Router Q

[nutball]

I'm setting up a home network for a friend of mine, and I'm looking for a router (preferably wireless) which will allow me to place blanket restrictions on the traffic which one of the LAN clients can put out over the Internet. So basically I want to be able to block all outgoing traffic from a specific local IP with the exception of one or two specific ports.

Does anyone know of a (preferably cheap) router which will do this. I own a Linksys WRT54G myself, and it doesn't appear to be capable of doing this out-of-the-box. I know that there are open-source versions of the firmware about which can extend the capabilities of this router, indeed reading some of the docs it looks like at least one version supports Firewall Builder, etc. that might give me the flexibility I need.

Does anyone have any real-world experience of using the WRT54G in this fashion, or indeed any other SOHO-class router?

 

[Guden Oden]

You don't trust software firewalls then? It seems to me it would be a lot easier to set this up on the PC than in a router.

 

[nutball]

You don't trust software firewalls then? It seems to me it would be a lot easier to set this up on the PC than in a router.

Well the machine in question being "constrained" will be a Mac... and generally no, I'd prefer an independent hardware solution if possible.

 

[Blazkowicz]

a simple solution would be for this mac to access the web / mail / IM via a proxy, but I don't freaking now if routers can act as a proxy server. (maybe with those linux firmwares. proxy server seems pretty trivial)

 

[Frank]

Take a look here: http://en.wikipedia.org/wiki/WRT54G#Third-party_firmware_projects

I would recommend updating your firmware. It's a very capable router, hardware-wise.

 

[nutball]

Yeah I think I've decided to go with the WRT54GL, plus HyperWRT or DD-WRT and fiddle about with Firewall Builder until I can get it to do what I want.

Should a fun way to spend a weekend!

 

[Althornin]

if you ever want something far more capable, play around with m0n0wall and/or pfSense.
They are *BSD based router distros (With different end purposes, depends on what you want as to which you should use).

They run on either regular PC hardware (a good use for that old p2-400, in my case) or there are specialized devices - WRAP and soekris make them - that are small like a linksys router but will run these - costs more though.

Functionality is amazing. You can do almost anything (router and firewall based) with them.

I currently have, at home, two wireless networks (one secured, one unsecured) where the unsecured one requires agreement to a TOS before giving access (and has limited speed/ports blocked). Full bandwidth shaping (custom tailored to what i use, and to what my roommate uses) and gives me excellent remote access to my network via ipsec vpn.

Can't be beat for functionality.