ADSL modem with best firewall & strong security

Forums › Desktop computing › ADSL modem with best firewall & strong security

mushtac

157 posts

Master Geek

#58828 20-Mar-2010 15:21

I am upgrading my single port non-wireless D-Link DSL-502T GenII ADSL 2/2+ modem to a model with 4-ports & wireless. Is there a modem that has the best firewall & strong security or is this pretty much the same across the different models of ADSL modems? Thanks for your time

tokyovigilante

58 posts

Master Geek

#309414 20-Mar-2010 18:15

I'd be tempted to use whatever modem your ISP provides, then plug it into a Linksys WRT54G router running a custom firmware, either Tomato or DD-WRT.

I'm using one with my TelstraClear cable modem, works a treat. You get firewall, port forwarding, TCP flow control, etc. Performs very well.

smarsden

118 posts

Master Geek

#311472 25-Mar-2010 23:13

tokyovigilante: I'd be tempted to use whatever modem your ISP provides, then plug it into a Linksys WRT54G router running a custom firmware, either Tomato or DD-WRT.

I'm using one with my TelstraClear cable modem, works a treat. You get firewall, port forwarding, TCP flow control, etc. Performs very well.

Out of interest, what's the advantage to doing this, over using a one-box solution? I'm considering doing the same as the OP, and would rather have one box than two, but if there's problems with that setup it'd be good to know in advance.

Ragnor

8223 posts

Uber Geek

Trusted

#311576 26-Mar-2010 11:22

Some of the advantages of multiple devices are:

1: You can upgrade devices separately.

When VDSL comes out you only have to replace the DSL modem and not the router for example or if you want to upgrade the router you don't have to replace the modem.

2: Choice/performance/features.

There is a ton more choice for router/network switch/wireless devices (without the modem), many that can be run with open source third party firmware.

Typically the features and performance of a devices running DD-WRT or Tomato firmware are well beyond all in one devices.

An all in one device has benefit of:

1: Less complex to set-up

2: Only needing space/power for one device.

Anyway my recommendations for an all in one device are currently:

All in one device (adsl modem, standard networking and wireless)
- Dynalink RTA1025W or WE ~$110-120

All in one device (adsl modem, gigabit networking and wireless N)
- Netgear DGN3500 ~$255

tokyovigilante

58 posts

Master Geek

#311620 26-Mar-2010 13:25

smarsden:
tokyovigilante: I'd be tempted to use whatever modem your ISP provides, then plug it into a Linksys WRT54G router running a custom firmware, either Tomato or DD-WRT.

I'm using one with my TelstraClear cable modem, works a treat. You get firewall, port forwarding, TCP flow control, etc. Performs very well.

Out of interest, what's the advantage to doing this, over using a one-box solution? I'm considering doing the same as the OP, and would rather have one box than two, but if there's problems with that setup it'd be good to know in advance.

Other point is that TCL requires you to use a Motorola Surfboard cable modem, so a router is obligatory.

Ditto the fact that the Tomato firmware in particular is rock-solid, and has features unmatched at the price point. Flashing if you get the WRT54-GL variant is trivial and very safe. I also use a Netgear GS108 gigabit switch hanging off one of the LAN ports to provide gigabit speeds to my LAN.

ald

172 posts

Master Geek

Trusted

SimWorks

#311637 26-Mar-2010 14:45

On a similar topic, we have a Cisco 851w router at the office. The "w" stands for WAN, as we use a WAN rather than ADSL connection.

We are looking to dump the WAN connection and move to ADSL. We chose Cisco originally so that we could more easily VPN into some of the v-big Cisco boxes used by some of our clients. That's less of a requirement now and to be honest I wouldn't be sad to see the back of the Cisco box as it has always had some bizarre issue that means we have to manually set the MTU on all machines behind it to be some lower number.

While VPN to our clients is less of a requirement we are interested in VPN into the office. Any suggestions about a cost effective wireless ADSL router for in-office use? Preferrably one that does not have the MTU problem, which will let us VPN into the office and potentially has the ability to run some kind of ACL.

Best regards,
Aaron Davidson.

SimWorks International Limited

www.simworks.com - New Zealands leading developer of mobile applications

smarsden

118 posts

Master Geek

#311902 27-Mar-2010 16:57

Ragnor:

Anyway my recommendations for an all in one device are currently:

All in one device (adsl modem, standard networking and wireless)
- Dynalink RTA1025W or WE ~$110-120

All in one device (adsl modem, gigabit networking and wireless N)
- Netgear DGN3500 ~$255

Cool, thanks.

Looking at the Ascent website, I see that the Dynalink one has a 'basic firewall', whereas the Netgear one has a 'true firewall'. Questions:

a) what's the difference?
b) surely a true firewall is preferable, and if so, why have only a basic one?

jaymz

1133 posts

Uber Geek

#311907 27-Mar-2010 17:20

I believe that most if not all the Dynalink modems (correct me if i am wrong) have only a NAT based "firewall" which is not really a true firewall as it only hides your internal network from the outside rather than stopping traffic and packets.

My current setup is my modem and my SonicWall TZ170, the LAN between them is a DMZ. I beleive this is one of the more secure setups, if someone was able to get past the modem, then they would have to then get past the sonicwall before accessing the internal LAN.

Just my 2 cents worth anyway :)

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

smarsden

118 posts

Master Geek

#312086 28-Mar-2010 17:00

I'm currently using a Dynalink RTA1320 ADSL2+ modem/router.

To add wi-fi + additional wired ports to this, is the best solution something like a Linksys WRT120N, or NetGear WNR2000?

Don't you then end up with two routers in the equation, and perhaps two DHCP servers, one in each of the original RTA1320 modem, plus the second box, or does the second box not have one?

Sorry if these seem like basic questions, but they may help the original poster too.

tokyovigilante

58 posts

Master Geek

#312087 28-Mar-2010 17:02

You should only have one DHCP server per network. You don't need a DNS server at all. Typically your DHCP server will either hand out your ISP's DNS servers, or act as a caching DNS relay. Any additional device you add should either be a switch (packet routing only) or have the DHCP server disabled.

CYaBro

4590 posts

Uber Geek

ID Verified

Trusted

#312106 28-Mar-2010 17:41

ald: On a similar topic, we have a Cisco 851w router at the office. The "w" stands for WAN, as we use a WAN rather than ADSL connection.

We are looking to dump the WAN connection and move to ADSL. We chose Cisco originally so that we could more easily VPN into some of the v-big Cisco boxes used by some of our clients. That's less of a requirement now and to be honest I wouldn't be sad to see the back of the Cisco box as it has always had some bizarre issue that means we have to manually set the MTU on all machines behind it to be some lower number.

While VPN to our clients is less of a requirement we are interested in VPN into the office. Any suggestions about a cost effective wireless ADSL router for in-office use? Preferrably one that does not have the MTU problem, which will let us VPN into the office and potentially has the ability to run some kind of ACL.

I've recently moved one of my clients off a 857w (I thought the 'w' stood for Wireless??) from a remote office and a bigger Cisco at head office.
They have a perminant VPN connection between the offices for POS system plus users sometimes VPN to head office from home.
I moved them to a couple of Draytek DV2710's (they do have a wireless model), which can have two VPN connections at the same time.
They have since told me that the performance is much better and also got rid of some other problems they were having.
If you need more than two VPNs then look at the DV2820 which can handle up to 32 at the same time and also has a wireless model.

Opinions are my own and not the views of my employer.

Ragnor

8223 posts

Uber Geek

Trusted

#312267 29-Mar-2010 01:45

smarsden: I'm currently using a Dynalink RTA1320 ADSL2+ modem/router.

To add wi-fi + additional wired ports to this, is the best solution something like a Linksys WRT120N, or NetGear WNR2000?

Don't you then end up with two routers in the equation, and perhaps two DHCP servers, one in each of the original RTA1320 modem, plus the second box, or does the second box not have one?

Two options since you have a modem/router that can do half bridge (called ip extension in the rta 1320):

Half bridging (uses the 2nd device as the router/dhcp)
http://www.ben.geek.nz/2006/11/adsl-routing-solution-in-detail/

Wan Bypass Mode (uses the RTA1320 as the router/dhcp server)
http://forums.whirlpool.net.au/forum-replies-archive.cfm/933517.html

smarsden

118 posts

Master Geek

#312298 29-Mar-2010 09:54

Ragnor:
smarsden: I'm currently using a Dynalink RTA1320 ADSL2+ modem/router.

To add wi-fi + additional wired ports to this, is the best solution something like a Linksys WRT120N, or NetGear WNR2000?

Don't you then end up with two routers in the equation, and perhaps two DHCP servers, one in each of the original RTA1320 modem, plus the second box, or does the second box not have one?

Two options since you have a modem/router that can do half bridge (called ip extension in the rta 1320):

Half bridging (uses the 2nd device as the router/dhcp)
http://www.ben.geek.nz/2006/11/adsl-routing-solution-in-detail/

Wan Bypass Mode (uses the RTA1320 as the router/dhcp server)
http://forums.whirlpool.net.au/forum-replies-archive.cfm/933517.html

Excellent - thanks Ragnor.

Both very useful links which help explain exactly what's going on, and what components are doing what functions.

Although I now understand how they piece together, I also understand why manufacturers have produced all-in-one devices, which I think is the path I may take. It makes setup and configuration of the whole lot much simpler, as well as only needing the one power socket.

Hopefully this has helped the original poster too!

ald

172 posts

Master Geek

Trusted

SimWorks

#312406 29-Mar-2010 14:25

Thanks CYaBro. Haven't heard of Draytek before. You've used Draytek kit elsewhere as well?

Best regards,
Aaron Davidson.

SimWorks International Limited

www.simworks.com - New Zealands leading developer of mobile applications