The reason the upnp has to be on is for gaming and local av streaming. Plus the linksys has drive storage to connect via it's USB an hdd and allow local to access it for nas and av streaming and here too upnp needs to be on.

I don't know how to have asg first and upnp on and asg not bug it. I still haven't heard or figured out this in a clear manner. If I am confusing please let me know and I'll try again

Upnp is not supported on astaro. It is not considered safe and is not needed in most corportate environments. You can put astaro in any order, in front or behind linksys; as long as traffic is flowing through it, it will block ALL ports unless explicitly opened. Therefore linksys would be useless with upnp enabled or disabled.
Even if you setup some kind of dmz, you will need special rules with DNAT etc for gaming and the setup is not as simple as a soho router. Rules like ANY -->ANY -->ANY won't work since gaming/xbox etc will require DNAT. This is by design so the administrator knows exactly what traffic he is letting in and out, but in your case too much administrative overhead and hence not the right product.

Local AV streaming should be irrelevant to the firewall.

Barry

__________________
http://DealBert.net
Home & business end-user since v1.x

• ASL 6.3x, HP DL145 Dual Opteron, 1GB RAM, 6 gigE NICs, 50-IP Platinum License
  
• ASL 7.3x, Dell PE1550 Dual PIII 1GHz, 1GB RAM, 2 NICs, 50-IP Platinum License
  
• ASL 7.5x, 17-watt fanless mini-ITX system: MSI IM-945GSE-A Atom n270, 2GB RAM, Morex T3310 case. 2 Intel GigE, 3 VLANs. 80G 5200rpm 2.5" HD
  Netgear GS108T gigE VLAN switch & Linksys WRT54G WAP
  Total network infrastructure: 27 watts. 100-IP Home User. FiOS 10mb/2mb

So what do I do?

What to do.
My kids play online games without upnp. Some of their games go through the proxy. Waiting for a fix for the dropout issue under v7.500b.

From what you have said you don't really need the ASG because it provides functions you don't want use and are not suitable for your internet access.

Yes you said you need the statistics as the only real feature, the ASG is a bit of an overkill just for that.

Security doesn't appear to be high on your requirements.

So, forget the ASG and run with the Linksys.

Ian M

__________________
Home Power User unlimited licence - v7.50x - AMD X2 5050e with 2gb,1 intel NIC, the onboard NIC and netgear gs108t with vlans.

Wow how wrong you are. I never said I only want the reporting. I never said security is not important. It's the only reason I want to use asg. For good security.

My thought now is modem to asg to linksys as a wireless ap. This is probably the best and easiest solution.

Upnp is not just for gaming. It has many other uses and I don't want it for only gaming. If there's no way upnp in the linksys will work no matter where you put asg or linksys then so be it. I can manually set forward rules. I just prefer upnp as it's much easier is all.

Now I just need to figure out how to make the linksys wireless ap only.

My asg will have available 5 nics. I know I need at least 2. Do I need one nic for connecting my linksys or just 2 is ok? Wan, LAN and a third nic for WLAN. Or wan, LAN which from LAN nic to linksys then to switch?

I would prefer my gaming consoles be outside of filtering and protection on asg but still have asg collect bandwidth use info. So could I creat rules that tell asg no protection yet still report bandwidth use? Like could I make a rule that says no ips, no av and so on for my consoles?

I am not wrong. Bob quoted you and I will quote you again "I'm not worried about virus etc. i need as easy and as open as possible for my gaming, but gaming has to be counted with the bandwidth reporting."

You need to stop and think what you are trying to achieve.

Why do you think you need 5 nics for a home system? 10 IPs for a home licence doesn't go very far.

What are you trying to protect and what do want to leave open to the internet?
Why is upnp so important to you, do you understand how the ASG works?

Ian M

__________________
Home Power User unlimited licence - v7.50x - AMD X2 5050e with 2gb,1 intel NIC, the onboard NIC and netgear gs108t with vlans.

What I meant by that av statement was I don't care about virus protection for my game consoles and mac laptop. However for pcs of course I'd want the security.

The nics in this pc is because I didn't know what would work and not so I bought 2 3com cards. The pc already had onboard and then I thought the card on the bottom was a modem, but it's a netgear nic too. So I put in the dual intel card and now my pc won't shut down lol. You tell it to shut down and then it just boots right back up lol. Right after I installed the intel dual nic card too. I wanted the dual intel nic because it's dual and it's intel and I wanted to just get a couple of different nics to like cover all the bases. They only cost me $.92 cents each for the intel dual nic one and then the 3coms.

I know ASG is for securing your network.

I have ASG connected now and am troubleshooting/learning it right now trying to get it to work with my xbox 360. I don't have the linksys connected yet. I'll do that after I get some kinks worked out.

I am liking the ASG and find it to be fairly straight forward when I'm looking in the gui and reading the pages.

Upnp works for my gaming and AV streaming from computers to xbox 360 and ps3 then any apps on my mac or pcs that can use upnp. No upnp when using asg anywhere in the network just means I have to do it manually if I need to forward ports. A minor inconvenience.

I'm having a good time and enjoying the ASG so far because I enjoy this sort of work and technology plus I'm learning and stuff too and sometimes if not too much of a problem I don't mind troubleshooting.

You don't need to forward ports.

Try setting up your gaming PCs with a PF rule
internal gaming NIC-> any -> any -> allow -> enable logging
Don't forget to include a MASQ rule for your gaming network

See what happens, look in the PF log to what packets are dropped if any.

If you are hosting games that is an entirely different matter, you will need incoming PF rules and DNAT.

Ian M

__________________
Home Power User unlimited licence - v7.50x - AMD X2 5050e with 2gb,1 intel NIC, the onboard NIC and netgear gs108t with vlans.

Well ASG is connected to a switch. Then everything is connected to it. I have thought of seperating the gaming stuff from the non gaming to maybe make it easier. I don't have another switch though till I put in the linksys. I can't run a direct cable from each console to the ASG right now because I'd have to run new wire etc so it's better to get a switch I think. Uhhhhh, edit here, lol. I would still have to run wire lol. Doh! Well my linksys does wireless so maybe not.

What I'm looking at right now is making a PF rule for the static ip I gave my xbox 360. Any any kind of thing for the ip 192.168.1.253 which is the ip I gave the xbox 360. I'm kind of slow though right now being I'm tired and sometimes I'm slow in figuring stuff out.

I looked at the PF log, I love having a log, I thought opening up port 3074 or whatever it is for xbox live would make everything on it work, but when I loaded up a game to play online it was a different port in the PF log. So now it makes sense to do an any rule for the xbox 360 static IP, except I haven't figured that out yet lol. I'm slow I think I'll get it though.