How to Hardware firewall using NAT & SPI

J

Janice

In this thread Post # 50: https://www.xpforums.com/threads/what-are-your-best-memories-of-using-xp.932186/page-3#post-3264044

trimis said "Wanna know the secret to make your crappy Win10 near bulletproof like my XP Pro? Hardware firewall using NAT & SPI. That's right! A good router will allow your weak Win10 to go anywhere on the internet with impunity..."

I will never use Windows10 :eek: Nevertheless, I would like to know how to do this. I have heard that a good firewall can make you immune to almost anything. I haven't a clue about this. Could you please explain how to do this "Hardware firewall using NAT & SPI". I am not an expert, far from it, but I can follow instructions competently.
 
Last edited:
No idea. My method is to get a good wired-only router. By this I mean a router that has absolutely zero wi-fi/bluetooth/wireless capability. I choose MikroTik hEX RB750Gr3. Frankly I picked it only because it was cheap, and was intended to be an interim router til I could afford a costly model. It has proven itself so good and reliable that I will likely buy it again, instead of the Ubiquiti Edge Router. So I got the router, then had a computer tech come in to set it up (NAT & SPI), connect all the PC wires, make sure all was working, and I had internet. Best $100 I ever spent. Just make sure you find a good tech guy. Stay far away from the Geek Squad:

https://www.networkworld.com/article/3156029/why-you-shouldnt-trust-geek-squad-ever-again.html

https://www.geek.com/tech/lawsuit-alleges-fbi-used-geek-squad-to-spy-on-customers-1701906/

https://www.bleepingcomputer.com/ne...uad-nerds-search-your-pc-for-illegal-content/
 
I too have a cheepie wired only router with 4 ports. One port goes to a manual 4 way cat 5 switch box, another port goes to another 4 way. I have A, B, & C ports conned to comps. (box one), secong sw box the same. 4th port is set up with KVM + power cord if anyone brings their comp to my house. (my desk, mouse, KB, mon, inet, power). As it is, ONLY 2 comps can be connected to the net at a time. Box one, D is not conned to anything, box 2, D connection is laying on the floor with the KVM bundle. Its all just a matter of manual switching, , , , ,
 
I questioned on here recently, the demise of the stand alone hardware firewall.

In the early years of this century, I recall seeing cheap Linux based hardware firewalls commonly being offered.

They seem to have disappeared.

Complex (and expensive) versions of the same still to be found though. Maybe only commercial-use purchasers were taking up such an option.

I was considering using them, though at the time (circa 2005) my machine's chip set offered me use of 'Nvidia Firewall', which proved adequate. Needed some managing though: had to select what material passed/blocked both inbound and outbound. So frequently recourse to enabling in settings sites which I had not visited previously.

When I chose to revisit the issue, having acquired more networked hardware, they were no longer to be had.
 
priscus said:
I questioned on here recently, the demise of the stand alone hardware firewall.

In the early years of this century, I recall seeing cheap Linux based hardware firewalls commonly being offered.

They seem to have disappeared.

Complex (and expensive) versions of the same still to be found though. Maybe only commercial-use purchasers were taking up such an option.

I was considering using them, though at the time (circa 2005) my machine's chip set offered me use of 'Nvidia Firewall', which proved adequate. Needed some managing though: had to select what material passed/blocked both inbound and outbound. So frequently recourse to enabling in settings sites which I had not visited previously.

When I chose to revisit the issue, having acquired more networked hardware, they were no longer to be had.
Click to expand...

The cheap sort are now the territory of the DIY set:

https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/
https://hackaday.com/2018/04/12/building-the-perfect-home-router/
http://www.practicallynetworked.com/networking/convert_old_pc_to_new_router.htm

For them lacking in the necessary skills, the choices of out-of-the-box solutions break down to either routers with SPI & NAT, or standalone devices. For wired-only routers the options are few:

https://www.amazon.com/slp/wired-gigabit-router/8xgzkxc8pzhb4kz

Basically a choice of MikroTik or Ubiquiti, with all the rest having bad reviews of one sort or another. Both use a Linux-based operating system, and neither are easy to setup. For standalone devices, the options are many:

https://firewalla.com/products/fire...A_campaign=1982799286&GA_adgroup=73989775427&

https://www.corporatearmor.com/prod...-vpn-90-mbps-utm/?CAWELAID=120085770000000271

https://store.netgate.com/pfSense/SG-1100.aspx

https://www.newegg.com/p/09Z-01ZK-00003
 
Yes, I almost went down the DIY route, a book which I have (The Linux Bible) has a chapter on re-purposing an old PC to make a HFW. I have old PCs to hand.

However, online searching suggests using old PC results in unsatisfactory performance, and if you are going to do all that work, then investing in a low power Server Board (Atom CPU) and using laptop RAM (eg Supermicro) is preferable. So be it, though it then is no-longer a cheap solution.
 
priscus said:
Yes, I almost went down the DIY route, a book which I have (The Linux Bible) has a chapter on re-purposing an old PC to make a HFW. I have old PCs to hand.

However, online searching suggests using old PC results in unsatisfactory performance, and if you are going to do all that work, then investing in a low power Server Board (Atom CPU) and using laptop RAM (eg Supermicro) is preferable. So be it, though it then is no-longer a cheap solution.
Click to expand...

Yeah, the $60 for my MikroTik and $100 for the computer tech was cheapest I found. Guess if you're able to figure out how to set it up yourself, you could knock off the $100. To me $160 was worth every penny.
 
Janice said:
In this thread Post # 50: https://www.xpforums.com/threads/what-are-your-best-memories-of-using-xp.932186/page-3#post-3264044

trimis said "Wanna know the secret to make your crappy Win10 near bulletproof like my XP Pro? Hardware firewall using NAT & SPI. That's right! A good router will allow your weak Win10 to go anywhere on the internet with impunity..."

I will never use Windows10 :eek: Nevertheless, I would like to know how to do this. I have heard that a good firewall can make you immune to almost anything. I haven't a clue about this. Could you please explain how to do this "Hardware firewall using NAT & SPI". I am not an expert, far from it, but I can follow instructions competently.
Click to expand...

The instructions would depend on the router used, and can even vary between models of the same brand. You would need to search on Google:
MikroTik hEX RB750Gr3 - NAT SPI setup
as an example. If you cannot find anything, let me know, and I'll do a search. I'd need to know your specific router.
 
You must log in or register to reply here.
Back
Top