Router recommendations

613 Views | 2 Replies | Last: 7 yr ago by eric76
eric76
How long do you want to ignore this user?
AG
I'm looking for a not too expensive router/firewall for the office but don't know of any that do what I need it to do.

Currently, I use a computer running OpenBSD with two network cards. This works perfect for me, but I'm trying to set it all up where if something happens to me such as a heart attack or stroke, someone else can easily keep it going while I recuperate.

So here's what I'm looking for and the reasons:

1) I'm not interested in a wireless router. If it is wireless, it doesn't bother me -- if I can't disable it or reduce the power to minimum, I'll just give it an unrememberable password and not tell it to anyone.

2) It must be a gigabit router.

3) It must handle both IPv4 and IPv6.

4) For IPv6, no NAT. Just apply firewall rules to permit or deny traffic. I completely fail to understand why anyone would want a router that does NAT on IPv6 -- don't they understand that NAT is designed to extend a limited address space? On the smallest IPv6 block, it is hard to imagine how anyone would run out of the 2^64 addresses.

5) For IPv4, it needs to use NAT. We don't have enough IPv4 addresses to connect everything.

6) It needs to be able to handle multiple IPv4 addresses on the WAN port. The reason is that we have hundreds of devices outside the firewall with addresses in a 10/8 subblock that need to be accessed from the LAN. Also, sometimes a device will be reset and have an address in the 192.168.1/24 block and we need to be able to reconfigure them from the LAN.

7) A plus, but not required, is that it could have WAN addresses on the LAN side with normal firewall rules to regulate that traffic.

I do all this quite easily with OpenBSD, but finding someone else to make even small changes while I'm unavailable would be rather expensive.

Any suggestions?
eric76
How long do you want to ignore this user?
AG
A little more.

I use one computer as a gateway to the rest of my network. On the other computers, ssh is enabled only for IPv6 and only for certain usernames and the use of passwords is not permitted (i.e. use RSA or DSA keys). If I'm outside of my network and need to connect to any computer, I first use ssh to that one gateway and then ssh from there to whichever computer I need. The computer runs OpenBSD and ssh is enabled only for one account, but it is available on both IPv4 and IPv6 without network restrictions. My current firewall passes incoming traffic to that computer.

What I'm thinking is this:

1) Set up a Cisco RV325 as the primary firewall and give it a routable address on the WAN.
2) Reconfigure the compter above with two ethernet cards and enable it to bridge IPv6 traffic only. That way I would be able to use it to connect securely into and out of the network.
3) Configure a Ubiquiti Airrouter with addresses in the 10/8 and 192.168.1/24 and other unroutable IPv4 blocks as necessary.
4) Adjust the routing tables of any computer that needs to use the Airrouter.

I'd rather have the firewall/routing performed in a single commercial unit, though.
UmustBKidding
How long do you want to ignore this user?
PFSense Appliance. Same BSD core, easy interface and reasonable commercial support if you are hit by the bus.
eric76
How long do you want to ignore this user?
AG
quote:
PFSense Appliance. Same BSD core, easy interface and reasonable commercial support if you are hit by the bus.
Thanks. I'll look into that.
Refresh
Page 1 of 1
 
×
subscribe Verify your student status
See Subscription Benefits
Trial only available to users who have never subscribed or participated in a previous trial.