Menu
What's new
By:
Filters Better Search

Can't find a decent but simple wired router/firewall

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

A

AlexandreG

Guest
Hi
I've been browsing your website for a while and I decided to register on the forums;)

So... Here is my situation... I have a small 1mbits dsl line going to my home. From there, I want to have 2 separate networks to isolate my computers from the other family computers.

To do so, there is 2 options... Expensive equipment with Vlans... Or what I've done in the past using multiple routers.
Now... I am comfortable with the idea of using multiple routers since it works, it's easy and it's cheap...
My problem is, I want a wired only router... Well, I can use a wireless and disabling the wi-fi..

I don't need gigabit ethernet or fancy things like vpn...
But I want it to be good... To have a good SPI, and to have good documentation.

I remember a DIR-615 that I had in the past (I think it is the same with most dlink routers) where you have the option of the NAT endpoint filtering... I REALLY liked this option. In fact, I don't really need it, but I want it to be port AND address restricted for everything... both UDP and TCP!
And I kinda liked the spi! It was clear! It was simply tracking session numbers and tcp flags for the connection.

This is what I find to be a good design.

The problem with this is that I really don't like d-link... I had some problems with them and there is sooo much problem with their latest firmwares that I just don't want to go this way!

The routers having those options are, from what I saw, UBICOM-based routers. The thing is, except for dlink, there is not a lot of those routers...
I saw 2 Trendnet, but they seem to be at their end of live (unable to order them in canada). And they all seem to be cheap clones of a unknown brand (to me) and I don't like this idea:rolleyes:

But I am willing to pay more! So I saw thing like the Zyxel Zywall2Plus, that I find too complex for absolutely nothing...

I also looked at the Cisco RV042... Seems very good! In fact, I really like it! But there is absolutely no information about the nat filtering and the SPI algorithms. And the tech support is useless.. All they managed to say is that the SPI tracks more things (yeah... but what!!!) and about nat endpoint filtering, they never understood what I meant...

So here I am... not knowing what to buy...
Any ideas??;)

Thanks a lot

Alex
 
Unless my understanding of how NAT works, the default is that incoming traffic only gets through the firewall if it matches the IP address and port used by the client that initiated the connection. Providing the other options actually reduces firewall protection.

Consumers routers all provide essentially the same protection via their NAT firewalls. The SPI features are more for marketing purposes, with minor benefit if you forward ports to servers behind the router.
 
Well... I have seen routers that are doing nat based on ports only... It may be older routers... I don't know...

EDIT2: You know, it must match the incoming port and of course need to be sent to the router's wan ip! But the option I mentioned also looked at the REMOTE ip... Don't know if some are looking at the remote port, that's more the job of the SPI...

Do you know any ways to verify that?

Talking about the rv042... I really start to like it! Is there a way to know the nat type?

And in that case, I think you used it a lot (edit: no, it's not you), what is the SPI looking at?

Last EDIT (I hope): I start to thing that I might have to buy the router and to some testing with wireshark and packet builder softwares...

Thanks a lot

Alex
 
Last edited by a moderator:
AlexandreG said:
Last EDIT (I hope): I start to thing that I might have to buy the router and to some testing with wireshark and packet builder softwares...
Click to expand...
If you really want to see what's going on, they yes, you need to do this.
 
So... I am still looking...

Any ideas for WIRED only router with a SPI firewall? That's all I need actually... No needs for VPN and all that stuff...

Looking to spend 150-200$ canadian
 
I am looking at the cisco (linksys) small business products...

What (based on my needs) would be the best?

RV042, RVS4000, RVL200??

If there is better in other brands, feel free to mention them ;)

Thanks a lot

Alex
 
thiggins said:
Those are all VPN routers, which you said you don't need.

All SOHO/SMB routers have SPI. But it doesn't really add any value. See this.
Click to expand...

Yeah... But the quality of these routers is better than most basic cheap home routers... The hardware is better...

And I haven't found routers that were this good without the VPN capability...

Thanks

Alex
 
I am still looking... Nobody is having an idea for me??

Thanks a lot

Alex
 
You will need a router that does VLAN...

To truly separate 2 lans you'll need to setup VLANS.

SPI is standard now on just about everything. What you seem to want is a fully configurable firewall. If you already have a DSL modem, grab this:
Vigor 2110

It does to vpn, but that's not enabled by default (you must set it up.)

Its 138+s&h, I'm not sure where you can get it in CA, but the exchange rate today puts that about ~$153CDN.

I've used a lot of draytek routers, and have been pretty happy with support when there actually is an issue. The hardware is also rock solid as well. I can still remember having to reset a dual wan Linksys router every other day because it would lock up...
 
Well, yeah... VLANS or multiple routers... Like three routers... One main, and 2 other routers that are sort of 2vlans... Well, more than 2 vlans, two separate networks...

So for me it is 3 cheaper routers or one expensive one:rolleyes:

I will give a look at this one... But I never heard of them...

It might be a good discovery!

Thanks

Alex
 
Well.. problem is that I can't get this router in canada... And I don't want to have bad support, slow shipping... also EXPENSIVE shipping... customs fees... etc...
 
You must log in or register to reply here.

Similar threads

B
advice needed regarding a new wired router
Replies
10
Views
977
Rain Kleyman
Rain Kleyman
U
Wired router recommendation to connect two subnets with a modem
Replies
16
Views
876
Tech9
Tech9
S
Prevent client from connecting to router but allow connection to internet via access point
Replies
4
Views
246
swbrains
S
John Tetreault
How to open ipv6 firewall to a port on the router?
Replies
4
Views
692
sfx2000
sfx2000
H
anyone experinced with Draytek routers?
Replies
7
Views
662
sfx2000
sfx2000
Similar threads
Thread starter Title Forum Replies Date
D How to find out where is the internal antenna in zxhn h108n router motherboard? Routers 7

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 816 (members: 32, guests: 784)
Top