11 May
2018
11 May
'18
5:10 a.m.
You might consider one of the routers from PFW Hardware
(http://www.pfwhardware.com/). I’m using their PFW200, which comes
pre-loaded with OpnSense. The PFW200 seems to be no longer available, but
you would probably want the PFW400 (four ports instead of three) or PFW800
(six ports). Rack mounting is available, if that’s important to you.
OpnSense is related to M0n0wall and PFSense, but most of the codebase has
been rewritten to be more secure and maintainable. If you look on their
website (OpnSense.org) the discuss their development philosophy, which I
find impressive.
It has lots of features, and a nice GUI.
73,
Lynn. V31LK / N8AF
On Thu, May 10, 2018 at 10:23 PM David Ranch <amprgw(a)trinnet.net> wrote:
>
> Hello Everyone,
>
> Considering there is a good chunk of routing-savvy HAMs here, I thought
> I'd use you as a sounding board on what would be a good router to buy.
> Specifically, I have a project to consolidate the current adhoc setup of
> three consumer grade "routers" to one larger, better router. I'm
> considering something like a:
>
> https://mikrotik.com/product/CCR1009-7G-1C-1Splus
> <https://mikrotik.com/product/CCR1009-7G-1C-1Splus>
>
> or maybe https://mikrotik.com/product/rb1100ahx4
> <https://mikrotik.com/product/rb1100ahx4>
>
>
> I'm looking for something that is:
> - very stable
> - offer long term software updates (a support contract might be fine)
> - Has strong support for IPv4 NAT (to better the consumer routers
> mentioned above) for the three IPs we have onsite
> - maybe some L2 segmenting and vlan'ing support for traffic isolation
> - has performance to grow into
> - has a decent GUI UI for others in the club who can't / won't cope
> with a CLI
> - ACLs to limit incoming traffic to specific hosts (say limit RDP
> traffic to just some people to some hosts, etc)
> - maybe.. just maybe support SSL VPNs or IPSEC
> - maybe dual power supplies
> - stretch goal: native support for IPv6
> - I have no need for dynamic routing protocols. This is a single
> site and statics are fine
>
>
> For background on our needs, the site supports a multi-RF link repeater
> system has:
>
> - two unique IRLP nodes (low use)
> - one Echolink node (low use)
> - one WIresX enabled Yaesu System Fusion repeater (decent use)
> - One three band Icom Dstar stack (1.2Ghz DD system as well) (decent
> use)
> - One Internet enabled Motorola DMR repeater (decent use)
> - backhaul of rarely used multi-county 3.4Ghz wifi network
> - other random needs for remote management (SSH, RDP, etc)
>
>
> I believe something like a Miktrotik would be fine for our low-end needs
> but maybe something from Ubiquiti or others would be fine. I'm perfectly
> comfortable with a CLI and I'm decently versed in Mikrotik (a bit weird
> of a UI), IOS (but I don't want to pay for Cisco prices, JUNOS (same
> point), etc. I personally think a lot of the lower tier vendor's
> products have come a LONG way so I don't need/want/care for "carrier"
> grade.
>
>
> If you have any other recommendations for a quality but not too
> expensive router, I'd love to hear it!
>
> --David
> KI6ZHD
>