Turn a old router in to a firewall box. (Netgear DG834G)

[Ykno]

So i have a old Netgear DG834G i want to make in to a a firewall box. i belive OpenWRT would be able to do this which can be installed on the Netgear.

 

https://wiki.openwrt.org/toh/netgear/dg834g  following this guide on how to install. but i cant seem to figure it out ha.

 

anyone done this on this router or up to giving it ago over RDP or something ?

[Falconevo]

You need to JTAG the unit to be able to install something like that, unless you are familiar with doing so I would use this as a point of call for reading as you would need to buy appropriate hardware to do it.

 

I do recall doing a DG834G years ago, just to get rid of the shit firmware from Netgear.  I used one of these;

 

http://www.dgteam-mirror.talktalk.net/Home.html

 

It opens up a large amount of features and may possibly give you what you need?  It's an old piece of shite though, don't expect much

[Ykno]

14 minutes ago, Falconevo said:

You need to JTAG the unit to be able to install something like that, unless you are familiar with doing so I would use this as a point of call for reading as you would need to buy appropriate hardware to do it.

 

I do recall doing a DG834G years ago, just to get rid of the shit firmware from Netgear.  I used one of these;

 

http://www.dgteam-mirror.talktalk.net/Home.html

 

It opens up a large amount of features and may possibly give you what you need?  It's an old piece of shite though, don't expect much

so i cant do anything with this unless i JTAG it?

[Falconevo]

I just told you what you can do, you can use a custom firmware and upload that.  However if you want to utilise it with custom software rather than a full feature unlocked version then you will need to JTAG it and re-program it to accept alternate software.

[Ykno]

2 minutes ago, Falconevo said:

I just told you what you can do, you can use a custom firmware and upload that.  However if you want to utilise it with custom software rather than a full feature unlocked version then you will need to JTAG it and re-program it to accept alternate software.

okay whats does that firmware u linked give extra over default?

[Falconevo]

Install it and find out, its old stuff which is pretty vague so won't have much documentation.

 

I required dynamic DNS from more unusual providers, PPTP and support for custom outbound NAT'ing back in the day but thats all I can remember.

You can easily go back to a Netgear firmware via the WebGUI so you have nothing to lose trying it.

 

The unit is a piece of shite though, its old and bismal.  If you have some spare cash I would suggest looking at the Ubiquiti EdgeRouter Lite

https://www.ubnt.com/edgemax/edgerouter-lite/

[Ykno]

1 minute ago, Falconevo said:

Install it and find out, its old stuff which is pretty vague so won't have much documentation.

 

I required dynamic DNS from more unusual providers, PPTP and support for custom outbound NAT'ing back in the day but thats all I can remember.

You can easily go back to a Netgear firmware via the WebGUI so you have nothing to lose trying it.

 

The unit is a piece of shite though, its old and bismal.  If you have some spare cash I would suggest looking at the Ubiquiti EdgeRouter Lite

not over £100 spare no lol just want somethign cheap that i can turn in to firewall to run before my switch so inbound traffic is monitored and harmfull stuff blocked

[Falconevo]

Find a crappy old PC and install pfSense, Vyatta Community Edition or any other alternative such as SmoothWall etc.

Don't bother messing with a Netgear crapper, use an opensource firewall for free and get the features of an enterprise firewall.

[Ykno]

4 minutes ago, Falconevo said:

Find a crappy old PC and install pfSense, Vyatta Community Edition or any other alternative such as SmoothWall etc.

Don't bother messing with a Netgear crapper, use an opensource firewall for free and get the features of an enterprise firewall.

built pfsense on a 1u server again want a secondary firewall external to that for added protection

[Falconevo]

Then deal with the issues that come with a double NAT in your network?  

 

If you want a second firewall for added protection use the Windows firewall or IPtables etc on the local PCs.

I can't really figure out why you would want to gimp the device(s) sitting behind a secondary firewall on a DG384.

 

[Ykno]

1 minute ago, Falconevo said:

Then deal with the issues that come with a double NAT in your network?  

 

If you want a second firewall for added protection use the Windows firewall or IPtables etc on the local PCs.

I can't really figure out why you would want to gimp the device(s) sitting behind a secondary firewall on a DG384.

 

 cant seem to get why u fail to understand i want to do it one for the fun of it  and two it laying around doing nothing so might well find a new use for it

[Falconevo]

Just because you can do something, doesn't make that something a sensible idea.  I have given you the information you need, either use an already pre-unlocked firmware and see if it gives you a suitable feature set or learn how to JTAG and go via the custom software route.

I understand perfectly, you just don't understand the pitfalls of such a scenario and fortunately I do which is why I'm advising you against it.  If all you want to do is learn, that's fine but I would suggest some reading regarding JTAG'ing and Double-NAT before you get started.

Having a shitty attitude won't get you help brah.

[Ykno]

Its very common for data centers and enterprises that have big networks to run two firewalls as some rules that u set on FW2 for example may be two strong for a different part of ur network so separating parts of networks with different firewalls is a common thing to do.

 

I work in a data center.

 

shitty attitude? i think not? i just couldn't get why you was getting arsey and blunt with me when i was just asking if it could be done and what i needed, never said i needed it for specific application

 

so bye.

[Falconevo]

DMZ is generally a zoned off area of the firewall, rather than an entirely separate firewall.  Fortunately I do work in enterprise hosting and have done for near 10 years managing environments with these configurations on a daily basis for thousands of customers.  But yea I clearly haven't got a clue have I....? I'm not the one asking for advice on a simple area of networking nor am I the one having difficulty understanding a dual NAT and its pitfalls.  Just because there is a picture of a network topology, does not make it a sensible configuration in your scenario.

 

Just use a separate VLAN and Subnet, just like pfSense is capable of doing and use the Software firewall provided by the operating system for inter subnet security.  Just like every other enterprise firewall and OS is capable of doing.

Using 2 firewalls in this scenario is unnecessary, just because it is possible does not make it sensible.  You can do it for sure, I never said you couldn't.. what I did say is that is it is just unnecessary but do what you want darling  x