The Westell ProLine 6000 is a new addition to the company's product range, and will replace the Westell 2100 model. The ProLine 6000 is billed as an Ethernet Bridge by Westell, though it does a lot more than this. The device can operate in several modes, which combined with a low list price of £47, makes it very attractive. The supported modes of operation are basic NAT router, IP Pass Through, NON-NAT and even multi-NAT functionality. Additionally there is a built in firewall, and it is not just a NAT firewall but a proper firewall allowing you to block or allow specific traffic. The ProLine 6000 is the base model for a new range, which includes a version with both USB and Ethernet ports, a four port router version, and a 802.11g wireless equipped model.
The review will mainly cover the basic NAT mode and IP Pass Through modes, which are likely to be the two main uses of the router. The IP Pass Through mode is referred to as the Single Static IP configuration in the routers documentation, and is perfect for users running Linux gateways or hardware VPN servers and cable/DSL wireless routers. This mode on the surface appears very like the PPP Half Bridge and spoofing modes of other routers, but Westell have ensured that the mode will work with practically all hardware that can use a DHCP assigned IP address. Users of dynamic IP services may be wondering if the IP Pass Through mode will work for them, yes it should, but if your ISP changes the IP address a lot you may find the connection dropping while the 6000 sorts itself out.
The 6000 is a surprisingly small device, measuring just 12cm by 12cm, and 4cm high. The power supply (rated at 12V~20VA) actually weighs more than the router itself. The other bits supplied are a 2 metre Ethernet patch cable, 4 metre RJ11 lead, Excelsus Z-420UK-A microfilter, quick start guide and a CD containing a copy of the manual in PDF format. The CD also includes USB drivers, which are obviously not needed with the 6000 as it has no USB port.
The rear of the router is where all the action is, and this comprises (moving left to right), the RJ11 socket for the phone line, an Ethernet socket for connecting to a computer, small reset button and the power socket. The observant reader will notice the colour coded Ethernet lead and socket, which match the colour coding used on modern PC motherboards, a small touch but useful for people new to networking.
The router features four large LED's, the size of them seems almost out of proportion to the case. The LED's are:
The reset switch is recessed but easy enough to reach that a pen or other blunt object will work it. Just holding it in for a second while the router is turned on will reset the device back to it's factory defaults. For a router with so many features that beg to be played with, this will prove very handy if you lock yourself out of the device.
NAT (network address translation) mode, is the basic connection sharing that most routers use. It allows the device to take your ISP assigned IP address, and the router then gives out private LAN IP addresses to devices connected to it. Although the 6000 has a single Ethernet port it can be plugged into an Ethernet hub or switch to connect more computers.
The 6000 uses a normal web style interface for its configuration. Each router manufacturer styles their interfaces differently, but the 6000's follows the tried and tested layout of the previous Westell 2x00 range. Configuring the device is simply a case of connecting the leads as needed and switching it on. Assuming your computers network card is configured to obtain an IP address automatically (via DHCP), it should receive an IP address since the DHCP server in the 6000 is enabled by default. The 6000 uses the 192.168.1.x range by default, with the router at 192.168.1.1. For people with existing LAN's this can be easily reconfigured via the Private LAN Configuration menu. The router when you first connect to it via the built-in webserver at http://192.168.1.1, automatically runs it's connection wizard, the first screen of which is shown below:
The wizard is very straightforward and presents a series of screens allowing you to choose the appropriate values. The second screen in the series is where you enter the username and password your ISP will have supplied you with. This screen also allows you to assign a name to the connection if you wish.
The subsequent screens ask for VPI/VCI values (0/38 for BT Wholesale provided ADSL lines), connection protocol (PPPoA for UK based ADSL) and that's it!. Very easy to set-up. Once you finish the wizard you find yourself back at the routers home page.
At this point a 'do not panic' order needs to be given - notice how the PPP status is saying DOWN. This is because the router is currently only set to connect manually, and you need to click the 'connect' button to actually authenticate your username. Most people will want to carry out the next stage of configuration so that the router is set to always-on. This means so long as the router is turned on it will automatically attempt to log you onto your ISP. To alter this parameter click the 'profile editor' button which displays the screen below - note how the connection is now UP because I had clicked the 'connect' button earlier. Now click the 'edit' button to allow you to edit the parameters for your connection. Fortunately, Westell have set-up the latest firmware (which was released after the review was finished) to connect automatically by default.
There are three ways to control the routers connection, manual which is the default, on-demand which will connect as soon as you use the connection and finally always-on, which is the most convenient since the connection will be automatically maintained. So pick the setting you want and then click 'save' to store the value.
At this point, assuming your connection is displayed as UP on the home page, you should be able to use your Internet connection. The router will be protecting your from unsolicited incoming attacks, which means worm activity will stop at the router, and not be able to reach your computers. The observant reader will have noticed that at no point has the router asked for a password to control access to the router. We would advise that if your connection is now running, that you set an administrator password for the router. This is done under the maintenance menu, where you select the change password option and set a password for the router. If you do forget the password you set, and need access to the router, you can reset the device using the reset button.
The router does allow you to change the configuration of its built in DHCP server, and disable it if you really need to. The common thing to change is the private LAN IP range used or the actual number of DHCP addresses that can be issued at any one time.
The private LAN configuration menu shown above shows the defaults. If you do change the router's IP address to a different range then do remember to change the DHCP range also. For the review we changed the router IP address to 192.168.0.1 and the DHCP range to 192.168.0.15 and 192.168.0.47.
The IP Pass Through mode of the 6000 and the other routers in the range is what makes them truly unique and useful. The mode works for connections with a static or dynamic IP address, and allows a single computer connected to the router to actually have the ISP assigned IP address. In other words you can use one computer as if it was connected via the basic USB type ADSL modems. Compared to the D-Link 300T and X-Modem CE which also offer this mode the 6000 range has an extra trick, that you can still have a local LAN of computers using the NAT'd connection at the same time. Any port forwarding you have configured will still work, allowing you to have an XBox fully visible for hosting games, and then some port forwarding for a web server.
A cautionary note, the computer that is assigned the WAN IP address will be totally visible to the Internet, which while this means complex software will work, it also makes the computer vulnerable to attack. So running some form of software firewall on the computer is recommended.
There are two ways of assigning the WAN (Internet) IP address to a computer. The first method is to pick the computer from the list the 6000 provides, the list being those computers getting an IP address via DHCP. The second method does not use DHCP at all, and allows you to manually assign the WAN IP and gateway settings, this second method is more suited to those users who have a static IP address from their service provider.
The screen shot above shows the two ways of setting up the IP Pass Through mode. If the 192.168.1.47 computer was selected it would have its IP address switched to the WAN IP address. If the computer does not receive the IP address, then generally you simply need to tell the network card interface to renew the IP address.
The basic security offered by a NAT router means that unsolicited packets are dropped by the router and not forwarded to a particular computer. In line with most routers, the 6000 allows you to forward packets for specific ports to a machine. For example you can forward TCP Port 80 to a computer that is running a web server. Normally forwarding a limited number of ports is better than using IP Pass Through type modes as it reduces the risk of a computer being hacked.
The screen shot above shows two basic services that have been added to the router. To add another service it is simply a case of choosing the service from the extensive list in the Service Name drop down and clicking enable. On clicking the enable button the user is presented with a pop-up window asking which computer is running the service. Again pick the computer via its network name or specify an IP address.
While the list of services is very extensive (some of which are shown above), it is obviously impossible to list every service that people may want to host behind a NAT router. To this end you can configure a number of custom services. This is done by clicking the define custom service button, which gives two options:
The vast majority of services are simply the option that is highlighted, i.e. Port Forwarding Ranges of Ports, that option creates a permanent map. The second option of trigger ports allows you to only have ports open in the inbound direction after the router has seen specific traffic in the outbound direction. Defining the ports to use is very simple, assign a memorable name for the service, followed by the start and end port, for example to forward UDP port 27015 for a games server, you would enter 27015 into both boxes for the Global Port Range and Base Host Port, then select the UDP protocol. To forward TCP Ports 6900 through to 6910 you would enter 6900 into the first global port box, 6910 into the second one, and 6900 into the Base Host Port box.
One clever feature of the NAT service set-up on the 6000 is that once you have defined a custom service rule, if you edit it, there is the opportunity to add more ports to the service. This makes it possible to build a rule that will forward a wide range of ports, where the ports are perhaps not contiguous. The service configuration on the 6000 seems to be only limited by your imagination. The 6000 also supports Multi-NAT mode for those people who have multiple IP addresses from their ISP.
The NAT part of any router is only part of the security options, and while NAT protects against most incoming attacks, it does not stop rogue software on the local network from talking to other machines on the Internet. The 6000 has a highly configurable firewall service that can control both inbound and outbound traffic. This review will skim through the firewall slightly, with a longer look being taken when we review another model in the range.
The default level for the firewall is Low which really just blocks NETBIOS traffic from reaching the Internet. Once you switch up to the medium or high levels, then it really starts to do its job. The outbound rules for the medium level firewall are shown below:
This shows that only traffic from ports 80, 53, 20, 21, 110, 119, 143, 220, 25, 443, 500 and 50 are allowed. To edit the medium level it is a case of editing the text of the firewall rule in the text box and then testing to see if you have got the rule correct. The help button does display some extra help, but the syntax is not for the feint hearted. A text based firewall configuration makes it very flexible, but not ideal for beginners.
For such a small box of tricks and with such a low price tag one does get a lot of functionality, and fortunately it appears that the 6000 is able to deliver the goods also. In day to day use, the router performs without any complaints. One normally expects routers to get quite warm, but this one is very cool. Download speeds from the router appear to actually be slightly higher than other hardware, from a 1Mbps line it has reported speeds of up to 1053kbps and that is TCP/IP throughput (Actual Speed on our speed tester). One big bonus is that the router also has a Turbo TCP mode which actually alters the priority of acknowledgement packets.
Most routers simply mix the ACK packets in with the upstream traffic, so if the upstream is saturated you can see your downloads slow down to around the same speed as the upstream. Turbo TCP mode ensures that the download ACKs are given a higher priority, thus getting sent out quicker. The end result is pretty interesting and shows that ADSL can perform well even if the upstream is heavily utilised. The table below illustrates the differences with Turbo mode on and off. The connection used was a 1Mbps downstream, 0.25Mbps upstream ADSL line.
This Westell 6000 is perhaps the best value modem/router that we have reviewed to date. At £47 it offers amazing amounts of functionality, and works smoothly. The IP Pass Through mode worked well with a Linksys WRT54G which is a cable/DSL wireless router.
The web interface is designed well on the router, and is simple enough for a beginner who reads the instructions to get working, with perhaps the only downside being the complexity that the firewall involves. The pre-defined security levels work well, but for a beginner to be expected to understand the firewall semantics is a bit much.
One cannot conclude without mentioning a couple of little faults, when the private LAN configuration was altered to match a local LAN range of 192.168.0.x even though the DHCP range was altered the router appeared to stop handing out DHCP addresses. For most people though, the default 192.168.1.x range should be OK to use though. The other minor niggle was that when using peer to peer applications and using more than 400 connections the router would occasionally reboot. Westell have fixed the rebooting problem in version 03.00.77 of the firmware, which all 6000/6100 units should now be shipping with.
In summary, a very hard router to surpass, both price and feature wise. The styling of the case belies a very powerful little device. This router can be hard to find in the online stores (August 2004), the next model up in the series the 6100 (USB and Ethernet connections) is available from http://www.broadbandstore.co.uk/ for £64 (inc VAT).
£47 - ProLine 6000 - single Ethernet port
|Where to Buy:||See our DSL Hardware FAQ|
The contents of this review should not be relied upon in making a purchasing decision - You should always discuss your requirements with your service provider and hardware supplier.