Tags:



Advertise here: Contact FM.


Tips for an (advanced) home firewall/router
August 14, 2006 1:58 AM   RSS feed for this thread Subscribe

I have a setup for my SOHO firewall in mind. Help me perfect it.

I'm moving to another city, and there my new office will be at home for the forseeable future. I want the firewall/router have the following features:

- Connect wired SOHO network, wireless entertainment network, DMZ for client FTP, and the internet.
- Allow access to wired network from both the internet and WIFI only through VPN
- Intrusion detection
- Must be (almost) totally silent

What I have in mind is a hush B1 (sorry, no direct link because of frames) with 3 ethernet connectors and either the personal edition of the Astaro firewall or ClarkConnect.

Now to the questions:

- While the B1 seems to be quality hardware, and I'm ready to spend the money, are there cheaper fanless solutions with enough CPU power to run a packet analyzer and IPSec, with enough ethernet connectors, and in the same size category?

- Are there other/better software solutions than the two mentioned? Experiences?

- Any hints for improvement are welcome :)

Thanks!
posted by uncle harold to computers & internet (3 comments total) 1 user marked this as a favorite
I've had a little experience with the WRAP (Wireless Router Application Platform) solutions from PC-Engines. Nice hardware, wireless-friendly, boots from CF card, silent, and I've run both m0n0wall & custom OpenBSD firewalls on them.

If you're experienced enough to build your own custom firewall configuration from a bare Linux or OpenBSD install (and it sounds like you are), I can thoroughly recommend them. I've got a couple installed around the place acting as combination firewalls / VPN endpoints / 802.11g access points, and they've been no trouble at all.
posted by Pinback at 5:53 AM on August 14, 2006


Thanks, WRAP looks very interesting.
posted by uncle harold at 10:25 AM on August 14, 2006


What about the soekris engineering boxes? I see them set up as SOHO firewalls quite often. The Linux & *BSD types love the little things.

It all depends on how much time and effort you want to put into it. Personally, I got sick of homebrew computer crap at home, so I bought a used Netscreen firewall instead. To be specific, I have the Netscreen 5XP. the newer products, like the Netscreen 5GT, have 5 ethernet interfaces that allow you to segment traffic & firewall rules six ways from Sunday. They can do everything that you're asking and a whole lot more.

In the long run, it all boils down to how much money you feel like spending.
posted by drstein at 12:16 PM on August 14, 2006


« Older i have several wooden figurine...   |   Is anyone aware of an American... Newer »

You are not logged in, either login or create an account to post comments



Related Questions
Unexpected and Uncofingured Port Forwarding from... May 20, 2006
Why is my network hectoring AJAX? March 13, 2006
DoS investigation February 26, 2006
How to universally disallow P2P? January 6, 2006
Free WiFi Access via m0n0wall? December 2, 2005