LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Need Basic Linux Compatible Router with Good Security Features (https://www.linuxquestions.org/questions/linux-newbie-8/need-basic-linux-compatible-router-with-good-security-features-4175614481/)

baywalk 09-25-2017 08:23 AM

Need Basic Linux Compatible Router with Good Security Features
 
I am new to Linux. I am planning to install Linux Mint Mate (have "official" installation DVD) on a brand new Intel NUC 515RYH box with a 250 GB WD SATA (bare drive) & 8 GB Hyper RAM.
I would like to include a new router in my configuration, but could use some help deciding.
I have DSL and my usage demands are very nominal. I do not game and rarely stream; generally I am the only user. I am primarily concerned with security, and don't mind paying for a good router, but I don't want to overpay for features that are of no benefit to my situation.
Any suggestions would be appreciated. Thanks.
TOM

Emerson 09-25-2017 08:33 AM

Most DSL modems I have seen have built-in router. All you need is a network switch. Indeed, you can put the modem into bridge mode and use your own router. Is this what you want to do?

syg00 09-25-2017 05:29 PM

Agree - anything will work with Linux. I've used almost all the vendors, and these days they all self-configure for your ISP as soon as you plug them in. However the Belkin I pulled out a couple of weeks back was a pile of crap. It had the modem in the power pack rather than the router itself, and was really susceptible to line noise. Also couldn't assign fixed addresses (for printers, backup host ...). Pile of junk.

As for security "benefits" spruked by salesmen, most will be of no benefit - parental control, guest network, isolated sub-networks. Probably of no use to you, so don't pay extra for those. Most kit is pretty secure these days if you keep the firmware up to date, and don't open any ports. First thing you must do is change the password.

Meant to mention, what I look for as my top "must have" is wifi range. Big house, office on one side, needs to span to the other side of the house.

jefro 09-25-2017 08:41 PM

The default security on a dsl modem is pitiful in my opinion.

If you want security then consider making a virtual machine UTM or layer 7+ firewall in this new box then point all your traffic to and from that vm. I'd suggest Untangle linux distro as it is pretty simple to get security going.

You can install Untangle on a few of the top tier routers but they aren't powerful enough to run a few of the features.

I have no connection with untangle.

frankbell 09-25-2017 09:33 PM

A Linux sysadmin of my acquaintance will use only routers to which he can install tomato.

DavidMcCann 09-26-2017 11:31 AM

Any modem should be secure. I used an on-line testing service to check that mine would not respond to pings, for example, and it passed.

Mint, like most (all?) Debian derivatives has its own firewall disabled by default (don't ask why…) but you can enable it with the command
sudo ufw enable
To reassure yourself that it's working, give it a few seconds to sort itself out and try
sudo ufw status verbose

Don't forget to use a good password if you are using a wifi connection to the router!

baywalk 09-26-2017 04:46 PM

Thanks to All
 
Thanks to everyone for the helpful info. The router & modem are separate. After some further research, I decided to just try a basic Linksys WRT54GL. While around a long time, it is quite inexpensive and appears to be open source capable, so I could optionally load DD-WRT.

Shadow_7 09-26-2017 05:56 PM

I use an asus rt-n12. That I put ddwrt on. Someday I'll know enough to cope in openwrt's CLI land. When I'm super paranoid I'll have a raspberry pi between the internet and the home network with a usb ethernet dongle to have two ports including the ethernet on device. But my ISPs are slow so it's not a bottleneck. This opens up options for firewalling and monitoring everything leaving the house. But it can be annoying if the power blinks a lot since there's no battery fallback like a laptop.

syg00 09-26-2017 06:18 PM

I have the above in place, (primary driven by wanting to monitor Win10) and bought a power board with built-in battery. Not a "real" UPS, but enough for the ADSL/Cable router and pi3.
But as a general principle with an all Linux household, I'd reckon it is now unnecessary. My house has deadlocks, but not crash-proof bollards across the gate - sensible precautions are probably enough.

JeremyBoden 09-27-2017 06:51 AM

Your average router incorporates as standard:-
A firewall, wireless, DHCP, NAT and has 4 ethernet points for your LAN plus a single WAN connection to your DSL modem.

Your router is basically a specialised, miniaturised Linux box with some extra hardware.

Emerson 09-27-2017 07:11 AM

Don't touch it! It works!

Average home user ignores the router built into modem. It does NAT already in the modem. So there is no need for another NAT router. But who cares. I've seen a setup like this: Modem, doing NAT > standalone wired NAT router > wireless NAT router. Triple NAT! And if you tell them it is not sane then they say: It works, we do not want to touch it. If we just could access that wired PC from our wireless laptop ...

JeremyBoden 09-27-2017 08:09 AM

The modem doesn't do NAT because it just converts an analogue signal to/from a digital one.

Or are we talking about a modem/router combined in a single box?

Emerson 09-27-2017 08:11 AM

What modem you are talking about. I have a DSL modem here that definitely does NAT. In other words, it has built-in router.

JeremyBoden 09-27-2017 08:43 AM

It is common for modem/routers to be sold as a combined unit.

However :)
I actually have a separate modem and router.

The modem performs no network functions.

Emerson 09-27-2017 08:55 AM

Splitting hairs. Yes, modem means modulator-demodulator. There were times when modems were just that. But I have yet to see a DSL modem which is not a combined unit with built-in router. It has to be put into bridge mode not to do any network functions. Are you suggesting modern modems should be called modem-routers instead? Then how about wireless routers. Those should be called router-switch-accesspoints.


All times are GMT -5. The time now is 10:11 PM.