Hardware Firewall/Router: Suggestions Needed

T

TheDepths

n00b
Joined
Aug 22, 2007
Messages
34
I'm looking for a very solid, safe and easy-to-use/understand hardware firewall/router (wired, not wireless) for home usage.

Only two PCs will be connected to it.

Preferably something that doesn't make you pay extra for the "extra features" of "advanced" QoS etc. and I've got to be behind NAT.

I've tried a Neatgear Pro hardware firewall, and I suppose it's doing it's job, but I'm looking for something a little more high-end that I can also get into and see internally what's it's been blocking, doing etc.

Reasonably priced, though.

Any suggestions?
 
Hm, havnt seen untangle before. How does it stack up to all the other pc based router os's out there?
 
thedintedcan said:
Hm, havnt seen untangle before. How does it stack up to all the other pc based router os's out there?
Click to expand...

After playing with IPCop, Endian (my prior favorite), pfsense, m0n0wall, and I'm sure I'm forgetting one...Untangle is my favorite now...very rich in features, contemporary. I was going to sign up to become an Endian reseller a while ago..never did, but I already am in the process of signing up with Untangle...it's very cool.
 
YeOldeStonecat said:
After playing with IPCop, Endian (my prior favorite), pfsense, m0n0wall, and I'm sure I'm forgetting one...Untangle is my favorite now...very rich in features, contemporary. I was going to sign up to become an Endian reseller a while ago..never did, but I already am in the process of signing up with Untangle...it's very cool.
Click to expand...

looks interesting. I wanna give it a try.
 
If you mean use an old PC as a "firewall" with IP cop on it, I don't have an old PC. I have two high-end gaming rigs. I wouldn't even know how to do that.

What's Untangle?

I need just a good router/firewall unit with at least four ports in the back.
 
All a firewall is is a stripped down computer (in a sense) with applications that run on it to direct traffic based on rules.

This is what all of these suggestions do. It's really quite simple, in fact - you'll need an old computer, and two Ethernet cards. One of them will plug into your modem/etc and the other you'd plug into a switch. You'd then plug the two computers into the switch, and you've got a full featured router on the cheap that will likely perform better than most consumer routers you could buy.

I can't speak at the suggestions here, but I use/have used Smoothwall, and it's quite easy to set up. In fact, I think it may even be easier than Netgear/D-Link/Linksys routers I've done in the past.
 
Wired-only these days is a little hard, you're often better off getting a wireless-capable router and just turning off wireless. There are a few good ones left though, look at the D-Link DGL-4100 for wired-only or the DGL-4300 for wired+basic wireless.

In that same price range but with better wireless, look at the DIR-655. The difference? MIMO draft-N wireless and no gamer-specific logos compared to the DGL series above.

The Netgear WNR854T is a good one as well in that same price range.

For professional features, look at the Linksys RV082 or the RV016.

On the cheap? Look at the ZyXEL X-550 or the Netgear WPN824.

Newegg links are in-line. Enjoy.
 
Orinthical

Wired-only these days is a little hard, you're often better off getting a wireless-capable router and just turning off wireless. There are a few good ones left though, look at the D-Link DGL-4100 for wired-only or the DGL-4300 for wired+basic wireless.

In that same price range but with better wireless, look at the DIR-655. The difference? MIMO draft-N wireless and no gamer-specific logos compared to the DGL series above.

The Netgear WNR854T is a good one as well in that same price range.

For professional features, look at the Linksys RV082 or the RV016.

On the cheap? Look at the ZyXEL X-550 or the Netgear WPN824.

Newegg links are in-line. Enjoy.
Click to expand...

Thanks for the suggestions.

So I should just go with wireless then.

- Any advantages to turning off the wireless part?
- What are/which has the best safety features?

I guess those would be my main questions at this point, considering I'm not totally technically familiar with routers/firewalls these days.

Looking more at the D-Link, as they seem to be getting better reviews.
 
TheDepths said:
- Any advantages to turning off the wireless part?
Click to expand...
Well, unless you're willing to spend the time to secure the wireless portion then I'd say you're much better off disabling it and only turning it on when you have a specific need for it. If you have a laptop or something that it would "be nice" to have wireless, change the SSID, apply a MAC filter and enable WPA or WPA2, if the router and your laptop's card support it.

TheDepths said:
- What are/which has the best safety features?
Click to expand...
They are all about the same as far as "safety features" go - the ones with more advanced wireless (DIR-655, WNR854T, ZyXEL X-550) all support WPA2 for wireless encryption, which is fine if you need it and your devices support it otherwise it adds little value. The DGL-4100/4300 and WNR854T have gigabit switches integrated into them.
 
Orinthical said:
The DGL-4100/4300 and WNR854T have gigabit switches integrated into them.
Click to expand...

As does the DI-655.

TheDepths said:
but I'm looking for something a little more high-end that I can also get into and see internally what's it's been blocking, doing etc.
Click to expand...

That is the part that got people talking bout cheap old PC based solutions.

If you are looking for more reporting than say what I have in the following from my DI-655 (xx.xx.xx.xx has been used to replace my external IP) then a PC based solution or an alternative firmware solution like DD-WRT is going to be required. I'm using 10.100.0.x as my internal address space.

[INFO] Fri Aug 24 11:41:58 2007 Allowed configuration authentication by IP address 10.100.0.29
[INFO] Fri Aug 24 11:15:40 2007 Blocked incoming TCP connection request from 87.118.114.126:59257 to xx.xx.xx.xx:8080
[INFO] Fri Aug 24 10:58:13 2007 Blocked outgoing TCP packet from 10.100.0.12:49568 to 204.245.162.17:80 as FIN:ACK received but there is no active connection
[INFO] Fri Aug 24 10:54:56 2007 Blocked incoming UDP packet from 60.19.7.29:1062 to xx.xx.xx.xx:1434
[INFO] Fri Aug 24 10:54:01 2007 Blocked incoming UDP packet from 85.180.141.19:30915 to xx.xx.xx.xx:1026
[INFO] Fri Aug 24 10:53:00 2007 Blocked incoming TCP connection request from 211.113.231.39:58419 to xx.xx.xx.xx:5900
[INFO] Fri Aug 24 10:44:25 2007 Blocked incoming TCP connection request from 123.212.235.199:9126 to xx.xx.xx.xx:8080
[INFO] Fri Aug 24 10:16:11 2007 Blocked incoming UDP packet from 117.137.53.185:30915 to xx.xx.xx.xx:1026
[INFO] Fri Aug 24 10:13:10 2007 Blocked incoming TCP connection request from 196.217.37.89:1812 to xx.xx.xx.xx:5900
[INFO] Fri Aug 24 10:12:41 2007 Blocked incoming UDP packet from 218.75.199.50:1110 to xx.xx.xx.xx:1434
[INFO] Fri Aug 24 10:09:12 2007 Blocked incoming TCP connection request from 218.3.134.250:6000 to xx.xx.xx.xx:8000
 
Well, I don't necessarily need to see what it's doing. I just want to make sure I'm getting a router/firewall that I can be assured it's doing it's job.

Also, I will not be running wireless, as I have no laptop etc.

So, if anyone wants to "narrow things down" to one or two really good recommendations, that would help. Using an old PC isn't an option for me at the moment.

Oh, and do any of these routers/firewalls require you to pay for those "extra services" that are supposed to "enhance" features such as: Stateful Packet Inspection (SPI) to prevent Denial of Service (DoS) attacks (Syn flood, ICMP flood, UDP flood, “ping of death,” IP spoofing, land attack, tear drop attack, IP address sweep attack, Win Nuke attack), Intrusion Detection System (IDS) including logging, reporting and e-mail alerts, address, service and protocol), Web URL content filtering?

Those are the "safety features" I was referring to, and actually I'm finding that not all routers/firewalls offer all of those things.
The D-Link routers mentioned don't seem to offer those features. At least, they're not listed there on Newegg, but stuff like Netgear's routers/firewalls they list them.

Netgear's stuff does, but with the model I've used, I'm not even sure if it's all working or not, because some things I think you have to pay for a license to use and it didn't come with any software for those things.

I also never set up anything within the firewall, like fake IPs or whatever, because I'm totally unfamiliar with doing that and supposedly this (like many others, I've heard) is supposed to not really require any set-up like that, though I'd like to learn more about what I can do somehow, if it would help.

P.S.
Oh, and I'm not running on a LAN. I just need something for internet connection for two computers.
 
The features you've presented there are pretty standard these days on any router worth buying. IDS is generally not something you get with a consumer grade router. You'll usually get logging and attack blocks with routers in this price range but a full-blown Snort type IDS will cost you significantly more.The only other feature you may be hit or miss on is the URL filtering - which, if I remember right, the DGL series had.

Most consumer level routers don't require a subscription but some of the so-called "security" routers that have been popping up recently do. While the DGL series offered some additional features for a subscription, all of the protective features requested herein were included.

The DGL-4100 sounds like a pretty ideal solution for your requirements, given that you don't want wireless at all. It will give you plenty of throughput, plenty of concurrent connections should you ever have need of a torrent and provide a gigabit switch for your computers to sit on.
 
Thanks again for the info.

It's not that I don't really want wireless and have anything "against it", heh, I just don't know exactly how to set it up properly because, from what I've heard, you have to do some configurations in order to make sure it's "safe"? Or some such thing.

But, if that's not the case, and you've a couple of definitive suggestions for wireless that are solid and easy to configure (I'm terrible at figuring out router-related things, heh), by all means, suggest whatever you feel will meet my needs.

Hell, I wouldn't even have any idea how to turn off the wireless on a wireless router at this point. Funny, coming from someone who builds gaming rigs and does general PC building. Heh. But, I'm just not familiar with routers all that much, as I never really bothered with hardware firewalls and routers until now. So, it's a learning experience.

Cheers.
 
You must log in or register to reply here.
Back
Top