SMC Cable/DSL 4port router

[James Knott]

Tim Writer wrote:
> James Knott <james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org> writes:
> 
> 
>>Terry Tanski wrote:
>>
>>>Hi all,
>>>Anyone have any comments on the SMC Cable/DSL 4port router (SMC7004VBR)? 
>>>How does it compare to the DLINK (604) or the LinkSys (SR41)? Does it have
>>>half-decent firewall capabilities?
>>
>>>Terry
>>
>>I have the wireless version of that.  It seems to be OK.  What capabilities
>>were you looking for?
> 
> 
> Well, I worked on the wireless version for a while and was not at all
> impressed.  The firewalling capabilities are only applicable to the Internet
> connection, i.e. you cannot firewall your wireless LAN from your traditional
> LAN.  You can use MAC based ACLs to prevent wireless users from going out to
> the Internet but you can't stop them from accessing your wired LAN.  You can
> also restrict wireless traffic but you can't implement a deny by default
> policy, i.e. you cannot deny everything except the few services you want to
> allow, you can only deny specific services.
> 
> The bottom line: as long as you're not using wireless and you're using NAT,
> it will give you a basic level of protection simply due to the use of private
> IPs with NAT.  IOW, it's okay for a simple home setting but I wouldn't use it
> in a business setting.
> 

I've got mine between my Linux firewall and cable modem.  This way, the 
only way into my home network, is via CIPE VPN or SSH.  Anyone wanting 
to access the internet will have to get past the 124 (actually 104) bit 
WEP, and yes I'm aware of it's weakness.  It would be nice if you could 
turn around the firewall part of it, so that you could filter the 
wireless and plug the WAN side into the local network.


--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml