My D-Link 604 is starting to act up so need a new wired router soon.
Which one has a decent firewall, does not lag your internet connection
much and is not too expensive? Must be Xbox 360 compatible too. Thanks.

"John Adams" <no@email.invalid> wrote in message
news:HW26j.16040$KC6.4399@fe07.news.easynews.com...
> My D-Link 604 is starting to act up so need a new wired router soon. Which
> one has a decent firewall, does not lag your internet connection much and
> is not too expensive? Must be Xbox 360 compatible too. Thanks.

That's a good question. I recently bought the very affordable Netgear
WGR614. It offers SPI (stateful packet inspection), an option to disable
response to "ping" from the internet, and the ability to turn off the
wireless radio when not needed. That's better then I was using previously,
but it's probably still pretty lightweight. What is your budget?

John Adams <no@email.invalid> writes:

> My D-Link 604 is starting to act up so need a new wired router
> soon. Which one has a decent firewall, does not lag your internet
> connection much and is not too expensive? Must be Xbox 360 compatible
> too. Thanks.

In the home budget range, the Linksys WRT54GL (just turn off the
wireless radio) or about any other Broadcom based device with
sufficient memory paired with the free dd-wrt firmware can create a
rather complex firewall of your choosing when paired with third party
firmware.
http://www.dd-wrt.com/wiki/index.php/Firewall_Builder

As far as bang for the buck goes, I'm not sure there's anything
better.

(Yes, pedants, a Cisco PIX, a Juniper, Netscreen, or a Nokia IPSO based
firewall would be better if price, noise, size and power consumption
were no object. )

Best Regards,
--
Todd H.
http://www.toddh.net/

On 07 Dec 2007 10:01:11 -0600, comphelp@toddh.net (Todd H.) wrote:

>Linksys WRT54GL

Any idea how you can tell this particular model from the other
non-Linus one? I've been looking at the package and can't see this
info.
John Jones, Detroit

John Jones <jjetroit000@ameritech.net> writes:

> On 07 Dec 2007 10:01:11 -0600, comphelp@toddh.net (Todd H.) wrote:
>
> >Linksys WRT54GL
>
> Any idea how you can tell this particular model from the other
> non-Linus one? I've been looking at the package and can't see this
> info.

The L in the model number.

WRT54G vs WRT54GL.


The WRT54GL is what you want to run third party firmware without
limitations.

--
Todd H.
http://www.toddh.net/

Victek wrote:

> That's a good question. I recently bought the very affordable Netgear
> WGR614. It offers SPI (stateful packet inspection), an option to
> disable response to "ping" from the internet, and the ability to turn
> off the wireless radio when not needed. That's better then I was using
> previously, but it's probably still pretty lightweight. What is your
> budget?

Up to $100.00 but preferably less. :)

Todd H. wrote:

> In the home budget range, the Linksys WRT54GL (just turn off the
> wireless radio) or about any other Broadcom based device with
> sufficient memory paired with the free dd-wrt firmware can create a
> rather complex firewall of your choosing when paired with third party
> firmware.
> http://www.dd-wrt.com/wiki/index.php/Firewall_Builder
>
> As far as bang for the buck goes, I'm not sure there's anything
> better.

OK, thanks. That one is within my budget. It says Linux version, I
assume that still means it is fine to use with Vista and XP too.

John Adams <no@email.invalid> writes:

> Todd H. wrote:
>
> > In the home budget range, the Linksys WRT54GL (just turn off the
> > wireless radio) or about any other Broadcom based device with
> > sufficient memory paired with the free dd-wrt firmware can create a
> > rather complex firewall of your choosing when paired with third party
> > firmware.
> > http://www.dd-wrt.com/wiki/index.php/Firewall_Builder
> > As far as bang for the buck goes, I'm not sure there's anything
> > better.
>
> OK, thanks. That one is within my budget. It says Linux version, I
> assume that still means it is fine to use with Vista and XP too.

Yeah.

The "Linux" aspect refers to the actual router itself internally
running a linux kernel. The dd-wrt firmware actually implements
an linux system as well.

--
Todd H.
http://www.toddh.net/

On Dec 7, 12:16 pm, John Adams <n...@email.invalid> wrote:
> My D-Link 604 is starting to act up so need a new wired router soon.
> Which one has a decent firewall, does not lag your internet connection
> much and is not too expensive? Must be Xbox 360 compatible too. Thanks.

What you need the firewall for? Many consumer router firewalls mainly
protect the router itself and only have very few options to actually
filter traffic from and to the LAN. The main protection of the LAN is
usually due to NAT and for that you usually can only turn it on and
off and set port forwardings into your LAN in various forms
(forwarding, triggering, DMZ, etc.)

Gerald

Todd H. wrote:

> Yeah.
>
> The "Linux" aspect refers to the actual router itself internally
> running a linux kernel. The dd-wrt firmware actually implements
> an linux system as well.
>

OK, good, thanks. I run Linux too but just wanted to make sure it won't
cause issues for Vista. I do know some routers cause issues with Xbox360
though so hope this one is ok in that regard.

Gerald Vogt wrote:

>
> What you need the firewall for?

So I don't have to use a software firewall too.

On Dec 8, 8:41 am, John Adams <n...@email.invalid> wrote:
> Gerald Vogt wrote:
>
> > What you need the firewall for?
>
> So I don't have to use a software firewall too.

"Software firewall" is a very broad term. Many functions can be
implemented in a software firewall.

Which functions of your software firewall do you think you need?
Which functions must be available in the router firewall?

Gerald

On 07 Dec 2007 12:42:32 -0600, comphelp@toddh.net (Todd H.) wrote:

>WRT54G vs WRT54GL.

Then none of the stores I use are carrying the Linux model :(
John Jones, Detroit

John Jones <jjetroit000@ameritech.net> writes:

> On 07 Dec 2007 12:42:32 -0600, comphelp@toddh.net (Todd H.) wrote:
>
> >WRT54G vs WRT54GL.
>
> Then none of the stores I use are carrying the Linux model :(

Newegg.com has them in stock.
http://www.newegg.com/Product/Product.aspx?Item=N82E16833124190


--
Todd H.
http://www.toddh.net/

On Dec 8, 9:09 pm, John Jones <jjetroit...@ameritech.net> wrote:
> On 07 Dec 2007 12:42:32 -0600, comph...@toddh.net (Todd H.) wrote:
>
> >WRT54G vs WRT54GL.
>
> Then none of the stores I use are carrying the Linux model :(

Just to make it fully clear:

WRT54G and WRT54GL run Linux inside.

The WRT54GL uses the hardware platform of the WRT54G v1,v2,v3,v4
hardware versions.
The WRT54G v5 and later has less memory and uses a different,
incompatible platform.

The WRT54GL ist the continuation of the old WRT54G hardware versions.

The limited memory in the later WRT54G causes all kinds of problems
which Linksys is not able fully fix so far.

The WRT54Gv1-v4 and the WRT54GL are compatible and you can easily
install third party firmware like dd-wrt on it.

The WRT54Gv5-v8 have limited support for 3rd party firmware except for
the v7 which does not support it at all because it uses a different
chipset.

All routers work with Windows, Mac, and Linux unless there is a
firmware bug which prevents it.

Gerald

Gerald Vogt <vogt@spamcop.net> writes:

> On Dec 8, 9:09 pm, John Jones <jjetroit...@ameritech.net> wrote:
> > On 07 Dec 2007 12:42:32 -0600, comph...@toddh.net (Todd H.) wrote:
> >
> > >WRT54G vs WRT54GL.
> >
> > Then none of the stores I use are carrying the Linux model :(
>
> Just to make it fully clear:
>
> WRT54G and WRT54GL run Linux inside.

Unfortunately, I don't believe that's accurate.

The OS since v5 of the WRT54G is VxWorks, which is an embedded RTOS by
Wind River, and it is decidedly not Linux.

Linksys made this switch because with their volumes, switching to the
tighter, more efficient VxWorks allowed them to cut their memory needs
in half, and the parts cost savings more than made up for the
licensing cost for the promprietary VxWorks operating system.


> The WRT54G v5 and later has less memory and uses a different,
> incompatible platform.
>
> The WRT54GL ist the continuation of the old WRT54G hardware versions.
>
> The limited memory in the later WRT54G causes all kinds of problems
> which Linksys is not able fully fix so far.
>
> The WRT54Gv1-v4 and the WRT54GL are compatible and you can easily
> install third party firmware like dd-wrt on it.
>
> The WRT54Gv5-v8 have limited support for 3rd party firmware except for
> the v7 which does not support it at all because it uses a different
> chipset.

All true.

While we're talking about it some reference links might be worthwhile:


http://dd-wrt.com/wiki/index.php/Supported_Devices#Box_based_Routers
http://en.wikipedia.org/wiki/WRT54G
http://www.linuxdevices.com/news/NS4729641740.html


Best Regards,
--
Todd H.
http://www.toddh.net/

Gerald Vogt wrote:

> Which functions of your software firewall do you think you need?
> Which functions must be available in the router firewall?
>
> Gerald

Packet inspection and discarding unsolicited packets. That's what a
firewall is for. Why are you asking me stupid questions?

Todd H. wrote:
> Gerald Vogt <vogt@spamcop.net> writes:
>> WRT54G and WRT54GL run Linux inside.
>
> Unfortunately, I don't believe that's accurate.
>
> The OS since v5 of the WRT54G is VxWorks, which is an embedded RTOS by
> Wind River, and it is decidedly not Linux.
>
> Linksys made this switch because with their volumes, switching to the
> tighter, more efficient VxWorks allowed them to cut their memory needs
> in half, and the parts cost savings more than made up for the
> licensing cost for the promprietary VxWorks operating system.

I stand corrected. So far I thought VxWorks was Linux based because you
can run dd-wrt on the vxworks routers. I didn't check further.

But I was wrong. VxWorks ist not based on Linux.

Thanks,

Gerald

On Dec 9, 12:58 pm, John Adams <n...@email.invalid> wrote:
> Gerald Vogt wrote:
> > Which functions of your software firewall do you think you need?
> > Which functions must be available in the router firewall?
>
> Packet inspection and discarding unsolicited packets. That's what a
> firewall is for. Why are you asking me stupid questions?

Because that is not what the firewall of an average consumer brand
router does. Not for your LAN. The NAT translation on the router will
discard "unsolicited" packets. NAT will inspect any packets if at all.

You'll see the difference in the moment you turn off NAT (i.e. you use
public IP addresses in your LAN) and keep the firewall active. In that
moment nothing will be filtered between the internet and your LAN
simply because by default the firewall on the router protects the
router itself but not your LAN.

Gerald

Gerald Vogt wrote:

> Because that is not what the firewall of an average consumer brand
> router does. Not for your LAN. The NAT translation on the router will
> discard "unsolicited" packets. NAT will inspect any packets if at all.
>
> You'll see the difference in the moment you turn off NAT (i.e. you use
> public IP addresses in your LAN) and keep the firewall active. In that
> moment nothing will be filtered between the internet and your LAN
> simply because by default the firewall on the router protects the
> router itself but not your LAN.
>
> Gerald


OK, and that is why you should run hardware router firewall and software
firewall too? I'm not on a LAN anyway. This is just for home use. I
share files between computers by using a USB thumbdrive.

John Adams <no@email.invalid> writes:

> Gerald Vogt wrote:
>
> > Because that is not what the firewall of an average consumer brand
> > router does. Not for your LAN. The NAT translation on the router will
> > discard "unsolicited" packets. NAT will inspect any packets if at all.
> > You'll see the difference in the moment you turn off NAT (i.e. you
> > use
> > public IP addresses in your LAN) and keep the firewall active. In that
> > moment nothing will be filtered between the internet and your LAN
> > simply because by default the firewall on the router protects the
> > router itself but not your LAN.
> > Gerald
>
>
> OK, and that is why you should run hardware router firewall and
> software firewall too? I'm not on a LAN anyway. This is just for home
> use. I share files between computers by using a USB thumbdrive.

The traditional answer to that is that a "software firewall"
generally has egress filtering and can alert you to specific programs
trying to get out to the internet, whereas a hardware device can't
give you such clues.

If the primary concern is blocking unsolicited traffic from the
internet, a sane SPI home gateway device should do fine.

The hardware device is generally a more robust solution because the
"personal firewall" software runs on top of windows... and we know
that windows is fairly complex and no infallable to say the least.

Just like network based and host based intrusion detection products
offer complementary protection, so do hardware and software "firewall"
solutions.

--
Todd H.
http://www.toddh.net/