[ale] SMB routers capable of having multiple WAN IPs on one interface?

Raj Wurttemberg rajaw at c64.us
Sat Jul 29 11:27:29 EDT 2017 

Hey DJ,

- This isn't my call. The company's clients requested FTP, so I have no
choice.  I'm trying to see if I can get one of their clients to switch to
sftp but both have hardware that is dependent on FTP.  

- Yes, I know the big names like Cisco, etc... and I'm fine to move them to
one of the big name firewalls I was just curious if there were any other
hardware recommendations.

- I know you mentioned Linux, while not Linux.... I am experimenting with
pfSense as well. I run pfSense at home but have not checked to see if it can
do multiple WAN IPs or VIPs. From what I have seen over the past few months,
pfSense does a good job of maintaining their software and I would gladly
move to one of their appliances for business use. 

Thanks,
/Raj

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
DJ-Pfulio
Sent: Saturday, July 29, 2017 6:08 AM
To: ale at ale.org
Subject: Re: [ale] SMB routers capable of having multiple WAN IPs on one
interface?

a) don't use plain FTP. That protocol should have died in 1995. Use sftp
with keys.  The interface is exactly the same as plain FTP.

b) Any proper router can support multiple WAN IPs.  I used to do it with
dd-wrt on a $20 Buffalo. It isn't point-n-click, but it isn't that hard.

We've learned to avoid the sort of router you seem to want because they are
not properly maintained by the vendors. After 2 yrs, most vendors completely
forget their old routers and stop providing firmware updates.

open/dd-wrt isn't any better.  Old routers are forgotten by the maintainers.
They are volunteers who love routers, so they are constantly updating their
own hardware.  Make sense.  Why would they maintain a distro for 3 yr old
hardware?

To solve that issue, there is only 1 solution that I know.  Build a router
around a Linux or BSD distro that is constantly patched.  If there aren't
monthly firmware updates, then the vendor just isn't patching enough. About
the slowest, supported, solution, I'd go with is pfsense. They don't make
updates quite often enough, but it is their only job and they know it.
Maintaining a pfSense-based router is really easy.

Plain FTP is a much bigger issue here, IMHO.

On 07/28/2017 06:07 PM, Raj Wurttemberg wrote:
> Are there any SMB firewall/routers that support having multiple WAN 
> IPs on one interface?
> 
>  
> 
> Use case: We already have a ftp server for an application.  We have a 
> vendor that needs to drop off FTP files on a device (firewall would be
> configured to only allow their subnet).   Basically I need two IPs on my
> firewall so that I can support two FTP servers.  I have asked the 
> vendor if they can support FTP on a different port and I can NAT the 
> traffic to the device.
>  
_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

More information about the Ale mailing list