I have a crappy Cisco 800 series at the office and that thing blows chunks. We have two T1 lines and I know for a fact that the damned thing slows us down because I put a Sonicwall 4000 series in there while I was configuring the thing and our connection ran perfectly.
I can’t convince the folks in charge to buy a new router, but I do have all sorts of PCs sitting around the office, so coming up with one of those is no trick at all.
All I’m really looking to do is find something that will function as a router with some NAT, a few port redirections, and some basic firewalling - although I can live without the firewall if necessary.
Anyone have recommendations for software to do this?
At the risk of opening up a can of Arrakian sandworms, why would you want to use Windows for this? Not only is it top-heavy and insecure, but it just isn’t really suited for this purpose. It’s like using a semi-tractor to pull a horse carriage.
Personally, I’d use a stripped down FreeBSD or Linux kernel for this, with only the services required to do NAT, IPsec, iptables, and whatever other firewalling applications you need, plus minimal logging and portal interface. There are several microdistros for this. See here, here, and here.
Mostly because I can whip out something for Windows in under an hour while for Linux I’ll have to start learning from scratch. Every time I start to do something with Linux (like learn the basics) something comes up before I’ve so much as finished installing the OS.
I’d say it’s more pulling a semi-trailer with a horse myself, but I’d second the recommendation for using Linux.
Google for Linux + firewall + router and you’ll get a bunch of leads. (preview: Like SoaT’s links) Some of them run off a single floppy, some are easy-to-manage off of webpages, etc. All of them are miles ahead of any Windows solution when it comes to speed, security, stability, and cost. I’ve had a Linux box doing my routing (plus file & web serving, image gallery, torrent manager, etc.) for me for almost a decade, and it does all the things you need it to.
I use a standard iptables script, for which I’d recommend checking out a howto, with perhaps also an example. If you go with a special distribution, they may have their own special interface to handle rules. Perhaps someone can recommend a particularily easy one to set up and manage?
Well, I totally sympathize. Learning Linux or Unix is a substantial investment of time and not just slightly frustrating, but it’s also a better solution for this than using Windows.
Although I think XP does have the capability to do it on its own, the setup may be easier with a third party program.
We started using WinProxy for this several years ago. It runs on pretty much any Windows box (I’ve run it under 98, NT4, 2000, 2000 Server, and XP). See it here:
It’s cheap for low numbers of users, but get’s pricy as you get over concurrent 100 users.
It’s a snap to set up, is transparent for most operations. In most cases we found we didn’t have to change any configuration on any client computers on the network at all. One thing I like about it is the virus detection at the firewall. It stops the viruses before they ever get to any client machine. That can be good when your users aren’t always as careful as they should be.
It has had some issues with specific types of messaging software, games, and occasionally QuickBooks, so look over the FAQs and stuff before you jump in.
Windows is perfectly adequate for this job, although it is a bit of an overkill (requiring as it does a license).
However, at the risk of adding yet another option to the pile, I’d recommend OpenBSD. It’s a build of BSD that’s specifically designed to be secure by default. I use it for firewalls, trans-continental WAN links and laboratory WAN simulators. It works very well, and I learned everything I needed to build my first firewall in an afternoon.
You might want to try m0n0wall. It’s a FreeBSD router, but you don’t have to worry about setting up the box much. Just install from CD(it’s not a full FreeBSB install process – the installer handles most of the details for you), and then do some web-based configuration which is supposed to be pretty easy.
I came here to mention Smoothwall and the (much better IMHO) fork IPCop, which I use as a home router/firewall, and M0n0wall and and it’s fork pfSense, which I use in some niche projects at work. I see I was beaten to the punch on most of those.
I agree with previous posters, Windows is just not well suited to this application. A more apt analogy is everything looks like a nail when all you have is a hammer. All of the firewall/router projects I mentioned are administered from a browser interface, and require little to no Linux knowledge at all, but are specially optimized to do firewalling and routing.
What model 800 do you have? A quick perusal of Cisco’s site shows the 800’s are all single WAN interface routers, supporting different interfaces, and none of them do multi-link connections. Only one lists a serial (T-1) interface, the 805, and it’s a single serial interface. Is there a telco company router aggregating traffic ahead of your 800? The 850’s have 2 Ethernet interfaces, but that would mean there is another device ahead of yours, and therefore likely you are double NATing, or something more creative, making it a bit more difficult to recommend a solution.