Jump to content



Photo

  • Please log in to reply
24 replies to this topic

#1 modem

modem

    www.modemnet.net

  • Joined: 29-November 01

Posted 08 September 2013 - 15:41

Hello everyone!

 

I have a quick question here.  I'm looking for a router to use for one of my business clients that will provide complete blocking and filtering capabilities for anything except web, email, and possibly instant message.  Everything else especially and including all types of file sharing needs to be prohibited.

 

This is for a business retail location that offers free wifi to their customers.  Recently they were hit with a copy right infringement notice from their ISP.  They have a basic Netgear router that only has port forwarding available and after a bit of investigation it appears someone secretly living nearby or in the public nearby is leeching off their wifi getting movies, music, porn, etc.

 

For now the wifi has been temporarily shut off, but the owner wants free wifi back for customers.  However he wants it so that the web is open, ability for guests to use email apps on their phones (smtp, etc) is open, but that is about it.  He explicitly wants everything else to be blocked.

 

What router would do this?  Hes willing to pay the cost of a router that offers these features.  I looked into DD-WRT which can do this... with IPTables.  I'd like to have something a lot less complicated and built natively into a routers firmware directly.

 

Any suggestions?




#2 xendrome

xendrome

    In God We Trust; All Others We Monitor

  • Tech Issues Solved: 10
  • Joined: 05-December 01
  • OS: Windows 8.1 Pro x64

Posted 08 September 2013 - 15:47

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.



#3 OP modem

modem

    www.modemnet.net

  • Joined: 29-November 01

Posted 08 September 2013 - 16:18

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.

 

Thanks for that link.  Tho having a firewall appliance at that price is a bit more than what they were wanting to pay for.  I seem to remember either D-Link or Netgear offered some router the other year that has the features i was looking for for this customer, but i can't find it tho.



#4 StrikedOut

StrikedOut

    Outside the box

  • Joined: 09-December 08
  • Location: Southampton

Posted 08 September 2013 - 16:24

Take a look at www.draytek.com. These routers are reasonably priced but with some high end features.

#5 #Michael

#Michael

    Neowinian Senior

  • Joined: 28-August 01

Posted 08 September 2013 - 22:08

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.

 

I second this.  The TZ series are great. And while you do need a good working knowledge of networking the UI is very well laid out and pretty straight forward.



#6 farmeunit

farmeunit

    The other white meat.

  • Tech Issues Solved: 2
  • Joined: 05-May 03
  • Location: Branson, MO USA

Posted 08 September 2013 - 22:27

Get a Buffalo Router or something that run DD-WRT or Tomato.  You can block websites.

 

Another option, get a cheap desktop and run Untangle on it or another disto like IPCop.  They have plugins for filtering and such.



#7 Hum

Hum

    totally wAcKed

  • Tech Issues Solved: 7
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 08 September 2013 - 22:31

This is for a business retail location that offers free wifi to their customers.  Recently they were hit with a copy right infringement notice from their ISP.  They have a basic Netgear router that only has port forwarding available and after a bit of investigation it appears someone secretly living nearby or in the public nearby is leeching off their wifi getting movies, music, porn, etc.

Why is the business owner responsible for others leeching ?



#8 Roger H.

Roger H.

    Neowinian Senior

  • Tech Issues Solved: 20
  • Joined: 18-August 01
  • Location: Germany
  • OS: Windows 8.1
  • Phone: Nexus 5

Posted 08 September 2013 - 22:43

You connection means you are responsible for all the activity on it, illegal or not.



#9 primexx

primexx

    Neowinian Senior

  • Tech Issues Solved: 6
  • Joined: 24-April 05

Posted 08 September 2013 - 22:46

You connection means you are responsible for all the activity on it, illegal or not.

 

only in backward parts of the world where the MAFIAA reigns supreme (which now is most of the western world, i guess).



#10 Lezard

Lezard

    Some Call It God, I Call It Foolish.

  • Joined: 02-September 03
  • Location: 煉獄

Posted 08 September 2013 - 22:46

http://www.amazon.co...s_3012924011_15



#11 OP modem

modem

    www.modemnet.net

  • Joined: 29-November 01

Posted 09 September 2013 - 00:42

Get a Buffalo Router or something that run DD-WRT or Tomato.  You can block websites.

 

Another option, get a cheap desktop and run Untangle on it or another disto like IPCop.  They have plugins for filtering and such.

 

Actually I mentioned this above, I'm trying to avoid DD-WRT just because it's configuration time with IPtables is more complex and takes more time.  The customer wants simple.  Also the desktop option isn't available because this is for a retail establishment and this will be in a back office where only a patch panel mounting area is available.



#12 OP modem

modem

    www.modemnet.net

  • Joined: 29-November 01

Posted 09 September 2013 - 00:43

Why is the business owner responsible for others leeching ?

 

That is the ISP's policy.  Some one in the area has been abusing this business owners free public wifi by downloading pirated material and the ISP is getting copy right infringement notices for this business establishment.  The ISP threatened to disconnect them if there wasn't some security measures provided.



#13 farmeunit

farmeunit

    The other white meat.

  • Tech Issues Solved: 2
  • Joined: 05-May 03
  • Location: Branson, MO USA

Posted 09 September 2013 - 01:04

Actually I mentioned this above, I'm trying to avoid DD-WRT just because it's configuration time with IPtables is more complex and takes more time.  The customer wants simple.  Also the desktop option isn't available because this is for a retail establishment and this will be in a back office where only a patch panel mounting area is available.

You don't do anything with IPTables if you don't want to.  Everything is GUI.  You just need to enter the sites or keywords you want to block.

 

It uses IPTables in the background, just like every other firewall distro based on Linux.  Even a lot of commercial firewalls use Linux as a backend, they just use different interfaces and do things a little differently.

 

Someone posted a Watchguard box, that should do exactly what you need.  Just get it. 



#14 OP modem

modem

    www.modemnet.net

  • Joined: 29-November 01

Posted 09 September 2013 - 01:16

You don't do anything with IPTables if you don't want to.  Everything is GUI.  You just need to enter the sites or keywords you want to block.

 

It uses IPTables in the background, just like every other firewall distro based on Linux.  Even a lot of commercial firewalls use Linux as a backend, they just use different interfaces and do things a little differently.

 

Someone posted a Watchguard box, that should do exactly what you need.  Just get it. 

 

Actually the GUI within DD-WRT doesn't do what this customer needs.  The customer needs everything blocked, all services, ports, etc (except http, smtp, and probably imap).  DD-WRT blocks everything, but doesn't offer exclusions to that blanket block that he needs.



#15 bnelsonjax

bnelsonjax

    Neowinian

  • Joined: 26-August 13

Posted 09 September 2013 - 02:01

For a business user, there is only 3 that i recommend to my clients: Sonicwall, Cisco, WatchGuard. I personally perfer the WatchGuard because they are very user friendly. I own an IT company and if you decide to purchase a Sonicwall or Watchguard let me know and I can help you configure it for your client.