Which Cable/DSL Firewall?
On my Home network I am thinking of installing a Cable router/firewall. I have looked at the D-Link 604 and also the Linksys BEFsx41. Was wondering if anyone has had any experiences with these. And would they recomend them or not. And lost but not least, do they work well with Linux. I know they are WebBased configured. which should be OK with Linux. What iI need is: - Firewall protection - URL filtering, Controlled blocking for example Java, ActiveX etc - IPSec and PPTP - Logging - DHCP Server - NTP support - VPN Thanks Stanley
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Stanley, I've got a DLink 614 at home. It's a 614 with wifi support but the features are the same. It has firewall, url filtering, mac filtering, ipsex & pptp (vpn pass through), dhcp server, logging (can be send by mail), ntp support. The web frontend works well with Mozilla, Konqueror. It works with lynx too but you have to know the layout cause images do not have ALT attributes :-/ It's up H24 since 3 month, no prob. Paul Le Mercredi 26 Novembre 2003 11:54, Stanley Keymer a peut-être écrit :
On my Home network I am thinking of installing a Cable router/firewall.
I have looked at the D-Link 604 and also the Linksys BEFsx41. Was wondering if anyone has had any experiences with these. And would they recomend them or not. And lost but not least, do they work well with Linux. I know they are WebBased configured. which should be OK with Linux.
What iI need is: - Firewall protection - URL filtering, Controlled blocking for example Java, ActiveX etc - IPSec and PPTP - Logging - DHCP Server - NTP support - VPN
Thanks Stanley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQE/xJR+U/d5PdUWmeoRAsWYAJ0Rasj3+lk/TGrzmtqFw0Iya1TotQCfTHLO BuxsV0LII6fpF3fjNH0uneQ= =Abp+ -----END PGP SIGNATURE-----
On Wed, 2003-11-26 at 05:54, Stanley Keymer wrote:
On my Home network I am thinking of installing a Cable router/firewall.
I have looked at the D-Link 604 and also the Linksys BEFsx41. Was wondering if anyone has had any experiences with these. And would they recomend them or not. And lost but not least, do they work well with Linux. I know they are WebBased configured. which should be OK with Linux.
Me personally, I have had nothing but bad luck with Linksys routers. Both me and a friend of mine have had similar problems with Linksys routers. I would try the D-link. I have a Netgear router and it works well for what I want. My friend just recently got a D-link and he is thrilled with it. He runs the M$ OS so he cannot say how it will work with Linux. Just my .02 -- Marshall "Nothing is impossible, we just do not have all the answers to make the impossible, possible."
On Wed, 2003-11-26 at 03:54, Stanley Keymer wrote:
On my Home network I am thinking of installing a Cable router/firewall.
I have looked at the D-Link 604 and also the Linksys BEFsx41. Was wondering if anyone has had any experiences with these. And would they recomend them or not. And lost but not least, do they work well with Linux. I know they are WebBased configured. which should be OK with Linux.
What iI need is: - Firewall protection - URL filtering, Controlled blocking for example Java, ActiveX etc - IPSec and PPTP - Logging - DHCP Server - NTP support - VPN
Thanks Stanley
I've been using a Linksys BEFSX41 since before I converted to Linux. After converting to Linux, the router/switch died (a hardware death - not related to Linux). I replaced the one I was using (V1 something) with a V3 model. This caused by ZoneAlarm software (on my Windows boxes) to stop working but Linksys tech support told me I could use the firewall in the V3 model. It turns out I can. My only other problem was that I forgot my password and had to reset everything but that had nothing to do with Linux either. Bottom line? I highly recommend the Linksys BEFSX41. None of the problems I had related in any way to Linux. Don Henson
On Wednesday 26 November 2003 4:54 am, Stanley Keymer wrote:
On my Home network I am thinking of installing a Cable router/firewall.
I have looked at the D-Link 604 and also the Linksys BEFsx41. Was wondering if anyone has had any experiences with these. And would they recomend them or not. And lost but not least, do they work well with Linux. I know they are WebBased configured. which should be OK with Linux.
What iI need is: - Firewall protection - URL filtering, Controlled blocking for example Java, ActiveX etc - IPSec and PPTP - Logging - DHCP Server - NTP support - VPN
Thanks Stanley
SMC makes the Barricade router/firewalls that have some extra features you may appreciate: Serial port for an external modem so that if broadband is down you could switch to dialup with all the benefits of the built-in router and firewall. Parallel port that serves as a print server to your LAN. All the other features you list. Stan
Stanley Keymer wrote:
On my Home network I am thinking of installing a Cable router/firewall.
I have looked at the D-Link 604 and also the Linksys BEFsx41. Was wondering if anyone has had any experiences with these. And would they recomend them or not. And lost but not least, do they work well with Linux. I know they are WebBased configured. which should be OK with Linux.
What iI need is: - Firewall protection - URL filtering, Controlled blocking for example Java, ActiveX etc - IPSec and PPTP - Logging - DHCP Server - NTP support - VPN
Thanks Stanley
Thanks guys bought the D-Link 604 yesterday for 49€, set it up in 10mins. Works great!! Thanks - Stanley -- __ / / __ __ __ __ __ __ __ / /__ / / / \/ / / /_/ / \ \/ / / /_____/ /_/ /_/\__/ /_____/ /_/\_\ a MSDOS Virus "Free Zone" OS Email: stanley.keymer@pp.inet.fi
On Monday 01 December 2003 23:51, Stanley Keymer wrote:
Stanley Keymer wrote:
On my Home network I am thinking of installing a Cable router/firewall.
I have looked at the D-Link 604 and also the Linksys BEFsx41. Was wondering if anyone has had any experiences with these. And would they recomend them or not. And lost but not least, do they work well with Linux. I know they are WebBased configured. which should be OK with Linux.
What iI need is: - Firewall protection - URL filtering, Controlled blocking for example Java, ActiveX etc - IPSec and PPTP - Logging - DHCP Server - NTP support - VPN
Thanks Stanley
Thanks guys bought the D-Link 604 yesterday for 49€, set it up in 10mins. Works great!!
Of course you never did explain why, when you are running Linux, you thought you needed one of these over priced pieces of obsolete technology. You have a much more capable and secure firewall router, traffic shaper, URL filter, IpSEc, Logging, Dhcp Server, with ntp support, VPN, SAMBA etc, etc,etc SITTING RIGHT IN FRONT OF YOU!!!. -- _____________________________________ John Andersen
John Andersen wrote:
On Monday 01 December 2003 23:51, Stanley Keymer wrote:
Stanley Keymer wrote:
On my Home network I am thinking of installing a Cable router/firewall.
I have looked at the D-Link 604 and also the Linksys BEFsx41. Was wondering if anyone has had any experiences with these. And would they recomend them or not. And lost but not least, do they work well with Linux. I know they are WebBased configured. which should be OK with Linux.
What iI need is: - Firewall protection - URL filtering, Controlled blocking for example Java, ActiveX etc - IPSec and PPTP - Logging - DHCP Server - NTP support - VPN
Thanks Stanley
Thanks guys bought the D-Link 604 yesterday for 49€, set it up in 10mins. Works great!!
Of course you never did explain why, when you are running Linux, you thought you needed one of these over priced pieces of obsolete technology. You have a much more capable and secure firewall router, traffic shaper, URL filter, IpSEc, Logging, Dhcp Server, with ntp support, VPN, SAMBA etc, etc,etc SITTING RIGHT IN FRONT OF YOU!!!.
That I know but as I have 4 pc's to handle not one, this solution is fine for me Also remember writing in capital letters is considered rude. You made your point, without the capitals after the etc, etc, etc Thanks again guys, also to them that wrote directly to my email address. - Stanley -- __ / / __ __ __ __ __ __ __ / /__ / / / \/ / / /_/ / \ \/ / / /_____/ /_/ /_/\__/ /_____/ /_/\_\ a MSDOS Virus "Free Zone" OS Email: stanley.keymer@pp.inet.fi
On Tuesday 02 December 2003 05:06, Stanley Keymer wrote:
Also remember writing in capital letters is considered rude.
Other than abbreviations, he did 6 words in caps. That is obviously just emphasis, not rude "shouting." ******************************************************** Powered by SuSE Linux 8.2 Professional KDE 3.1.1 KMail 1.5.1 This is a Microsoft-free computer Bryan S. Tyson bryantyson@earthlink.net ********************************************************
John Andersen wrote:
On Monday 01 December 2003 23:51, Stanley Keymer wrote:
Stanley Keymer wrote:
On my Home network I am thinking of installing a Cable router/firewall.
I have looked at the D-Link 604 and also the Linksys BEFsx41. Was wondering if anyone has had any experiences with these. And would they recomend them or not. And lost but not least, do they work well with Linux. I know they are WebBased configured. which should be OK with Linux.
What iI need is: - Firewall protection - URL filtering, Controlled blocking for example Java, ActiveX etc - IPSec and PPTP - Logging - DHCP Server - NTP support - VPN
Thanks Stanley
Thanks guys bought the D-Link 604 yesterday for 49€, set it up in 10mins. Works great!!
Of course you never did explain why, when you are running Linux, you thought you needed one of these over priced pieces of obsolete technology. You have a much more capable and secure firewall router, traffic shaper, URL filter, IpSEc, Logging, Dhcp Server, with ntp support, VPN, SAMBA etc, etc,etc SITTING RIGHT IN FRONT OF YOU!!!.
Just as I went on to a cable modem, a firewall was the next obvious thing. I used floppyfw on an old Cyrix M200 with HD and CDROM taken out. I just couldn't get some ports working for hamradio VOIP and got no reply to my request for help from the developer, so I switched to BBIagent (http://BBIagent.net) which is also floppy based (CD option for dosh) and very intuitive to set up remotely by any java enabled browser. It has DHCP server and Printer serving included, NTP I have running on all the boxes behind the firewall. I wonder how current the commercial boxes are, especially with updates when vulnerabilities are discovered. In addition to my hamradio stuff, I use it for gnomemeeting, netmeeting (via crossover), VPN in to work for which I thought I'd have to install Astaro Linux, then work sent me the Cisco VPN client for Linux. One of my friends said he bought a router for 300 UK Pounds, then discovered he could have done it all in Linux. I suppose the one reason for having a separate gadget is isolation of all your other boxes. Regards Sid. -- Sid Boyce .... Linux Only Shop.
On Tuesday 02 December 2003 06:33, Sid Boyce wrote:
I wonder how current the commercial boxes are, especially with updates when vulnerabilities are discovered.
Exactly right Sid. For the price of a second nic ($5 at a flea market) you can protect your entire net with any of your linux boxes and never even notice the load. Even an old machine you might consider junking has enough gas to pass packets as fast as your calbe modem or dsl can deliver them. I use an old pentium 120 for this - running headless (no monitor) over in the corner, and manage it with ssh. Most of these firewall/routers are running some long obsolete version of linux, and many are not upgradeable. They are far more hackable than the companies lead you to believe, and have been frequently shipped with commonly known passwords. In the process you will have to learn at least a smattering of things about iptables ( shorewall makes it childs play ), dhcp server setup, and that's about all that is necessary. The rest is optional. The only thing the commercial boxes have going for them is they are getting so cheap ($30-$80) that those too busy to learn can still use them. But "too busy to learn" does not sound like a LInux user. -- _____________________________________ John Andersen
On Wed December 3 2003 03:39 am, John Andersen wrote:
On Tuesday 02 December 2003 06:33, Sid Boyce wrote:
I wonder how current the commercial boxes are, especially with updates when vulnerabilities are discovered.
Exactly right Sid. For the price of a second nic ($5 at a flea market) you can protect your entire net with any of your linux boxes and never even notice the load. Even an old machine you might consider junking has enough gas to pass packets as fast as your calbe modem or dsl can deliver them. I use an old pentium 120 for this - running headless (no monitor) over in the corner, and manage it with ssh.
Most of these firewall/routers are running some long obsolete version of linux, and many are not upgradeable. They are far more hackable than the companies lead you to believe, and have been frequently shipped with commonly known passwords.
In the process you will have to learn at least a smattering of things about iptables ( shorewall makes it childs play ), dhcp server setup, and that's about all that is necessary. The rest is optional.
The only thing the commercial boxes have going for them is they are getting so cheap ($30-$80) that those too busy to learn can still use them.
But "too busy to learn" does not sound like a LInux user.
Just my $.02 but I really think you (John) are going a bit overboard on this. I once had to set up a small household LAN with two machines, both linux and using DSL for a connection. I originally set it up with a 2 nic setup and it worked fine. But for several reasons, decided to switch to a Linksys router. One reasons were: 1) I wouldn't always be around to trouble shoot any problems that might come up with a 2 machine setup. 2) The extra machine would be running all the time when it wasn't being used for anything but a firewall. (not a big deal) 3) No UPS so that any power problems and subsequent boot problems would have to be dealt with. 4) The Linksys box handled forwarding of requests without much of a hassel. and the main reason: 5) I found the Linksys box to be a much tighter firewall than the linux box. (based on nmap from an outside scan) And yes, I had the firewall set up like I wanted it. Yes, you could probably screw things as tight as the Linksys box but that can create problems too. So I don't think you are doing people any big favors by brow-beating them into using a firewall machine. Every situation needs to have its own proper solution. -- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 12/03/03 08:12 + +----------------------------------------------------------------------------+ Milstead's Driving Principal: "Whenever you need to stop at a light to put on make-up, every light will be green."
Bruce Marshall wrote:
On Wed December 3 2003 03:39 am, John Andersen wrote:
On Tuesday 02 December 2003 06:33, Sid Boyce wrote:
I wonder how current the commercial boxes are, especially with updates when vulnerabilities are discovered.
Exactly right Sid. For the price of a second nic ($5 at a flea market) you can protect your entire net with any of your linux boxes and never even notice the load. Even an old machine you might consider junking has enough gas to pass packets as fast as your calbe modem or dsl can deliver them. I use an old pentium 120 for this - running headless (no monitor) over in the corner, and manage it with ssh.
Most of these firewall/routers are running some long obsolete version of linux, and many are not upgradeable. They are far more hackable than the companies lead you to believe, and have been frequently shipped with commonly known passwords.
In the process you will have to learn at least a smattering of things about iptables ( shorewall makes it childs play ), dhcp server setup, and that's about all that is necessary. The rest is optional.
The only thing the commercial boxes have going for them is they are getting so cheap ($30-$80) that those too busy to learn can still use them.
But "too busy to learn" does not sound like a LInux user.
Just my $.02 but I really think you (John) are going a bit overboard on this. I once had to set up a small household LAN with two machines, both linux and using DSL for a connection. I originally set it up with a 2 nic setup and it worked fine. But for several reasons, decided to switch to a Linksys router.
One reasons were:
1) I wouldn't always be around to trouble shoot any problems that might come up with a 2 machine setup. 2) The extra machine would be running all the time when it wasn't being used for anything but a firewall. (not a big deal) 3) No UPS so that any power problems and subsequent boot problems would have to be dealt with. 4) The Linksys box handled forwarding of requests without much of a hassel.
and the main reason:
5) I found the Linksys box to be a much tighter firewall than the linux box. (based on nmap from an outside scan) And yes, I had the firewall set up like I wanted it. Yes, you could probably screw things as tight as the Linksys box but that can create problems too.
So I don't think you are doing people any big favors by brow-beating them into using a firewall machine. Every situation needs to have its own proper solution.
I just think people should be aware of the options and they are many. If I suffer a power cut - I never remember to replace the UPS (and get new batteries for this one) when I have all boxes down - and my daughters need to use the machines while I'm away, they just boot up floppyfw which is preconfigured and they are on the net. An extra machine can be very basic and out of the way, a case/PS, motherboard, a 486, 8M or so of memory, a floppy and 2 NIC's. It can't consume much more power than the nice painted box, itself a firewall machine. Then there is the question of whether it can be kept current with the changing nature of attacks and intrusions. Outside nmap scans -- I haven't tried it, but you might give me a report on 82.37.88.186 running BBIagent. Regards Sid. -- Sid Boyce .... Linux Only Shop.
participants (9)
-
Bruce Marshall
-
Bryan Tyson
-
Donald Henson
-
John Andersen
-
Marshall Heartley
-
Paul
-
Sid Boyce
-
Stan Glasoe
-
Stanley Keymer