Which Router for VPN and Webhosting

Hi,

I need help on which wireless router to get? It's for home use, so the
802.11b standard is good enough. My requirements are...

1. VPN pass-through (I use a VPN box to connect to work. I'm not trying to
setup a VPN at home.)
2. Webhosting (I'm hosting my own website at home. So, some hardware
security/firewall would be nice).
3. Print server (Nice to have).

There're the ones I found, leaning towards 1, and 2. Some guy told me that
belkins use cheap transformer in their routers!?! If I do get a belkin,
make sure that I use UPS for it.

1. Linksys BEFSR41 4-port wireless
http://www.buy.com/retail/product.as...1&PageFormat=1

2. Netgear FM114P
http://www.buy.com/retail/product.as...queryType=comp

3. Netgear MR814
http://www.buy.com/retail/product.as...4&loc=101&sp=1

4. Belkin
http://www.buy.com/retail/product.as...1&PageFormat=7

TIA
-wen

wendy

> 1. Linksys BEFSR41 4-port wireless
> http://www.buy.com/retail/product.as...1&PageFormat=1
>

I meant...
LinkSys BEFW11S4 --> the wireless one, not the one stated above...

sorry.
-wen

wendy

"wendy" <wendikun@NO_SPAM_hotmail.com> wrote in
news:yzt8b.1462$v%5.396@fed1read02:

> Hi,
>
> I need help on which wireless router to get? It's for home use, so
> the 802.11b standard is good enough. My requirements are...
>
> 1. VPN pass-through (I use a VPN box to connect to work. I'm not
> trying to setup a VPN at home.)
> 2. Webhosting (I'm hosting my own website at home. So, some hardware
> security/firewall would be nice).
> 3. Print server (Nice to have).
>
> There're the ones I found, leaning towards 1, and 2. Some guy told me
> that belkins use cheap transformer in their routers!?! If I do get a
> belkin, make sure that I use UPS for it.
>
> 1. Linksys BEFSR41 4-port wireless
> http://www.buy.com/retail/product.as...1&PageFormat=1
>
> 2. Netgear FM114P
> http://www.buy.com/retail/product.as...1&queryType=co
> mp
>
> 3. Netgear MR814
> http://www.buy.com/retail/product.as...0704&loc=101&s
> p=1
>
> 4. Belkin
> http://www.buy.com/retail/product.as...1&PageFormat=7
>
> TIA
> -wen
>
>
>

I use a Linksys BEFW11S4 router and it has VPN and I VPN to work.

I also used it for port forwarding the WEB and FTP ports to the WEB
server Win 2k machine, until the ISP told me to close the ports, because
a WEB server was not allowed on their network, otherwise, service would
be dropped.

The router doesn't have a firewall and most routers in the class don't
have FW(s). That have NAT and maybe SPI, but most are good in the
protection of the device behind it.

It's good until you start port forwarding ports opening the ports to the
Inthernet, then you will need a host based FW on the machine.

At least that's how it works on that 11S4 router.

http://www.homenethelp.com/web/explain/about-NAT.asp

Duane

--
The protection of the machine is a process and not a given!

Duane Arnold

Hi Duane,

Thx for your input. Since I'll be hosting my own website, I really have no
choice but to use port-forwarding. I'm not sure what you meant by
"hosted-based" firewall. Do you have a reference. The Netgear [1] that I
mentioned provides Dos and SPI. I thought those would be secure enough?
Even those can be replaced by a software firewall if the router does not
support it?

TIA
-wen

[1] Netgear FM114P
http://www.buy.com/retail/product.as...queryType=comp



"Duane Arnold" <> wrote in message
news:Xns93F4CAFB45115notmenotmecom@204.127.199.17. ..
> "wendy" <wendikun@NO_SPAM_hotmail.com> wrote in
> news:yzt8b.1462$v%5.396@fed1read02:
>
> > Hi,
> >
> > I need help on which wireless router to get? It's for home use, so
> > the 802.11b standard is good enough. My requirements are...
> >
> > 1. VPN pass-through (I use a VPN box to connect to work. I'm not
> > trying to setup a VPN at home.)
> > 2. Webhosting (I'm hosting my own website at home. So, some hardware
> > security/firewall would be nice).
> > 3. Print server (Nice to have).
> >
> > There're the ones I found, leaning towards 1, and 2. Some guy told me
> > that belkins use cheap transformer in their routers!?! If I do get a
> > belkin, make sure that I use UPS for it.
> >
> > 1. Linksys BEFSR41 4-port wireless
> > http://www.buy.com/retail/product.as...1&PageFormat=1
> >
> > 2. Netgear FM114P
> > http://www.buy.com/retail/product.as...1&queryType=co
> > mp
> >
> > 3. Netgear MR814
> > http://www.buy.com/retail/product.as...0704&loc=101&s
> > p=1
> >
> > 4. Belkin
> > http://www.buy.com/retail/product.as...1&PageFormat=7
> >
> > TIA
> > -wen
> >
> >
> >
>
> I use a Linksys BEFW11S4 router and it has VPN and I VPN to work.
>
> I also used it for port forwarding the WEB and FTP ports to the WEB
> server Win 2k machine, until the ISP told me to close the ports, because
> a WEB server was not allowed on their network, otherwise, service would
> be dropped.
>
> The router doesn't have a firewall and most routers in the class don't
> have FW(s). That have NAT and maybe SPI, but most are good in the
> protection of the device behind it.
>
> It's good until you start port forwarding ports opening the ports to the
> Inthernet, then you will need a host based FW on the machine.
>
> At least that's how it works on that 11S4 router.
>
> http://www.homenethelp.com/web/explain/about-NAT.asp
>
> Duane
>
> --
> The protection of the machine is a process and not a given!

wendy

On Fri, 12 Sep 2003 17:50:18 -0400, "wendy"
<wendikun@NO_SPAM_hotmail.com> wrote:

>Hi,
>
>I need help on which wireless router to get? It's for home use, so the
>802.11b standard is good enough. My requirements are...
>
>1. VPN pass-through (I use a VPN box to connect to work. I'm not trying to
>setup a VPN at home.)
>2. Webhosting (I'm hosting my own website at home. So, some hardware
>security/firewall would be nice).
>3. Print server (Nice to have).
>
>There're the ones I found, leaning towards 1, and 2. Some guy told me that
>belkins use cheap transformer in their routers!?! If I do get a belkin,
>make sure that I use UPS for it.
>
>1. Linksys BEFSR41 4-port wireless
>http://www.buy.com/retail/product.as...1&PageFormat=1
>
>2. Netgear FM114P
>http://www.buy.com/retail/product.as...queryType=comp
>
>3. Netgear MR814
>http://www.buy.com/retail/product.as...4&loc=101&sp=1
>
>4. Belkin
>http://www.buy.com/retail/product.as...1&PageFormat=7
>
>TIA
>-wen
>

There are a lot of good reasons for not hosting your own website,
its pretty cheap to outsource it these days, and the cost is less than
running a dedicated PC.

You also really need a static IP and a ISP that does not prohibit
people running servers.

Transformers are more reliable than switched mode power
supplies, just heavier to move around.

don't neglect to enable the encryption on the wireless segment.
--
Jim Watt http://www.gibnet.com

Jim Watt

"wendy" <wendikun@NO_SPAM_hotmail.com> wrote in
news:Gjz8b.1643$v%5.308@fed1read02:

> Hi Duane,
>
> Thx for your input. Since I'll be hosting my own website, I really
> have no choice but to use port-forwarding. I'm not sure what you
> meant by "hosted-based" firewall. Do you have a reference. The
> Netgear [1] that I mentioned provides Dos and SPI. I thought those
> would be secure enough? Even those can be replaced by a software
> firewall if the router does not support it?
>
> TIA
> -wen
>
> [1] Netgear FM114P
> http://www.buy.com/retail/product.as...1&queryType=co
> mp
>
>
>
> "Duane Arnold" <> wrote in message
> news:Xns93F4CAFB45115notmenotmecom@204.127.199.17. ..
>> "wendy" <wendikun@NO_SPAM_hotmail.com> wrote in
>> news:yzt8b.1462$v%5.396@fed1read02:
>>
>> > Hi,
>> >
>> > I need help on which wireless router to get? It's for home use, so
>> > the 802.11b standard is good enough. My requirements are...
>> >
>> > 1. VPN pass-through (I use a VPN box to connect to work. I'm not
>> > trying to setup a VPN at home.)
>> > 2. Webhosting (I'm hosting my own website at home. So, some
>> > hardware security/firewall would be nice).
>> > 3. Print server (Nice to have).
>> >
>> > There're the ones I found, leaning towards 1, and 2. Some guy told
>> > me that belkins use cheap transformer in their routers!?! If I do
>> > get a belkin, make sure that I use UPS for it.
>> >
>> > 1. Linksys BEFSR41 4-port wireless
>> > http://www.buy.com/retail/product.as...=101&PageForma
>> > t=1
>> >
>> > 2. Netgear FM114P
>> > http://www.buy.com/retail/product.as...=101&queryType
>> > =co mp
>> >
>> > 3. Netgear MR814
>> > http://www.buy.com/retail/product.as...t=30704&loc=10
>> > 1&s p=1
>> >
>> > 4. Belkin
>> > http://www.buy.com/retail/product.as...=101&PageForma
>> > t=7
>> >
>> > TIA
>> > -wen
>> >
>> >
>> >
>>
>> I use a Linksys BEFW11S4 router and it has VPN and I VPN to work.
>>
>> I also used it for port forwarding the WEB and FTP ports to the WEB
>> server Win 2k machine, until the ISP told me to close the ports,
>> because a WEB server was not allowed on their network, otherwise,
>> service would be dropped.
>>
>> The router doesn't have a firewall and most routers in the class
>> don't have FW(s). That have NAT and maybe SPI, but most are good in
>> the protection of the device behind it.
>>
>> It's good until you start port forwarding ports opening the ports to
>> the Inthernet, then you will need a host based FW on the machine.
>>
>> At least that's how it works on that 11S4 router.
>>
>> http://www.homenethelp.com/web/explain/about-NAT.asp
>>
>> Duane
>>
>> --
>> The protection of the machine is a process and not a given!
>
>

Yes, the Netgear router seems to be very good. However, the protection of
the router that is port forwarding ports to an IP/machine disappears and
you will be allowing all IP(s) *opening the ports to the public Internet*
to reach the machine, at least that's how the Linksys router I have
works. And I would think would be the same for any router in this class
of routers.

You port forward the ports, then the machine needs a host base FW such as
BlackIce, Outpost, Sygate, ZA, Norton to protect it.

I suggest that you use BlackIce, because of the IDS/FW that will close
the ports to attack, if someone decides to launch an attack coming down
port 80 with the machine accepting all IP's to your Website, that's
assuming you'll be accepting all IP(s).

I assume, that you're using an NT based O/S. If it's not NT based
Workstation O/S, then it can only allow one user at a time to access your
Website. You'll need a NT based Server O/S, if you want more than one
user to access your Website at a time.

I'll assume you're using a NT based O/S with IIS. If this is true, then
you'll need to lockdown IIS and *harden* the O/S. The link provides the
how to on all the MS O/S(s).

http://www.uksecurityonline.com/husdg/windows2000.php

basic wireless security link

http://netsecurity.about.com/library.../aa022703a.htm

I'll say that unless your ISP has given you *clear* indication that you
can run a Webserve, then most likely you cannot. The ISP's do scan for
the machines on their network and they will send that email to close the
ports or service to you will be dropped.

I only open the ports for the Webserve and FTP sites when I need to have
them open, otherwise, they are closed.

If you're in the US, then www.britsys.com (nation wide) will allow a
machine running Web services on their network.

Duane

--
The protection of the machine is a process and not a given!

Duane Arnold

On Sat, 13 Sep 2003 20:49:39 GMT, Duane Arnold <>
wrote:

> You'll need a NT based Server O/S, if you want more than one
>user to access your Website at a time.

No you can run a webserver on /98 if you like.

see: http://www.xitami.com

For a nice alternative to IIS
--
Jim Watt http://www.gibnet.com

Jim Watt

In article <Xns93F5A10568657notmenotmecom@204.127.199.17>,
says...
[snip]
> Yes, the Netgear router seems to be very good. However, the protection of
> the router that is port forwarding ports to an IP/machine disappears and
> you will be allowing all IP(s) *opening the ports to the public Internet*
> to reach the machine, at least that's how the Linksys router I have
> works. And I would think would be the same for any router in this class
> of routers.

This is how all of the home based NAT routers work, at least the ones
under $200. From within IIS you can deny access to specific IP addresses
by adding them to the site's configuration.

> You port forward the ports, then the machine needs a host base FW such as
> BlackIce, Outpost, Sygate, ZA, Norton to protect it.

Since you are only forwarding a SPECIFIC PORT or PORTS, not all of them,
you need to protect your OS/Application by having NIGHTLY UPDATES if
it's a Windows computer. You also need a good antivirus program. In most
cases, the router is your best line of defense - get a good router, av
software, and PATCH THE OS NIGHTLY.

Last, really it should be first, you need to read about how to secure
your internet application (such as reading about how to secure IIS from
Microsoft's web site). IIS Lockdown tool from MS and the Security
Scanner (looks for updates installed on your computer) are great ways to
ensure that you are secure.

> I suggest that you use BlackIce, because of the IDS/FW that will close
> the ports to attack, if someone decides to launch an attack coming down
> port 80 with the machine accepting all IP's to your Website, that's
> assuming you'll be accepting all IP(s).

And just how will BID stop normal access of port 80?

> I assume, that you're using an NT based O/S. If it's not NT based
> Workstation O/S, then it can only allow one user at a time to access your
> Website. You'll need a NT based Server O/S, if you want more than one
> user to access your Website at a time.

Actually, if it's not Windows NT Server or Windows 2000 Server or
Windows 2003 server it will allow up to 10 connections at a time -
providing your running a windows OS (Win XP Prof, 2000 Prof).

> I'll assume you're using a NT based O/S with IIS. If this is true, then
> you'll need to lockdown IIS and *harden* the O/S. The link provides the
> how to on all the MS O/S(s).
> http://www.uksecurityonline.com/husdg/windows2000.php
> basic wireless security link
> http://netsecurity.about.com/library.../aa022703a.htm
>
> I'll say that unless your ISP has given you *clear* indication that you
> can run a Webserve, then most likely you cannot. The ISP's do scan for
> the machines on their network and they will send that email to close the
> ports or service to you will be dropped.

In most cases you can run a HTTP server on the ISP's networks as long as
you require authentication to the server - meaning that you can not
allow anonymous access to it (easy to change in IIS).

--
--

(Remove 999 to reply to me)

Leythos

Jim Watt <_way> wrote in
news::

> On Sat, 13 Sep 2003 20:49:39 GMT, Duane Arnold <>
> wrote:
>
>> You'll need a NT based Server O/S, if you want more than one
>>user to access your Website at a time.
>
> No you can run a webserver on /98 if you like.
>
> see: http://www.xitami.com
>
> For a nice alternative to IIS
> --
> Jim Watt http://www.gibnet.com
>

If someone is going to run a Web server on Win 98, than more power to
them.

Duane
--
The protection of the machine is a process and not a given!

Duane Arnold

On Sat, 13 Sep 2003 21:42:25 GMT, Duane Arnold <>
wrote:

>Jim Watt <_way> wrote in
>news: :
>
>> On Sat, 13 Sep 2003 20:49:39 GMT, Duane Arnold <>
>> wrote:
>>
>>> You'll need a NT based Server O/S, if you want more than one
>>>user to access your Website at a time.
>>
>> No you can run a webserver on /98 if you like.
>>
>> see: http://www.xitami.com
>>
>> For a nice alternative to IIS
>> --
>> Jim Watt http://www.gibnet.com
>>
>
>If someone is going to run a Web server on Win 98, than more power to
>them.

I think you are confusing a file server with a web server.




>Duane

--
Jim Watt http://www.gibnet.com

Jim Watt