New features in Linksys firmware.

1.42.3

There's a couple of goodies in this one. First, the router doesn't need a reboot for every little change. Second, they added DNS and WINS server info on the DHCP page. This allows you to specify which DNS and WINS servers (if any) are handed out to the DHCP clients. You can also specify lease time. And, they're working on improving the IPSec pass-through feature by allowing multiple pass-through sessions and also an issue with the Nortel client.

On the downside, it appears that traceroute does not work with this version of the firmware.

1.41

No major updates. They added support for UPnP, which allows people with WindowsXP to manage the router via UPnP. Since I don't have XP, I can't comment on that any further.

1.40.2

This version doesn't add a whole lot of new features. There's some integration with ZoneAlarm Pro and Pc-Cillin Anti-Virus. Couple of bug fixes, most noticeably the admin interface now works Using Netscape 4.6 or higher, and also an issue with accessing admin interface without the use of a password.

1.38.5

There's three new major additions in the 1.38.5 version of the firmware. The ability to change the MTU, the addition of Stateful Packet Inspection, and a port triggering feature. There's also a number of minor additions, changes and fixes.

MTU size

First, the MTU size can now be modified. The Maximum Transmission Unit specifies how large a packet can be before it needs to be fragmented. The default for most network devices is 1500 bytes (including headers). This probably won't be something that most people need to change, but some setups might require a smaller or higher MTU. Some VPN setups I've seen require a smaller value to account for different header size and troubles with fragmentation of VPN traffic.

Port Triggering

The second addition is the port triggering feature. Unfortunately, the help-page that comes with the firmware release isn't very good ... Linksys still claim you have to disable DHCP to use port forwarding ... Anyway, this is an interesting addition. Basically, it's a conditional port forwarding feature. If the router sees outbound traffic in the port triggering range, then the incoming port range will be forwarded to the IP of the computer initiating the traffic. This is supposed to increase the support for some online games (I only play Half-Life/TFC online myself, so I don't know which games would require this feature).

One thing I have noticed is that when I send e-mail, it takes a long time to get a connection to the external SMTP server. This is because a number of SMTP servers are using the auth/ident protocol to try to make sure that you are who you say you are. The result of this check if often ignored, and you can still send mail even if the connection fails. And, with a default configuration of the Linksys router, the attempt will fail. This is where port triggering can come in handy. By using port 25 as the trigger, and 113 (auth/ident) as the incoming port range, you can conditionally allow this connection to take place, thus eliminating this "long" wait. I've tested this, and it works for me ... The only thing that concerns me is that the auth/ident connection does not show up in the log.

Stateful Packet Inspection.

The big news with this release is the addition of SPI. Stateful packet inspection basically means that the router will check each and every incoming packet to see if it matches an existing connection. If it doesn't, the packet is dropped. This does in effect cancel any port-forwarding. If you are not forwarding any ports (including port triggering), enabling this feature will add more security to your router. The addition of this feature is a big upgrade--- The router has now gone from being a simple NAT router to becoming almost a real firewall.

Other fixes and additions.

- It is now possible to enable/disable multicast pass through. This is the "bug" I'm referring to on the bugpage, where multicast traffic is passed through the router and into your LAN. This feature allow you to disable this.
- Several DNS issues have been fixed.
- Throughput is supposed to have been increased. I don't have any way of testing this at the moment...

The changes on the Filters page can be seen here. The new features are underlined in red. These are my recommended settings (for what it's worth). However, if you are hosting any server, you will have to disable SPI.