Router? I Hardly Know Her!

Just a heads up – if you absolutely no interest in routers, UTM’s or IT in general, this post may bore you to tears. I’ll try to keep it entertaining and/or informative, though. Also, apologies for the lack of screenshots or pictures, but I only decided on writing this post after everything was said and done.

Here was the situation: I was using a cheap D-Link router for my home internet connection that had, well, issues. Despite being only a few months old, it would lock up at inopportune moments, necessitating a run to the basement to unplug and replug it. That got old real fast. Mind you, it wasn’t a “bad” router, per se. However, I do a lot of remote stuff for my “real” job at home, which often involves copying large files back and forth – which I suspect just overloaded the poor router.

I had a couple of options at this point.

First, I could see if it was possible to install a custom firmware such as Tomato or DD-WRT on the existing router. However, despite buying this thing for only $30, I’d rather not risk bricking it completely. Plus, I don’t even think this crappy router is capable of running those.

Second, I could go out and buy a new, more expensive router and pray for the best. Pros: will probably work with no issues. Cons: I’m cheap, and also interested in trying out a DIY router.

Which brings us to option three: Use an old computer as a custom router. Pros: will probably have more advanced options than a standard router – including neat stuff such as spam filtering. Cons: will need an old computer to install it on.

As it happens, I had an old Dell that I had managed to scavenge from somewhere eons ago and never put to use. It had a Core2Duo processor, so it should be beefy enough to do the job. The only thing I’d need to add was a second network card, as you need two in total (at least) – one connects to the internet, and the second connects to your internal/home network. I have at least half a dozen of those kicking around.

However, there’s always a “gotcha”.

Enter the first snafu. This old computer only has half-height PCI slots – that is, the slot that I need to plug the network card into is not a standard size. Now, I could get creative with the metal cutters and try to trim the bracket, but I decided to be professional and ran out to grab a half-height card. Also, just a heads up on that – if, for some bizarre reason, you’re using this as a guide, try your best to get a network card with an Intel chipset. They’re better, for reasons that are too boring to go into detail here.

So, the computer is now good and ready to go. I’ve got a few options at this point.

Monowall, along with its sister project pfSense, are solid choices. They’re both powerful, but pfSense allows for mods/apps to increase functionality. They’re extremely lightweight – I believe the latest version of Monowall can still run on an old Pentium-3 computer!

Here’s the catch. There’s a certain limitation to both of these systems, which will rarely be noticed by anyone in the real world. “Rarely” in this case meaning me. You see, I connect remotely to my office using a certain type of VPN connection called PPTP (please note that if you are reading this and also using PPTP, please encourage your IT department to move away from it as its encryption has been cracked and it’s no longer secure). If you are connected to the internet behind a Monowall/pfSense router, your may *not* connect to the same PPTP host from multiple computers in your network. In English, that means that if I’ve connected to my office on my desktop, I can’t connect simultaneously on my laptop. Also, if I were to disconnect the PPTP connection on my desktop, there’s still no guarantee that I’ll be able to connect on my laptop without rebooting the router.

So, scratch that option. Plus, while these are *very* good offerings (especially considering the price tag of “free”), they still only have router functionality. I wanted something neat to play with.

Enter UTM’s.

Universal Threat Management systems (UTM’s) give you additional functionality such as anti-virus, spam filters, website filtering and anti-hacker measures. Basically, the sort of stuff you associate with corporate firewall systems. Now, to be honest, I didn’t really need all this functionality, but I’d rather drive a Ferrari at low speed, than be constantly flooring a Reliant Robin to get it up a slight incline.

Untangle NG Firewall was a product that I’ve deployed before. We even use it at work to help with spam filtering. However, I didn’t like it for one specific reason. Namely, they charge a lot of money for the advanced features. This is not to say that their free offering is a bad product by any means, as it does offer plenty of features such as spam filtering, anti-virus, QoS, and basic anti-intrusion. However, I wanted to play around with some of the advanced features – such as being able to define a user on the network and giving them a different level of access permissions. Not that I’d ever try to block my wife from using Facebook, of course.

After searching for another UTM, I came across a surprise. It seems like the folks at Sophos, a respected name in firewalls, had a free offering of their UTM 9 system for home users. No functionality was removed, except for the ridiculous limit of 50(!) devices allowed on your home network. It even came with ten free licenses for Sophos Endpoint antivirus, which in turn could be monitored from the web interface of the UTM.

Wow. This was indeed quite the deal.

After verifying that I had actually read the fine print correctly, I wasted no time in downloading the ISO. Then, after realizing that I’d downloaded the version to be installed on embedded hardware (i.e. an actual “router”, not on a computer), I then proceeded to download the correct version and burn it to a blank DVD.

Installation went off with no hitches, and setup was easy enough. The features were amazing! Blocking my wife’s iPad from Facebook would be no problem! Er… I mean, I love you, dear!

Even the reports were impressive – you can see graphical breakdowns of reports such as individual devices on the network, and how much bandwidth they consumed, along with the different sites/protocols that were popular that day.

Now, the bad.

After getting everything set up, I decided to run my Ninite installer to update a few pieces of software. Surprise! Problems. Seems that Sophos’ antivirus scanning was messing with the file downloads and the Ninite installer wasn’t recognizing them as legitimate files.

No worries. I had antivirus installed on the actual computers anyways. I disabled the Sophos UTM antivirus and all was well again.

Two days later, my internet stopped working.

Turning on the monitor on the Sophos computer revealed no error state or similar, but trying to log into the web interface proved a fool’s errand. Giving up, I powered the computer off and turned it back on. A minute later, all was back to normal.

Thinking I had just (un)lucked out, I decided to keep on trudging ahead with Sophos. Noticing that there was an update that night also helped to ease my mind. After all, perhaps this was a known bug that they had just fixed? Five days and two more resets later, I realized that this wasn’t the case. I then proceeded to disable everything on the UTM except for intrusion protection and Endpoint management, as I’d installed Sophos Endpoint on my laptop as a test, and hadn’t experienced any problems so far.

Three days later, the internet went down.

Could it be the hardware, I wondered? No, I had checked the drive for errors and had also run a burn-in test beforehand. Plus, the computer wasn’t actually locking up. The Sophos UTM software just seemed to go dead for unknown reasons.

On top of that, I decided to do a continuous ping to Google to see if there was anything else screwy going on.

There was. It seemed that, every so often, the internet connection would freeze up for about 5 seconds or so, and no pings would go through for that period of time. Not a big deal if you’re just browsing, but quite annoying if you’re streaming video on Youtube and the video hasn’t buffered far enough.

I figured I would keep on keeping on, and hope that an actual patch would be deployed, plus I didn’t have any real grievance with the software. Most of the times it would freeze up were late at night anyway. I could just restart the computer when I wake in the morning and notice that my tablet won’t show me the current weather.

Besides, I had a real job to worry about, plus books to write for you nice folks. 🙂

Now, time for the ugly.

A few days ago, I noticed some very odd behaviour on my laptop. Firefox would stop loading pages after a few minutes of browsing, then would refuse to close properly. Even trying to kill the Firefox process from Windows Task Manager failed to accomplish anything. It didn’t stop there, either. Chrome would simply refuse to open, and the Chrome process was unkillable as well.

Now everything in mind screamed “Virus!”, but there was one fact that negated that hypothesis. Namely, Internet Explorer was the only browser that would work properly, and that’s usually the first thing to go when malware decides to find a home in your computer.

Regardless, I did full virus scans on the laptop, but turned up nothing.

Baffled, I started digging further to see if any recent Windows updates might have been the culprit. No dice.

Could it be my MalwareBytes scanner? Disabling it proved that my beloved malware scanner was not to blame. By the way, I highly recommend the premium version of their software. It works in tandem with a “real” virus scanner to protect you from all sorts of nasty malware such as browser hijackers. I mean, you really can’t buy that type of peace-of-mind for just $20 a year. Even if you opt to just use the free version to scan your computer every so often, you really can’t go wrong.

Now, remember how I mentioned earlier that I had installed Sophos Endpoint antivirus on this laptop? Taking into account all the recent troubles, I decided to try uninstalling it – at least temporarily, just to prove to myself that it wasn’t the real culprit.

Guess what?

Yep. Spot on.

Oh, Sophos. I so wanted to love you…

So, I’m now back to running Microsoft Security Essentials on my laptop.

Suffice to say, I’m back in the market for another UTM. I’m leaving Sophos online for now, but am now interviewing candidates for its replacement.

More on this saga to follow.