are all nat routers equal?

Discussion in 'other firewalls' started by lodore, Jan 11, 2007.

Thread Status:
Not open for further replies.
  1. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hello everyone,
    atm i have a bt voyager 2091 which i connect using the usb connection.
    i dont know why it has usb but it does.
    is the firewall in all nat routers equal?
    or have some nat routers have better firewalls?
    i was knida thinking of eiether upgrading to something like the bt voyager 2110.
    or get something like the draytek vigor 2910.
    but i dont know how easy draytek are to setup?
    also i dont know if the firewall in it is better or not.
    the bt voyager 2110 i reccomended to my neigibour and i set it up for him in about 1 minute.
    but if some routers have better firewalls in them i would like to know which ones do aka some links please.
    lodore
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Excepting bugs, the NAT/SPI feature is almost the same in all cheap routers.
     
  3. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
  4. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado

    http://www.linuxjournal.com/article/5826

    http://www.netfilter.org/
    http://www.nisi.ab.ca/lrp/DiskImages/Which14Me.htm
    http://www.nisi.ab.ca/lrp/Packages.htm
    http://leaf.sourceforge.net/
    http://www.snort.org/
    http://freeos.com/articles/3404/
    http://freeos.com/articles/3405/
    http://www.freeos.com/articles/3496/


    yes
    this is the deep end of the pool :p

    but admission is free ;)
     
    Last edited: Jan 11, 2007
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Yes, Linux/xBSD routers destroy every closed box in features and performance, but I think they are out of the lodore´s radar :)
    For example: you could have a router that does NAT/SPI, has antispam, antivirus, IDS, content filtering, QoS, proxy and more with 100x the routing performance of a commercial unit for free. You only have to buy the hardware in case you don´t have a spare machine.
    Search for Coyote Linux, Freesco, Smoothwall, Clarkconnect, m0n0wall, pfSense, IPCop, Copfilter, Endian, Astaro, Squid, SpamAssassin, Dansguardian, ClamAV, HAVP, Snort.
     
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    ok then:D
    i was wondering what router makes people swear by for the home user?
    i want something without an install cd.
    just a plug in all the cables then install usb wireless dongle and type in username and password from isp and bingo you have internet!
    or a very quick and simple cd like the apple airport exetreme one.
    lodore
     
  7. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    is there an echo in here?

    :D

    some of those precompiled Linux floppies\CDs are very simple
    and looking through a geek's closets and under benches will often reveal enough hardware to cobble one together in a few hours ;)

    its sort of a spectrum, at one end near n00b level at the other a GIAC
    (GCIA \ GCFW)

    most basic routers youd find in a brick and mortor sold to the general public have the same basic features, and buying anything above that level really hurts unless snagged off ebay from an enterprise
    especially when someoneelse's garbage and a Linux CD will beat its pants off
     
    Last edited: Jan 11, 2007
  8. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    I had a play with some £2000 cisco routers on my course at college:D
    i thought that draytek was quite fully featured for a home router but i dont know if its easy to install thou.
    lodore
     
  9. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Ice, you continue to surprise me:eek:
    I HAD NO IDEA ONE COULD BUILD A ROUTER!! I'M AN IDIOT! lol
    Where do you come up with all this AND links??
     
  10. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    ex Admin :p
     
  11. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Take a spare PC:
    and follow a good tutorial:
    The Perfect Linux Firewall Part I -- IPCop
    The Perfect Linux Firewall Part II -- IPCop & Copfilter
    Don´t have a spare PC? Buy Mini-ITX boards
    http://img213.imageshack.us/img213/9240/epia20dptoplbg1.th.jpg
    :ninja:
     
  12. Arup

    Arup Guest

    Plus the advantage of the Linux based router is no connection limits as experienced on cheapo routers due to their limited memory and processing power so with a high speed connection its happy P2P days ;)
     
  13. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Smoothwall is another great firewall. www.smoothwall.org
    It was perfect for my redundant p2 and p3 computers.
     
  14. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    There was a test of dozens of cheapo NAT routeres on DSLreports and not a single (even the XP firewall survived) was penetrated, via hacking attempts (including real experts) - this is for unsolicitated attacks, where no route of entry has been gained (eg via an email with something nasty inside).

    http://www.dslreports.com/forum/remark,14671194

    Anyhow, one good test for a router is if it can run Emule and play games, I had a cheapo one that though it had port forwarding could not establish a connection on emule and could'nt keep Counterstrike open for long.

    EVERY cheapo router on the market runs Linux.

    Most (I have seen) have enough memory/cpu to handle the amount of connections P2P like emule or Bitorrent fine, the problematic Linksys routers for P2P is due to poor default configuration rather than a CPU/ram issue, but compared to what a dedicated PC running softwall they cannot handle the same amount of connections, but in my experience my old linksys router and my current belkin could both handle the default amount of connections for emule (set for my 4 meg cable connection).

    If you want, you can even mod your router http://www.DD-WRT.com (I have not done because I dont need any of the extra features offered).
    Newer Linksys routers have less rom (flashable) which means running the full DD-WRT impossible.

    Taking the PC based firewall route is a great learning experience, for sure.
    But I prefer the built in hub and wireless over a PC based setup, extra cost of a hub (or the 4 network cards I would need + a wireless access point to wire up my pc, laptop, server and Xbox), adds upto more than buying a router with these features built in, depends if you want/need the configurability of a PC based firewall or not.
     
    Last edited: Jan 12, 2007
  15. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Hello,
    Me bro and I have setup SmoothWall firewalls from old P3s. It was great fun doing it. Extra cost were indeed a switch and network cards. But it's worth it, because you can say you're a real geek :)
    I'm planning an article in the pipe, too.
    Mrk
     
  16. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I still use an old Netgear DG834 with an extra wireless box. I believe you can buy their newer models with wireless built in ?

    all I know is (1) it was easy to set up (2) various "stealth" tests say it is stealthed (3) as far as I can tell all my computers are clean.
     
  17. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    Ive been using a basic 4 port NAT router for half a decade too
    But the real reasons Im going to finally build a Linux router are

    1. Im about to rent to several roomates and Im setting up a gigabit NAS to the whole house with shared workstation access (art students w\ eventually a small rendering cluster possibly)

    2. To impose a Snort IDS in between the LAN and the net.
     
  18. charincol

    charincol Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    113
    pfSense with Snort rules works well on my firewall box at home. (PII350, 192MB RAM)

    Coyote Linux is not the same project as it started out as. The original project is more user friendly and now goes by BrazilFW. It is very modular and powerful and is much better since the new name.

    I would use BrazilFW if it's traffic shaping were as good as pfSense's is. BrazilFW runs well on a PI with 16MB ram.
     
  19. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Thanks for the advice :thumb:
     
  20. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    routers

    hello,
    this is a followup of my are all routers equal.
    atm ive got a bt voyager 2091
    i am looking at this linksys router
    its a pre N router so its pretty damn fast
    what are the linksys routers like to setup?
    can you just plug in the linksys router and plug it in to the the phone line using adsl cables and then connect to it using wireless?
    and once the connection is active just go in to the control panel and setup security?
    or do you have to input lots of manual settings?
    if you read the user guide it seems to say just connect to it using wireless then go to web interface and turn on secuirty

    but the quick start guide shows that it seems you need to configure it first using the webbased interface for the first pc.
    do you have to connect to it using a ethernet connection first? then configure it and then connect via wireless?

    i am just reading the manual because if i do decide to buy one i dont want to get stuck with no internet trying to set it up.

    i dont get the green C and D in the quick install guide

    grey A is a bit odd
    but grey B is easy just set to automatic
    grey C just save settings.

    so many settings to check
    well i will check the post tomorrow.
    any more infomation about all the steps will be useful.
    it looks like a nice router but its mainly manual config which could get annoying unless some people here can help me out.



    lodore
     
    Last edited: Jan 22, 2007
  21. Eldar

    Eldar Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2,126
    Location:
    Vilvoorde (Belgium)
    Re: routers

    Don't know anything about setting up a Linksys wireless router Lodore, but setting up a router isn't that difficult. :)

    I do have a US Robotics Maxg wireless router, of which I'm pretty satisfied.
    Setting it up went like a breeze. :)
    Only downside was that the first time I installed it, I had to hard reset it to get into my configuration screen.
    I guess that's some fault from USR, since other people experienced that too. :doubt:

    Also have a Dlink router (not wireless) and setting that up was easy.

    If you need some assistance, I'm sure others will jump to the rescue.
    Well, jumping .... :rolleyes: :D

    Good luck with it. ;)
     
  22. charincol

    charincol Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    113
    My ZyXEL x550 wifi router sits behind my pfSense box acting only as a switch and access point. It is not double NAT'd. It's a real nice setup.
     
Thread Status:
Not open for further replies.