[GRLUG] firewall

Grand Rapids Linux Users Group grlug at grlug.org
Wed Sep 4 23:02:18 EDT 2019


+1 Edgerouter X.  Been using Ubiquiti gear (edgerouter 8-Pro, 10G switch,
several Edge Lites, and an X) for YEARS.  They rock.  Love their Unifi gear
too and have outfitted a church with all kinds.  Gotta recognize my pfSense
though.  Tried it back before it was born (m0n0wall) and still love it.
For home use under $60 bucks <https://store.ui.com/products/edgerouter-x>,
the EdgerouterX can't be beaten. Anything sub $100 with >= 3ports that can
run pfSense though, has my vote too.  The SG-1100
<https://store.netgate.com/pfSense/SG-1100.aspx> comes in at $160, but I'm
too cheap.  Heck I bought an old thin client for <$50 bucks once.  Modded
it to add 2nd NIC and compact flash card and ran early version of pfSense
for a long time.  Eventually the CF card died.

On Mon, Aug 26, 2019 at 10:20 PM Grand Rapids Linux Users Group <
grlug at grlug.org> wrote:

> DD-WRT / Open Router should handle just about any netgear router, and is
> secure and solid.  I had it on an AC1200 range-extender for a few years,
> then ported the configs over to my current NightHawk, after I needed to
> expand my wifi range.  It was also able to handle 2 public IPs on the cox
> business connection.
>
> Total cost is free.
>
> -Van
>
> On Aug 26, 2019, at 18:50, Grand Rapids Linux Users Group <grlug at grlug.org>
> wrote:
>
> I suggest pfsense
>
> Best choice:
>
> https://www.amazon.com/Firewall-Appliance-Gigabit-Celeron-AES-NI/dp/B07G9NHRGQ/ref=mp_s_a_1_3?keywords=pfsense&qid=1566870381&s=gateway&sprefix=pfsense&sr=8-3
>
> Cheaper
>
>
> https://www.amazon.com/Firewall-Appliance-Gigabit-Celeron-AES-NI/dp/B07G9NHRGQ/ref=mp_s_a_1_3?keywords=pfsense&qid=1566870381&s=gateway&sprefix=pfsense&sr=8-3://www.amazon.com/SG-1100-pfSense-Security-Gateway-Appliance/dp/B07MTMPXKG/ref=mp_s_a_1_4?keywords=pfsense&qid=1566870453&s=gateway&sprefix=pfsense&sr=8-4
>
>
> Or edge routers are nice and at 70 bucks.  They used to run a version of
> vytta
> https://www.amazon.com/gp/aw/d/B00YFJT29C/ref=psdcmw_300189_t1_B07MTMPXKG
>
> On Aug 26, 2019, at 5:52 PM, Grand Rapids Linux Users Group <
> grlug at grlug.org> wrote:
>
> Dual interfaces: unfortunately, the RasPi only has one port, though it's
> gigabit if you want to do some vlan tinkering
> Open source: DD-WRT <https://dd-wrt.com/> is pretty good if they support
> your hardware, might be worth a look.  Tomato
> <https://en.wikipedia.org/wiki/Tomato_(firmware)> might also work for
> you, but it has a more limited set of supported hardware (hence my never
> having tried it).
> Unifi Security Gateway: I like my USG when it works, though I think I got
> a bad update and might need to ship it back.  It also requires a controller
> running if you want anything do to anything with it more than VERY basic
> stuff (dhcp and dns configuration), so that'd be another computer (or
> raspi-like device) running on a regular basis, though I guess since you
> already have a Unifi AP, you've solved that issue somehow.
>
> If you're looking to get more into the Unifi space (and already have a
> controller), the USG would be pretty good.  I've had more than my fair
> share off issues with it, but I get the feeling that I'm in the minority as
> most of the people I know that have them are pretty happy.  Unifi ships
> updates pretty regularly and it generally gets out of your way.  The
> downsides are that it takes a while to boot up and you'll need to turn off
> deep-packet inspection if you have more than 300Mbps of throughput.
>
> Otherwise, the Netgear Nighthawk
> <https://www.amazon.com/NETGEAR-R6700-Nighthawk-Gigabit-Ethernet/dp/B00R2AZLD2/ref=sxin_1_sp_qu_bss_is?crid=1WKY6HYSMV8IO&keywords=netgear+nighthawk&pd_rd_i=B00R2AZLD2&pd_rd_r=8c037a03-4e83-4b3f-b4e9-6483afc61ba8&pd_rd_w=UXP16&pd_rd_wg=Y2x3S&pf_rd_p=59c36603-576b-471f-8561-ef24e0883aa1&pf_rd_r=24VB8R4F31AFF8PVK7SJ&qid=1566867100&s=gateway&sprefix=chest+%2Caps%2C146> is
> very solid and it just gets out of your way.
>
> --Thomas
>
> On Mon, Aug 26, 2019 at 7:56 PM Grand Rapids Linux Users Group <
> grlug at grlug.org> wrote:
>
>> I'd be tempted by something like this.
>> https://www.cnx-software.com/2019/02/20/nanopi-r1-allwinner-h3-gateway-dual-ethernet-wifi-bluetooth/
>>
>> On Mon, Aug 26, 2019 at 6:47 PM Grand Rapids Linux Users Group <
>> grlug at grlug.org> wrote:
>>
>>> I'm in need of a firewall/router and I really don't want yet another old
>>> computer running 24/7 in the house.
>>>
>>> I have an old netgear wifi router that I have been using who's wifi
>>> wasn't reliable so I turned off the antennas and bought a unifi ap.  I'm
>>> still using the old netgear for port forwarding and firewall tasks, but
>>> recently settings have been changing and I suspect that this is due to
>>> unpatched vulnerabilities.  I've disabled most administration functions so
>>> I think I'm good for now, but I am looking for something to replace this.
>>>
>>> Does the raspberry Pi have a dual ethernet interface?
>>> Maybe flashing the netgear with some opensource firmware?
>>> Maybe unifi Security Gateway?
>>> If running an old computer is the best I guess I could do that as well.
>>>
>>> What are my best options?
>>>
>>> Share and Enjoy <http://www.hhgproject.org/entries/shareandenjoy.html>
>>> Ben
>>> --
>>> grlug mailing list
>>> grlug at grlug.org
>>> https://shinobu.grlug.org/mailman/listinfo/grlug
>>>
>>
>>
>> --
>> Roger
>>
>> Roger Roelofs
>> Know what you value.
>> --
>> grlug mailing list
>> grlug at grlug.org
>> https://shinobu.grlug.org/mailman/listinfo/grlug
>>
>
>
> --
> Thomas
>
> --
> grlug mailing list
> grlug at grlug.org
> https://shinobu.grlug.org/mailman/listinfo/grlug
>
> --
> grlug mailing list
> grlug at grlug.org
> https://shinobu.grlug.org/mailman/listinfo/grlug
>
>
> --
> grlug mailing list
> grlug at grlug.org
> https://shinobu.grlug.org/mailman/listinfo/grlug
>


-- 

ᕦ(ò_óˇ)ᕤ
do you even lift bro?
Ubber::Geek
http://grlug.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://shinobu.grlug.org/pipermail/grlug/attachments/20190904/75252c73/attachment.html>


More information about the grlug mailing list