Router as firewall..Advice please!

You could always build a box with ~200Mhz, 16-64Mg Ram, 2 NIC's, various other older components and use a switch/hub and install something free like Coyote Linux (www.coyotelinux.com) or Smoothwall - another small free Linux OS (www.smoothwall.org) on it. They both use ipchains SPI, can be used as a router, use a web interface, and both provide an equal if not better hardware firewall than Linksys, Dlink, Netgear ,etc. I currently use Coyote (have only got Smoothwall up and running to see what it's like) and I absolutely love it. It is easier to set up and configure than any (hardware)firewall/router I've played with and there are numerous add-on packages that allow things such as a transparent proxy, ftp, Dynamic DNS, traffic monitor, etc. My favorite option on it is its QoS. I can have P2P on full up/down on my 1500/1000 DSL and make or receive calls on my VOIP service, and browse with low latency, and it all works smoothly. QoS is an add'l puchase plug-in for Smoothwall. I have heard of IT Admins using it for their gateway for hundreds of users so it's quite robust.

It's free and really not that difficult if you have the necessary hardware already and switch, and you might learn something by building it. In no way am I endorsing linux or think it's the greatest (it's seeing it's own share of vulnerabilities the more it's used and it's still not beginner friendly), it's just that building my Coyote box was one my more fun computer projects that worked really well.

My box uses an AMD 350 running at 300 with passive cooling, 64 megs of ram which is overkill, 10 Mb NIC for internet, 100 Mb NIC for lan, and run it from a 16 MB compact flash HD. It was designed to run from floppy but Coyote forum contributors have created a way that it can run from a HD. A compact flash HD just makes it more reliable and cuts power consumption so it can have long uptimes. It only uses a disk to boot initially and then runs from a RAM drive. It is connected to my Actiontec from Qwest (which incidentally runs from a poorly written embedded linux) running in transparent bridge mode and so my Coyote box gets the WAN IP. All my internal machines have a soft firewall for app control and I feel pretty secure when I do a fresh OS install and haven't installed a firewall on it yet, or uninstalled one to test another without disconnecting the internet.

If you do consider this option, don't use anything under 200Mhz and use at least 32 megs of RAM despite what the min reqs say. Anything less could deteriorate it's performance. Also, don't be alarmed because the project has been stopped by the original developer recently. He still has it available for download on his site and forum members are continuing its development under a new name which will make it better because it is open source.

I apologize in advance for this post being a little long. I just want Don to be informed of another great option.

 

Yah you're right, it's I think one of the best router.

 

I use Zyxel Prestige 662 HW (802.11g Wireless ADSL 2+ 4-port Security Gateway) http://www.zyxel.com/product/model....dexcate1=1021877946&indexFlagvalue=1021873638 . A really good choice. a little bit expensive but big benefits.

Sincerly,
Cadoul from France

 

Thank you to everyone who participated in this thread!

I have more or less decided to buy a ZyXel from the prestige series, it seems to be a good choice, both in terms of price and security and it also already has support for the much higher speeds being offered in the not too distant future, although i'm pretty happy with my 4mb connection.

 

How complete is this protection set up?

Antivirus: nod32
Firewall: none
Router: Linksys WRT54G with WPA2 encryption
Additional: Process Guard

Thanks,

Kryspy

 

Very good choise. Personally I've a ZyXEL Prestige 623, with a 8 port switch behind it.