By Loyd Case  |  Posted 2003-01-03 Print this article Print

Product: LinkSys BEFSR81 Router & 8-Port Switch
Web Site: www.linksys.com
Pro: Easy setup; highly flexible for server setup; relatively inexpensive
Con: Potential security issues fixed by updating firmware; port triggering option obscure
Summary:       The best of our testing.
Street Price: $80, check prices
If youre looking for a high-capacity broadband router, Linksys has an 8-port switch / router, the BEFSR81, that seemed to fill the bill. We put it through our rigorous ExtremeTech test procedures to see how well it would perform.
PC Magazine reviewed the four-port little brother to this router. This router had some security holes, which Brett Glass noted in his informative security coverage. Since then, LinkSys has released a firmware update that plugged these holes. We tested with the latest firmware. As noted in the PC Magazine review, LinkSys broadband routers support both NAT-style (network address translation) and stateful packet inspection (SPI), which leaves TCP and UDP ports closed until those ports are specifically requested, or manually left open by the router admin. You configure the router by connecting to its IP port through a standard web browser. Although we didnt test for performance, its worth nothing that the four-port version PC Magazine tested was also one of the speediest. We set up the BEFSR81 router as the broadband router sitting between a cable modem and our test network. We uplinked the LinkSys to a Netgear 8-port switch, which allowed us to connect seven PCs and three networked appliances. As a standard broadband router, the LinkSys was very easy to set up -- plug in the Ethernet cable from the cable modem, turn everything on, and we were automatically connected to the Internet. Note that one reason it was so easy was that our local cable provider doesnt require PPPoE or any other authentication mechanisms just to establish a link -- the connection is always live. If your connection requires PPPoE, configuration is somewhat more difficult – but not overwhelmingly so. The bundled documentation helps during this setup. Part of our testing involved setting up an Unreal Tournament server and then attempting to access it from about 40 miles away. This was a bit more complicated. In the routers default state, the game server was invisible to the PCs trying to connect via the Internet. Even typing in the IP address of the router (or, when the IP address was hard coded, the PC), failed to reveal the existence of a game server. The next step was to try the most extreme (and dangerous) option -- we put the UT server PC in the DMZ. This exposed the system to the Net, so we hard-coded an IP address that wasnt an internal-only address. You do this in the network control panel, by disabling DHCP and typing in an IP address supplied by your ISP. This only works if you have more than one IP address made available to you by your broadband service provider – which typically costs more money. This worked like a charm. Dave was soon happily fragging bots from his connection forty miles away (and kicking ass/taking names, I might add. – Dave). DMZ Is Risky: However, configuring a PC in the DMZ is a risky proposition, particularly if other PCs on the internal network have valuable data. To the outside world, this machine appears to have your WAN address, the IP address youve either hard-coded in your router if your ISP gives you a static IP address, or the address your router has been dynamically assigned via DHCP from your ISP. But internally, this machine still has a 192.168.x.x address, and sits on the same IP segment as the rest of the machines on your network. If youve got Windows File and Print sharing enabled, for example, a cracker could come in and wreak high holy havoc. If nothing else, that PC in the DMZ could be subject to DoS (denial of service) attacks such as the so-called "Ping of Death" that floods your system with pings, drowning out all other traffic. Your DMZ machine could even be co-opted by unfriendly script kiddies who use unguarded systems to launch attacks elsewhere. The next step was to try port forwarding. This means specifically telling the router that one particular PC has access to outgoing TCP/IP ports needed by the game server, and that incoming packets from players systems are routed properly. Since most games use UDP as their main protocol, you simply check the UDP box, fill in the port ranges (7777 to 27800 for Unreal Tournament) and fill in the internal IP address of the server. This also worked like a charm. But even port forwarding still has some vulnerabilities. Its also inconvenient. If you have more than one PC, and you want to run a game server from different PCs at different times, then you have to set up individual port forwarding configurations for each PC. The LinkSys router, like the D-Link offerings, also has the option of port triggering, which is a more elegant solution. To configure port triggering, you select that option from the port forwarding configuration screen. This is one of the few times that the LinkSys UI seemed awkward, and the port triggering screen looks a bit terse. But in the end, it was really quite simple to set up-- we just set the trigger port range for incoming and outgoing packets. When the server requests a port, that "triggers" the router to allow the packets to pass; the same holds true for incoming packets. Note that there is no specific information about the system, such as internal IP or MAC addresses exposed. As a router for someone who wants to host game servers, the LinkSys BEFSR81 offers a lot of plusses: convenience and performance. Setup is easy and straightforward, and youll be hosting your own game servers in no time.

Loyd Case came to computing by way of physical chemistry. He began modestly on a DEC PDP-11 by learning the intricacies of the TROFF text formatter while working on his master's thesis. After a brief, painful stint as an analytical chemist, he took over a laboratory network at Lockheed in the early 80's and never looked back. His first 'real' computer was an HP 1000 RTE-6/VM system.

In 1988, he figured out that building his own PC was vastly more interesting than buying off-the-shelf systems ad he ditched his aging Compaq portable. The Sony 3.5-inch floppy drive from his first homebrew rig is still running today. Since then, he's done some programming, been a systems engineer for Hewlett-Packard, worked in technical marketing in the workstation biz, and even dabbled in 3-D modeling and Web design during the Web's early years.

Loyd was also bitten by the writing bug at a very early age, and even has dim memories of reading his creative efforts to his third grade class. Later, he wrote for various user group magazines, culminating in a near-career ending incident at his employer when a humor-impaired senior manager took exception at one of his more flippant efforts. In 1994, Loyd took on the task of writing the first roundup of PC graphics cards for Computer Gaming World -- the first ever written specifically for computer gamers. A year later, Mike Weksler, then tech editor at Computer Gaming World, twisted his arm and forced him to start writing CGW's tech column. The gaming world -- and Loyd -- has never quite recovered despite repeated efforts to find a normal job. Now he's busy with the whole fatherhood thing, working hard to turn his two daughters into avid gamers. When he doesn't have his head buried inside a PC, he dabbles in downhill skiing, military history and home theater.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel