set the WAN IP to obtain automatically (most likely will be a problem with IDnet)..........maybe I'm confusing it with another modem/router. Not sure how reliable they are over long periods - i'd guess very as it is a cisco device. It probably isn't worth the additional expensive when you can do everything cheaper with tried and tested methods.

esh · Mar 09, 2008, 01:23:36

The Draytek gives me such a nostalgia vibe. It is *so* like an early 90's 28k modem or something.

Rik · Mar 09, 2008, 09:44:32

I know just what you mean.

Aaron · Mar 10, 2008, 17:29:39

Hi Dangerjunkie,

Like you, I also run an IPCop box setup with an ethernet modem passing through the IP so that the IPCop Red interface card has my Internet IP address.

Modems that can do this are the ADSLNation X-Modem, and the Westell Proline 6100 (although its an old model B90-610085-06 and probably not sold anymore, but check for it anyway). I currently use the Westell Proline and pleased with it currently

And yes, you can disable the Nat/firewall options on these modems so all traffic passes through to IPCop and you can do your port forwarding from there.

edit: Should mention I've had no luck with BBC multicast streams, not sure if this is the fault of the modem or IPCop itself, the Modem has an option ticked "Bridge Multicast" but no clue if this is related to Multicast streams

Rik · Mar 10, 2008, 17:31:13

Hi Aaron, we seemed to have missed greeting you, my apologies - have a belated karma.

Dangerjunkie · Mar 11, 2008, 16:07:19

Hi Aaron,

Welcome and thanks for the reply. Have a karma

Oh nuts! We have a new entrant in the race (just as I was about to buy a DG834v4) *Puts credit card away*

ADSL Nation seem to make very good kit if their filters are anything to go by. I intend to get an XTE-2005 to keep my modem company. How are you finding it for speed and reliability? Have you compared it with any other modems please?

I'm going to start on Home Supermax but I may upgrade to Business Max later. Do you know if it can bridge a block of 8 IP addresses into my firewall if I go up to Business Max please?

Thanks,
Paul.

Aaron · Mar 11, 2008, 18:36:21

Wouldn't really know, last time I used the X-Modem was more than 2 years ago, been using Westell's ever since and can't quite remember why I decided to switch to that. Wouldn't know much about bridging several IPs over either, I'm the only user on my IPCop setup due to my dislike of unstable hardware routers you see, overkill perhaps but I like the solidness of IPCop

Sorry I couldn't be of more help!

Dangerjunkie · Mar 12, 2008, 10:32:45

Hi Aaron,

Thanks anyway

I have another question for everyone please:

I have an Sky+ box connected to the same line as my ADSL will go on. I've seen several people say it's a good idea to double-microfilter Sky boxes. If I'm getting an XTE-2005 for my master socket (where the modem will be) do you think it will be a good idea for me to order an additional XF-1e for the Sky+ box up front so I can have it double filtered whilst I'm going through the training period?

Thanks,
Paul.

Rik · Mar 12, 2008, 10:39:02

I double-filtered my box when it was connected, Paul, they are notoriously noisy and it does seem to help.