Miscellaneous Operating Systems/Hardware

I was watching this thread hoping someone would come up with a good recommendation. So far I've only learned what not to buy. I had already disqualified the FVS318 myself after I read the reviews.

I'm looking for:
[1] Something I can trust.
[2] Reliability
[3] A router / firewall which can handle at least 500Mb/s WAN <-> LAN
[4] Wireless N on 2.5GHz and 5GHz bands
[5] Basic VPN capabilities
[6] A hardware DMZ and VLAN capabilities on the LAN side are a bonus
[7] A 'tap' for intrusion detection/ flight data recording purposes at Gb speeds

Doesn't have to be a single device (in fact I'm pretty sure it won't be). Large, loud, power hungry devices do not qualify because it has to be installed in my utility cabinet.

Right now I'm using an Engenius ESR9850 wireless router and a Netgear DS104 hub as a tap device.

The Engenius has proven reliable, but it's a closed device so I have problems trusting it. Trust is #1. So right now I'm using my Linux server as a secondary firewall and the actual LAN is 'behind' the Linux server. This effectively puts my wireless network in the untrusted zone which isn't practical in this age of laptops and gadgets. The DS104, being a genuine hub, is limited to 100Mb/s which is my current internet speed -- no future there either.

I'm considering something like this: http://www.dual-comm.com/gigabit_port-m ... switch.htm to replace the DS104 hub.

I want to replace the router with a DD-WRT based solution. Maybe that firmware will be maintained a little longer than the 6 month attention span of the original manufacturer. This effectively reduces my search to 'the best DD-WRT' solution. So far I've seen the Cisco / Linksys E4200 (v1) come up a lot, and the Buffalo WHR-G300N . I intend to go to the bottom of this before I make my choice because 'reliability' and 'alternate firmware' are not necessarily a good match. Also, DD-WRT &co seem to target mostly el-cheapo consumer devices so I have to find something there with decent hardware specs and build quality.

I would like to get DD-WRT or OpenWRT on my Netgear WNDR3700 one of these days...

But here's what I did ~5 years ago. I got a pretty small (25cm x 15cm x 5cm, roughly?) box off eBay with a 600MHz Celeron, 4 x 100baseT ports, 2 Mini-PCI slots and a CF slot where I've put a 4GB Microdrive. The NORCO 7732 was obviously intended as some kind of wireless router, but I got it off eBay without any radios and generic docs for the bare board - I installed one but never spent the time to try and get it working, partly because the Linksys "just worked" and partly because I was searching for an 802.11n solution.

Pictures of the NORCO are on Flickr . I hung the Linksys off one port, wired network on another, WAN off a third, and later added the Netgear WNDR3700 off the fourth. It runs pfSense , which is based on FreeBSD, which I've found to be very solid. I use the OpenVPN support with TunnelBlick on the MacBook when I travel, and that works well.

I'm not sure what's out there in terms of current hardware for this approach, but I'm sure the Alix and Routerboard folks have something. There were usually a bunch of them in Linux Journal whenever I glance at a copy.

i guess that both jj and sky are looking for specialized firewall features but since jj mentions dd-wrt and reliability, here's a short nekochan story:

years ago i was looking for a solution to block ads & flashy unicorns at router-level and tillin pointed me to dd-wrt. reading high and low i ended up using tomato ( 1 , 2 ) on a common wrt54gs. it did (and still does) all i need and then some, all via a browser-based gui that folks like me can setup in 5 minutes ( also sports a cli for folks who don't like guis). besides ad-blocking, i just need file transfers between each base. i used to use the built-in vpn features too, but i offloaded most of my vpn needs to witopia since i'm mostly on the road.

i eventually bought 3 of them and found peace. the same old wrt54gs ones in ny & london are still up running -no problemo- for 6-7 years now. i only had to reboot them for a firmware update. i managed to muck up the one in berlin so i'm looking for a replacement, till then the AEBS undertakes router duties.

i stopped worrying about whatever cheap plastic box each ISP hands out w/ every dsl loop when i found out that i can just set it up in bridge mode, plug it into the wan port of my router and go.

my needs are simple, not sure if this will take the weight of a bunch of vpn tunnels or other demanding requirements. smallnetbuilder reports throughput figures & dd-wrt/tomato compatibility for newish models.

In your case, a 3745. You won't go back.

Oh, my needs are fairly straightforward. I don't even have large amounts of 'interesting' data on my intranet (to an outsider, that is). I just want to inspect a firewall before I will put my trust in it (*). After all, it is one of the things that keeps private data private.

I have FTTH (currently 100/100) and it would be a pity if I couldn't use part of what I'm paying for because of a crappy router.

The ASUS (shiver) RT-N66U appears to be a fairly powerful router and is said to run Tomato nicely too.

This?


'nuff said ...


(*) The question is not 'are you paranoid?', but 'are you paranoid enough ?'