25 posts in this topic

Hello everyone!

 

I have a quick question here.  I'm looking for a router to use for one of my business clients that will provide complete blocking and filtering capabilities for anything except web, email, and possibly instant message.  Everything else especially and including all types of file sharing needs to be prohibited.

 

This is for a business retail location that offers free wifi to their customers.  Recently they were hit with a copy right infringement notice from their ISP.  They have a basic Netgear router that only has port forwarding available and after a bit of investigation it appears someone secretly living nearby or in the public nearby is leeching off their wifi getting movies, music, porn, etc.

 

For now the wifi has been temporarily shut off, but the owner wants free wifi back for customers.  However he wants it so that the web is open, ability for guests to use email apps on their phones (smtp, etc) is open, but that is about it.  He explicitly wants everything else to be blocked.

 

What router would do this?  Hes willing to pay the cost of a router that offers these features.  I looked into DD-WRT which can do this... with IPTables.  I'd like to have something a lot less complicated and built natively into a routers firmware directly.

 

Any suggestions?

Share this post


Link to post
Share on other sites

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.

Share this post


Link to post
Share on other sites

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.

 

Thanks for that link.  Tho having a firewall appliance at that price is a bit more than what they were wanting to pay for.  I seem to remember either D-Link or Netgear offered some router the other year that has the features i was looking for for this customer, but i can't find it tho.

Share this post


Link to post
Share on other sites

Take a look at www.draytek.com. These routers are reasonably priced but with some high end features.

Share this post


Link to post
Share on other sites

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.

 

I second this.  The TZ series are great. And while you do need a good working knowledge of networking the UI is very well laid out and pretty straight forward.

Share this post


Link to post
Share on other sites

Get a Buffalo Router or something that run DD-WRT or Tomato.  You can block websites.

 

Another option, get a cheap desktop and run Untangle on it or another disto like IPCop.  They have plugins for filtering and such.

1 person likes this

Share this post


Link to post
Share on other sites
This is for a business retail location that offers free wifi to their customers.  Recently they were hit with a copy right infringement notice from their ISP.  They have a basic Netgear router that only has port forwarding available and after a bit of investigation it appears someone secretly living nearby or in the public nearby is leeching off their wifi getting movies, music, porn, etc.

Why is the business owner responsible for others leeching ?

Share this post


Link to post
Share on other sites

You connection means you are responsible for all the activity on it, illegal or not.

1 person likes this

Share this post


Link to post
Share on other sites

You connection means you are responsible for all the activity on it, illegal or not.

 

only in backward parts of the world where the MAFIAA reigns supreme (which now is most of the western world, i guess).

Share this post


Link to post
Share on other sites

Get a Buffalo Router or something that run DD-WRT or Tomato.  You can block websites.

 

Another option, get a cheap desktop and run Untangle on it or another disto like IPCop.  They have plugins for filtering and such.

 

Actually I mentioned this above, I'm trying to avoid DD-WRT just because it's configuration time with IPtables is more complex and takes more time.  The customer wants simple.  Also the desktop option isn't available because this is for a retail establishment and this will be in a back office where only a patch panel mounting area is available.

Share this post


Link to post
Share on other sites

Why is the business owner responsible for others leeching ?

 

That is the ISP's policy.  Some one in the area has been abusing this business owners free public wifi by downloading pirated material and the ISP is getting copy right infringement notices for this business establishment.  The ISP threatened to disconnect them if there wasn't some security measures provided.

1 person likes this

Share this post


Link to post
Share on other sites

Actually I mentioned this above, I'm trying to avoid DD-WRT just because it's configuration time with IPtables is more complex and takes more time.  The customer wants simple.  Also the desktop option isn't available because this is for a retail establishment and this will be in a back office where only a patch panel mounting area is available.

You don't do anything with IPTables if you don't want to.  Everything is GUI.  You just need to enter the sites or keywords you want to block.

 

It uses IPTables in the background, just like every other firewall distro based on Linux.  Even a lot of commercial firewalls use Linux as a backend, they just use different interfaces and do things a little differently.

 

Someone posted a Watchguard box, that should do exactly what you need.  Just get it. 

1 person likes this

Share this post


Link to post
Share on other sites

You don't do anything with IPTables if you don't want to.  Everything is GUI.  You just need to enter the sites or keywords you want to block.

 

It uses IPTables in the background, just like every other firewall distro based on Linux.  Even a lot of commercial firewalls use Linux as a backend, they just use different interfaces and do things a little differently.

 

Someone posted a Watchguard box, that should do exactly what you need.  Just get it. 

 

Actually the GUI within DD-WRT doesn't do what this customer needs.  The customer needs everything blocked, all services, ports, etc (except http, smtp, and probably imap).  DD-WRT blocks everything, but doesn't offer exclusions to that blanket block that he needs.

1 person likes this

Share this post


Link to post
Share on other sites

For a business user, there is only 3 that i recommend to my clients: Sonicwall, Cisco, WatchGuard. I personally perfer the WatchGuard because they are very user friendly. I own an IT company and if you decide to purchase a Sonicwall or Watchguard let me know and I can help you configure it for your client.

1 person likes this

Share this post


Link to post
Share on other sites

Set up the IPTables for him then.  There shouldn't be anything he has to do if you're only going to allow HTTP, HTTPS, etc..

 

You set it once, it's done.  If you don't want to do that manually, then buy a solution that works, which has already been mentioned.

1 person likes this

Share this post


Link to post
Share on other sites

Get the RouterBoard RB2011UAS-2HnD-IN:

 

http://routerboard.com/RB2011UAS-2HnD-IN

 

The RB2011 is a low cost multi port device series. Designed for indoor use, and available in many different cases, with a multitude of options.

The RB2011 is powered by RouterOS, a fully featured routing operating system which has been continuously improved for fifteen years. Dynamic routing, hotspot, firewall, MPLS, VPN, advanced quality of service, load balancing and bonding, real-time configuration and monitoring - just a few of the vast number of features supported by RouterOS.

RouterBOARD 2011UAS-2HnD has most features and interfaces from all our Wireless routers. It?s powered by the new Atheros 600MHz 74K MIPS network processor, has 128MB RAM, five Gigabit LAN ports, five Fast Ethernet LAN ports and SFP cage (SFP module not included!). Also, it features powerful 1000mW dual chain 2.4Ghz (2192-2732MHz depending on country regulations) 802.11bgn wireless AP, RJ45 serial port, microUSB port and RouterOS L5 license, as well as desktop case with power supply, two 4dBi Omni antennas and LCD panel- all this for only $129!

Tested and recommended to use with MikroTik SFP modules: S-85DLC05D, S-31DLC20D and S-35/53LC20D (not included)

RouterBOARD 2011UAS-2HnD-IN comes with desktop enclosure, LCD panel and power supply.

Wall mount kit (product code RBWMK) for network closet is available for purchase as an optional accessory.

Share this post


Link to post
Share on other sites

For a business user, there is only 3 that i recommend to my clients: Sonicwall, Cisco, WatchGuard. I personally perfer the WatchGuard because they are very user friendly. I own an IT company and if you decide to purchase a Sonicwall or Watchguard let me know and I can help you configure it for your client.

 

bnelsonjax, I sent you a private message.

Share this post


Link to post
Share on other sites

Get the RouterBoard RB2011UAS-2HnD-IN:

 

http://routerboard.com/RB2011UAS-2HnD-IN

 

The RB2011 is a low cost multi port device series. Designed for indoor use, and available in many different cases, with a multitude of options.

The RB2011 is powered by RouterOS, a fully featured routing operating system which has been continuously improved for fifteen years. Dynamic routing, hotspot, firewall, MPLS, VPN, advanced quality of service, load balancing and bonding, real-time configuration and monitoring - just a few of the vast number of features supported by RouterOS.

RouterBOARD 2011UAS-2HnD has most features and interfaces from all our Wireless routers. It?s powered by the new Atheros 600MHz 74K MIPS network processor, has 128MB RAM, five Gigabit LAN ports, five Fast Ethernet LAN ports and SFP cage (SFP module not included!). Also, it features powerful 1000mW dual chain 2.4Ghz (2192-2732MHz depending on country regulations) 802.11bgn wireless AP, RJ45 serial port, microUSB port and RouterOS L5 license, as well as desktop case with power supply, two 4dBi Omni antennas and LCD panel- all this for only $129!

Tested and recommended to use with MikroTik SFP modules: S-85DLC05D, S-31DLC20D and S-35/53LC20D (not included)

RouterBOARD 2011UAS-2HnD-IN comes with desktop enclosure, LCD panel and power supply.

Wall mount kit (product code RBWMK) for network closet is available for purchase as an optional accessory.

 

 

Here's a hi-res image of the above mentioned router:

 

523_hi_res.jpg

2 people like this

Share this post


Link to post
Share on other sites

pfsense or untangle can do what you need.  pfsense would be the cheaper out of the two being that you just need a spare computer...something old would work just fine or the ability of a vm environment.

3 people like this

Share this post


Link to post
Share on other sites

Get the RouterBoard RB2011UAS-2HnD-IN:

 

http://routerboard.com/RB2011UAS-2HnD-IN

 

The RB2011 is a low cost multi port device series. Designed for indoor use, and available in many different cases, with a multitude of options.

The RB2011 is powered by RouterOS, a fully featured routing operating system which has been continuously improved for fifteen years. Dynamic routing, hotspot, firewall, MPLS, VPN, advanced quality of service, load balancing and bonding, real-time configuration and monitoring - just a few of the vast number of features supported by RouterOS.

RouterBOARD 2011UAS-2HnD has most features and interfaces from all our Wireless routers. It?s powered by the new Atheros 600MHz 74K MIPS network processor, has 128MB RAM, five Gigabit LAN ports, five Fast Ethernet LAN ports and SFP cage (SFP module not included!). Also, it features powerful 1000mW dual chain 2.4Ghz (2192-2732MHz depending on country regulations) 802.11bgn wireless AP, RJ45 serial port, microUSB port and RouterOS L5 license, as well as desktop case with power supply, two 4dBi Omni antennas and LCD panel- all this for only $129!

Tested and recommended to use with MikroTik SFP modules: S-85DLC05D, S-31DLC20D and S-35/53LC20D (not included)

RouterBOARD 2011UAS-2HnD-IN comes with desktop enclosure, LCD panel and power supply.

Wall mount kit (product code RBWMK) for network closet is available for purchase as an optional accessory.

 

Wow. Never heard of that before but I really like it. Thanks for the tip.

Share this post


Link to post
Share on other sites

The router itself looks ugly, but it's not about looks as it's one of the most powerful or feature-rich routers on the planet.

Share this post


Link to post
Share on other sites

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.

 

 

I second this.  The TZ series are great. And while you do need a good working knowledge of networking the UI is very well laid out and pretty straight forward.

 

+1. I know you said it's a little more than you want to spend, but my suggestion is to save up. The Sonicwall TZ-215 and NSA 220 devices are excellent and worth the extra cash IMO.

Share this post


Link to post
Share on other sites

And the RouterBoard one I posted about does all that and is only $130!

Share this post


Link to post
Share on other sites

For anyone who is a Watchguard expert or has experience, please message me.  I've got some WatchGuard XTM 25 firewalls that I have some questions over.  Thanks!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.