Choosing a Router/Firewall for the Home LAN

Dr. Zowie asks: "How should one choose a router for a home LAN? We just added a few hosts on our home ethernet, which is connected via DSL. There are an amazing number of new entries into the market for routers and even stand-alone firewalls. NetGear, Linksys, SMC, and even Panasonic all have boxen in the $99-$300 range, each of which will do some combination of NAT, routing, source-IP filtering, port filtering, and content filtering."

"It's not at all obvious from the packaging, the web sites, or the drool-proof pamphlets in the boxes which routers will do what. For example, we'd like to pass through packets for our two server machines, and use NAT/DHCP on a third address for the rest of the LAN. Nearly all the boxes advertise that they can do NAT routing, but many don't support NAT and static-IP routing simultaneously.

Die-hards will insist that one should run a standalone box with dual ethernet cards and the appropriate routing goodies -- but these standalone boxes, at 5-15 watts and a couple hundred bucks, seem like comparatively hassle-free solution. Which one do you use?"

Re:Old PC

[b0r1s]

yea, that's secure, but it's nowhere near as simple or as inexpensive ...

openbsd will allow you to have a firewall, and it will handle dhcp/nat/etc for you, but you'll have to configure it. That isnt hard, espescially for people who read this site, but its harder than plugging in a router and configuring it via web interface...

From a cost standpoint, I just bought a 99 dollar linksys router for about 45 after some clever rebates and amazon coupons. Go ahead and tell me what kind of hardware you can buy to run a *bsd router for that much money. I dont think you can even get a small hard drive for that price.

So, yes, congratulations on your first post, but you're wrong. typical.

The Linksys is nice

[rho]

I have the BEFSR41, which is the router plus a 4-port 10/100 switch. It was about $100 from CompUSA.

Dislikes: the web-based interface is a bit wonky with Netscape 4.7 on *nix. It works, but has some weird errors on occasion.

Likes: it works as advertised. I fought with PPPoE on an OpenBSD box for several hours -- I could not figure out why it wasn't working, and none of the so-called "How-tos" helped.

HOW-TO -- a definition
A cruel on-going joke between free unix-alike "documentation" writers that is mostly filled with "it worked for me, maybe you're stupid" insinuations and "this important part of the configuration is terribly, terribly important, but it's beyond the scope of this shitty How-To. Perhaps you are stupid?" notes.

So, I went and bought the Linksys, and within one hour (including the time it took to buy the thing), I was passing bits around the Internet.

The web-based interface does work somewhat with Lynx, but is very cantankerous when used so. I have ssh'ed into my server and then used Lynx to reconfigure the router.

You can forward ports to particular internal IPs, i.e. "all requests for port 80 goes to the computer at 192.168.1.100", and can even put one computer (one IP address) in a "DMZ", where it is completely open (all ports are available to answer).

If you want to do complex filtering or firewalling, it doesn't do such. If your needs aren't really complicated, it will work for you.