I've been using my DIR-655 for ages now. It has served me well, but the firmware hasn't been updated in exactly 6 years now (v1.31 EU, 2010/01/14) and that tends to worry me a bit.
I also never found it to be that inviting to tinker with, as such I never bothered configuring it as an external firewall. I don't even know if it has that capability. All it has done is act as a hub to connect my PCs and NAS and provide wireless for the laptops.
Lately I've also been getting concerned about my NAS being so openly connected. If possible, I'd like to configure the network so that the NAS can't send or receive anything outside of my local network. I found a setting in the router that lets one machine bypass the network and be directly connected to the internet, but I need the exact opposite and can't find that.
I've been eyeing the WRT1200ac at my local hardware store and I'm wondering if that may be the solution.
Speed-wise, there's nothing to gain. At 400Mbit the theoretical WLAN speed is higher, but I haven't seen my laptops max out the D-Link's 300Mbit yet. So if I were to spend money on that upgrade, it'd be purely for the functionality.
Can the WRT1200ac block specific machines from accessing the internet or being accessed?
Is it worth the premium to get the newer router or should I stick with the old one and google for ages until I find a way to properly configure it?
How worried should I really be about running 6 year old firmware on a router?
It depends on what OS your NAS is running, however it's not necessarily the router's job to prevent a machine from accessing the internet. You should be able to disable internet access on the machine itself, let's say in linux by removing the default routes to the internet. I'm sure there are firewall rules somewhere on some routers that do this same trick, but as long as the router has no forwarded ports to that machine, it's pretty well satisfied. This is a better model of function, as to have a node that is not trying to access a network, rather than a node making constant attempts. Therefore if for some reason the firmware on the router were to glitch, and suddenly allow access, that node (your NAS) won't notice a difference.
As for routers, it's all preference really. I personally haven't been a fan of the reinvigorated Linksys lineup since Belkin is at the helm. I used to be a huge fan of the old WRT54G and how flexible it was with firmware, but now I find myself liking the new ASUS routers and the custom firmwares available to them. They have a ton of hardware features, and the software is actually pretty loaded out of the box. If you want an 'unlocked' experience, you can download firmware like Asus-Merlin and can do pretty much anything with them.
As an example of the flexibility of these routers, I recompiled the ASUS-Merlin firmware to include USB audio drivers, so that I can hook up a USB sound card and to that a speaker in my 'kitchen' area. Every morning at 6:30 when I wake up I have it auto-play an online radio stream with a favorite morning show of mine. While I'm getting ready I can start listening, and then continue listening in the car on the way to work. The stream automatically stops after an hour.
You basically have a full on linux box at that point, and the possibilities are endless.
Sorry for not getting back on this earlier, been too busy with other things.
The NAS is currently running FreeNAS, but I'm not too happy with that because I'm getting tired of flashing my HBA (first down from version 19 to 16, now FreeNAS has upgraded the driver and wants me to flash the card to 20 again). I want to keep ZFS though, so I'll probably go with Linux.
Never was much of an ASUS fan, but I'll look into their routers.