I'm looking for a way to replace my Linksys WRT54GS. I swapped to OpenWRT the second I got ahold of this thing but I keep overloading it and it drops all my connections. I know I'm not easy on these things and my previous D-Link DI-524 would run so hot that if I held it it would give me a slight burn. Though I've been able to keep the Linksys one cool by adding some heat syncs on the inside and add a fan to it. Is there a fairly inexpensive router on the market that I could replace these consumer crapbox's with. I'm not opposed to eBaying and am kind of looking at Cisco's but I dont know any of cisco at all.
As for what I have I have to work with that I could use for whatever,
(64 + 128(friends stick))MB ram
Box3(Friends on long term loan):
2xPentium II 400mhz
Just want some thoughts on what I could do here.
Any PC could be used for your needs. The only question is how much data you're moving and how much HP you need to move it.
I commonly use older hardware as "routing" systems. Sun hardware is very useful for this, as they usually have anywhere from 3-5 NIC's built in. (But this assumes you know something about Sparc hardware and Solaris OS.)
A PPro 200 w/ 64MB RAM and 2 NIC's runs as a "router" for me with no problems. Just as your "home router", this doesn't run actual routing protocols, but uses iptables for forwarding/masquerading.
Any of the 3 machines you listed should work fine.
Moving to a *real* router like Cisco would involve much more knowledge about routing protocols and IOS (Cisco's proprietary OS that runs on all of their HW.) Getting updated IOS versions can also be important.
PS. You'll probably want to retain the WRT54 for wireless access.
I'll probably pop it onto my slower box so I can keep the faster one for a Linux From Scrach project and the old P2 server box for a Gentoo SE project thats curently under way. Though the slow box will probably get an GentooSE for this job. Be a bit bad to set a normal Linux box up as a router and not expect to get attacked.
A "gateway" machine like this is usually not attacked directly - all it does is either drop packets or forward them on to some machine inside your network.
The exception would be maybe to attack SSH. So, the idea would be to either move SSH to another port (if you need SSH access to the firewall machine from outside your network) or have SSH bind/listen only to the internal NIC.
Use netstat heavily to ensure no daemons are listening on your external interface (unless you've enabled it on purpose.)