DSL firewall/router solutions?

bscott at ntisys.com bscott at ntisys.com
Mon Jul 14 17:50:00 EDT 2003


On Mon, 14 Jul 2003, at 10:19am, pll at lanminds.com wrote:
> So, I'm wondering about which DSL firewall boxes are decent, and can they
> handle dynamic IP addresses?

  Define "decent".

  You can go into Staples or Best Buy or CompUSA or even Wal-Mart and buy
just about any "SOHO router" and get a fair product.  LinkSys, NetGear,
Belkin, SMC are popular brands.  Even Microsoft is reselling someone's stuff
now.  Standard features include: NAT; elementary firewall; web-based UI that
usually works with Mozilla; DHCP/PPPoE/static on the WAN side; DHCP server
on the LAN side.  Most let you do basic port forwarding, port filtering, and
that sort of thing.  Most are also very inflexible: They do exactly what
they do, and nothing more.  If you hit a limitation, your only options are
to get rid of it or do without.

  You'll find everyone has bad experiences with some of the brands.  They
crank these things out by the thousands for next to no money.  They rev the
firmware constantly as they try to add this or that new feature or debug
this or that quirk.  The fact of the matter is, you're getting what you pay
for with these things.  They are perfectly fine for the average home user
who wants to read email and download porn and pirated music, but they're not
carrier class equipment and never will be.

> Or, is it just easier to use iptables/netfilter on my system at home and
> make that the router/ firewall for my network?

  For someone with your experience level, Paul, I'd say to go with IPTables.  
It isn't hard, and you'll never run into something you can't do.

  Just don't define any routes via gateways that don't exist.  ;-)

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do  |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind.              |





More information about the gnhlug-discuss mailing list