4. Configuration hints

For security and performance, do these things:

First, make sure AOL Parental Controls (under Security) is turned off (off is the default); otherwise the Linksys won't pass packets for your Unix box at all.

For security, make sure the DMZ host feature is disabled (under Advanced->DMZ Host). Port forward specific services instead, and as few of those as you can get away with. A good minimum set is 22 (ssh), and 80 (http). If you want to receive mail add 25. If you need to serve DNS queries, add 53.

Disable Universal Plug and Play (under Password). There is a radio button for this under the "Password" tab. UPnP is a notorious security hole in Windows, and up to at least firmware version 1.44 there was a lot of Web scuttlebutt that the Linksys implementation is flaky. While this won't affect operating systems written by competent people, there is no point in having traffic from a bunch of script-kiddie probes even reach your network.

If you want to run a server, you also need to make sure stateful packet inspection is off — this feature restricts incoming packets to those associated with an outbound connection and is intended for heightened security on client-only systems. On the Filters page, make sure SPI is off. If you don't see a radiobutton for SPI, relax — the feature isn't present in all versions of the firmware, and in fact was removed in 1.43 for stability reasons.

To speed up sending of outbound mail, go to Advanced->Forwarding and click the Port Triggering button. Specify 25,25 a the trigger port range and 113,113 as its incoming-port range. What this will do is punch a temporary hole through the firewall during each outbound SMTP session that will allow the receiving system to get to port 113, which is identd service. This will enable the receiving SMTP to do an identd check on your connection rather than timing out.

Some bug was introduced in firmware revision 1.42.3 that broke traceroute. This was fixed in 1.42.6; just upgrade to the latest version.