[GRLUG] firewall

Grand Rapids Linux Users Group grlug at grlug.org
Mon Aug 26 20:52:46 EDT 2019


Dual interfaces: unfortunately, the RasPi only has one port, though it's
gigabit if you want to do some vlan tinkering
Open source: DD-WRT <https://dd-wrt.com> is pretty good if they support
your hardware, might be worth a look.  Tomato
<https://en.wikipedia.org/wiki/Tomato_(firmware)> might also work for you,
but it has a more limited set of supported hardware (hence my never having
tried it).
Unifi Security Gateway: I like my USG when it works, though I think I got a
bad update and might need to ship it back.  It also requires a controller
running if you want anything do to anything with it more than VERY basic
stuff (dhcp and dns configuration), so that'd be another computer (or
raspi-like device) running on a regular basis, though I guess since you
already have a Unifi AP, you've solved that issue somehow.

If you're looking to get more into the Unifi space (and already have a
controller), the USG would be pretty good.  I've had more than my fair
share off issues with it, but I get the feeling that I'm in the minority as
most of the people I know that have them are pretty happy.  Unifi ships
updates pretty regularly and it generally gets out of your way.  The
downsides are that it takes a while to boot up and you'll need to turn off
deep-packet inspection if you have more than 300Mbps of throughput.

Otherwise, the Netgear Nighthawk
<https://www.amazon.com/NETGEAR-R6700-Nighthawk-Gigabit-Ethernet/dp/B00R2AZLD2/ref=sxin_1_sp_qu_bss_is?crid=1WKY6HYSMV8IO&keywords=netgear+nighthawk&pd_rd_i=B00R2AZLD2&pd_rd_r=8c037a03-4e83-4b3f-b4e9-6483afc61ba8&pd_rd_w=UXP16&pd_rd_wg=Y2x3S&pf_rd_p=59c36603-576b-471f-8561-ef24e0883aa1&pf_rd_r=24VB8R4F31AFF8PVK7SJ&qid=1566867100&s=gateway&sprefix=chest+%2Caps%2C146>
is
very solid and it just gets out of your way.

--Thomas

On Mon, Aug 26, 2019 at 7:56 PM Grand Rapids Linux Users Group <
grlug at grlug.org> wrote:

> I'd be tempted by something like this.
> https://www.cnx-software.com/2019/02/20/nanopi-r1-allwinner-h3-gateway-dual-ethernet-wifi-bluetooth/
>
> On Mon, Aug 26, 2019 at 6:47 PM Grand Rapids Linux Users Group <
> grlug at grlug.org> wrote:
>
>> I'm in need of a firewall/router and I really don't want yet another old
>> computer running 24/7 in the house.
>>
>> I have an old netgear wifi router that I have been using who's wifi
>> wasn't reliable so I turned off the antennas and bought a unifi ap.  I'm
>> still using the old netgear for port forwarding and firewall tasks, but
>> recently settings have been changing and I suspect that this is due to
>> unpatched vulnerabilities.  I've disabled most administration functions so
>> I think I'm good for now, but I am looking for something to replace this.
>>
>> Does the raspberry Pi have a dual ethernet interface?
>> Maybe flashing the netgear with some opensource firmware?
>> Maybe unifi Security Gateway?
>> If running an old computer is the best I guess I could do that as well.
>>
>> What are my best options?
>>
>> Share and Enjoy <http://www.hhgproject.org/entries/shareandenjoy.html>
>> Ben
>> --
>> grlug mailing list
>> grlug at grlug.org
>> https://shinobu.grlug.org/mailman/listinfo/grlug
>>
>
>
> --
> Roger
>
> Roger Roelofs
> Know what you value.
> --
> grlug mailing list
> grlug at grlug.org
> https://shinobu.grlug.org/mailman/listinfo/grlug
>


-- 
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://shinobu.grlug.org/pipermail/grlug/attachments/20190826/2033b267/attachment.html>


More information about the grlug mailing list