• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Hardware firewall for college dorm

C

cmdrmoocow

Golden Member
I'm going to be moving out to a college dorm in a few weeks, and I would like to setup a hardware firewall that works very similar to the router at home.

I'd like it to do DHCP & NAT, Port blocking, etc, just like a router would. In fact, I'd like it to treat the rest of the campus as 'the internet'. If possible, I'd like it to have gigabit capability.

I would prefer to not have a stand-alone linux box doing some sort of networking bridge, too.

Any suggestions?

EDIT: I'd prefer to NOT buy Linksys.
 
are you going to have more than one computer connected to the internet in your dorm? if not, i dont see why you need a hardware firewall. a software firewall will do all the things you listed.

ps. very few consumer routers have gigabit. you would have to look at a switch for gigabit.
 
I'll have my laptop (IBM 760XL - Pentium 166, obviously not gigabit capable) and my desktop on it, and potentially my roommates (both gigabit capable).

I will have various other computers plugged in occasionally - mostly fresh Windows installs, and I'd like to have it behind a thick firewall so it can survive updating.

After I think about it more, I guess a good software firewall may do the work for me, but a hardware NAT firewall has an added level of coolness to it.



-----------



If I use a consumer router that works for a cable modem, will it simply work without a modem?

I guess, though, since the modems simply give an IP address, it might work....?
 
gigabit will not be necessary, unless you do major file tranfering constantly. like i said very few consumer routers are gigabit capable. if you are absolutley going for gigabit, then get a gigabit switch. that means you'll have to buy a router and a switch in order to have internet access and gigabit networking. plus since your computer doesnt have gigabit ethernet, you'll have a buy another gigabit pci card.

for higher security routers, make sure the router has SPI (stateful packet inspection).
 
Originally posted by: cmdrmoocow

If I use a consumer router that works for a cable modem, will it simply work without a modem?

I guess, though, since the modems simply give an IP address, it might work....?
Click to expand...
 
Originally posted by: Fiveohhh
Originally posted by: cmdrmoocow

If I use a consumer router that works for a cable modem, will it simply work without a modem?

I guess, though, since the modems simply give an IP address, it might work....?
Click to expand...
Click to expand...

that doesnt make sense. you need the cable modem for the coxial jack.
 
Originally posted by: dc5
Originally posted by: Fiveohhh
Originally posted by: cmdrmoocow

If I use a consumer router that works for a cable modem, will it simply work without a modem?

I guess, though, since the modems simply give an IP address, it might work....?
Click to expand...
Click to expand...

that doesnt make sense. you need the cable modem for the coxial jack.
Click to expand...

He said he'd be on campus so he won't have a modem, he'll just connect to the campus network.
 
i have that exact router. it has a better firewall than most other routers in that comsumer level. make sure to get some decent cat5e cables or better.
 
Have a router hooked up in the dorms can cause problems depending on how things are setup. If you have it assigning IP's, you can bring a whole dorm building's internet connection down because the router takes the liberty of giving everyone in the building an IP instead of the cisco, "real routers", etc. doing this job. Having the router hooked up at the campus I work at will quickly get your internet port shut off immediately.
 
Just curious...every hardware router/dhcp server I've seen(which I admit is very limited) hands ip's out on the lan side and not the wan side(assuming ddhcp is turned on). Is there something I'm missing that would make it start handing them out on the wan side?
 
these might have been people running NAT on their PC(ala ICS) or some other internet sharing application. Or they just really know how to screw something up.
 
Originally posted by: Fiveohhh
Originally posted by: amdskip
They were normal hardware consumer routers.
Click to expand...

See if ya can find out some more details, I'm curious how it could mess it up.
Click to expand...

they're called "rogue DHCP servers" and they can cripple a network. Since the router is handing out IPs to anyone who wants one you have to potential to have IP address conflicts or most likely - giving out the wrong IP/mask/gateway information.

Any body who gets an IP from this rogue dhcp server won't talk to anything. and if it hands out the IP address of the subnets gateway router then all heck will break lose.

Thankfully there's features now that recognize the dhcp servers and block them/log/shutdown port.

lets say somebody plugged a SOHO router's LAN side into the campus network? rogue dhcp server - a google search will pull up all sorts of info.

-edit- and for nets where there is a lot of change you would normally set the lease time to something really small...like 4-12 hours. Meaning if a rogue dhcp is out there the whole subnetwork would be fubarred in 4-12 hours.

see sig
😉
 
Originally posted by: spidey07
Originally posted by: Fiveohhh
Originally posted by: amdskip
They were normal hardware consumer routers.
Click to expand...

See if ya can find out some more details, I'm curious how it could mess it up.
Click to expand...

they're called "rogue DHCP servers" and they can cripple a network. Since the router is handing out IPs to anyone who wants one you have to potential to have IP address conflicts or most likely - giving out the wrong IP/mask/gateway information.

Any body who gets an IP from this rogue dhcp server won't talk to anything. and if it hands out the IP address of the subnets gateway router then all heck will break lose.

Thankfully there's features now that recognize the dhcp servers and block them/log/shutdown port.

lets say somebody plugged a SOHO router's LAN side into the campus network? rogue dhcp server - a google search will pull up all sorts of info.

-edit- and for nets where there is a lot of change you would normally set the lease time to something really small...like 4-12 hours. Meaning if a rogue dhcp is out there the whole subnetwork would be fubarred in 4-12 hours.

see sig
😉
Click to expand...


But a properly connected router wouldn't do that, correct?
 
Yes, a properly connected SOHO router will not cause any problems with a campus network. Just make sure that you do not connect the PRIVATE (LAN) side to the campus network as Spidey said. Some of the full time network engineers at the university I used to work at used them to protect multiple PCs with all of the worms around. The all worked fine and did not cause an problems. The real problem is as Spidey said is the DHCP server bult into the SOHO routers that messes up everyone elses IP information. I have seen this happen from the SOHO routers and even from ICS being setup improperly over the wireless network. Features on corporate switches like Cisco do have options to trust DHCP traffic on trusted ports and deny it on untrusted ports help elminate these problems.
 
So from what I read, using that combination will be perfect for me unless I plug the WAN port into the LAN connector, correct?
 
Originally posted by: cmdrmoocow
So from what I read, using that combination will be perfect for me unless I plug the WAN port into the LAN connector, correct?
Click to expand...

Correct. Just plug the wan side into the campus network.
 
Originally posted by: Fiveohhh
Originally posted by: spidey07
Originally posted by: Fiveohhh
Originally posted by: amdskip
They were normal hardware consumer routers.
Click to expand...

See if ya can find out some more details, I'm curious how it could mess it up.
Click to expand...

they're called "rogue DHCP servers" and they can cripple a network. Since the router is handing out IPs to anyone who wants one you have to potential to have IP address conflicts or most likely - giving out the wrong IP/mask/gateway information.

Any body who gets an IP from this rogue dhcp server won't talk to anything. and if it hands out the IP address of the subnets gateway router then all heck will break lose.

Thankfully there's features now that recognize the dhcp servers and block them/log/shutdown port.

lets say somebody plugged a SOHO router's LAN side into the campus network? rogue dhcp server - a google search will pull up all sorts of info.

-edit- and for nets where there is a lot of change you would normally set the lease time to something really small...like 4-12 hours. Meaning if a rogue dhcp is out there the whole subnetwork would be fubarred in 4-12 hours.

see sig
😉
Click to expand...


But a properly connected router wouldn't do that, correct?
Click to expand...
who said anything about college kids knowing how to properly connect much of anything?

😉

but sure, as long as the dhcp client is all that is plugged into the net then all is well. the client being the router.
 
a lot of colleges' IT departments do not allow the sharing of a connection accross a router. they will scan their network and if they detect a router they will shut off the port. just my 2 cents
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top