Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

router/hub/dhcp client units for cablemodem

Jerry Feldman wrote:
> I looked up a coulple just now. About a year or so ago, we had a security
> talk, and at least one person in the group had a Sonicwall. 

Why, that would be - me! :-)

> It is probably better to have a dedicated firewall between your home 
> systems and the cable modem. 

I can't imagine NOT having a firewall between my internal network and
the Internet at large. The very thought gives me the shakes.

> The advantage of the applicance firewalls are in their ease of 
> management.

This is why I went with a SonicWall, but it's a two-edged sword. The
management IS very easy; Sonic has a nice browser-based interface for
checking networks status, opening up ports, etc. It also can run a
DHCP server for your internal LAN; I've gotten to be a fan of DHCP, so
on first blush that looks pretty useful, too. And it's low-maintenance;
very low power consumption, no disk to crash, no noticable heat 
production, no fan noise, and very small (the size of a small 4-port
hub). The newest versions contain an integrated 4-port hub, in fact.

BUT - because it's a proprietary solution, you can only do what they
let you do, and you can't fix bugs. One fellow on MediaOne has been 
struggling for the better part of a year with some weird DHCP lease
renewal problem. Sonic also took a while to support PPPoE. And the DHCP
server doesn't have any flexibility; you can't, for instance, define
the WINS server address. They keep adding features to the firmware,
but it's (of course) on their schedule, not miine.

Overall, for me it's worked well, but I can imagine that a lot of
people on this list might chafe at its limitations (to say nothing
of its political incorrectness). But for less net-savvy consumers, 
these boxes are a godsend.

> You can also get the software and use a low cost PC as a dedicated
> firewall.

That was Plan A for me; at the time (2 years ago) IP masquerading was
a bit more exotic and less well documented than it is now, and I just
never could convince myself that I had the rules right. If I were doing
it today, I'd certainly consider a dedicated Unix box.


See also:

I don't have any direct experience with either of these (though I
do use a Netopia R7200 firewall at work, and it seems OK).

-- Jerry Callen
   jcallen at
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at (Subject line is ignored).

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /