ADSL - router / modem / firewall recommendations?
#1
Scooby Regular
Thread Starter
Join Date: Jun 2000
Posts: 13,735
Likes: 0
Received 0 Likes
on
0 Posts
Eh up
Right, I really am taking the plunge and want some advice on what hardware to go for.
I want a modem, switch, router and firewall.
I know that something like the Netgear DG814 should do the job, but am concerned about the "strength" of the firewall.
Can anyone recommend a good solution for everything, or should I really be running a separate firewall?
Cheers,
Nick.
Right, I really am taking the plunge and want some advice on what hardware to go for.
I want a modem, switch, router and firewall.
I know that something like the Netgear DG814 should do the job, but am concerned about the "strength" of the firewall.
Can anyone recommend a good solution for everything, or should I really be running a separate firewall?
Cheers,
Nick.
#2
I'm running a SpeedTouch 510 v4 with a 3Com firewall (proper statefull packet inspection device). I've been looking around to replace three boxes with one myself.
What's your budget?
What's your budget?
#3
Scooby Regular
Thread Starter
Join Date: Jun 2000
Posts: 13,735
Likes: 0
Received 0 Likes
on
0 Posts
Jack,
It's just to protect my home network which has nothing particularly valuable to others on it. I'd like a level of protection though, and potentially I may run a web server on there for tiny volume stuff - however, doing that attracts attacks on an unbelievable basis...
Chris,
Budget is small - 200 quid max for everything, and I'd have to stretch to justify that at the moment. Hence I'm thinking that the Netgear might be the one for me.
Another thing: I also have spare PC boxes (like a Pentium 166). Is it worth setting this up as a firewall/gateway? Is there a simple linux distro that is aimed at this sorta functionality?
Cheers,
Nick.
It's just to protect my home network which has nothing particularly valuable to others on it. I'd like a level of protection though, and potentially I may run a web server on there for tiny volume stuff - however, doing that attracts attacks on an unbelievable basis...
Chris,
Budget is small - 200 quid max for everything, and I'd have to stretch to justify that at the moment. Hence I'm thinking that the Netgear might be the one for me.
Another thing: I also have spare PC boxes (like a Pentium 166). Is it worth setting this up as a firewall/gateway? Is there a simple linux distro that is aimed at this sorta functionality?
Cheers,
Nick.
#4
Scooby Regular
Join Date: Nov 1999
Location: Stockport
Posts: 474
Likes: 0
Received 0 Likes
on
0 Posts
I've got an Intertex all in one router/modem/firewall in work.. Seems to do the job nicely.. Think it cost about £200..
Its got a SIP firewall too.. Bit fiddly to write rules for it though..
information here
Its got a SIP firewall too.. Bit fiddly to write rules for it though..
information here
#5
Scooby Regular
Thread Starter
Join Date: Jun 2000
Posts: 13,735
Likes: 0
Received 0 Likes
on
0 Posts
Cheers Rob, another one to add to the list. I like the wireless upgradability of that...
The Draytek Vigor 2600 seems to be quite well liked and good VFM too...
The Draytek Vigor 2600 seems to be quite well liked and good VFM too...
#6
Nick - on the Linux idea, look at Smoothwall which could be just the trick as there's a free version available under the GNU Public license.
If you went for something like an old PC running Smoothwall, your ADSL Ethernet router (I don't think Smoothwall supports USB ADSL modems) would need to support a No-NAT configuration.
I know the SpeedTouch 510 v4 does this as I'm using it myself at home in a No-NAT config (my firewall appliance does NAT and packet filtering).
Have a look through Broadbandbuyer - Giles does a SN discount
Chris.
If you went for something like an old PC running Smoothwall, your ADSL Ethernet router (I don't think Smoothwall supports USB ADSL modems) would need to support a No-NAT configuration.
I know the SpeedTouch 510 v4 does this as I'm using it myself at home in a No-NAT config (my firewall appliance does NAT and packet filtering).
Have a look through Broadbandbuyer - Giles does a SN discount
Chris.
Trending Topics
#10
Scooby Regular
Thread Starter
Join Date: Jun 2000
Posts: 13,735
Likes: 0
Received 0 Likes
on
0 Posts
Thanks Giles, that sounds like a good unit too... I am now leaning towards not integrating the switch into the router/gateway as I really might need more than 4 ports...
So it's a choice of old PC for IPCop duties (cost = zero-ish, plus 15 quid for Pipex's USB modem) or the Zyxel (200ish).
I think I may go for the PC to start off with. Although I'm still undecided.
Cheers,
Nick.
So it's a choice of old PC for IPCop duties (cost = zero-ish, plus 15 quid for Pipex's USB modem) or the Zyxel (200ish).
I think I may go for the PC to start off with. Although I'm still undecided.
Cheers,
Nick.
#11
Why not get the Vigor Nick? It has ADSL modem, Firewall, 4 port LAN router, and Wireless for £179 exc VAT
"The most comprehensive feature set on test, with good long range performance. DrayTek is a favourite at PC Pro; its broadband routers always offer a few more features for the professional. [The Vigor] was the quickest in its class for the most strenuous test and therefore suited to distributing broadband across a house or multifloored office....Professionals who want security features should shortlist it."
PC Pro Magazine August 2003.
http://www.seg.co.uk/products/a_vigor2600we.html
"The most comprehensive feature set on test, with good long range performance. DrayTek is a favourite at PC Pro; its broadband routers always offer a few more features for the professional. [The Vigor] was the quickest in its class for the most strenuous test and therefore suited to distributing broadband across a house or multifloored office....Professionals who want security features should shortlist it."
PC Pro Magazine August 2003.
http://www.seg.co.uk/products/a_vigor2600we.html
#12
Scooby Regular
Thread Starter
Join Date: Jun 2000
Posts: 13,735
Likes: 0
Received 0 Likes
on
0 Posts
Integrated wireless is, IMHO, a bad idea if it isn't upgradeable. Standards are changing pretty rapidly still, and I can see speeds rising quickly over the next year.
I'll install IPCop tonight and see how I get on with that. After all, I've got a (cheap) switch already and the old PC will act as firewall/router/fateway/VPN host/... I can try it with my dial-up to start with, then migrate to ADSL as and when...
IPCop supports the cheapo USB ADSL modem that pipex are bunging out for 15 quid, so that seems like a fair compromise.
Does anyone think this is a terrible idea?
Ta,
Nick.
I'll install IPCop tonight and see how I get on with that. After all, I've got a (cheap) switch already and the old PC will act as firewall/router/fateway/VPN host/... I can try it with my dial-up to start with, then migrate to ADSL as and when...
IPCop supports the cheapo USB ADSL modem that pipex are bunging out for 15 quid, so that seems like a fair compromise.
Does anyone think this is a terrible idea?
Ta,
Nick.
#14
2600 is a good all round router but IMO the 2600We has poor wireless performance/functionality.
One thing I don't like about the 2600 series though is the firewall is hard to configure and the ports are closed instead of stealthed.
One thing I don't like about the 2600 series though is the firewall is hard to configure and the ports are closed instead of stealthed.
#18
Scooby Regular
Thread Starter
Join Date: Jun 2000
Posts: 13,735
Likes: 0
Received 0 Likes
on
0 Posts
it'll run on a 486.
Have a look at http://www.ipcop.org - there's a hardware compatability list on there.
It's running on an old P90 with 32MB of ram and 1GB hard disc for me...
Cheers,
Nick.
Have a look at http://www.ipcop.org - there's a hardware compatability list on there.
It's running on an old P90 with 32MB of ram and 1GB hard disc for me...
Cheers,
Nick.
#20
Scooby Regular
Thread Starter
Join Date: Jun 2000
Posts: 13,735
Likes: 0
Received 0 Likes
on
0 Posts
I sorta guessed that
The only things that could be slow-ish are the admin tasks (which are all web based). In day to day running it should still zip along nicely. There's a little bit of disk thrashing on mine when I enable something new (like the Intrusion detection system - snort), but it works.
If you do go for it, then there's 3 patches available for 1.3.0 . You can't apply these until the firewall has successfully connected to the net, which caused me some head scratching
Cheers,
Nick.
The only things that could be slow-ish are the admin tasks (which are all web based). In day to day running it should still zip along nicely. There's a little bit of disk thrashing on mine when I enable something new (like the Intrusion detection system - snort), but it works.
If you do go for it, then there's 3 patches available for 1.3.0 . You can't apply these until the firewall has successfully connected to the net, which caused me some head scratching
Cheers,
Nick.
#21
Scooby Regular
It comes down to what you could lose if your system(s) are compromised....
I wouldn't relie on most router firewalls if I was protecting something slightly important. The minimum I would expect from a firewall is ICSA certification....if it isn't ICSA certified then it's not really a firewall (IMHO).
With things like ServGate SG100 starting at £250 and SonicWALL & Netscreen starting around the £400-£500 mark most companies can afford something....
[Edited by Jeff Wiltshire - 8/11/2003 12:16:56 PM]
I wouldn't relie on most router firewalls if I was protecting something slightly important. The minimum I would expect from a firewall is ICSA certification....if it isn't ICSA certified then it's not really a firewall (IMHO).
With things like ServGate SG100 starting at £250 and SonicWALL & Netscreen starting around the £400-£500 mark most companies can afford something....
[Edited by Jeff Wiltshire - 8/11/2003 12:16:56 PM]
#22
Scooby Regular
Thread Starter
Join Date: Jun 2000
Posts: 13,735
Likes: 0
Received 0 Likes
on
0 Posts
Thanks Chris, I think I may try Smoothwall first just to see what it's like. I can configure it with a dial-up for starters and take it forward.
It looks pretty comprehensive... Would appreciate any other thoughts on it.
In fact, ipcop looks a better bet. Oh God, why is nothing ever simple
Cheers,
Nick.
[Edited by chiark - 8/11/2003 3:50:47 PM]
It looks pretty comprehensive... Would appreciate any other thoughts on it.
In fact, ipcop looks a better bet. Oh God, why is nothing ever simple
Cheers,
Nick.
[Edited by chiark - 8/11/2003 3:50:47 PM]
Thread
Thread Starter
Forum
Replies
Last Post