Which router to buy?

[TheJTrain]

What's the difference between these two Linksys routers:

BEFSR41: just called a router, but with firewall functions
BEFSX41: called a "firewall router"

Or should I just stay away from Linksys altogether? I've read mostly good things about Netgear and D-Link stuff as well, but it's tough to shop for the best brand, as most of the professional reviews are so similar they might as well be talking about the same box, and informal reviews (like here or Amazon) always include 80% "no problems" reviews and 20% "don't ever buy this router" reviews.

Thanks,
Jason

 

[geekender]

Go with the cheap-o NAT router unless you have some real need for specific VPN applications. Both are good routers, but the firewall has a few more features.

 

[JackMDS]

Here: Internet Gateway with Built-In 4-Port Switch and Print Server $19 (after rebate).

 

[TheJTrain]

Wow, thanks JackMDS - what a deal. So a "gateway" is the same thing/serves the same function as a "router", yes?

Jason

 

[JackMDS]

Yeah, they are Gateway to the Internet.

What is called Router is short for a Gateway combo that includes Router, NAT Firewall, switch, DHCP server, and this specific D-Link includes Printer Server.

 

[TheJTrain]

Ah - thanks. So it looks like the only thing this unit is missing that I've seen on others is DHCP capability. How important is it to have that? I'm assuming all you need is one static IP address from your DSL ISP and the router can share it to 4 PCs - I thought the way this happened was DHCP, but is it done through NAT instead on this unit?

Jason

 

[JackMDS]

Nah, it has DHCP. The specs on the site are sloppy.

 

[TheJTrain]

Ok, cool. Thanks again JackMDS - I think I'll go pick one up today!

Jason

 

[TheJTrain]

Sorry JackMDS (just realized you were the author of that FAQ - right on), one more question: packet filtering vs. stateful packet inspection - differences, pros/cons, what situations would SPI (which I gather is the more secure) be beneficial? I don't think this unit has SPI, but I don't know enough to know whether it'd be useful to me or not. Right now I'm sharing a DSL connection between two PCs, and am gearing up to add a dedicated webserver as well in the near future.

Thanks,
Jason

 

[JackMDS]

Yeah, the Router is going for $19 to make way to the more elaborate Routers.

Main difference is better support to VPN and SPI. If you need this support you should not buy the $19 Router. Otherwise it is an excellent Router.

To my estimate 90% of home users do not need the extra support that is added to the current new Routers.

VPN is prevalent among people who work from home and need to connect to their work server via VPN.(Current Routers would do VPN, but it is a little harder to set).

SPI adds a level of "filtering" to the Firewall (not necessarily making more secure). Most home users use it to filter out information that could be ?Hazardous? to the kids. (Like blocking prOn sites. Employers can use it to block "Sports" sites at the work network.) If you do not have a need to block specific info on specific computer you probably do not need SPI.

Here you can read about security.

Basic Protection for Broadband Internet Installation.

 

[cmetz]

The BEFSX41 is based on a newer, faster chip than the BEFSR41. For simply forwarding traffic, either should be okay, but if you're doing things like VPN or SPI that require more thinking in the router, the difference is noticeable. Also, the chip in the BEFSX41 appears to be where everyone's heading, and so it is likely that in the future the BEFSX41 will have a longer firmware lifetime (more new features, etc.). But the BEFSX41 being new means that the current firmware isn't as stable as the BEFSR41's.

SPI is a term that used to be reasonably defined in the firewall world until the SOHO routers' marketing people made twisted claims of having it and muddied the waters. So it's a bit meaningless itself in a SOHO router but meaningful in an enterprise firewall. In short, SPI means that the router is keeping more state about translated connections and is looking into the packets more. Typically this means looking up through the application layer and adapting the firewall appropriately, for example, handling FTP separate control/data connections, but also things like tracking that a received DNS response corresponds to a DNS query you sent (preventing unsolicited responses).

Another perspective on SPI can be found at:
http://www.smallnetbuilder.com/Sections-article18-page1.php

The BEFSX41's "SPI" is supposed to actually be pretty decent and better filtering than most PAT routers give you. I think that if you were doing complex firewall type stuff (inbound port mapping, for example), then it might be worth getting the SX for its better filtering features. If you're not doing anything fancy, the BEFSR41 is probably fine.

As for the DI-704P, it's been discontinued, so be aware that there won't be any new features or bug fixes in the firmware. If it does everything you need it to do and runs stable, then that doesn't really matter. It IS possible to hack these to run AMIT firmware, which is getting updated, but lacks some things D-Link added in.