Yeah, the one unfortunate ting in the J-series and SRX-series is that after 9.6 you have to put in a whole bunch of config to turn it back into a router. JunOS on these "services" routers now wants to behave like a netscreen until bludgeoned otherwise. The way to achieve this is not intuitively obvious, especially the forwarding-options mpls (which affects inet, not just mpls) and the flow stuff.
Owen Here's a useful template for those that care: security { zones { security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; bgp; ospf; router-discovery; } } interfaces { all; } } } alg { dns disable; ftp disable; h323 disable; mgcp disable; msrpc disable; sunrpc disable; real disable; rsh disable; rtsp disable; sccp disable; sip disable; sql disable; talk disable; tftp disable; pptp disable; } forwarding-options { family { inet6 { mode packet-based; } mpls { mode packet-based; } } } flow { allow-dns-reply; tcp-session { no-syn-check; no-syn-check-in-tunnel; no-sequence-check; } } } On Mar 31, 2010, at 4:23 PM, Iain Morris wrote: > Juniper's SSG5 and SRX100 are nice options for home. I've enjoyed an SSG5 > for awhile now. SRX100 for junos. SSG5's pop up on ebay occasionally for a > few $100. > > -Iain > > On Wed, Mar 31, 2010 at 4:18 PM, Marty Anstey <marty.ans...@sunwave.net>wrote: > >> >>> >>> Hopefully this e-mail is considered operational content :) >>> >>> >>> The recent thread on the new linkys kit and ipv6 support got me >>> thinking about CPE choice. >>> >>> What good off the shelf solutions are out there? Should one buy the >>> high end d-link/linksys/netgear products? I've had bad experiences >>> with those (netgear in particular). >>> >>> Should one get a "real" cisco router? The 877 or something? Maybe an >>> ASA or the new small business targeted ISR (can't recall the model >>> number off hand right now). There is mikrotik but I'm not so sure >>> about the operating system. >>> >>> Is there a market for a new breed of CPE running OpenWRT or pfsense on >>> hardware with enough CPU/RAM to not fall over? >>> >>> Granted that won't cost $79.00 at best buy. However it seems to me >>> that decent CPE is going to run a couple hundred dollars in order to >>> have sufficient ram/cpu. >>> >>> My current home router is a cisco 1841. I keep my 6mbps DSL line >>> pretty much saturated all the time. Often times my wife will be >>> watching Hulu in the living room, I'll be streaming music and running >>> torrents (granted I have tuned my Azures client fairly well) all at >>> the same time and it's a good experience. Running that kind of >>> traffic load through my linksys would cause it to need a reboot once >>> or more a day. >>> >>> What are folks here running in SOHO environments that doesn't require >>> too frequent oil changes :) >>> >>> >> I run FreeBSD on a PIII; I can easily saturate my 15mbit cable >> connection without it breaking a sweat. I also have a couple Cisco >> 2610's, one of which is my ipv6 tunnel endpoint. >> >> -M >> >> >> >> >> > > > -- > -- - > Iain Morris > iain.t.mor...@gmail.com