StarDestroyer.Net BBS

Having reduced my "internet-capable devices" down to two (Power Mac DA and a PS2), I have considered unloading my Linksys BEFSR81 v2 (home broadband router) and using my main computer (and future server as agreed upon by my wife) as a software router/802.11b base station (in addition to it's future pure-server duties). The Linksys has always been overkill for me (not only a broadband router, it included an eight-port switch when at most I only used 3 ports), and adding wireless capabilities to it (via a Linksys WAP or replacement with a wireless router; in either case the cost is about the same at around $50 - $70) seemed overkill when I was planning to retire my current machine in the near future (within two years) and I could simply add ICS to it's current duties (the computer in question has an 802.11b wireless card and would only need a $15 network adaptor for wired connections now with the purchase of a switch later as I once again begin adding systems). My wife and I currently own no computers absolutely needing to connect wirelessly, but her next computer is to be a laptop for wireless web surfing and minor game playing.

I want the opinions of others, should I maintain the Linksys router or go to using ICS on my current computer? Feel free to ask questions you might be asking yourself in making a similar switch as I want to be sure I can answer all questions before committing resources either way.

What's your upstream firewall if you dump the Linksys? DSL/cable modem?

I had planned on using Mac OS X's integrated firewall. I currently have a cable modem (ISP supplied).

Vohu Manah wrote:I had planned on using Mac OS X's integrated firewall. I currently have a cable modem (ISP supplied).

So your 'old' setup has the cable modem connected to the Linksys connected to the PC's? Dumping the linksys eliminates one layer of security, then ... admittedly a fairly weak one, but now you're basically relying on the security of an OS to secure your network, and this has never been their strong suit.

I'll reveal my bias -- I work at a hardware firewall vendor, so I'm not a big believer in relying on the OS of a computer I'm using on a daily basis as the firewall for my home network. If you're going to dump everything except routing/perimeter security functions on the box that's becoming the 'server', then you need to consider what other server functions you want to host on that box ... I don't believe in mixing the firewall with other servers that you want to protect from the 'Net.

He's got a BEFSR81, the SR-series doesn't have an integrated firewall, so he's already been relying only on NAT for security. I'd recommend just replacing it with a WRT54G wireless firewall-router. That'll actually improve your security, give you wireless-G capability, and toss in an integrated 4-port switch in the bargain. Since wireless-G scales back to wireless-B, you're set all around.

Chmee wrote:So your 'old' setup has the cable modem connected to the Linksys connected to the PC's? Dumping the linksys eliminates one layer of security, then ... admittedly a fairly weak one, but now you're basically relying on the security of an OS to secure your network, and this has never been their strong suit.

I'll reveal my bias -- I work at a hardware firewall vendor, so I'm not a big believer in relying on the OS of a computer I'm using on a daily basis as the firewall for my home network. If you're going to dump everything except routing/perimeter security functions on the box that's becoming the 'server', then you need to consider what other server functions you want to host on that box ... I don't believe in mixing the firewall with other servers that you want to protect from the 'Net.

Understandable (bias and all). The only service being provided full-time would be the function of a print server. The server would also run Folding@Home full-time when I am not using the system as a game server (which I haven't since... well, it has been a while but just in case) or to rip DVDs and convert the movies to MPEG4.

For several years I ran RedHat linux on an old 133mhz machine I had lying around and it served as a router & firewall and it was wonderful. The only down-side was that it required attention. Your linksys dummy-box requires 0 effort, and if you have the time, I suggest putting some flavor of linux or preferably BSD on your free computer. I've found it handles things far better for whatever reason, and you'll find yourself with much more control. You can still keep your dummy-box around for wireless of course, and it's always good to keep around in case things go to hell.
Really, it's a question of time and desire.

InnocentBystander wrote:For several years I ran RedHat linux on an old 133mhz machine I had lying around and it served as a router & firewall and it was wonderful. The only down-side was that it required attention. Your linksys dummy-box requires 0 effort, and if you have the time, I suggest putting some flavor of linux or preferably BSD on your free computer. I've found it handles things far better for whatever reason, and you'll find yourself with much more control. You can still keep your dummy-box around for wireless of course, and it's always good to keep around in case things go to hell.
Really, it's a question of time and desire.

Yep, if you have the time and inclination to mess with setting up the Linux side, I'd agree with this 100%.

If you want a relatively cheap box where somebody already did that for you, find a cheap old Firebox II on eBay, we already made it for ya. Put your wired network on the Trusted interface, stick your WAP on the Optional interface, and the cable modem on External.

(but be warned, that FB-II is a noisy sucker compared to a linksys, it's meant to be in a rack in a network closet)

Chmee wrote:snip snip...Firebox II

Well uhm, I don't think you can see that link... but whatever it's for Firebox II
That's a lot of greenbacks for something you could do yourself fairly easily. If you have the spare computer and extra ethernet card it's entirely free and terribly easy to create a great server using RedHat linux. Hell, go to your local library and borrow a copy of the RedHat linux box they have and you'll be set, software, setup and all (though honestly, it's all there out on the net, I know all the firewall and ipchains stuff I did was from a website the book suggested). Why go out and throw down $150 for something you could do yourself in an afternoon?

White Haven wrote:He's got a BEFSR81, the SR-series doesn't have an integrated firewall, so he's already been relying only on NAT for security. I'd recommend just replacing it with a WRT54G wireless firewall-router. That'll actually improve your security, give you wireless-G capability, and toss in an integrated 4-port switch in the bargain. Since wireless-G scales back to wireless-B, you're set all around.

Didn't know the WRT54G included a firewall? That'll definitely be my choice if I decide on router replacement. Thanks, White Haven.

InnocentBystander wrote:

Chmee wrote:snip snip...Firebox II

Well uhm, I don't think you can see that link... but whatever it's for Firebox II
That's a lot of greenbacks for something you could do yourself fairly easily. If you have the spare computer and extra ethernet card it's entirely free and terribly easy to create a great server using RedHat linux. Hell, go to your local library and borrow a copy of the RedHat linux box they have and you'll be set, software, setup and all (though honestly, it's all there out on the net, I know all the firewall and ipchains stuff I did was from a website the book suggested). Why go out and throw down $150 for something you could do yourself in an afternoon?

I don't really have a spare box though, and a pre-set device like the Firebox II is a tad more expensive than I'd like. The idea of playing with Linux on a cheap box brings the tinkerer out of me, but couldn't I attempt the same thing with my current setup (Mac OS X being a Free BSD variant)? And do I really need the levels of protection that a linux/free BSD firewall (or the Firebox II) provide over that of the WRT54G?

It's not the same thing.

If you feel like being a tinkerer any one of these $20 computers is more than enough to handle linux or BSD (with xwindows too!). The strong firewall thing is honestly not important (and the firebox II, if I might add, looks like a very fancy and expensive dummy-box).
You can use your mac as a router, sure, but there's no reason to use that over the box you already have. If you want to make a change and have some fun, get an ancient compy with 2+gigs of HD space, put redhat on it and tinker, poke and prod. You'll have a good time, really.

Any home NAT device should be unuff security for a home user.

The amount of work required to get through a NAT is not worth it when there is so many unsecured computers connected directly to the internet.

Get a nat box and secure any wireless conection with WPA

Then just keep your system clean of viruses and trojan and you will be fine.

If you're going to go with the $20 computer route, though, I'd recommend using FREESCO as a router. It's far lighter than any of the other linux distributions and runs off a floppy disk. It's also easier to set up than *BSD.

Crayz9000 wrote:If you're going to go with the $20 computer route, though, I'd recommend using FREESCO as a router. It's far lighter than any of the other linux distributions and runs off a floppy disk. It's also easier to set up than *BSD.

You don't need lighter, these are 200mhz+ machines, they can more than handle redhat, which is almost as simple to install/use as windows. Personally, I enjoyed having Xwindows on the machine, vi is an awkward little text editor for anyone who has been using word for a while as well.

Just use the cheap router. There's no reason to buy an old, power-hungry box for a router unless you have a real need for it.

I'll double-check the WRT54G at work, but I'm pretty sure it does have a firewall. I'll post up again when I've had a chance to glance at the box again.

Back-checked, and yes, the WRT54G does have an integrated firewall. Good, I wasn't looking foreward to eating my words

Yep, I only threw out the FB-II reference because at $150 you're getting a corporate firewall that retailed for closer to $1500 in its heyday, but yes it's major overkill for the average home user. Just a question of how much you want to start playing around with security.

If you have the old linksys and it worked fine use it. If nothing else it is just yet another wall a potential hacker has to jump to get to you.