Opinions Wanted: Network Setup

GEC: Discuss gaming, computers and electronics and venture into the bizarre world of STGODs.

Moderator: Thanas

Post Reply

Would you maintain the Linksys Router or switch to ICS?

Stick with the Linksys Router
6
100%
Switch to ICS
0
No votes
 
Total votes: 6

User avatar
Vohu Manah
Jedi Knight
Posts: 775
Joined: 2004-03-28 07:38am
Location: Harford County, Maryland
Contact:

Opinions Wanted: Network Setup

Post by Vohu Manah »

Having reduced my "internet-capable devices" down to two (Power Mac DA and a PS2), I have considered unloading my Linksys BEFSR81 v2 (home broadband router) and using my main computer (and future server as agreed upon by my wife) as a software router/802.11b base station (in addition to it's future pure-server duties). The Linksys has always been overkill for me (not only a broadband router, it included an eight-port switch when at most I only used 3 ports), and adding wireless capabilities to it (via a Linksys WAP or replacement with a wireless router; in either case the cost is about the same at around $50 - $70) seemed overkill when I was planning to retire my current machine in the near future (within two years) and I could simply add ICS to it's current duties (the computer in question has an 802.11b wireless card and would only need a $15 network adaptor for wired connections now with the purchase of a switch later as I once again begin adding systems). My wife and I currently own no computers absolutely needing to connect wirelessly, but her next computer is to be a laptop for wireless web surfing and minor game playing.

I want the opinions of others, should I maintain the Linksys router or go to using ICS on my current computer? Feel free to ask questions you might be asking yourself in making a similar switch as I want to be sure I can answer all questions before committing resources either way.
There are two kinds of people in the world: the kind who think it’s perfectly reasonable to strip-search a 13-year-old girl suspected of bringing ibuprofen to school, and the kind who think those people should be kept as far away from children as possible … Sometimes it’s hard to tell the difference between drug warriors and child molesters.” - Jacob Sullum[/size][/align]
User avatar
Chmee
Sith Marauder
Posts: 4449
Joined: 2004-12-23 03:29pm
Location: Seattle - we already buried Hendrix ... Kurt who?

Post by Chmee »

What's your upstream firewall if you dump the Linksys? DSL/cable modem?
[img=right]http://www.tallguyz.com/imagelib/chmeesig.jpg[/img]My guess might be excellent or it might be crummy, but
Mrs. Spade didn't raise any children dippy enough to
make guesses in front of a district attorney,
an assistant district attorney, and a stenographer
.

Sam Spade, "The Maltese Falcon"

Operation Freedom Fry
User avatar
Vohu Manah
Jedi Knight
Posts: 775
Joined: 2004-03-28 07:38am
Location: Harford County, Maryland
Contact:

Post by Vohu Manah »

I had planned on using Mac OS X's integrated firewall. I currently have a cable modem (ISP supplied).
There are two kinds of people in the world: the kind who think it’s perfectly reasonable to strip-search a 13-year-old girl suspected of bringing ibuprofen to school, and the kind who think those people should be kept as far away from children as possible … Sometimes it’s hard to tell the difference between drug warriors and child molesters.” - Jacob Sullum[/size][/align]
User avatar
Chmee
Sith Marauder
Posts: 4449
Joined: 2004-12-23 03:29pm
Location: Seattle - we already buried Hendrix ... Kurt who?

Post by Chmee »

Vohu Manah wrote:I had planned on using Mac OS X's integrated firewall. I currently have a cable modem (ISP supplied).
So your 'old' setup has the cable modem connected to the Linksys connected to the PC's? Dumping the linksys eliminates one layer of security, then ... admittedly a fairly weak one, but now you're basically relying on the security of an OS to secure your network, and this has never been their strong suit.

I'll reveal my bias -- I work at a hardware firewall vendor, so I'm not a big believer in relying on the OS of a computer I'm using on a daily basis as the firewall for my home network. If you're going to dump everything except routing/perimeter security functions on the box that's becoming the 'server', then you need to consider what other server functions you want to host on that box ... I don't believe in mixing the firewall with other servers that you want to protect from the 'Net.
[img=right]http://www.tallguyz.com/imagelib/chmeesig.jpg[/img]My guess might be excellent or it might be crummy, but
Mrs. Spade didn't raise any children dippy enough to
make guesses in front of a district attorney,
an assistant district attorney, and a stenographer
.

Sam Spade, "The Maltese Falcon"

Operation Freedom Fry
User avatar
White Haven
Sith Acolyte
Posts: 6360
Joined: 2004-05-17 03:14pm
Location: The North Remembers, When It Can Be Bothered

Post by White Haven »

He's got a BEFSR81, the SR-series doesn't have an integrated firewall, so he's already been relying only on NAT for security. I'd recommend just replacing it with a WRT54G wireless firewall-router. That'll actually improve your security, give you wireless-G capability, and toss in an integrated 4-port switch in the bargain. Since wireless-G scales back to wireless-B, you're set all around.
Image
Image
Chronological Incontinence: Time warps around the poster. The thread topic winks out of existence and reappears in 1d10 posts.

Out of Context Theatre, this week starring Darth Nostril.
-'If you really want to fuck with these idiots tell them that there is a vaccine for chemtrails.'

Fiction!: The Final War (Bolo/Lovecraft) (Ch 7 9/15/11), Living (D&D, Complete)Image
User avatar
Vohu Manah
Jedi Knight
Posts: 775
Joined: 2004-03-28 07:38am
Location: Harford County, Maryland
Contact:

Post by Vohu Manah »

Chmee wrote:So your 'old' setup has the cable modem connected to the Linksys connected to the PC's? Dumping the linksys eliminates one layer of security, then ... admittedly a fairly weak one, but now you're basically relying on the security of an OS to secure your network, and this has never been their strong suit.

I'll reveal my bias -- I work at a hardware firewall vendor, so I'm not a big believer in relying on the OS of a computer I'm using on a daily basis as the firewall for my home network. If you're going to dump everything except routing/perimeter security functions on the box that's becoming the 'server', then you need to consider what other server functions you want to host on that box ... I don't believe in mixing the firewall with other servers that you want to protect from the 'Net.
Understandable (bias and all). The only service being provided full-time would be the function of a print server. The server would also run Folding@Home full-time when I am not using the system as a game server (which I haven't since... well, it has been a while but just in case) or to rip DVDs and convert the movies to MPEG4.
There are two kinds of people in the world: the kind who think it’s perfectly reasonable to strip-search a 13-year-old girl suspected of bringing ibuprofen to school, and the kind who think those people should be kept as far away from children as possible … Sometimes it’s hard to tell the difference between drug warriors and child molesters.” - Jacob Sullum[/size][/align]
User avatar
InnocentBystander
The Russian Circus
Posts: 3466
Joined: 2004-04-10 06:05am
Location: Just across the mighty Hudson

Post by InnocentBystander »

For several years I ran RedHat linux on an old 133mhz machine I had lying around and it served as a router & firewall and it was wonderful. The only down-side was that it required attention. Your linksys dummy-box requires 0 effort, and if you have the time, I suggest putting some flavor of linux or preferably BSD on your free computer. I've found it handles things far better for whatever reason, and you'll find yourself with much more control. You can still keep your dummy-box around for wireless of course, and it's always good to keep around in case things go to hell.
Really, it's a question of time and desire.
User avatar
Chmee
Sith Marauder
Posts: 4449
Joined: 2004-12-23 03:29pm
Location: Seattle - we already buried Hendrix ... Kurt who?

Post by Chmee »

InnocentBystander wrote:For several years I ran RedHat linux on an old 133mhz machine I had lying around and it served as a router & firewall and it was wonderful. The only down-side was that it required attention. Your linksys dummy-box requires 0 effort, and if you have the time, I suggest putting some flavor of linux or preferably BSD on your free computer. I've found it handles things far better for whatever reason, and you'll find yourself with much more control. You can still keep your dummy-box around for wireless of course, and it's always good to keep around in case things go to hell.
Really, it's a question of time and desire.
Yep, if you have the time and inclination to mess with setting up the Linux side, I'd agree with this 100%.

If you want a relatively cheap box where somebody already did that for you, find a cheap old Firebox II on eBay, we already made it for ya. ;) Put your wired network on the Trusted interface, stick your WAP on the Optional interface, and the cable modem on External.

(but be warned, that FB-II is a noisy sucker compared to a linksys, it's meant to be in a rack in a network closet)
[img=right]http://www.tallguyz.com/imagelib/chmeesig.jpg[/img]My guess might be excellent or it might be crummy, but
Mrs. Spade didn't raise any children dippy enough to
make guesses in front of a district attorney,
an assistant district attorney, and a stenographer
.

Sam Spade, "The Maltese Falcon"

Operation Freedom Fry
User avatar
InnocentBystander
The Russian Circus
Posts: 3466
Joined: 2004-04-10 06:05am
Location: Just across the mighty Hudson

Post by InnocentBystander »

Chmee wrote:snip snip...Firebox II
Well uhm, I don't think you can see that link... but whatever it's for Firebox II
That's a lot of greenbacks for something you could do yourself fairly easily. If you have the spare computer and extra ethernet card it's entirely free and terribly easy to create a great server using RedHat linux. Hell, go to your local library and borrow a copy of the RedHat linux box they have and you'll be set, software, setup and all (though honestly, it's all there out on the net, I know all the firewall and ipchains stuff I did was from a website the book suggested). Why go out and throw down $150 for something you could do yourself in an afternoon?
User avatar
Vohu Manah
Jedi Knight
Posts: 775
Joined: 2004-03-28 07:38am
Location: Harford County, Maryland
Contact:

Post by Vohu Manah »

White Haven wrote:He's got a BEFSR81, the SR-series doesn't have an integrated firewall, so he's already been relying only on NAT for security. I'd recommend just replacing it with a WRT54G wireless firewall-router. That'll actually improve your security, give you wireless-G capability, and toss in an integrated 4-port switch in the bargain. Since wireless-G scales back to wireless-B, you're set all around.
Didn't know the WRT54G included a firewall? That'll definitely be my choice if I decide on router replacement. Thanks, White Haven.
InnocentBystander wrote:
Chmee wrote:snip snip...Firebox II
Well uhm, I don't think you can see that link... but whatever it's for Firebox II
That's a lot of greenbacks for something you could do yourself fairly easily. If you have the spare computer and extra ethernet card it's entirely free and terribly easy to create a great server using RedHat linux. Hell, go to your local library and borrow a copy of the RedHat linux box they have and you'll be set, software, setup and all (though honestly, it's all there out on the net, I know all the firewall and ipchains stuff I did was from a website the book suggested). Why go out and throw down $150 for something you could do yourself in an afternoon?
I don't really have a spare box though, and a pre-set device like the Firebox II is a tad more expensive than I'd like. The idea of playing with Linux on a cheap box brings the tinkerer out of me, but couldn't I attempt the same thing with my current setup (Mac OS X being a Free BSD variant)? And do I really need the levels of protection that a linux/free BSD firewall (or the Firebox II) provide over that of the WRT54G?
There are two kinds of people in the world: the kind who think it’s perfectly reasonable to strip-search a 13-year-old girl suspected of bringing ibuprofen to school, and the kind who think those people should be kept as far away from children as possible … Sometimes it’s hard to tell the difference between drug warriors and child molesters.” - Jacob Sullum[/size][/align]
User avatar
InnocentBystander
The Russian Circus
Posts: 3466
Joined: 2004-04-10 06:05am
Location: Just across the mighty Hudson

Post by InnocentBystander »

It's not the same thing.

If you feel like being a tinkerer any one of these $20 computers is more than enough to handle linux or BSD (with xwindows too!). The strong firewall thing is honestly not important (and the firebox II, if I might add, looks like a very fancy and expensive dummy-box).
You can use your mac as a router, sure, but there's no reason to use that over the box you already have. If you want to make a change and have some fun, get an ancient compy with 2+gigs of HD space, put redhat on it and tinker, poke and prod. You'll have a good time, really.
User avatar
Faram
Bastard Operator from Hell
Posts: 5271
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram »

Any home NAT device should be unuff security for a home user.

The amount of work required to get through a NAT is not worth it when there is so many unsecured computers connected directly to the internet.

Get a nat box and secure any wireless conection with WPA

Then just keep your system clean of viruses and trojan and you will be fine.
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
User avatar
Crayz9000
Sith Apprentice
Posts: 7329
Joined: 2002-07-03 06:39pm
Location: Improbably superpositioned
Contact:

Post by Crayz9000 »

If you're going to go with the $20 computer route, though, I'd recommend using FREESCO as a router. It's far lighter than any of the other linux distributions and runs off a floppy disk. It's also easier to set up than *BSD.
A Tribute to Stupidity: The Robert Scott Anderson Archive (currently offline)
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF
User avatar
InnocentBystander
The Russian Circus
Posts: 3466
Joined: 2004-04-10 06:05am
Location: Just across the mighty Hudson

Post by InnocentBystander »

Crayz9000 wrote:If you're going to go with the $20 computer route, though, I'd recommend using FREESCO as a router. It's far lighter than any of the other linux distributions and runs off a floppy disk. It's also easier to set up than *BSD.
You don't need lighter, these are 200mhz+ machines, they can more than handle redhat, which is almost as simple to install/use as windows. Personally, I enjoyed having Xwindows on the machine, vi is an awkward little text editor for anyone who has been using word for a while as well.
User avatar
phongn
Rebel Leader
Posts: 18487
Joined: 2002-07-03 11:11pm

Post by phongn »

Just use the cheap router. There's no reason to buy an old, power-hungry box for a router unless you have a real need for it.
User avatar
White Haven
Sith Acolyte
Posts: 6360
Joined: 2004-05-17 03:14pm
Location: The North Remembers, When It Can Be Bothered

Post by White Haven »

I'll double-check the WRT54G at work, but I'm pretty sure it does have a firewall. I'll post up again when I've had a chance to glance at the box again.
Image
Image
Chronological Incontinence: Time warps around the poster. The thread topic winks out of existence and reappears in 1d10 posts.

Out of Context Theatre, this week starring Darth Nostril.
-'If you really want to fuck with these idiots tell them that there is a vaccine for chemtrails.'

Fiction!: The Final War (Bolo/Lovecraft) (Ch 7 9/15/11), Living (D&D, Complete)Image
User avatar
White Haven
Sith Acolyte
Posts: 6360
Joined: 2004-05-17 03:14pm
Location: The North Remembers, When It Can Be Bothered

Post by White Haven »

Back-checked, and yes, the WRT54G does have an integrated firewall. Good, I wasn't looking foreward to eating my words :)
Image
Image
Chronological Incontinence: Time warps around the poster. The thread topic winks out of existence and reappears in 1d10 posts.

Out of Context Theatre, this week starring Darth Nostril.
-'If you really want to fuck with these idiots tell them that there is a vaccine for chemtrails.'

Fiction!: The Final War (Bolo/Lovecraft) (Ch 7 9/15/11), Living (D&D, Complete)Image
User avatar
Chmee
Sith Marauder
Posts: 4449
Joined: 2004-12-23 03:29pm
Location: Seattle - we already buried Hendrix ... Kurt who?

Post by Chmee »

Yep, I only threw out the FB-II reference because at $150 you're getting a corporate firewall that retailed for closer to $1500 in its heyday, but yes it's major overkill for the average home user. Just a question of how much you want to start playing around with security.
[img=right]http://www.tallguyz.com/imagelib/chmeesig.jpg[/img]My guess might be excellent or it might be crummy, but
Mrs. Spade didn't raise any children dippy enough to
make guesses in front of a district attorney,
an assistant district attorney, and a stenographer
.

Sam Spade, "The Maltese Falcon"

Operation Freedom Fry
User avatar
Terr Fangbite
Padawan Learner
Posts: 363
Joined: 2004-07-08 12:21am

Post by Terr Fangbite »

If you have the old linksys and it worked fine use it. If nothing else it is just yet another wall a potential hacker has to jump to get to you.
Beware Windows. Linux Comes.
http://ammtb.keenspace.com
Post Reply