[GRLUG] firewall
Grand Rapids Linux Users Group
grlug at grlug.org
Mon Aug 26 22:20:11 EDT 2019
DD-WRT / Open Router should handle just about any netgear router, and is secure and solid. I had it on an AC1200 range-extender for a few years, then ported the configs over to my current NightHawk, after I needed to expand my wifi range. It was also able to handle 2 public IPs on the cox business connection.
Total cost is free.
-Van
> On Aug 26, 2019, at 18:50, Grand Rapids Linux Users Group <grlug at grlug.org> wrote:
>
> I suggest pfsense
>
> Best choice:
> https://www.amazon.com/Firewall-Appliance-Gigabit-Celeron-AES-NI/dp/B07G9NHRGQ/ref=mp_s_a_1_3?keywords=pfsense&qid=1566870381&s=gateway&sprefix=pfsense&sr=8-3 <https://www.amazon.com/Firewall-Appliance-Gigabit-Celeron-AES-NI/dp/B07G9NHRGQ/ref=mp_s_a_1_3?keywords=pfsense&qid=1566870381&s=gateway&sprefix=pfsense&sr=8-3>
>
> Cheaper
>
> https://www.amazon.com/Firewall-Appliance-Gigabit-Celeron-AES-NI/dp/B07G9NHRGQ/ref=mp_s_a_1_3?keywords=pfsense&qid=1566870381&s=gateway&sprefix=pfsense&sr=8-3://www.amazon.com/SG-1100-pfSense-Security-Gateway-Appliance/dp/B07MTMPXKG/ref=mp_s_a_1_4?keywords=pfsense&qid=1566870453&s=gateway&sprefix=pfsense&sr=8-4 <https://www.amazon.com/Firewall-Appliance-Gigabit-Celeron-AES-NI/dp/B07G9NHRGQ/ref=mp_s_a_1_3?keywords=pfsense&qid=1566870381&s=gateway&sprefix=pfsense&sr=8-3://www.amazon.com/SG-1100-pfSense-Security-Gateway-Appliance/dp/B07MTMPXKG/ref=mp_s_a_1_4?keywords=pfsense&qid=1566870453&s=gateway&sprefix=pfsense&sr=8-4>
>
>
> Or edge routers are nice and at 70 bucks. They used to run a version of vytta
> https://www.amazon.com/gp/aw/d/B00YFJT29C/ref=psdcmw_300189_t1_B07MTMPXKG <https://www.amazon.com/gp/aw/d/B00YFJT29C/ref=psdcmw_300189_t1_B07MTMPXKG>
>
> On Aug 26, 2019, at 5:52 PM, Grand Rapids Linux Users Group <grlug at grlug.org <mailto:grlug at grlug.org>> wrote:
>
>> Dual interfaces: unfortunately, the RasPi only has one port, though it's gigabit if you want to do some vlan tinkering
>> Open source: DD-WRT <https://dd-wrt.com/> is pretty good if they support your hardware, might be worth a look. Tomato <https://en.wikipedia.org/wiki/Tomato_(firmware)> might also work for you, but it has a more limited set of supported hardware (hence my never having tried it).
>> Unifi Security Gateway: I like my USG when it works, though I think I got a bad update and might need to ship it back. It also requires a controller running if you want anything do to anything with it more than VERY basic stuff (dhcp and dns configuration), so that'd be another computer (or raspi-like device) running on a regular basis, though I guess since you already have a Unifi AP, you've solved that issue somehow.
>>
>> If you're looking to get more into the Unifi space (and already have a controller), the USG would be pretty good. I've had more than my fair share off issues with it, but I get the feeling that I'm in the minority as most of the people I know that have them are pretty happy. Unifi ships updates pretty regularly and it generally gets out of your way. The downsides are that it takes a while to boot up and you'll need to turn off deep-packet inspection if you have more than 300Mbps of throughput.
>>
>> Otherwise, the Netgear Nighthawk <https://www.amazon.com/NETGEAR-R6700-Nighthawk-Gigabit-Ethernet/dp/B00R2AZLD2/ref=sxin_1_sp_qu_bss_is?crid=1WKY6HYSMV8IO&keywords=netgear+nighthawk&pd_rd_i=B00R2AZLD2&pd_rd_r=8c037a03-4e83-4b3f-b4e9-6483afc61ba8&pd_rd_w=UXP16&pd_rd_wg=Y2x3S&pf_rd_p=59c36603-576b-471f-8561-ef24e0883aa1&pf_rd_r=24VB8R4F31AFF8PVK7SJ&qid=1566867100&s=gateway&sprefix=chest+%2Caps%2C146> is very solid and it just gets out of your way.
>>
>> --Thomas
>>
>> On Mon, Aug 26, 2019 at 7:56 PM Grand Rapids Linux Users Group <grlug at grlug.org <mailto:grlug at grlug.org>> wrote:
>> I'd be tempted by something like this. https://www.cnx-software.com/2019/02/20/nanopi-r1-allwinner-h3-gateway-dual-ethernet-wifi-bluetooth/ <https://www.cnx-software.com/2019/02/20/nanopi-r1-allwinner-h3-gateway-dual-ethernet-wifi-bluetooth/>
>> On Mon, Aug 26, 2019 at 6:47 PM Grand Rapids Linux Users Group <grlug at grlug.org <mailto:grlug at grlug.org>> wrote:
>> I'm in need of a firewall/router and I really don't want yet another old computer running 24/7 in the house.
>>
>> I have an old netgear wifi router that I have been using who's wifi wasn't reliable so I turned off the antennas and bought a unifi ap. I'm still using the old netgear for port forwarding and firewall tasks, but recently settings have been changing and I suspect that this is due to unpatched vulnerabilities. I've disabled most administration functions so I think I'm good for now, but I am looking for something to replace this.
>>
>> Does the raspberry Pi have a dual ethernet interface?
>> Maybe flashing the netgear with some opensource firmware?
>> Maybe unifi Security Gateway?
>> If running an old computer is the best I guess I could do that as well.
>>
>> What are my best options?
>>
>> Share and Enjoy <http://www.hhgproject.org/entries/shareandenjoy.html>
>> Ben
>> --
>> grlug mailing list
>> grlug at grlug.org <mailto:grlug at grlug.org>
>> https://shinobu.grlug.org/mailman/listinfo/grlug <https://shinobu.grlug.org/mailman/listinfo/grlug>
>>
>>
>> --
>> Roger
>>
>> Roger Roelofs
>> Know what you value.
>> --
>> grlug mailing list
>> grlug at grlug.org <mailto:grlug at grlug.org>
>> https://shinobu.grlug.org/mailman/listinfo/grlug <https://shinobu.grlug.org/mailman/listinfo/grlug>
>>
>>
>> --
>> Thomas
>> --
>> grlug mailing list
>> grlug at grlug.org <mailto:grlug at grlug.org>
>> https://shinobu.grlug.org/mailman/listinfo/grlug <https://shinobu.grlug.org/mailman/listinfo/grlug>
> --
> grlug mailing list
> grlug at grlug.org
> https://shinobu.grlug.org/mailman/listinfo/grlug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://shinobu.grlug.org/pipermail/grlug/attachments/20190826/9aa00ee7/attachment.html>
More information about the grlug
mailing list