Main Menu

Home Firewall/Router

Started by Mark, January 20, 2014, 10:14:09 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Mark

My Linksys WRT54G is about 10 years old now and standing right on it I'm only getting 12Mbps on WiFi (if I'm lucky).  Methinks it's time to replace, lol.

This used to be my go-to router when people would ask for recommendations.  I know they had a bad rep for a while, but whatever version I have has been going strong for this long.  I've had DD-WRT on it and went back to stock after a few years.  It's just time for newer hardware.

So, what are others using at home and what do you like or not like about it?  I'm considering getting an Ubiquity access point, but I still need wired ports so wired or wireless is fine at this point.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Gene Foraker

#1
I upgraded my antique WRT54 last year with this ASUS RT-N66U Dual-Band Wireless-N900 Gigabit Router.

ASUS RT-N66U Dual-Band Wireless-N900 Gigabit Router

Maybe a little on the high side, but reviews were fantastic and my wireless signal through the house is MUCH stronger.  Lots of extra features included.

I guess there is now a newer version http://www.amazon.com/RT-AC66U-Dual-Band-Wireless-AC1750-Gigabit-Router/dp/B008ABOJKS/ref=dp_ob_title_ce
Gene Foraker CPCU
Gates-Foraker Insurance Agency
Norton, OH


My posts are a natural hand made product. The slight variations in spelling and grammar enhance its individual character and beauty and in no way are to be considered flaws or defects.

Mark

Had not considered ASUS.  Price isn't too bad and reviews look excellent.

Thanks Gene!

Anyone else?
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Gene Foraker

Gene Foraker CPCU
Gates-Foraker Insurance Agency
Norton, OH


My posts are a natural hand made product. The slight variations in spelling and grammar enhance its individual character and beauty and in no way are to be considered flaws or defects.

Mark

Interesting that the first one had better reviews.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Jeff Golas

The funny thing is I did the exact same upgrade. I had DDWRT on the 54g and watched CPU usage go through the roof when opening a couple computers worth of youtube, etc. Got the ASUS and didn't look back. I still have a stack of WRT's if I ever need em, but I think it may be time to sell them off too.
Jeff Golas
Johnson, Kendall & Johnson, Inc. :: Newtown, PA
Epic Online w/CSR24
http://www.jkj.com

Joshua Conner

I upgraded my antique WRT54 last year with this ASUS RT-N66U Dual-Band Wireless-N900 Gigabit Router.

I did the same thing as well.

I am running tomato firmware on the asus and love it.  Yes it was pricey but i love the custom firmware on it and all the new linksys are very closed to tinkering and much more consumer friendly which was a - in my book.
Joshua Conner
Conner Insurance
Tam 2014 R2
Epic online with CSR24 and Salesforce Integration
39 Employees
Former Vice President Indiana Applied User Group
Webmaster http://www.appliedusergroup.com
Blog http://mylifewithtam.blogspot.com

Mark

Thanks Josh!  Leaning towards this so far.  Is tomato still like $10 or $20?  I guess I could google that.. lol
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Mark

#8
Tomato is free now?  Was it always free?  I swore it wasn't years ago unless there was a "required donation" at that time.

Think I might just fire up tomato tonight and see if my router performs any different.  DD-WRT was acting wonky after I was running it for a few years so I went back to stock and router ran fine again.  Wonder f tomato will do the same or if it will just prove that my hardware is no longer up to the task (which is what I expect).

I'm cheap! lol
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Joshua Conner

I paid nothing for it so it must be free
Joshua Conner
Conner Insurance
Tam 2014 R2
Epic online with CSR24 and Salesforce Integration
39 Employees
Former Vice President Indiana Applied User Group
Webmaster http://www.appliedusergroup.com
Blog http://mylifewithtam.blogspot.com

Mark

Didn't get to it last night but yeah, it is free.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Jeff Zylstra

I've had good luck with the Buffalo line of products, but I've heard good things of ASUS as well.  I have NOT heard good things of Linksys/Cisco, ever since Cisco bought them.  Seems like instability is an issue with them, as well as not being open source anymore for the OS.   One real benefit that you'll notice is that all of your phones, tablets, and other wifi enabled devices should be more reliable now.  I was having issues, especially when I had family come over and everyone jumped on their wifi enabled phones, tablets, etc....
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Mark

Thanks Jeff.  I was looking at the negative reviews of the ASUS router and almost all of them were the same -- that it just stopped working.  That's exactly what happened with my ASUS netbook after a few years, too, so I guess I'm not decided yet.

What I'd really like to do is get a commercial firewall and an Ubiquity access point.  I need the physical ports though (at least I prefer to have them).

You are right about the Linksys Cisco stuff.  Cisco dumped Linksys and Belkin owns them now -- not that that changes much.

I'll post what I end up doing, but in the mean time feel free to toss things my way!
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Jeff Zylstra

You're most welcome.  What you're considering is what I ended up doing.  I use a Buffalo WAP along with an old Sonicwall TZ 170 from my office.  I know SW is not your favorite, but it does what I need it to do, is stable, and has enough bandwidth.  The flexibility and stability of a commercial firewall along with the new, stronger wireless is a good combination.   You might want to check out Craigslist or EBay for a used commercial firewall, then add a WAP to it.  Just make sure that updated firmware is available, or it can run WRT or Tomato or something like that.
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Mark

Wish I had a legitimate reason to upgrade our ASA so I could just take that home.  But, as we discussed in a prior thread not long ago, there is no reason to replace it.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Billy Welsh

Quote from: Jeff Zylstra on January 21, 2014, 09:44:56 AM
You're most welcome.  What you're considering is what I ended up doing.  I use a Buffalo WAP along with an old Sonicwall TZ 170 from my office.  I know SW is not your favorite, but it does what I need it to do, is stable, and has enough bandwidth.  The flexibility and stability of a commercial firewall along with the new, stronger wireless is a good combination.   You might want to check out Craigslist or EBay for a used commercial firewall, then add a WAP to it.  Just make sure that updated firmware is available, or it can run WRT or Tomato or something like that.

Hmmm...good food for thought.  I've been through a Cisco and a TP-Link at home (thanks to Han's Woot.com), and both wound up in about the same place - at about a year the issues begin.  Mostly just freezing - DSL modem is synched, no errors on any connected device, and no internet.  Actually have to go upstairs and power cycle the router - won't even come up in a browser even though all pretty the blinking lights give the impression that all is well.  And you can just imagine how it frustrates my lovely non-techie wife, who just wants it working whenever she needs it, period.

We've been using Buffalo NAS units here for some time with no issues, as well as a Cisco WAP.  So maybe my next adventure will be a Buffalo router, or an old retired SonicWall from here with a Buffalo WAP.

For home use, are you concerned at all that the SonicWall isn't being updated for new threats?  Or is the standard SonicWall port control, packet sniffing, etc. enough at home as long as you are running a good anti-virus program?  When we start getting into the details of the actual threats, I am in over my head.
Billy Welsh
Director of Accounting
LCMC Health

Jeff Zylstra

Even with outdated intrusion protection and other countermeasures, I think that the SonicWall's protection is still stronger than what you would get with a residential unit.  I'd be interested in hearing everyone else's take on that, however.  Plus, you get things like VPN support and other things that you wouldn't on a residential unit.
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Mark

Really all you *need* at home is all your ports blocked and NAT but any additional features are good.

As far as outdated protection, older things are still out there on the net so I say nothing wrong with that.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Billy Welsh

Realizing you pros are not familiar with my actual router, do you think I could take a retired SonicWall home to do all the heavy lifting, and change the wireless router settings so that it is just operating as a WAP?

I know that might not solve my problems but it seems worth a try in my mind.
Billy Welsh
Director of Accounting
LCMC Health

Mark

Yes, you most definitely could.  To do this, disable DHCP on your wireless router and plug one of the computer ports (NOT THE WAN) into one of the network ports on the sonicwall and you're golden.

I have everyone who gets U-Verse do this.  also avoids having to reconfigure wireless devices for a new router.  I've had nothing but trouble with the U-Verse WiFi!
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Jeff Zylstra

Quote from: Billy Welsh on January 21, 2014, 02:00:55 PM
Realizing you pros are not familiar with my actual router, do you think I could take a retired SonicWall home to do all the heavy lifting, and change the wireless router settings so that it is just operating as a WAP?

I know that might not solve my problems but it seems worth a try in my mind.

Having done exactly this.  I would say YES!
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Bloody Jack Kidd

I vote for PFsense - build your own firewall. Grab an ALiX board and away you go.

http://www.pcengines.ch/alix.htm

Or - if you want a bit more of a UTM and either have the hardware or are will to spend a bit:

http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
Sysadmin - Parallel42

Billy Welsh

Quote from: Mark on January 21, 2014, 02:03:54 PM
Yes, you most definitely could.  To do this, disable DHCP on your wireless router and plug one of the computer ports (NOT THE WAN) into one of the network ports on the sonicwall and you're golden.

I have everyone who gets U-Verse do this.  also avoids having to reconfigure wireless devices for a new router.  I've had nothing but trouble with the U-Verse WiFi!

You actual pros are so much better than Google!  Yes, the Oracle will reveal the answers, in time, usually more than I care to spare - patience has never been my strong suit  :P

So I managed to impress myself by actually getting this done with an old SonicWall, and it has made a BIG improvement.  So I guess you really do get what you pay for - the sub $100 routers do not seem to have the beef necessary to handle moderate traffic.

The only problem now is the Sonicwall is limited to 10 "nodes."  I never thought to check this, as this puppy served one of our branch offices quite well, so I assumed it could easily handle my modest homestead.  But once I saw the message that the number of allowed nodes had been maxed, I started to realize that hitting 10 in this day & age is pretty darn easy to do.

I have another SW I can try with unlimited nodes, but it has not cooperated so far.  So I am trying to figure out whether to have one more go at it, or if there is a way to get the current unit to play nice.

Does anyone know how SonicWall defines a "node?"  If that is just a limit on my DHCP scope that I can get around with fixed IP's, I'll gladly do that as opposed to continuing to fight with the 2nd unit.
Billy Welsh
Director of Accounting
LCMC Health

Jeff Zylstra

I'm guessing that the "nodes" are any kind of connection (computers, phones, other wifi,etc...) so trying to "fool it" with a static IP address won't get you anywhere.  I would try the other SW with unlimited nodes if you need more connections since you probably can't upgrade that unit by purchasing an unlimited node license.  The license on my SW at home expired 4-5 years ago, but it had unlimited nodes, so I am all set.  I don't think it's worth every buying a limited node device from SonicWall since the price different isn't that great, and I've heard that limited nodes are a pain with SW as it may not always release licenses after a "node" disconnects (or you think it has disconnected).
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Billy Welsh

I've actually got 2 older units, both 10-node, one of which is upgradeable.  But when I glanced at the prices the other day to increase the node count, I could get a really nice brand new firewall for what that would cost.

It is looking like the kids sports activities could get rained out this weekend, so I may have time to take one more run at the 3rd SW.
Billy Welsh
Director of Accounting
LCMC Health

Billy Welsh

I finally smartened up and snagged a used SonicWall TZ190 on ebay for ~$30 including shipping.  I know not all of you real techs are fond of them, but it is the only "real" router I am familiar with so I knew I could get it to work without too much headache  :) .  So for that trifling sum I have a nice working firewall with unlimited nodes.

Only it doesn't work, at least 100%.  The DNS addresses are not making it through from the PPOE login on the new unit - they were on the old unit.  I entered them manually, but I don't like that solution.  If those change, it will be at the worst possible time - when the wife is trying to do something and I am not at home!

I have done some initial Googling, but no joy as of yet.  But you guys are all better than Googling anyway!  Thoughts?
Billy Welsh
Director of Accounting
LCMC Health

Mark

Set a manual DNS that doesn't change. Google: 8.8.8.8. OpenDNS (no account necessary), or the old trusty 4.2.2.2 - though I recently read that we're not really supposed to use that one.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Billy Welsh

#27
All right, my info is going to be really sketchy at best, but diving into this at 11:00pm after picking up the dog from the vet for surgery and hearing from the wife and teenage son about it "not working" several times are hardly ideal conditions!

In going to the log of my SonicWall last night, I saw something I had never seen before - "PPP ECHO" entries.  Whenever I see something new I get concerned.  Can any of you shed light on what these are with this very limited info?  EDIT:  The SonicWall is connected to a DSL modem.

The background if you want it:

Wi-Fi appeared to go kaput, even though all the pretty lights were on (green) and blinking.  Restarts of the WAP did not resolve.  None of the wireless devices were successfully connecting to the WAP.  The WAP is actually a router that I set up to just be a WAP, as it did not handle the full volume or traffic very well when used as router.

So, next I went to the SonicWall, which I restarted for the heck of it - it seemed to be working correctly before the restart though I did not check - was hoping in vain to get lucky.  After the restart I was able to log in to the SonicWall from a wired connection - again all appeared normal as far as the SonicWall.  But the only IP lease was for the station I logged in with - the other wired pc did not appear (it was saying cable unplugged which was not the case).  This makes me suspect the SonicWall - this is the unit I got off ebay that Dell tells me was RMA'd for being defective.

I will dig deeper into connectivity/router issues this weekend.
Billy Welsh
Director of Accounting
LCMC Health

Jeff Zylstra

Try running rebooting the computer in question, running IPCONFIG /ALL from there, and then trying to PING the router to see if there is any connectivity.   
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Billy Welsh

I HATE it when I have a Homer Simpson moment!  DOH!!!

Given the past history, I assumed it was just the same thing or a related issue happening again.  It was not until a couple of unsuccessful hours into it, which of course was during Sunday's playoff games, that I noticed the 5-port D-Link switch was passing NO traffic.

I assume it's given up the ghost - have not plugged it back in yet.  Took it off the network, moving those connections to the suspect SonicWall which thankfully had enough ports.  At that point - touchdown!

The SonicWall did go into Safe Mode about 15 minutes afterwards, requiring a 2nd reboot.  It had been chugging along fine for several weeks before this.  And it has stayed up since then.
Billy Welsh
Director of Accounting
LCMC Health

Jeff Golas

I went the ASUS Route using the exact model above, but in hindsight, I feel it was a waste of $. Lots of cool features on box, almost none of which work correctly. You're not going to use it as a itunes server, or even a file server from a usb stick like they say you can (there's little support and I believe NO write support back to the usb storage).

Go cheaper but simliar spec and install DDWRT again for custom features if you need em.

(The asus works fine, but I dont think its worth the premium cost).
Jeff Golas
Johnson, Kendall & Johnson, Inc. :: Newtown, PA
Epic Online w/CSR24
http://www.jkj.com

Mark

I was looking at the dual band Buffalo router that comes with DD-WRT installed, but it got horrible reviews.  Some of them were just people unfamiliar with DD-WRT and didn't like it, but MOST of the reviews were hardware related.  Plenty of RMAs, comp,aints about signal strength and no antennas, complaints about bitrate even with a good signal, etc.

I think we're switching to U-Verse as much as I don't know if I want to, and I'll just use their crappy WiFi (which doesn't seem to follow standards and I've had all the usual problems setting up for people).  We'll see how that works out and if I don't like it, I'll grab something to put DD-WRT on.

Or maybe by that time an ASA will be cheap! lol
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Joshua Conner

I will agree on the asus NAS is horrible yes it does work but has very few options to config.  For example to find it I think its //unknown/sdb2/share   Because you cant change unknown but it does work to write and read from a usb hard drive attached to the router.
Joshua Conner
Conner Insurance
Tam 2014 R2
Epic online with CSR24 and Salesforce Integration
39 Employees
Former Vice President Indiana Applied User Group
Webmaster http://www.appliedusergroup.com
Blog http://mylifewithtam.blogspot.com

Mark

Doesn't the ASUS support DD-WRT?
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Billy Welsh

Another Homer Simpson moment, or maybe a senior moment.  I did not take any notes when I got this working.

Before I identified the offending D-Link switch, I was trying to swap out the wireless router that is operating as my WAP.  The spare was not configured as a WAP, but I could not remember every single setting and I could not get to the existing WAP to compare the settings.

Do you set it with a fixed IP, or have it pull an IP from the firewall?  Or does it even have an IP given that it is just a pass-through to router which is serving IP's to the wireless devices?

Once I got it all working again I may not have tried to get to the original WAP via an IP address - I had missed enough of the playoff already.  If it is a fixed IP I believe I know what it is. 

Quote from: Mark on January 21, 2014, 02:03:54 PM
Yes, you most definitely could.  To do this, disable DHCP on your wireless router and plug one of the computer ports (NOT THE WAN) into one of the network ports on the sonicwall and you're golden.

I have everyone who gets U-Verse do this.  also avoids having to reconfigure wireless devices for a new router.  I've had nothing but trouble with the U-Verse WiFi!
Billy Welsh
Director of Accounting
LCMC Health

Mark

I think you could do it either way.  I always put a static on it though.  You have to edit the settings anyway because you want to turn off the DHCP server.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Jeff Golas

Yeah if something's getting bad reviews, RUN away from that stuff. I learn my lesson time and time again thinking its just loser users not understanding things - that seems to be 25% of the time unfortunately.

I've been messing with WRTs and such last night. My garage is 12 feet from my house, yet my wireless is unusable out there. I can see 20 other access points yet my house isn't accessible. (My router is on ground level of my split house so its literally less than 50 feet from where my garage PC is).

So to fix that I used Netgear Powerline adapters (I hate Netgear) which do work but also drop out.  So last night I downloaded the software and did firmware updates to all, only to have two of them essentially get bricked. They work and talk together no problem, but I can't update names or firmware or encryption settings to get them to talk to anything else now, and I stopped just short of taking them outside and chucking them in the trash.
Jeff Golas
Johnson, Kendall & Johnson, Inc. :: Newtown, PA
Epic Online w/CSR24
http://www.jkj.com

Joshua Conner

DDWRT isnt supported on my asus I run tomato on mine.
Joshua Conner
Conner Insurance
Tam 2014 R2
Epic online with CSR24 and Salesforce Integration
39 Employees
Former Vice President Indiana Applied User Group
Webmaster http://www.appliedusergroup.com
Blog http://mylifewithtam.blogspot.com