Recommended Posts

  On 11/12/2018 at 14:12, eliminatrix2 said:

Hi There,

 

Just after some recommendations for a modem / router with a really good inbuilt firewall - I'd like to be able to block specific IP addresses as well as a full range of IP addresses = EG: 192.16.0.1 to 192.168.0.20

 

Thanks!

Expand  

A separate router is still the more sensible way to go (such as Synology) - their latest bottom-end router, in fact, is making sense for that use.  (I am looking at it to replace my basement router.)

I have my old C2D CPU and server-grade motherboard running IPFire. (could run ipsense, too)

 

It is VERY easy to block out certain IP's. IP and well as MACs.

 

As long as you have a system with 2+ ethernet ports, It can be set as a firewall/router.

I block devices with my router.   For example if I my son is being a bit too angry when playing games, I block his xbox or computer, not the ip address.  

 

Netgear isn't a bad router by any means.  Look at their high end lines though if you have over 100Mb/s, you are going to want gigabit throughput or better. 

 

if you have gigabit or more, you are definitely going to want the best they have.   The r9000 and XR700is capable of 10G LAN (it has a SFP+ port for lan only)

 

 

Alternatively, going with a more professional/business setup from ubiquiti would give you similar gains and support more bandwidth and just as easy to kick people off by device, not IP.

 

 

What is your budget is key here.. There is a BIG difference between what you can get for $100 and what you can get for $1k... etc..

 

Also pretty much any soho device that has wireless in it is going to be some home user toy.. Its going to have shiny stuff on the box like AC3200 - means ZERO!!!

 

First step to moving away from your home user toys is separate your wired from your wireless... You are never going to have good wifi with some single router you place where your internet comes in.. I don't care how many antennas or bands is says it has... Unless you live in a LOFT or something... Or an abandoned warehouse?

 

You can for sure do it on the cheap.. But its going to be more than a $50 soho router that is for sure..  

 

edit:

BTW I think @Mindovermaster meant to say pfsense not ipsense..  Which yeah they sell some great products or can run on your own hardware... I have been running it for 10+ years and currently running one of their sg-4860 at home.. Its a bit over your typical home user budget... But then again I do this for a living and its also my hobby, etc... So I don't mind spending a few bucks to get what I know is rock solid..

 

The $100 USG from unifi can move some packets.. But if you turn on their eye candy DPI info, etc. then not so much.. Since you have to turn off hardware offload for that stuff..

  On 11/12/2018 at 14:12, eliminatrix2 said:

modem / router

Expand  

Also lets be clear on what exactly your looking for.. What sort of connection do you have Cable, Fiber, DSL, etc.. What are you currently using.. Are you renting hardware from your ISP?  You for sure would want/need to break out the modem portion to its own device and then use your firewall/router as different device.

 

A combo unit with modem/router in the same box - ie a gateway is always going to be just crap to be honest..

  On 11/12/2018 at 19:46, BudMan said:

Also lets be clear on what exactly your looking for.. What sort of connection do you have Cable, Fiber, DSL, etc.. What are you currently using.. Are you renting hardware from your ISP?  You for sure would want/need to break out the modem portion to its own device and then use your firewall/router as different device.

 

A combo unit with modem/router in the same box - ie a gateway is always going to be just crap to be honest..

Expand  

Agreed there, BudMan. Also, as bad as cable is on that front, rather sickeningly, fiber in most cases (even Verizon) is *worse*.  Synology will let you whitelist multiple ranges; then you can simply park your home devices by range (invariably, devices perform best in a particular IP range); what Synology will let you do is only allow connections in each whitelisted range - any device that tries to connect outside the whitelisted range gets nowhere.  At your end, you just have smaller ranges to deal with - not wide-range DHCP - which is what most home or even prosumer ranges account for - not narrow-range DHCP, let alone multi-range DHCP.  Until recently, Synology routers were priced out of the range where home users could afford them - starting this summer, they dropped down to where first prosumer users could afford them.  Now home users can as well, beginning with the MR2200AC.  While the MR series (including the MR2200AC) are primarily starting points for a mesh system, because they all can run SRM, you have a lot of capabilities - even without mesh.  SRM is extensible as heck, and SRM routers have access to all of it.  If I need mesh later, I have a ton of ways to add it - and without throwing the core away.  (Not easy - or cheap - with anybody else's mesh-based system.)   Mesh without being trapped? Yes, please.

This topic is now closed to further replies.