Multiple NATing vs firewall & routing (WRT54GS)

Discussion in 'Networking Issues' started by ArgoNavis, Dec 2, 2006.

  1. ArgoNavis

    ArgoNavis LI Guru Member


    I'd be grateful for anyone's comments, opinions or advice.

    I have several tiers of Linksys routers on an internal network, underneath a consumer grade DSL WAN gateway doing NAT. The Linksys routers involved include the WRT54GL, WRT54GS, and BEFSX41. Each of the routers is isolating an individual subnet. A functioning firewall between subnets is essential, so I decided to enable NAT on each router -- since it was quick and easy, and since the NAT demonstrably works and provides the necessary firewalling.

    The multiple-NATing is suboptimal, however, since it increases latency and is probably somewhat more error-prone. As a result, I'm thinking of restructuring the configuration to keeping only a single NAT on the WAN gateway. The other routers would be configured in "router" mode with static routes. This configuration would place a great deal of reliance on the Linksys firmware's firewalling capabilities.

    Does anyone have experience with the firewall on a WRT54GS (eg) in router mode? Does the router block incoming connections, despite the fact that the internal IPs are addressable?

    Thanks for your time!

