Need a router with firewall comparable to software FW

Discussion in 'hardware' started by Sully, Jul 11, 2011.

Thread Status:
Not open for further replies.
  1. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Hi.

    I have switched ISPs recently, and with it lost my static IP. I have been utilizing static IPs from work and home to setup tunnels that I know are safe due to the IP filtering. The work machines have a software firewall as well, so maybe overly protected, but for RDP and other stuff I don't want to take a chance.

    Anyway, right now both home and work have a Dlink DIR-655N, which has been a great router thus far. Prior I have had routers of many makes/models. I preferred the Dlink stuff in the last few years primarily due to greater options in the firmware.

    Right now I am looking to find a router, perhaps a more expensive one than normal (usually I will spend $100 or a little more) that gives me more control over the firewall portions of the router. For example, in my current router I have setup port forwarding and triggering, but apply an Inbound Filter to each, so that some ports are open to the public, others are only opened to specific IP addresses.

    Now that I have a dynamic WAN IP, I need to enter in a DynamicDns domain name, which is translated from DynDns.org, and which routes to my current WAN IP. The problem is that the Dlink router only has limited capabilities for some things. MAC addressing is not suitable, and the filters only except IP addresses, not domain names. Maybe the router doesn't have the capability to resolve the names, or whatever, but it is not fitting my bill right now.

    I have thought about putting on a different firmware like DDWRT or Tomato, but I wonder if I would not be better served to just sink some extra $$$ into a better router, which allows me control more similar to a software firewall.

    Now, I can use software firewalls on the end machines, and I do on one end, but I really would prefer for the gateway(router) to handle all of this stuff, which IMO is better at it anyway.

    I am going to start researching, but honestly there are a very many make/models of routers/gateways out there, so I am asking if anyone might have some suggestions for me to look at.

    Thanks for any input you might have.

    Sul.
     
  2. Johnny123

    Johnny123 Registered Member

    Joined:
    May 4, 2006
    Posts:
    548
    Location:
    Bremen, Germany
    If you have an old box laying around why not try one of the Linux firewall distros? Take a look at IPFire. It has modest hardware requirements and if you read through the wiki you can see that it has a good set of features for a lightweight distro. There are also quite a few addons which are easy to install since it has a package manager built in.

    Hook a switch up to it and you have a router with a pretty advanced firewall that doesn't have the hardware requirements of some of the others, like Astaro or Untangle.
     
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Thanks. I will check that distro out. I know I could do what you speak of, but hesitate due to space requirements and airflow. I have a little cubby for my network gear, and I don't like the idea of a computer being in there. But, if I cannot find a router that fulfills my desires I might just have to resort to some other means.

    I will check that distro out, I have never heard of it, the others I have heard of, and some others as well. What would your opinion be of hosting a fileserver on the router box? The thought occurs that if I go that route, I might just buy one of those itty bitty bookshelf computers and utilize it for a fileserver, but haven't explored the options on that in combination with a network gateway/router.

    Sul.
     
  4. Johnny123

    Johnny123 Registered Member

    Joined:
    May 4, 2006
    Posts:
    548
    Location:
    Bremen, Germany
    That might be a problem. A small embedded system with an Alix board would work if you can find one on the cheap somewhere.

    IPFire is a fork of IPCop, but it seems to be updated a lot more frequently. I ran an IPCop box for several years and the last update was in 2008, which led me to try IPFire. At the moment I'm not using it because I realized that it was overkill for my purposes, but it might do the trick for your requirements.

    On the German IPCop site they don't recommend running a gateway with a file and/or print server on it. OTOH, they tend to give advice based on maximum security. Personally I don't think it's that big of a deal. If you turn off SSH (which is off by default anyway) and only turn it on when you want to get in yourself and then turn it off again I don't see any problems there. In the IPFire forums there seems to be quite a few people running the Samba addon without being pwned.

    For a gateway/fileserver/printserver combination you might also want to take a look at ClearOS.
     
  5. MessageBoxA

    MessageBoxA Registered Member

    Joined:
    Jun 20, 2011
    Posts:
    53
    Sully,

    Nearly every consumer-level router on the planet is using VxWorks or embedded Linux. Both operating systems have flaws and have a long history of remote exploits. In nearly all cases the router manufacturer is very slow releasing updated firmware.

    In my opinion those users with technical ability should always use routers with customizable firmware. I would suggest a DDWRT based router.

    -MessageBoxA
     
  6. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    This would have been my first option, but my router, a Dlink DIR-655N is not compatible with any of those firmwares.

    Thanks for the infos though.

    Sul.
     
Loading...
Thread Status:
Not open for further replies.