http://ask.metafilter.com/44339/Tips-for-an-advanced-home-firewallrouter/ Comments on Ask MetaFilter post Tips for an (advanced) home firewall/router Mon, 14 Aug 2006 05:53:26 -0800 Mon, 14 Aug 2006 05:53:26 -0800 en-us http://blogs.law.harvard.edu/tech/rss 60 http://ask.metafilter.com/44339/Tips-for-an-advanced-home-firewallrouter I have a setup for my SOHO firewall in mind. Help me perfect it. <br /><br /> I'm moving to another city, and there my new office will be at home for the forseeable future. I want the firewall/router have the following features:<br> <br> - Connect wired SOHO network, wireless entertainment network, DMZ for client FTP, and the internet.<br> - Allow access to wired network from both the internet and WIFI only through VPN<br> - Intrusion detection<br> - Must be (almost) totally silent<br> <br> What I have in mind is a <a href="http://www.hushtechnologies.net/">hush B1</a> (sorry, no direct link because of frames) with 3 ethernet connectors and either the personal edition of the <a href="http://astaro.com/products">Astaro firewall</a> or <a href="http://www.clarkconnect.com/">ClarkConnect</a>.<br> <br> Now to the questions:<br> <br> - While the B1 seems to be quality hardware, and I'm ready to spend the money, are there cheaper fanless solutions with enough CPU power to run a packet analyzer and IPSec, with enough ethernet connectors, and in the same size category?<br> <br> - Are there other/better software solutions than the two mentioned? Experiences?<br> <br> - Any hints for improvement are welcome :)<br> <br> Thanks! post:ask.metafilter.com,2006:site.44339 Mon, 14 Aug 2006 01:58:09 -0800 uncle harold firewall router http://ask.metafilter.com/44339/Tips-for-an-advanced-home-firewallrouter#679872 I've had a little experience with the <a href="http://www.yawarra.com.au/hw-wrap.php">WRAP</a> (Wireless Router Application Platform) solutions from <a href="http://www.pcengines.ch/">PC-Engines</a>. Nice hardware, wireless-friendly, boots from CF card, silent, and I've run both m0n0wall &amp; custom OpenBSD firewalls on them.<br> <br> If you're experienced enough to build your own custom firewall configuration from a bare Linux or OpenBSD install (and it sounds like you are), I can thoroughly recommend them. I've got a couple installed around the place acting as combination firewalls / VPN endpoints / 802.11g access points, and they've been no trouble at all. comment:ask.metafilter.com,2006:site.44339-679872 Mon, 14 Aug 2006 05:53:26 -0800 Pinback http://ask.metafilter.com/44339/Tips-for-an-advanced-home-firewallrouter#680286 Thanks, WRAP looks very interesting. comment:ask.metafilter.com,2006:site.44339-680286 Mon, 14 Aug 2006 10:25:16 -0800 uncle harold http://ask.metafilter.com/44339/Tips-for-an-advanced-home-firewallrouter#680488 What about the <a href="http://www.soekris.com/">soekris engineering</a> boxes? I see them set up as SOHO firewalls quite often. The Linux &amp; *BSD types love the little things.<br> <br> It all depends on how much time and effort you want to put into it. Personally, I got sick of homebrew computer crap at home, so I bought a used <a href="http://www.juniper.net/">Netscreen </a> firewall instead. To be specific, I have the Netscreen 5XP. the newer products, like the Netscreen 5GT, have 5 ethernet interfaces that allow you to segment traffic &amp; firewall rules six ways from Sunday. They can do everything that you're asking and a whole lot more. <br> <br> In the long run, it all boils down to how much money you feel like spending. comment:ask.metafilter.com,2006:site.44339-680488 Mon, 14 Aug 2006 12:16:25 -0800 drstein