can you recommend secure router

[rabit]

I'm building a network of 24 systems. I got a D-Link swich which works perferctly. The Internet connection is dynamic IP bussines-class cable. I need a good router or HD firewall to put between the modem and swich so I can create a private IP range. Can you recommend any such router. Make/Model pls? I only need 1 port for the network but I wouldn't mind 4 port.

[D0pp139an93r]

You can't go wrong with a Linksys. It's all I use.

[phishphreek]

rabit: I use a cisco 806 broadband router. It is good for NAT, routing and the firewall.
Its a bit of a pain to configure if you don't know what you're doing.

Easy to Deploy and Set Up

The Cisco 806 Router includes the Cisco Router Web Setup tool (CRWS) tool, a Web-based configuration tool for simplified installation and setup. To configure the router, users simply point a Web browser to the IP address of the router and follow a few simple steps. This allows the Cisco 806 Router to be readily installed by nontechnical personnel or end users and allows a user to easily enable the stateful firewall. For no additional cost, Cisco Configuration Express is used by service providers, system integrators, and enterprises for large deployments where uniquely configured, plug-and play-ready devices are drop-shipped directly to the end user from Cisco's factory. Cisco Configuration Express eliminates the cost of deployment logistics and product warehousing. Custom configurations and address ranges are entered during the ordering process, and then merged to produce a uniquely configured Cisco IOS router with a unique asset tag and customized labels.

http://www.cisco.com/warp/public/cc/...t/806bg_ds.htm

Liar! The CRWS really sucked. I couldn't do much with it. It was really buggy (kept corrupting the config) and I only used it to get an idea of what the wan config should look like. Then I disabled it and created it from scratch using the CLI. Much better!!! I love my cisco though. I don't think I'll ever replace it. I'll just add things behind it.

Have you looked into things like smoothwall or ipcop? That may be a pretty good solution for you. Especially if you want to keep better tabs of what is going on. They include a router, firewall, proxy, intrusion detection system, vpn and you don't have to run anything except for the computer after initial setup. You can remove mouse, keyboards, monitors etc. You can manage it remotely via ssh for CLI and a web browser for everything else. Patching it is pretty easy too.

Its a pretty nice free solution. All you pay for is the time to set it up and the hardware to run it.
It will run on as little as a 486 but you're going to want something a little faster for 24 users.

I was running mine on a Dual PII 300mhz for about 10 users and never had a hickup. I'd suspect that's about all you'd need for your users too.

Visit the sites below to learn more about them.
http://www.smoothwall.org/
http://www.ipcop.org/cgi-bin/twiki/view/IPCop/WebHome

If you don't have time for all that, then a linksys or dlink will do fine. You just won't get all the goodies that smoothwall and ipcop has. There are similar commercial products with far more features... but you're going to pay far more money. I believe the first time I set it up... I spent about 1 hr. figuring it out. Not too bad.

[UpperCell]

I'll second that, never been a problem for me. remember to update the firmware though.

BTW, It's not said to clearly in the instructions, though it's kinda obvious it got me. UPGRADING THE FIRMWARE WIPES ALL YOUR SETTINGS. Had to spend half an hour on the phone just to get dns stuff for my internal pcs again.


[edit]
I was seconding the linksys, last post was while I was posting. Cisco's great though, often pricy.
[/edit]

[HTRegz]

Hey Hey,

There's really no difference. I would recommend the Linksys only because I've heard of problems with the Dlink routers. Of course it depends on if you mean a home-based router, or a, as I like to call them, real router. Then you've got a big difference, not only if the level of security you can provide but also in the price.

I have a Linksys BEFW11S4 at home and it more than meets my needs and I last saw it's price listed at $80 CDN. However you most likely don't need the wireless aspect, so you could grab a non-wireless model for a little less. If you have some money kicking around and can afford to spend around $500 USD, then I would suggest going with the Cisco 831 Broadband Router. It runs the Cisco IOS and allows you to do everything you can do on a bigger Cisco router (ACLs, NAT, Firewall, etc). If you don't need to go new, you can usually find these for a fairly good price on ebay, however if you decide to deal with ebay, then you can also look into a rackmount Cisco router like the 2501. However in your case, i think the 831 would be better for you. It has the WAN port, and it also has a 4 port switch built in, something the high end Cisco routers don't have.

As far as security, that depends on how much time you want to spend setting it up and learning the software that drives it.

[Edit]
I guess I got caught up and work and forgot about this for a bit. There's been some good posts here. Going with what phish mentioned about smoothwall and such. Check out FreeSCO. We have it running on one of our machines in the backroom and it does the job quite well.
[/Edit]

Peace,
HT

[Relyt]

Yo,

If money's an issue, I second the smoothwall. Been up for seven months and I have pounded the heck out of it, flooding it with 2 boxes at once, trying to get it to burb or fart or something. It's been hanging in there like a real trooper. It comes with snort, logging services, DHCP server etc, etc,. I don't want to sound like an ad so take it for a spin.

[rabit]

this isn't my network but an office network that i'm working on. it will have 10 employees (more later) i doubt that the guy will pay for cisco and for the money that i'm getting i'am not about to start configuring smoothwall for him. i'm thinking something like watchguard. or any router w/ firewall plus VPN ... wired

keep it coming thought

[AngelofRevenge]

What to do? I think you should get a router/ hardware firewall and configure it properly. Make sure the details are only possessed by you though.

[HTRegz]

Hey Hey,

Just a quick follow up because I saw your last post. You are thinking of going with a Watchguard product? Have you checked out their pricing? It's basically the same price as the Cisco 800 series products. Either the 806 that phish mentioned, or the 831 I posted about previously. I would definately recommend going with those before a Watchguard product, but I may be biased... I think cisco products are amazing.

Peace,
HT

[Galdron]

I hate to give a one line post, but this one is necessary.


Phish provided the information. Good links Phish. Read up on it bro.