Recommendations for a router for Infinity

[gadgeteer]

Hi all

I got fibre yesterday and the router from TalkTalk is shocking. I can't understand the firewall section of the router which is pretty dire since I'm supposed to be a firewall specialist! At one point it locked me out and i had to reset it. Speeds can also be variable.

I used my old Linksys and that's working fine except I've noticed the speed tops out at 35Mbps whereas when I plug my laptop directly into the BT Openreach modem I consistently get 50Mbps+.

So I'm after some recommendations for routers that can cope with > 35Mbps speed that doesn't cost the earth.

Thanks

 

[neil_g]

theres an asus one that andy raves about, hang on i'll try and find it.

e: "Asus RT-N66U (or -AC66U if you want the new fangled AC connection)" see this thread - http://www.talkphotography.co.uk/threads/bt-homehub.508524/#post-5892840

 

[arad85]

Neil beat me to it You may want to look at dd-wrt on it too, although the stock Asus s/w looks pretty good (I only use mine as an access point)

Alternatively if you're a firewall specialist, an old PC (or newish Atom based board) with 2x ethernet sockets/cards running pfSense is where it's at.....

 

[neil_g]

which reminds me i was going to chuck pfsense onto a VM and have a rummage

 

[gadgeteer]

Neil beat me to it You may want to look at dd-wrt on it too, although the stock Asus s/w looks pretty good (I only use mine as an access point)

Alternatively if you're a firewall specialist, an old PC (or newish Atom based board) with 2x ethernet sockets/cards running pfSense is where it's at.....

LOL.....guess what I've been looking at for the last 30 mins....getting another NIC for my HP Homeserver and running a VM using either pfSense or Smoothwall

 

[neil_g]

annoyed with pfsense already. being a bit retarded with VM NICs on setup. wont auto-detect.

 

[arad85]

It runson freeBSD. Support for esoteric hardware isn't brilliant. Set the VM environment to use Intel NIC style devices and you should be OK.

Fundamentally the system picks up what it can.

 

[neil_g]

not having any of it on HV or VMw.. "no uplink detected"

 

[gadgeteer]

On Hyper-V, have you tried the legacy adapter?

 

[onomatopoeia]

Alternatively if you're a firewall specialist, an old PC (or newish Atom based board) with 2x ethernet sockets/cards running pfSense is where it's at.....

How about three ethernet adapters, for a proper DMZ as well? So internally segmented network with three firewalls, WAN <-> LAN, WAN <-> DMZ and DMZ <-> LAN?

When I last looked into this, mid range modem/routers seemed to just use their "DMZ" port as a dustbin to dump any incoming packets that aren't replies expected by stateful packet inspection, and don't firewall the DMZ from the rest of the LAN.

 

[Bicko]

...running a VM using either pfSense or Smoothwall

+1 for Smoothwall, but it can be 'funny' to install in a VM as it seems to expect the CD or iso to be on a conventional ata channel.

Mike.

 

[arad85]

How about three ethernet adapters, for a proper DMZ as well? So internally segmented network with three firewalls, WAN <-> LAN, WAN <-> DMZ and DMZ <-> LAN?

When I last looked into this, mid range modem/routers seemed to just use their "DMZ" port as a dustbin to dump any incoming packets that aren't replies expected by stateful packet inspection, and don't firewall the DMZ from the rest of the LAN.

Yup... Routers tend to DMZ to "the DMZ IP address". You can set pfSense up as you want - you just need to be able to describe what you want to do as firewall rules.

 

[neil_g]

On Hyper-V, have you tried the legacy adapter?

Yup. Seemed to detect the adapter state going up and down but not the link.

Will have another play at some point but I'm still preferring the sophos utm. Deploying one over the next few weeks.

 

[onomatopoeia]

Yup... Routers tend to DMZ to "the DMZ IP address". You can set pfSense up as you want - you just need to be able to describe what you want to do as firewall rules.

Ta, will look into some appropriate hardware, if it can work out cheaper than buying a(nother) firebrick then I'll do that.

 

[arad85]

Ta, will look into some appropriate hardware, if it can work out cheaper than buying a(nother) firebrick then I'll do that.

Mine is a VM on an ESXi server here. Just popped in an HP NC380T and use the two ports directly into the VM. Doesn't take up much CPU at all.

 

[PaulF]

Yup. Seemed to detect the adapter state going up and down but not the link.

Will have another play at some point but I'm still preferring the sophos utm. Deploying one over the next few weeks.

I run Sophos UTM 9 as a VM on ESXi running on a HP Microserver, no issues with the added HP dual port nics whatsoever.

 

[neil_g]

I run Sophos UTM 9 as a VM on ESXi running on a HP Microserver, no issues with the added HP dual port nics whatsoever.

got a UTM hardware appliance at the end of my work desk ready to be installed in the rack

 

[PaulF]

got a UTM hardware appliance at the end of my work desk ready to be installed in the rack

I'm led to believe that there's not much difference, if any, from a configuration point of view between running their hardware or running the software on your own kit. Not tried their kit to confirm that though.
It suits my needs at the moment at home anyway.

 

[neil_g]

I'm led to believe that there's not much difference, if any, from a configuration point of view between running their hardware or running the software on your own kit. Not tried their kit to confirm that though.
It suits my needs at the moment at home anyway.

yeah we were going to look at running a VM, i think decision was it was replacing an existing hardware appliance. but yeah the tech advisors said it was no difference (other than you could tweek VM specs)