Re: [PLUG] Cheap Firewall - Use old Wireless Router?

Lee H. Marzke on 4 Jun 2018 11:02:56 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Cheap Firewall - Use old Wireless Router?

From: "Lee H. Marzke" <lee@marzke.net>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Cheap Firewall - Use old Wireless Router?
Date: Mon, 4 Jun 2018 19:02:50 +0100 (BST)
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
Thread-index: xsGOw1BPlFwnv6EMZBlGxaKXVCpsNw==
Thread-topic: Cheap Firewall - Use old Wireless Router?

Technically the ONT is a bridge.   The Verizon supplied Wifi/router is not required
although they may tell you otherwise.  It's only required for their TV service listings.

So you just program your router to the GW address and public IP given to you and it just works. I
assume WAN DHCP would also work, but I have a static block.

Most Verizon customers just use this router.  If you have no open inbound ports that may be fine, but
if you want to open a few ports for OpenVPN inbound,  SSH inbound ,   a Plex account , etc.   then
you may want more security.

Many small fanless routers claim only 100Mbs through firewall, so you would have to test your unit to
see if you can get full speed.


I was told that to upgrade my FIOS past 75/75 service to 150/150 I need a newer ONT and +$20 /month

Lee



----- Original Message -----
> From: gary@duzan.org
> To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
> Sent: Monday, June 4, 2018 1:48:57 PM
> Subject: Re: [PLUG] Cheap Firewall - Use old Wireless Router?

> "Rich Mingin (PLUG)" <plug@frags.us> wrote:
> => You mentioned Verizon. It was my understanding that all DSL customers had
> => been converted to FIOS, and if so, you do not have a cable modem in your
> => house, you have a router. FIOS logically terminates at the ONT on the side
> => of the house, they can run coax or CAT5E into the house from there.
> => Updating to a newer Verizon-supplied router with better throughput and
> => gigabit support may be a phone call away, and low or no cost.
> 
>   I wouldn't count on the last bit. I've been on FiOS for a while, and
> they wanted to force me to upgrade my router to a newer model for
> around $80, refurbished. Since I opted not to do that they now charge
> me a "maintenance fee" to keep the old router. If I didn't think
> Comcast was even more evil, I would drop them pretty quickly.
> 
>                              Gary Duzan
> 
> 
> => On Mon, Jun 4, 2018 at 13:30 Casey Bralla <MailList@nerdworld.org> wrote:
> =>
> =>> I have been using an old COTS system (Pentium 5 vintage) with 3 NICs
> =>> running Shorewall on Debian.   Except for the energy use, it's been
> =>> great.
> =>>
> =>> What do you think about using a COTS wireless router with gigabit
> =>> ethernet as a firewall?  All I need is NAT provided by the router.  I'd
> =>> disable the wireless, and NAT would insulate the local net from the
> =>> internet.   I'd plug the "WAN" plug into the verizon-supplied cable
> =>> modem.  Most wireless routers have 4 gigabit ports, although I'd only
> =>> need 1 of them.  The old router would provide dhcp addresses on the
> =>> local net.
> =>>
> =>> Do you think this would be robust enough to provide thruput on par with
> =>> the low cost commercial routers already mentioned by others on this
> =>> list?
> =>>
> =>>
> =>> On 06/03/2018 08:10 PM, Steve Litt wrote:
> =>> > On Tue, 29 May 2018 19:01:56 -0400
> =>> > Tone Montone <tonemontone@gmail.com> wrote:
> =>> >
> =>> >> Lee,
> =>> >>
> =>> >>    You have hit on a project I've been looking at for the past
> =>> >> month.  I never used FreeBDS before and was looking at picking up a
> =>> >> cheap PC from craigslist, with a CPU that was AES-NI friendly, and
> =>> >> then install pfsense on it.  I also thought about adding snort and
> =>> >> Splunk as well to gain some insight into those tools as well.
> =>> > If you're looking for cheap today, dumpster dive an eight year old
> =>> COTS
> =>> > computer and two or three cheap Gigabit NICS, and run pfSense. That's
> =>> > what I do right now.
> =>> >
> =>> > But a full sized desktop burns a lot of electricity, and if your're in
> =>> > a warm climate, it double-whammys you because you need to use even
> =>> more
> =>> > electricity to air condition away the heat from the processor.
> =>> >
> =>> > I've been thinking of spending $400 for a very low power (perhaps
> =>> > fanless) computer capable of running 3 NICs, and putting pfSense on
> =>> it.
> =>> > $400 today, but I probably earn back a buck a day.
> =>> >
> =>> > SteveT
> =>> >
> =>> > Steve Litt
> =>> > June 2018 featured book: Twenty Eight Tales of Troubleshooting
> =>> > http://www.troubleshooters.com/28
> =>> >
> =>> >
> =>> >
> =>>
> ___________________________________________________________________________
> =>> > Philadelphia Linux Users Group         --
> =>> http://www.phillylinux.org
> =>> > Announcements -
> =>> http://lists.phillylinux.org/mailman/listinfo/plug-announce
> =>> > General Discussion  --
> =>> http://lists.phillylinux.org/mailman/listinfo/plug
> =>>
> =>> --
> =>>
> =>> Casey Bralla
> =>>
> =>>
> ___________________________________________________________________________
> =>> Philadelphia Linux Users Group         --
> =>> http://www.phillylinux.org
> =>> Announcements -
> =>> http://lists.phillylinux.org/mailman/listinfo/plug-announce
> =>> General Discussion  --
> =>> http://lists.phillylinux.org/mailman/listinfo/plug
> =>>
> =>
> ___________________________________________________________________________
> => Philadelphia Linux Users Group         --
> => http://www.phillylinux.org
> => Announcements -
> => http://lists.phillylinux.org/mailman/listinfo/plug-announce
> => General Discussion  --
> => http://lists.phillylinux.org/mailman/listinfo/plug
> =>
> 
> 
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

-- 
"Between subtle shading and the absence of light lies the nuance of iqlusion..." - Kryptos 

Lee Marzke, lee@marzke.net http://marzke.net/lee/ 
IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM 
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Cheap Firewall - Use old Wireless Router?
  - From: "Rich Mingin (PLUG)" <plug@frags.us>

References:
- Re: [PLUG] Cheap Firewall
  - From: Steve Litt <slitt@troubleshooters.com>
- Re: [PLUG] Cheap Firewall - Use old Wireless Router?
  - From: Casey Bralla <MailList@NerdWorld.org>
- Re: [PLUG] Cheap Firewall - Use old Wireless Router?
  - From: "Rich Mingin (PLUG)" <plug@frags.us>
- Re: [PLUG] Cheap Firewall - Use old Wireless Router?
  - From: gary@duzan.org

Prev by Date: Re: [PLUG] Cheap Firewall - Use old Wireless Router?
Next by Date: Re: [PLUG] Cheap Firewall - Use old Wireless Router?
Previous by thread: Re: [PLUG] Cheap Firewall - Use old Wireless Router?
Next by thread: Re: [PLUG] Cheap Firewall - Use old Wireless Router?
Index(es):
- Date
- Thread