Router/Firewall Suggestions [Archive] - Glock Talk

PDA

View Full Version : Router/Firewall Suggestions


Cinic
12-30-2004, 10:47
My inlaws are finally making the jump from dialup to cable HSI.

I'm going to be setting up a small wired network with two machines. Anyone have any input on a quality router/firewall? I'd rather not build a *nix box even though that would probably be best. I'll set the price range at about $100.

What are some features that a quality firewall would have?

Thanks for any help.

_John

HerrGlock
12-30-2004, 10:53
Look for the words "Stateful packet inspection" Other than that it's a matter of preference.

D-Link - about $50
Linksys - about $50-70
I'm sure there are a dozen or so other makers of "DSL/Cable router/firewall" out there but make sure it's a firewall too.

If you don't want to build a *NIX box, check gnatbox lite. Free, runs off a floppy, FreeBSD based and easy enough to set up.
Smoothwall is a stateful firewall CD-based with a floppy configuration.

Depends on what you want to do, but I would suggest one of the hardware firewalls unless you can go over there should they screw something up ;f

DanH

lomfs24
12-30-2004, 11:41
I would suggest the Linksys WRT54G or the WRT54GS. Both are in the the price range you suggested. The WRT54G has B and G and the WRT54GS has those as well as SuperG capabilities. It also has the best of both worlds. It is a Linux box with a user friendly graphical user interface. To the end user you would never know it was a linux box. You log in via a web interface and point and click your settings.

Then, in the future, if you want to get brave you can change it into a full blown linux machine.

I like the way that it stealths the SSID. I didn't mess with mine too long in the original state but when you do MAC address filtering in the full linux part it does this on the radio level, so if you don't have a wireless card that it knows the radios won't talk to each other. I would imagine this would also happen in the graphical side as well.

I would without reserve recommend this model of Linksys. Though I would not do this will all models of Linksys.

DeadMansLife
12-30-2004, 15:18
If you go wireless be sure to set it up properly. Ya don't want anyone to war-drive you.

mfackler
12-30-2004, 18:10
I know you said you didn't want a *nix box, BUT you may want to check out IPCop. I have just over 100 in the one I use and thats old PC and all.

Stephen
12-30-2004, 20:30
For a wired network I'd recommend this LINKSYS (http://www.newegg.com/app/viewproductdesc.asp?description=33-124-001&DEPA=0) router. Had mine for years with no probnlems at all before I went WiFi. My wife has one as well and it's rather bulletproof.

HTH--

Dandapani
12-30-2004, 20:37
DO NOT BUY LINKSYS wired 4 port router, model BEFSR41, version 3. This is the newer model after Cisco bought them out. This is a POS device. Get the DLINK. This stupid router requires weekly reboots or else it starts to slow down. Some people report it even drops their connection. This model even has it's own "fan" club over on broadband.com it is SO BAD. Get the DLINK. Much, much better. Upgrading the firmware only makes it worse.

Stephen
12-30-2004, 22:17
Hmm... don't know about that. Mine was a 1 or a 2. My wife's new one (a month or less) is a 2. Maybe it was NOS??

Just for the record - her other died due to a rather severe impact involving our 90+ pound dog, the router and the floor. Do the math ;f

Specks
01-03-2005, 16:03
Since you are going wired, this may not apply. I have used both a linksys and a dlink router with a wireless AP. I was not impressed by the linksys config options. Specifically the MAC filter. It was bass ackwards. Why in the world would I only want to block specific MACs. I want to block everything but the 2 or 3 MACs that I know. The Linksys didn't allow me to do that. The DLink does. This is only one example. I would go with a DLink.

Washington,D.C.
01-15-2005, 19:20
>

proguncali
01-16-2005, 13:45
I've deployed a few hundred Netgear boxes, and everyone has been very happy with them.

Check out the RP614. http://www.netgear.com/products/details/RP614.php $50 from CDW or $59 from Best Buy.

N2DFire
01-17-2005, 14:42
Any comments from the experts on this one.

http://www.trendnet.com/products/TW100-BRF114U.htm

Can be had for $38.75 at the following.
http://www.ctistore.com/Merchant2/merchant.mvc?Screen=PROD&Product_Code=TW100-BRF114U&Category_Code=

I stumbled across it while web searching for a simple switch w/ USB print share to expand a network I already have in place (behind a D-Link 614+) and I have actually considered re-wiring/configuring my network to use this new box as the master router/firewall and the D-Link would simply become a "dumb" WAP.

k2ue
01-17-2005, 16:04
Originally posted by lomfs24
I would suggest the Linksys WRT54G or the WRT54GS. Both are in the the price range you suggested. The WRT54G has B and G and the WRT54GS has those as well as SuperG capabilities. It also has the best of both worlds. It is a Linux box with a user friendly graphical user interface. To the end user you would never know it was a linux box. You log in via a web interface and point and click your settings.

Then, in the future, if you want to get brave you can change it into a full blown linux machine.

I like the way that it stealths the SSID. I didn't mess with mine too long in the original state but when you do MAC address filtering in the full linux part it does this on the radio level, so if you don't have a wireless card that it knows the radios won't talk to each other. I would imagine this would also happen in the graphical side as well.

I would without reserve recommend this model of Linksys. Though I would not do this will all models of Linksys.

I would recommend the same model, and I've used a bunch.

Daynja
01-18-2005, 06:11
Originally posted by dmobrien2001
DO NOT BUY LINKSYS wired 4 port router, model BEFSR41, version 3. This is the newer model after Cisco bought them out. This is a POS device. Get the DLINK. This stupid router requires weekly reboots or else it starts to slow down. Some people report it even drops their connection. This model even has it's own "fan" club over on broadband.com it is SO BAD. Get the DLINK. Much, much better. Upgrading the firmware only makes it worse.

Had this linksys router for several years, and I will confirm that this is the case....linksys routers are crap.

Get D-link if you want cheap.

I also have a $300 computer running smoothwall, and ditched the linksys for good.

I've heard good things about d-link, and I love smoothwall, but I think it would be excessive for what you want.

k2ue
01-18-2005, 06:20
Originally posted by dmobrien2001
DO NOT BUY LINKSYS wired 4 port router, model BEFSR41, version 3. This is the newer model after Cisco bought them out. This is a POS device. Get the DLINK. This stupid router requires weekly reboots or else it starts to slow down. Some people report it even drops their connection. This model even has it's own "fan" club over on broadband.com it is SO BAD. Get the DLINK. Much, much better. Upgrading the firmware only makes it worse.

The BEFSR81 is also a POS in my experience -- it's ports will not talk to the built-in ethernet ports in Sun Ultra 5's and 10's -- one would think simple ethernet connectivity is a given, but Linksys could care less about acknowledging or fixing the problem. But my WRT54G seems to be A-OK in all respects, and provides QOS for my Vonage ATA (which was what I was attempting to use the BEFSR81 for).

glock_19_9mm
01-18-2005, 07:20
I have a netgear WGR614. It has 4 ports with wireless access. Never ever had a problem with it. About the only thing I have not donw with it is setup a VPN (port forwarding is easy). Turning on all the securtity features is simple. Even 128 bit encryption is easy as it will allow you to type in a word and it will convert it to the correct hex code for you. Their web based menu system is by far the best I have seen (in my limited samping of routers).

The linksys was the hardest to setup (security wise) due to their poor configuration utility. That may explain why I was able to visit inlaws on Sunday and surf the web on their neighbors linksys system that was wide open. (it was named Linksys LOL)



Glock_19_9mm

Ljunatic
01-18-2005, 21:38
+1 for Netgear

Washington,D.C.
01-20-2005, 16:49
http://techupdate.zdnet.com/techupdate/stories/main/Linksys_routers_and_DDoS.html

MB-G26
01-21-2005, 04:37
until you decide either on (a) a sw fw for $, or (b) a hw fw, and get to the store, get it installed and configured, etc. ->
Sygate offers a free version of their home/personal firewall which is pretty decent, or, you can download and install their Pro version, for example, for a trial period and use that in the interim.

http://www.sygate.com/products/sygate-personal-firewall-pro.htm
For more information on Sygate Personal Firewall Pro, visit
http://smb.sygate.com/products/spf_pro.htm

Solution

Small-Medium Businesses and Consumers need leading edge protection for their computers and workstations to protect their valuable information and keep unwanted hackers out. Our Award-winning Sygate Personal Firewall Pro includes a comprehensive Intrusion Protection System (IPS) which includes IDS, DoS protection, and Trojan protection which sets this program high above other personal firewall solutions.

Features

Application-Based Intrusion Detection System

Protocol Driver-Level Protection
Active Response
Anti-IP & Anti-MAC Spoofing
Application DLL Authentication
Firewall Termination Prevention

http://smb.sygate.com/products/pspf/summary_pspf.htm
Summary Comparison Chart
Sygate Personal Firewall Pro & Sygate Personal Firewall [/quote]

http://smb.sygate.com/products/spf_pro.htm
The Pro version includes a comprehensive Intrusion Protection System (IPS) which includes IDS, DoS protection, and Trojan protection which sets this program high above other personal firewalls. Sygate Personal Firewall Pro is the ultimate desktop security solution trusted by professionals and relied upon by millions of users. Pricing starts at $39.95 for a single user license.

(The free version of Sygate FW does not include the features of:
VPN Support
Intrusion Detection System (IDS)
Active Response Yes
Anti-MAC & Anti-IP Spoofing Yes
Advanced Configuration

and permits only 20 Advanced (user configured, customized Rules) Rules vs. the "unlimited" allowed under the payware version.

>> Visit our Small to Medium Businesses and Home/Home Office website
http://smb.sygate.com/
Need a FREE Solution?
Do you want a firewall that's free for personal/home use? Get Sygate Personal Firewall Standard Now! (http://smb.sygate.com/products/spf_standard.htm) ...
Minimum System Requirements

Pentium 133 or equivalent
32 Mb RAM (128 for Windows 2000 Server)
10 Mb free disk space
At least one network adapter or modem
TCP/IP protocol installed
Internet Explorer Version 5.0 or later
Supported Operating System

Windows 95 (OSR2 & OSR2.5)
Windows 98, 98 Second Edition
Windows Millennium Edition (ME)
Windows NT 4.0 Workstation with SP6 or later
Windows NT 4.0 Server or Terminal Server with SP6 or later
Windows 2000 Professional, 2000 Server, Advanced Server
Windows XP Home Edition, Professional
Windows 2003 Server (32 bit version)

'Lest I be misinterpreted, I'm not recommending just getting the freeware and letting it go at that - but installing the freeware version for the time being would be better than running during the interim with nothing.
m

glock_19_9mm
01-21-2005, 08:11
Actually if you have windows XP and install SP-2 it comes with a software firewall as well. I tested it with GRC.com and it passed just fine.