1801 vs. M0n0wall (BSD based firewall/router)

Unanswered Question
Jan 21st, 2009

Hello all. I am currently running a BSD based firewall/router for my company called M0n0wall. It is a fabulous open source (hence free!) firewall system http://m0n0.ch/wall/

My question is, if I wanted to migrate to a Cisco product and dump the M0n0, would the 1801 be the right router for my needs? Currently my M0n0wall has four FE 10/100 interfaces broken into:

fe 0/1 - Functions as a PPPoE (connects directly to my ADSL modem for WAN connectivity) to AT&T

fe 0/2 - Lan Interface 192.168.1.0/24 (Supports less than 6 PC's on same subnet). DHCP is enabled from M0n0 wall to hand out IP, DNS, and Gateway info for clents. NAT overload is also done on this interface to let my workstations have internet access.

fe 0/3 - WiFI Lan 10.10.10.0/24. Connects directly to a netgear AP. The Netgear AP is in "dumb" mode. In other words, all the AP does is allow association/authentication. M0n0 wall's DHCP hands out IP,DNS, and Gateway info for this subnet as well as for my Lan subnet. NAT overload is done on this interface as well as it is a public "hotspot". I have strict firewall rules enabled so that only a select few ports are available to clients (i.e. web, dns, pop3, smtp) Also, I have traffic shapeing enabled so that the wifi clients uplink speeds are throttled to around 100Kbps. This prohibits spammers from sending megabytes of spam from my ip. I have a captive portal enabled that redirects all clients after authenticaion to agree to a TOS before they are allowed internet access. This is my "safety net" to protect us from spammers, pornos, etc... If they don't agree to the TOS they don't have net access.

fa 0/4 - Server Subnet - 10.10.11.0/24 - Web, email, and ftp servers reside here. I have static mapping enabled so that WAN specific traffic destined for my IP (port 80 web, smtp, pop3, ftp) can get to this interface since this interface has my servers on it that outside traffic must get to. I consider this zone the DMZ as it is the only zone that outside traffic is allowed too.

Is the 1801 something I could migrate to if I didn't want to use M0n0? Would it do the above things? I am not sure it has any kind of traffic shaper or captive portal built into it, however.

Also, I noticed the 1801 has one 10/100 FE WAN port. What is this wan port for if an ADSL POTS port is also installed on the device??

Thanks for any help and suggestions.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion