My D-Link 604 is starting to act up so need a new wired router soon. Which one has a decent firewall, does not lag your internet connection much and is not too expensive? Must be Xbox 360 compatible too. Thanks.
That's a good question. I recently bought the very affordable Netgear WGR614. It offers SPI (stateful packet inspection), an option to disable response to "ping" from the internet, and the ability to turn off the wireless radio when not needed. That's better then I was using previously, but it's probably still pretty lightweight. What is your budget?
In the home budget range, the Linksys WRT54GL (just turn off the wireless radio) or about any other Broadcom based device with sufficient memory paired with the free dd-wrt firmware can create a rather complex firewall of your choosing when paired with third party firmware.
As far as bang for the buck goes, I'm not sure there's anything better.
(Yes, pedants, a Cisco PIX, a Juniper, Netscreen, or a Nokia IPSO based firewall would be better if price, noise, size and power consumption were no object. )
What you need the firewall for? Many consumer router firewalls mainly protect the router itself and only have very few options to actually filter traffic from and to the LAN. The main protection of the LAN is usually due to NAT and for that you usually can only turn it on and off and set port forwardings into your LAN in various forms (forwarding, triggering, DMZ, etc.)
The OS since v5 of the WRT54G is VxWorks, which is an embedded RTOS by Wind River, and it is decidedly not Linux.
Linksys made this switch because with their volumes, switching to the tighter, more efficient VxWorks allowed them to cut their memory needs in half, and the parts cost savings more than made up for the licensing cost for the promprietary VxWorks operating system.
While we're talking about it some reference links might be worthwhile:
Because that is not what the firewall of an average consumer brand router does. Not for your LAN. The NAT translation on the router will discard "unsolicited" packets. NAT will inspect any packets if at all.
You'll see the difference in the moment you turn off NAT (i.e. you use public IP addresses in your LAN) and keep the firewall active. In that moment nothing will be filtered between the internet and your LAN simply because by default the firewall on the router protects the router itself but not your LAN.