Skip to content
{ 2008 07 10 }

Reworking the network

Up till now I’ve been run­ning the home fire­wall and a couple of minor web­sites from an old (1996 or there­abouts) Pen­tium 3 box in the base­ment, that uses Debian. It seems to work reas­on­ably well, and has been fend­ing off bots and other threats with adequate fero­city. There seems no reason, how­ever, to think that the num­ber of attacks will decrease in the next little while, and every reason to sus­pect that one of these days the hard disk will fail, leav­ing me without a fire­wall. The web­sites are backed up and eas­ily restor­able, the time to set up a fire­wall and get it work­ing with a PPPoE con­nec­tion to an ISP that doesn’t under­stand Linux is what will take the time.

So I’ve been won­der­ing about rejig­ging the whole net­work, get­ting an off-the-shelf hard­ware firewall/router that can feed into the wire­less router. I’m a little para­noid about get­ting some­thing that is secure but not intend­ing to spend thou­sands. We’ve blocked all ports except the neces­sary ones on the sys­tem right now, except for allow­ing SSH access in and out, and, of course, port 80 for the web sites. Secur­ity will be par­tic­u­larly import­ant as the kids move into the teen­age years and start want­ing to down­load stuff.

I’m look­ing for some advice here. Do I need any­thing more than NAT, DMZ, and for­ward­ing appro­pri­ate ports to internal serv­ers, which I can get from stand­ard consumer-level router/firewalls? Any par­tic­u­larly good brands and mod­els I should look for?

Posted by Lauren Wood on Thursday, July 10, 2008, at 10:41 am. Filed under Technology. You can post a comment, but trackbacks are closed.

{ 5 } Comments

  1. Boris Mann | Jul 10, 2008 at 11:08 am | Permalink

    If you don’t mind doing a little fid­dling (and, well, you’re run­ning a Debian based router now :P ), get a stand­ard router and then put DD WRT (http://www.dd-wrt.com/) firm­ware on it.

  2. Ed Davies | Jul 10, 2008 at 3:30 pm | Permalink

    Boris, you’ve answered the second ques­tion: “how?”, not the first: “what?”, as in: “Do I need any­thing more than NAT, DMZ, and for­ward­ing appro­pri­ate ports to internal serv­ers?” which seems to me like quite a good one.

  3. Dave Pawson | Jul 10, 2008 at 10:33 pm | Permalink

    I use a modem with many of those fea­tures.
    http://www.thinkbroadband.com/hardware/reviews/2002/q4/st510v4.html
    Quite a few fire­wall fea­tures, NAT etc. Line, mode, 802.3 to the wifi router.

    Works well and a lot cheaper than a ded­ic­ated firewall.

    HTH

  4. Thomas Michlmayr | Jul 12, 2008 at 2:47 pm | Permalink

    i’d get a link­sys WRT54GL.
    the default firm­ware is decent, and if you need more, you can install a num­ber of avail­able free firm­ware builds, from open­wrt, to free­wrt to dd-wrt and oth­ers.
    you get wifi and 5 eth­er­net ports in a nice pack­age, and run­ning an altern­at­ive firm­ware, you can even set the eth­er­net ports into dif­fer­ent vlans, turn­ing the box into a 4 port router plus wifi (and one port of PPPoE).

  5. Eric J. Bowman | Jul 13, 2008 at 8:32 pm | Permalink

    NAT, DMZ and port for­ward­ing ought to do it, I also need VPN. I’ve been steer­ing people I know to CyberGuard’s Snap­Gear lineup for years, never a prob­lem, embed­ded Linux:

    http://www.securecomputing.com/index.cfm?skey=1571

Post a Comment

Your email is never published nor shared. Required fields are marked *