Some quick questions about features for a prospective user (rt-ac68u).

[bengalih]

I have been hearing good things about merlin for use with my ASUS RT-AC68U device.

I have experience with Tomato on my old WRT54G and DD-WRT/OpenWRT on some other devices. I was a big fan of Tomato, but am deciding to try a newer build for my ASUS or switch to Merlin.

My understanding is that Merlin is a modified/tweaked/updated version of the stock ASUS firmware - is that correct? So all the features I find in my Asus firmware, like QoS or the network monitoring graphs will be available in Merlin?

My other slightly more advanced question is I am looking for some type of IDS/notification system. It doesn't need to be too complex - what I would like is to be able to be notified via e-mail when connections are made into certain ports over the WAN (only).

Can Merlin do this on the RC-AC68U ?

Thanks!

 

[AndreiV]

http://asuswrt.lostrealm.ca/about

http://asuswrt.lostrealm.ca/features

 

[Blinkyz]

My understanding is that Merlin is a modified/tweaked/updated version of the stock ASUS firmware - is that correct?

Yes

So all the features I find in my Asus firmware, like QoS or the network monitoring graphs will be available in Merlin

Yes

 

[RMerlin]

My other slightly more advanced question is I am looking for some type of IDS/notification system. It doesn't need to be too complex - what I would like is to be able to be notified via e-mail when connections are made into certain ports over the WAN (only).

Can Merlin do this on the RC-AC68U ?

Through scripting, yes. You'd need to create an iptables rule that will log connections to that port, then have a cron job regularly checking the log for that log entry. When the log entry is there, your script can then fire up an email through a script.

It will require manual scripting however, such a very specific feature isn't available through the webui.

 

[bengalih]

Through scripting, yes. You'd need to create an iptables rule that will log connections to that port, then have a cron job regularly checking the log for that log entry. When the log entry is there, your script can then fire up an email through a script.

It will require manual scripting however, such a very specific feature isn't available through the webui.

Thanks very much...I'm excited about testing out the features from the linked page above (especially selective VPN routing!).

This is my project for the week - at least getting flashed and setup as per my current ASUS config.

I have one other question regarding your scripting for the events logs.

Assuming I want these events regularly checked the cron job would have to run pretty frequently..maybe every minute. Do you expect this to have a significant performance impact on the router?

Also - as far as other options. Are there and 3rd party IDS packages like snort that can be installed with this firmware? Are they recommended/supported and how much would they impact performance.

thanks again.

 

[RMerlin]

Assuming I want these events regularly checked the cron job would have to run pretty frequently..maybe every minute. Do you expect this to have a significant performance impact on the router?

As long your log isn't very busy, it shouldn't cause any measurable performance impact.

Also - as far as other options. Are there and 3rd party IDS packages like snort that can be installed with this firmware? Are they recommended/supported and how much would they impact performance.

Snort is available through Entware, however it might be too resource-intensive, unless you limit yourself to a very small ruleset.

There's also the built-in Trend Micro security suite that's part of the RT-AC68U, and will at least detect some known attack vectors.