Firewall/VPN100
ZoneAlarm
NIS2K
Linksys BEFSR41
SonicWall SOHO
Belkin OmniCube
Cybex SwitchView
LinkLogger

Privacy
Feedback

Linksys Etherfast Cable/DSL router
Price: $200

Price:

Security:

Interface:
Ease of Use:

Overall:
Rating: 1

Pros: Very easy to set up.
Cons: Limited security, poor documentation of advanced features.

 

   Have no illusions, this is not a firewall. It is a router which performs Network Address Translation (NAT) , but it does have a limited feature-set which does give it some firewall-like qualities. However, the simple protection of NAT, and the fact that there is a box between the evil internet and your computer(s) is enough to keep most script-kiddies out of harms way. 

   The router itself has the "new" look, quite different from Linksys' rather plain-looking hubs and switches. I'm not going to add another rating for looks, but it doesn't make my desk look any uglier... It comes with a four port 10/100 switch (indeed) so you can have your 100Mbps LAN hook right into the unit. The WAN interface is 10Base-T (which is still 6 times faster than your connection). Throughput tests have shown that it can do up to 8Mbps, so this is not going to slow you down at all.

  Basically, the unit should work right out of the box. It comes with a DHCP server, and all you have to do is set your computer to obtain an IP address automatically and hook it up to one of the LAN ports on the back of the unit. You should now be able to use a web-browser to connect to the unit and make any changes. It is recommended that the first thing you do is change the default password, as a bug in the firmware allows accessing the configuration interface from the WAN side! Newer versions of the firmware have addressed this issue.

  Configuration of the basics are fairly simple. The web-interface is very straight-forward, and there isn't really anywhere where you can go wrong. Most cable/DSL users have dynamic IP addresses assigned by their ISP, and that makes it a lot easier. If you need to enter static information, there's more room for error.

   The more interesting features of this unit is under the "advanced" section. Strangely enough, Linksys are not providing any support for these features, and the manual is not all that informative of these features either. It is possible to filter traffic; you can deny traffic based on (internal) IP address or port number. Unfortunately, you can only enter 5 blocked IP addresses and 5 blocked port numbers, so it's very limited, but still useful. The unit will state "In order to use this feature, DHCP must be disabled on
the router." which is rather inaccurate as it does work with DHCP enabled. What they are trying to say is that blocking an IP address when DHCP is enabled might cause unexpected results, as there's no guarantee that the machine which you intended to block might not get the same IP address all the time. It is, however, possible to mix static and dynamic addresses, and you can block the correct machine by giving it a static IP address. The port blocking feature works regardless. The Forwarding feature allows you to have a web-server behind the router and still have access to it from the outside. All requests to the router from the WAN interface on the given port number will be forwarded to the IP address you specify. Of course, you'll need to use static IP addresses for this too. You can have up to 10 different ports forwarded, and you can specify which IP address each individual gets forwarded to. 

   The DMZ feature is also interesting. Essentially, all incoming traffic to the router will be forwarded to this machine, which leaves it vulnerable to attacks. Also, this is the only way to get Video conferencing (using NetMeeting) to work. With the ease of configuration, it should not take much effort to "move" a computer from the LAN to the DMZ and back.

   This is a great product. It offers easy configuration, simple security and an easy way to share your cable or DSL modem. And getting a 4 port 10/100 switch for $200 is a great deal as well. There's only three things I miss: a) Logging feature, there's absolutely no way of knowing what is hitting your router on the outside. 2) Lease-time, this information is provided when a lease for an IP address is obtained, however, it is not displayed on the status screen. I would like to know when I obtained the lease, and when it expires. And 3) Where's the matching hub? With "only" 4 ports on the back, it's very limited how many computers you can hook up to it. I'd like to see a 10/100 hub that looks just like it so I can stack them.