Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

To: Dan Ritter <dsr@randomstring.org>
Cc: debian-user <debian-user@lists.debian.org>
Subject: Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?
From: Celejar <celejar@gmail.com>
Date: Mon, 8 Feb 2021 15:33:51 -0500
Message-id: <[🔎] 20210208153351.09e4f0919fb5b66720998541@gmail.com>
In-reply-to: <[🔎] 20210208160335.GD8995@randomstring.org>
References: <[🔎] 20210206102908.4674.qmail@rahul.net> <[🔎] 20210208022332.GA25789@anthropohedron.net> <[🔎] 20210208114123.GA8995@randomstring.org> <[🔎] 20210208080516.04ff882b67267f88c9ed523c@gmail.com> <[🔎] 20210208133634.GB8995@randomstring.org> <[🔎] 20210208093548.e8004acda15e9b7655e7a8f7@gmail.com> <[🔎] 20210208145713.GC8995@randomstring.org> <[🔎] 20210208102039.73c14dfa4c89b95b98a86ed8@gmail.com> <[🔎] 20210208160335.GD8995@randomstring.org>

On Mon, 8 Feb 2021 11:03:35 -0500
Dan Ritter <dsr@randomstring.org> wrote:

> Celejar wrote: 
> > > I can be glad that OpenWRT has improved their security practices
> > > and simultaneously not be interested in using it.
> > 
> > I think we are really in basic agreement. The reason I use OpenWRT is
> > that I use a residential all-in-one WAP / switch / router, which Debian
> > is unsuitable for. If I ever go the separate WAP / switch / router
> > route, I'll probably use Debian on the router for the reasons you
> > give: good support, a system I'm familiar with, etc.
> 
> Debian works well in this situation. You just need to arrange
> for enough NIC ports to meet your needs.
> 
> If you are OK buying used equipment, Intel-based gigabit NICs, 4 ports
> to a PCIe slot, cost about $35 (or $70 new). If you've got a 5 year old

My understanding - please correct me if I'm wrong - is that with those
types of cards, the ports are distinct and aren't actually switched in
hardware, so switching occurrs at the OS / kernel level. I don't know
how much of a load this puts on the system in practice, but my
understanding is that it's certainly not an ideal way to design a
switch.

> desktop sitting around with 2GB or more RAM and 3 available PCIe slots,
> you can use it as a WAP and have nine switched/routed gigabit ports,
> counting one on the motherboard.  If you only need 5 ports, you only
> need 2 PCIe slots -- one for a WiFI NIC and one for the ethernet NIC.

My understanding, although I could not find solid documentation of this,
is that consumer wireless chipsets designed for client use don't make
particularly performant APs. They'll work, but purpose built APs will
perform much better, especially with their AP optimized antennas. I
don't really know if this is true, though, and to what extent it's an
issue, if it really is one.

And the power usage on a five year old desktop (which I don't actually
have) will be much higher than a purpose-built AIO AP / switch / router.

> Debian has hostapd and dnsmasq packages.

But again, I don't really disagree. If I had the hardware lying around,
and I determined that the power consumption wasn't a factor, it would
certainly be tempting to consider this route.

Celejar

Reply to:

Follow-Ups:
- Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?
  - From: Dan Ritter <dsr@randomstring.org>

References:
- Linux router AP with reserved IPs on wlan0?
  - From: conover@rahul.net (John Conover)
- Re: Linux router AP with reserved IPs on wlan0?
  - From: Gregory Seidman <gsslist+debian@anthropohedron.net>
- Re: Linux router AP with reserved IPs on wlan0?
  - From: Dan Ritter <dsr@randomstring.org>
- Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?
  - From: Celejar <celejar@gmail.com>
- Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?
  - From: Dan Ritter <dsr@randomstring.org>
- Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?
  - From: Celejar <celejar@gmail.com>
- Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?
  - From: Dan Ritter <dsr@randomstring.org>
- Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?
  - From: Celejar <celejar@gmail.com>
- Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?
  - From: Dan Ritter <dsr@randomstring.org>

Prev by Date: Re: Developers repositories and Python
Next by Date: Re: Incorrect password Debian 10.8 after installation
Previous by thread: Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?
Next by thread: Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?
Index(es):
- Date
- Thread