Best router for P2P / NAT etc?

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi all,

Just wanted some input from everyone, I am thinking of upgrading my current router (Netgear DG834PN), it does what I need it to currently, but also limits me in some ways with things I would like to do. I am just looking to improve in 2 areas mainly:

1) number of concurrent connections - this is mainly due to me wanting to enable more connections and hopefully improve download speed and overall performance, I think mine is pretty poor in this area currently.

2) Better NAT setup - currently my router has very basic firewall rules etc which I can setup - if i want to forward something from outside to inside, I can only forward to an internal port once, ie. for 3389 I can only forward to one computer, whereas I have several, so without changing which port they listen on, I would rather be able to just translate different ports to the same internal port.

If anyone can recommend any decent home-ish grade routers which have such features that would be good

Also if there are any with wake on LAN supported, again this is something which doesn't work on mine properly as when a computer is powered off, soon after the ARP cache is cleared so it doesnt know where to send the WOL packet. So I need one ideall with MAC address binding (I think)

Look forward to your replies

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

1 - The make of router won't really help much here (unless you spend money on a Cisco, Juniper or similar device). However, if you can use one of the third party router firmwares out there (DD-WRT is my personal favourite but there are several others out there (Open-WRT, Tomato etc) that will allow you to boost the number of simultaneous connections before the router falls over. TBH, it isn't the concurrent connections that will kill your P2P, it's the number of half-open connections and the speed at which they're torn down. Third-party firmware will let you tinker with settings for that

2 - What you want can't be achieved without multiple public addresses. If you have one address (like most SOHO or residential connections), you can translate it to multiple internal ports without a problem (well - within the limitations of your router hardware), but without more than one address, you can't translate to the same internal port. Think about it - how would a firewall be able to understand which box to forward reqeusts to if a request from the public side comes into, say, 10.20.30.40 on port 80 but you have two internal hosts effectively listening on that port?

As for the actual hardware itself, I always recommend the Linksys WRT54G. Awesome little box, flashed with third party firmware it gives you features that you can't get anywhere outside of a 'proper' router.

 

Is it really that difficult then, I don't see why I would need multiple public addresses? I have set up similar in work, where I translate from external ip/port to internal ip/different port, admittedly it is a business grade firewall but I want to achieve the same at home - that shouldn't be out of the realms of possibility surely?

 

It's not difficult - it's impossible.

Think about it for a moment.

You have a public IP address (10.2.3.4). You have three web servers (192.168.1.10, 192.168.1.11 and 192.168.1.12, all using the default HTTP port 80). A request to talk to one of those servers comes in from the internet, hitting your external address of 10.2.3.4 - and port 80. How is the firewall supposed to know which internal host to route the incoming request to?

What you have set up before either NATs requests via a single public IP address through to different internal ports (to take the Netscreen example, this is called a 'VIP' (Virtual IP)) or has a single, dedicated public IP address for a specific server (called a 'MIP' in Juniper-land (Mapped IP))

But you don't need multiple IP addresses. Simply change the RDP listener port (registry hack takes care of this in seconds) on each internal host you want to expose to the internet (which is seriously bad security practice, BTW) and you can connect to as many internal boxes as you want by using port forwarding on a single public IP.

 

depending on what you are trying to do there are other methods
web servers for instance can use host headers, so you can host multiple sites behind a single IP
RDP sessions can be behind a broker, or in a farm, so you can access resources from one ip address even if they are on seperate systems

what Zeb says is true, you cant listen on a socket more than once, so with one ip you are pretty limited
with multiple IPs you could have multiple sockets with the same port but different ips, making them unique sockets

 

What I think you're asking for in point two Mikey is port redirection/forwarding/translation (the exact correct term escapes my mind)

Ie connecting to:

PublicIP:33891 -> InternalIP1:3389
PublicIP:33892 -> InternalIP2:3389

As an example

This is perfectly possible and does not require multiple external IPs.

I don't recall this option on Netgear (home) routers so I'd rule them out, my only other real work has been on business class Fortigate units which support it but you might want to look at Draytek Vigor gear as their FAQ page indicates different public/private ports here http://www.draytek.co.uk/support/kb_vigor_portforwarding.html. Last time I checked they were not out of the realms of affordability.

 

thats just PAT and is the form of NAT most common to home routers anyway
very few let you do a 1:1 mapping due to the nature of home internet services only having a single ip

 

I'd recommend looking for a 3rd party firmware. I've got a DG834GT (courtesy of Sky - I don't think they give anywhere near a good a router these days!) which is a good router to start with, but add a custom firmware and it's much more stable and is full of tweaks, hacks and additional features.