chiark

Eh up

Right, I really am taking the plunge and want some advice on what hardware to go for.

I want a modem, switch, router and firewall.

I know that something like the Netgear DG814 should do the job, but am concerned about the "strength" of the firewall.

Can anyone recommend a good solution for everything, or should I really be running a separate firewall?

Cheers,
Nick.

ChrisB

I'm running a SpeedTouch 510 v4 with a 3Com firewall (proper statefull packet inspection device). I've been looking around to replace three boxes with one myself.

What's your budget?

chiark

Jack,

It's just to protect my home network which has nothing particularly valuable to others on it. I'd like a level of protection though, and potentially I may run a web server on there for tiny volume stuff - however, doing that attracts attacks on an unbelievable basis...

Chris,

Budget is small - 200 quid max for everything, and I'd have to stretch to justify that at the moment. Hence I'm thinking that the Netgear might be the one for me.

Another thing: I also have spare PC boxes (like a Pentium 166). Is it worth setting this up as a firewall/gateway? Is there a simple linux distro that is aimed at this sorta functionality?

Cheers,
Nick.

Rob Walker

I've got an Intertex all in one router/modem/firewall in work.. Seems to do the job nicely.. Think it cost about £200..
Its got a SIP firewall too.. Bit fiddly to write rules for it though..

information here

chiark

Cheers Rob, another one to add to the list. I like the wireless upgradability of that...

The Draytek Vigor 2600 seems to be quite well liked and good VFM too...

ChrisB

Nick - on the Linux idea, look at Smoothwall which could be just the trick as there's a free version available under the GNU Public license.

If you went for something like an old PC running Smoothwall, your ADSL Ethernet router (I don't think Smoothwall supports USB ADSL modems) would need to support a No-NAT configuration.

I know the SpeedTouch 510 v4 does this as I'm using it myself at home in a No-NAT config (my firewall appliance does NAT and packet filtering).

Have a look through Broadbandbuyer - Giles does a SN discount

Chris.

chiark

I already have an 8 port switch... Looking at that Intertex, I'd still need to keep the switch. That isn't a problem, more of an observation :-)

Cheers,
Nick.

gregh

>> Draytek Vigor 2600

Which I have if you want to come and poke it.

regards,

greg

RoadrunnerV2

Zyxel 652 ADSL Router is very good ADSL router! Firewall is ICSA Certified!

Best thing is the firewall is easy to use and navigate! We use the 652 for our ADSL Lines

Giles

chiark

Thanks Giles, that sounds like a good unit too... I am now leaning towards not integrating the switch into the router/gateway as I really might need more than 4 ports...

So it's a choice of old PC for IPCop duties (cost = zero-ish, plus 15 quid for Pipex's USB modem) or the Zyxel (200ish).

I think I may go for the PC to start off with. Although I'm still undecided.

Cheers,
Nick.

gregh

Why not get the Vigor Nick? It has ADSL modem, Firewall, 4 port LAN router, and Wireless for £179 exc VAT

"The most comprehensive feature set on test, with good long range performance. DrayTek is a favourite at PC Pro; its broadband routers always offer a few more features for the professional. [The Vigor] was the quickest in its class for the most strenuous test and therefore suited to distributing broadband across a house or multifloored office....Professionals who want security features should shortlist it."
PC Pro Magazine August 2003.

http://www.seg.co.uk/products/a_vigor2600we.html

chiark

Integrated wireless is, IMHO, a bad idea if it isn't upgradeable. Standards are changing pretty rapidly still, and I can see speeds rising quickly over the next year.

I'll install IPCop tonight and see how I get on with that. After all, I've got a (cheap) switch already and the old PC will act as firewall/router/fateway/VPN host/... I can try it with my dial-up to start with, then migrate to ADSL as and when...

IPCop supports the cheapo USB ADSL modem that pipex are bunging out for 15 quid, so that seems like a fair compromise.

Does anyone think this is a terrible idea?

Ta,
Nick.

RoadrunnerV2

Nick - If you have the hardware then I suggest you try IPCop first. Try that out first, if anything at least you will learn and gain valuable experience.

RoadrunnerV2

2600 is a good all round router but IMO the 2600We has poor wireless performance/functionality.

One thing I don't like about the 2600 series though is the firewall is hard to configure and the ports are closed instead of stealthed.

chiark

Thanks Giles, as and when I want hardware I know where to come

chiark

If anyone's interested, IPCop is exceptionally easy to set up... Just futzing with it now, it seems easy to get a working secure firewall...

darlodge

chiark, whats the minimum spec that IPcop will run on?
Darren

[Edited by darlodge - 9/3/2003 1:58:14 PM]

chiark

it'll run on a 486.

Have a look at http://www.ipcop.org - there's a hardware compatability list on there.

It's running on an old P90 with 32MB of ram and 1GB hard disc for me...

Cheers,
Nick.

darlodge

Cheers

Thanks for the link, I'll have a look

Darren

[Edited by darlodge - 9/3/2003 1:58:29 PM]

chiark

I sorta guessed that

The only things that could be slow-ish are the admin tasks (which are all web based). In day to day running it should still zip along nicely. There's a little bit of disk thrashing on mine when I enable something new (like the Intrusion detection system - snort), but it works.

If you do go for it, then there's 3 patches available for 1.3.0 . You can't apply these until the firewall has successfully connected to the net, which caused me some head scratching

Cheers,
Nick.

Jeff Wiltshire

It comes down to what you could lose if your system(s) are compromised....

I wouldn't relie on most router firewalls if I was protecting something slightly important. The minimum I would expect from a firewall is ICSA certification....if it isn't ICSA certified then it's not really a firewall (IMHO).

With things like ServGate SG100 starting at £250 and SonicWALL & Netscreen starting around the £400-£500 mark most companies can afford something....

[Edited by Jeff Wiltshire - 8/11/2003 12:16:56 PM]

chiark

Thanks Chris, I think I may try Smoothwall first just to see what it's like. I can configure it with a dial-up for starters and take it forward.

It looks pretty comprehensive... Would appreciate any other thoughts on it.

In fact, ipcop looks a better bet. Oh God, why is nothing ever simple

Cheers,
Nick.

[Edited by chiark - 8/11/2003 3:50:47 PM]