Can you get the security of a router with another option?

[StupidComputers]

Looking for the security offered by a router that can handle gigabit speeds, without having to pay for the parts I won't use. (I might use DD-WRT)

My current router can't handle gigabit. I use it as a security layer between one pc and the ISP controlled modem.

Gigabit routers are expensive, as they tend to come with fancy WiFi and traffic control frills etc, none of which I will use. The ones without WiFI are meant for networks.

The Ubiquiti 3 lite is the cheapest functional option and has no wifi, but the flash memory is garbage and fails quickly (I've read). The cost is already a bit high and then add the RMA/flash memory swap hack.

Everything is around double the price in Canada, amazon is more than double.

Is there an option that won't cost me three figures?
** Or at least if it does, can I get something that will direct the value to something more useful to me?

*** Would a hardware firewall be a good idea, if so what would I need? Thanks

 

[TJ Hooker]

What speed do you pay for from your ISP?

Gigabit routers really aren't that expensive. I got a used one off kijiji for $50. And that was a wireless AC router, I'm sure an older wireless N one would be cheaper.

Edit: I can find an older D link wireless router with gigabit LAN for $5 off my local kijiji.

 

[StupidComputers]

What speed do you pay for from your ISP?

Gigabit routers really aren't that expensive. I got a used one off kijiji for $50. And that was a wireless AC router, I'm sure an older wireless N one would be cheaper.

Edit: I can find an older D link wireless router with gigabit LAN for $5 off my local kijiji.

I pay for gigabit (just got it), and I've tested, it hits almost 900Mbps over ethernet. I'm kind of iffy about buying second hand router tbh.

 

[bill001g]

What security feature do you actually need. NAT alone prevents any traffic from the internet reaching your machine just because it is stupid. When traffic comes in from the internet the router attempt to look up which machine to send the session data to. By default NAT only allows traffic to return from a remote device on the same ports the session was established on unknown traffic and ips will just be discarded.

Unless you port forward or set DMZ option nobody can get any traffic to your machine.

 

[StupidComputers]

What security feature do you actually need. NAT alone prevents any traffic from the internet reaching your machine just because it is stupid. When traffic comes in from the internet the router attempt to look up which machine to send the session data to. By default NAT only allows traffic to return from a remote device on the same ports the session was established on unknown traffic and ips will just be discarded.

Unless you port forward or set DMZ option nobody can get any traffic to your machine.

Basically I think what I need is a hardware firewall, but those are pretty pricey too.

 

[USAFRet]

Basically I think what I need is a hardware firewall, but those are pretty pricey too.

If you can find a secondhand PC, you can do a "hardware firewall" for about $100.
$75 for the PC, $25 for a second NIC, free software.

However...current routers do almost all of that anyway. I used to run a dedicated PC for this (craigslist - $50), but it was more of a hobby than a need.

What do the current selection of consumer routers lack for your usage?

 

[TJ Hooker]

OK, if you don't want to buy second hand, you can get a refurb gigabit router on newegg.ca right now for 30 CAD.

 

[StupidComputers]

Basically I think what I need is a hardware firewall, but those are pretty pricey too.

If you can find a secondhand PC, you can do a "hardware firewall" for about $100.
$75 for the PC, $25 for a second NIC, free software.

However...current routers do almost all of that anyway. I used to run a dedicated PC for this (craigslist - $50), but it was more of a hobby than a need.

What do the current selection of consumer routers lack for your usage?

Gigabit ethernet that won't bottleneck my speed (900Mbps+) at a decent price, all quite expensive if I want actual gigabit speed.

 

[StupidComputers]

OK, if you don't want to buy second hand, you can get a refurb gigabit router on newegg.ca right now for 30 CAD.

I'll take a look, I actually saw a depot a bit of a half hour drive away that had refurb gigabit ethernet routers.. might give it a shot.
** also $30

 

[StupidComputers]

If budget and throughput are the driving factors then your options are pretty much either the MikroTik Hex, or pressing an old PC (if you have one) into service with something like pfSense. Alternatively something like a second hand Cisco RV180 on eBay is straightforward to configure and cheap and ~800mbps achievable.

I have the guts of a couple old PCs, but I'd need a case and PSU so there goes the decent price point lol,

 

[StupidComputers]

Basically I think what I need is a hardware firewall, but those are pretty pricey too.

If you can find a secondhand PC, you can do a "hardware firewall" for about $100.
$75 for the PC, $25 for a second NIC, free software.

However...current routers do almost all of that anyway. I used to run a dedicated PC for this (craigslist - $50), but it was more of a hobby than a need.

What do the current selection of consumer routers lack for your usage?

I saw a router with dual NAT and SPI.. would that hamper my connection? I like moar firewalls

 

[StupidComputers]

Double NAT is silly, use a respectable software firewall on your PC if you want an additional protection layer. If you wanted more protection at network edge you would be looking at an enterprise firewall with IPS but that doesn’t align with your budget.

Based on everything discussed it seems to me that the MikroTik Hex is the only option on the market for you (that I know of) that is on-budget when new, gigabit friendly, not consumer-class, and cheaper than Ubiquiti.

I picked up a hex s Rb760igs and the ethernet throughput is nowhere near gigabit speeds, apparently it bottlenecks depending on packet size etc. And they don't take returns.

 

[kanewolf]

A Mikrotik wired router like a HEX -- https://mikrotik.com/product/RB750Gr3 can handle gigabit speeds, is inexpensive and has all the security of any other router.

 

[StupidComputers]

A Mikrotik wired router like a HEX -- https://mikrotik.com/product/RB750Gr3 can handle gigabit speeds, is inexpensive and has all the security of any other router.

I picked up the Rb760igs, is it inferior to 750gr3? The throughput depends on packet size and filter rules (from a chart I saw), sometimes it's near my full speed, other times significantly less.

I haven't started messing with the internals cuz I need to brush up first.

**what's this about using a microsd with it? increases file storage speed.. for...?