|
Paul MaudDib posted:As a poweruser/homelab-someday-wannabe, what are the merits of having a real computer running something like PFsense to route on, versus just running one of the WRT flavors? If you want to be a poweruser, just install OpenBSD or FreeBSD (Open is better). You get PF and a host of other goodies. Sure, you have to edit text files . Plus you can write your own programs/scripts to do ... whatever it is that you want to do.
|
#
?
Jun 27, 2017 01:30
|
|
|
|
| # ? May 30, 2024 19:16 |
|
|
Volguus posted:If you want to be a poweruser, just install OpenBSD or FreeBSD (Open is better). You get PF and a host of other goodies. Sure, you have to edit text files . Plus you can write your own programs/scripts to do ... whatever it is that you want to do. Show us your Unix beard! I'll second OpenBSD as a great firewall OS. FreeBSD has Codel for QoS since 11.0, though ipfw/dummynet isn't quite as easy to configure as pf is. If you prefer penguins, Alpine Linux is a nice security-focused distro that boots from USB and runs from RAM, which is nice for embedded platforms like ALIX/APU2/Soekris. SamDabbers fucked around with this message at 02:26 on Jun 27, 2017 |
|
#
?
Jun 27, 2017 02:22
|
|
|
astral posted:by all means Start with a J3355 cpu/mobo combo for $55. There are MATX and ITX flavors. Add 4gb of ddr3 RAM (the ITX J3355 takes sodimms) - $25 Add a case, like this ITX Antec with included power supply or this Inwin with ps - $75-$85 Buy an Intel i340-t4 gigabit 4-port card. This will let you keep your WAN, LAN, and WiFi APs segmented. Make sure to buy a low profile bracket if your case needs it. - $30-40 Add a $5 flash drive to boot from, and you're all done. It's possible to save some money by finding a good deal on a case, but if you want a case that's small it'll cost you. You could easily run this setup in a $10 after rebate mid-tower case and a $20 Corsair 430 watt ps if you really wanted to save money. If you do that, it'll pull about 13 watts from the wall instead of 8-10.
|
|
#
?
Jun 27, 2017 02:33
|
|
|
http://imgur.com/a/bwGZe What fresh hell is this... Been in this house for two years, hadn't really ever looked at the cable setup or why I have so many blank wall plates (i.e. I have four on one wall in the upstairs living room). From what I can tell, the first photo is a shitload of Cat5e that likely goes to the blank wall plates, but they aren't connected to any jacks on this end. The silver box in the second photo is the cable splitter, correct? Any ideas how to reverse engineer this? Or why the hell the previous owners would not just take their switch with them, but also the wall jacks and the jacks at the ends of the Cat5?
|
|
#
?
Jun 27, 2017 03:00
|
|
|
Building a little box to be a router/firewall is always going to cost more than a reasonably capable consumer router. And pfSense isn't terribly suited to wifi tasks, so you will still need an AP in most cases. So, price is a thing. And then there is the fact that you are building a small headless PC and installing BSD on it. And once its installed you need to have a basic understanding of networking to set everything up. If you want to do advanced things you will need more than a basic understanding of networking. So, user friendliness and ease of setup is also a thing. Now that said; pfSense is great. I use it at home myself and I love it. It has all of the advanced features I could ever want at home with no annoying licensing schemes or support contracts to worry about. I have it on this board with 8 gigs of ECC-RAM and it screams. Full wire speed routing, OpenVPN, and IKEv2 IPSec without breaking a sweat. Out of band management, can boot from an ISO image mounted over the network, built in remote KVM, ect... However it looks like future versions of pfSense are going to require AES-NI. (1, 2) So that is something to keep in mind when selecting a CPU.
|
|
#
?
Jun 27, 2017 03:07
|
|
|
Omne posted:http://imgur.com/a/bwGZe Umm, maybe crimp the ends and try plugging stuff in to see what goes where? I guess you could buy an ethernet cable tester to make it a bit easier. In fact, given the state of the wires that might be the right way to go. But umm... yeah.... you have two coax splitters, maybe the silver one is powered and also acts as a signal amp? (I used to have a powered coax splitter that got its power from one of the coax jacks. There was a wall wort in another room that plugged into an AC outlet and just spat out a coax line that went to the wall and to the splitter.) Or maybe it has better RFI shielding or something than the white one...? My guess is that the previous owners had a punch down plate for the cat5, and they didn't want to leave it behind. Good luck sir. Antillie fucked around with this message at 03:20 on Jun 27, 2017 |
|
#
?
Jun 27, 2017 03:13
|
|
|
Omne posted:http://imgur.com/a/bwGZe You'll probably want to buy a nice replacement patch panel if you want to try to reuse those networking cables. I agree with Antillie that a tester might be a good investment. Definitely check out what's going on behind the blank wall plates first, of course. Two years is pretty impressive though. The curiosity would've killed me within a week.
|
|
#
?
Jun 27, 2017 04:13
|
|
|
Regarding x86-based gateway/firewall/routers, I have followed a guide that Ars Technica published a while back about setting one up based on iptables and had good results on a couple different machines. I had previously used m0n0wall several years back and it worked OK, but this appealed to me because I could run a torrent server and later a VM host on the same box instead of wasting power leaving my gaming desktop on. One thing to keep in mind with this though is that if you use an old desktop, it will suck down significant amounts of power even just idling. My first prototype was a retired X58-based gaming system and even with an undervolted low-power Xeon and an 80+ Platinum supply, it used around 70W at the wall. Not a huge amount, but compared to a normal router and 24/7 the cost would add up. I had better results with a Celeron N3150 board (~25W, including fan and HDD) and a Dell MicroATX server with a Haswell Xeon (~30W). Of course, if you run on something like a NUC or a laptop then you can get even lower but I decided to make tradeoffs to get more internal I/O.
|
|
#
?
Jun 27, 2017 05:42
|
|
|
FWIW pfsense officially supports many different hypervisors for virtualization in case you already have a homeserver/computer running 24/7. All you need to do is pass through a decent quality PCIe NIC and off you go. Obviously some people will have security concerns about a firewall running inside a VM but it does work very well
|
|
#
?
Jun 27, 2017 08:51
|
|
|
It's not a terribly great idea to virtualize pfSense, in my opinion. At the end of the day, that means your virtualization server is exposed directly to the internet. Yes, it's protected behind some software, but virtualized pfSense seems more appropriate in a homelab/self-teaching situation, rather than asking it to be your main firewall for your home.
|
|
#
?
Jun 27, 2017 12:12
|
|
|
What does PFSense or one of the BSDs do so well that Vyatta or EdgeOS doesn't? I thought they were most similar than different, is it really just about having tons of CPU power so you can route at line speed without hardware offload?
|
|
#
?
Jun 27, 2017 14:10
|
|
|
Twerk from Home posted:What does PFSense or one of the BSDs do so well that Vyatta or EdgeOS doesn't? I thought they were most similar than different, is it really just about having tons of CPU power so you can route at line speed without hardware offload? Reading on Vyatta and EdgeOS ... same thing, different tools. Sure, maybe one of them provides functionality X that the other one doesn't, but ... meh, they all have the same purpose at the end of the day. Vyatta is based on Linux (Debian) it seems, while pfSense is FreeBSD. Speaking about pfSense, i downloaded and installed it in a VM locally. One thing that I noticed is that it packs in there quite a few tools (dhcpd, unbound, pf, cron, ntp, etc.) and provides a unified web interface to manage them all. As for ease of use, it doesn't look easy to me. I mean, one still needs to know what they're doing no matter what. I wondered how would a UI look to the PF rules and I must say I'm not impressed. To be fair, making a firewall rules UI is drat hard, unless you dumb it down that it becomes useless. For the normal people I would recommend a cheap consumer based router any time. While I use the Ubiquity AP and I like its performance, I am not sure that an EdgeRouter for $100 is worth it for the normal home user. For me personally having a cheap computer as the gateway with OpenBSD installed provides me with everything that I need. If a tool doesn't exist that does what I want, I just write it. At the moment I have at least 10 or so little daemons/cronjobs that provide all kinds of services (network traffic control, ad-domains maintenance, parental control, google drive backup tool, etc.). But this is not relevant for the normal folks, that just wants to have it running there and not really worry about it.
|
|
#
?
Jun 27, 2017 15:05
|
|
|
Twerk from Home posted:What does PFSense or one of the BSDs do so well that Vyatta or EdgeOS doesn't? I thought they were most similar than different, is it really just about having tons of CPU power so you can route at line speed without hardware offload? pfSense is a firewall that has many routing abilities. Ubiquiti devices are routers first, with some firewall abilities. Practically, this means that pfSense can do most/all firewalling duties at full speed, whereas the less-expensive Edge devices take massive performance hits for using (common) firewall features that aren't supported in hardware. By the way, my bringing up pfSense at all was predicated on talk from the page before about maximizing security on a network. Something like pfSense will let you do that without making any compromises.
|
|
#
?
Jun 27, 2017 15:07
|
|
|
PFSense IS BSD.
|
|
#
?
Jun 27, 2017 15:16
|
|
|
You can also get this adorable lil guy for 149$ to run PFsense, which I agree, loving owns. https://www.netgate.com/products/sg-1000.html
|
|
#
?
Jun 27, 2017 20:30
|
|
|
Matt Zerella posted:You can also get this adorable lil guy for 149$ to run PFsense, which I agree, loving owns. This is actually the line of boards that's been tempting me for years - apu2c4 is probably the most relevant model, with triple Intel 1GbE onboard, 12W at load, goes for $125 + shipping + case is another  . They are also designed to take mini-PCIe wireless cards for AP hosting.But that board is pretty tempting too. Paul MaudDib fucked around with this message at 21:40 on Jun 27, 2017 |
|
#
?
Jun 27, 2017 21:28
|
|
|
For me the big point of PFsense is throwing massive x86 hardware at it. Those micro boxes are lacking imo.
|
|
#
?
Jun 28, 2017 00:14
|
|
|
Omne posted:http://imgur.com/a/bwGZe First image - the people didn't get a patch panel installed, so the cable installer is only patching the middle pair (of the 4pair in a cable) together. Only good for phone lines (POTS) setup. 2nd image: Cable installer is using an active splitter (one of those coaxs go to a wall plug somewhere) and left the passive one attached to the ceiling. Solution: Install a patch panel for the 1st image and then do a switch for your computers. 2nd image: It's installed correctly - the active splitter gives your cable boxes more signal (aka: more speed for modem). The best is to make sure your cable modem is on the port with "-4db" (the one with nothing plugged into it).
|
|
#
?
Jun 28, 2017 17:53
|
|
|
unknown posted:First image - the people didn't get a patch panel installed, so the cable installer is only patching the middle pair (of the 4pair in a cable) together. Only good for phone lines (POTS) setup.  get about 20 of these things: https://www.monoprice.com/product?p_id=15969  They're easy as hell to use, don't need special tools, they're on sale for $0.66 each, and monoprice does overnight shipping for super-cheap in a lot of major metros. Put one on each of those cables, then check the wall plate jacks throughout the rest of the house and make sure they're wired for all 8 wires, or else put one of the jacks above on the wall plate side too. Also pickup keystone plates from monoprice while you're at it, because they're going to cost 1/2 as much as home depot etc. https://www.monoprice.com/search/index?keyword=keystone+plate There's no backer board for a proper install of a patch panel, so unless you want to hang a board from the joist, I would probably skip trying to mount a proper panel.
|
|
#
?
Jun 28, 2017 18:25
|
|
|
Matt Zerella posted:You can also get this adorable lil guy for 149$ to run PFsense, which I agree, loving owns. quote:The SG-1000 comes with dual 1Gbps Ethernet ports, enabling maximum throughput exceeding 100Mbps redeyes posted:PFSense IS BSD. Yes but: 1) this destroys any power savings: redeyes posted:For me the big point of PFsense is throwing massive x86 hardware at it. Those micro boxes are lacking imo. 2) pfsense is heavily weighted toward being a NAT firewall first and foremost in their GUI. If you stray outside the GUI to access the base OS level routing features, you lose the ability to upgrade software releases for security patches, or obtain professional services support. That's fine for a home user who wants to constantly maintain their own hardware. Not so much for people who aren't actively interested in "fixing" their network. bobfather posted:pfSense is a firewall that has many routing abilities. Ubiquiti devices are routers first, with some firewall abilities. Yeah actually. A bunch of my customers opted for pfSense after seeing the sticker shock of big-vendor security appliances. They're mostly happy, except for whenever they try to setup some feature in a dumb way, or when they cheap out on the underlying hardware and it fails. I still wholly applaud their efforts.
|
|
#
?
Jun 28, 2017 18:28
|
|
|
CrazyLittle posted:get about 20 of these things: https://www.monoprice.com/product?p_id=15969 These are really cool.
|
|
#
?
Jun 28, 2017 18:46
|
|
|
SamDabbers posted:These are really cool. That looks like some black magic right there.
|
|
#
?
Jun 28, 2017 19:04
|
|
|
DizzyBum posted:I just remembered why I put my Archer C5 on OpenWRT. For some reason the 5GHz wifi network suddenly stops working after a couple days of continuous uptime. Like, the network stops broadcasting its SSID, disconnects everyone, and just vanishes. Rebooting the router fixes it temporarily. Using OpenWRT fixed that behavior, but I had to flash it back to stock because of strange issues I was having with my new ISP. It's the v1.2 hardware. The 2.5GHz network stays up just fine. I asked about this a while ago but I was hoping I'd bring it up one more time. Has anyone else ever encountered this issue? This is getting kinda frustrating since the 2.5GHz gets a lot of interference from neighbors.
|
|
#
?
Jun 28, 2017 19:38
|
|
|
Are you running the latest firmware? Have you got in touch with TP-Link? For $50, I'd buy a new router than continue spending time on the problem. It doesn't sound like a configuration issue, sounds like a hardware/firmware problem. So I'd ask yourself how much your time is worth.
|
|
#
?
Jun 28, 2017 19:43
|
|
|
Internet Explorer posted:Are you running the latest firmware? Have you got in touch with TP-Link? For $50, I'd buy a new router than continue spending time on the problem. It doesn't sound like a configuration issue, sounds like a hardware/firmware problem. So I'd ask yourself how much your time is worth. Latest firmware, yes. Haven't contacted TP-Link yet so I'll do that. It's not a critical issue; my money needs to go elsewhere before I buy a new router. The wifi isn't unusable, it will just occasionally lag thanks to all the neighbors. It would just be nice to have 5GHz running again because it's really snappy. DizzyBum fucked around with this message at 20:08 on Jun 28, 2017 |
|
#
?
Jun 28, 2017 20:06
|
|
|
Internet Explorer posted:Are you running the latest firmware? Have you got in touch with TP-Link? For $50, I'd buy a new router than continue spending time on the problem. It doesn't sound like a configuration issue, sounds like a hardware/firmware problem. So I'd ask yourself how much your time is worth. I dunno if it's the constant duty cycle, or reflected RF energy from lovely antennas with too high of an SWR, or what, but routers seem to fail amazingly fast in my experience, a lot of cheap consumer routers don't make it beyond a year or two before they get flakey.
|
|
#
?
Jun 28, 2017 21:37
|
|
|
I'd put my money on bad power from the power company. Ask anyone in IT how many alerts we get from our UPSes cutting off of main power because of dirty power.
|
|
#
?
Jun 28, 2017 21:40
|
|
|
Antillie posted:1. Maybe. The max cable length for fiber is ridiculously long. Like, measured in kilometers instead of feet. You could't hit the max length in an apartment even if you tried. (Different fiber types have different max cable lengths but in an apartment it just doesn't matter. Hell, even in a 360,000 square foot warehouse it just doesn't matter.) However the cables are pricey and fragile. You can't just bend them willy-nilly like you can ethernet cables. You can bend them, you just have to be mindful of the fact that its fiber and not copper wire and handle them properly. The angle of the bend is very important. Basically you have to bend it "slowly" and take the turn gradually over a long enough amount of length. So depending on the bends in your conduit it might not work very well, or at all. It worked! Fiber survived the conduit, and we are now getting 70mbps up and down on wifi, and about 120 if we're wired. Next stop is passing an ethernet cable up to thetop floor, where I have the desktop. I'll look into the next steps. ☺️
|
|
#
?
Jun 28, 2017 22:44
|
|
|
unknown posted:First image - the people didn't get a patch panel installed, so the cable installer is only patching the middle pair (of the 4pair in a cable) together. Only good for phone lines (POTS) setup. You are correct! I opened up a telephone wall plate and sure enough, two wires attached to the jack and six wires tied around the blue sheeting. Meanwhile all of the wires in the closet are attached to each other, so it'll be fun figuring out which goes to each room. I'll take the advice and put some connectors on those wires and the wall plates and see what can be done. If I've got the sequence right, it's wall jack (RJ45) -> cat5 -> patch panel -> switch -> router -> modem right? As far as the other blank wall plates and what's behind them: Very strange. Just a red wire, black wire and stringy thing in a grey sheeting. No voltage, 12" of wire inside the boxes.
|
|
#
?
Jun 29, 2017 01:51
|
|
|
You can get tone tracers for pretty cheap on amazon.
|
|
#
?
Jun 29, 2017 02:04
|
|
|
Omne posted:If I've got the sequence right, it's wall jack (RJ45) -> cat5 -> patch panel -> switch -> router -> modem right? quote:As far as the other blank wall plates and what's behind them: Very strange. Just a red wire, black wire and stringy thing in a grey sheeting. No voltage, 12" of wire inside the boxes. CrazyLittle fucked around with this message at 02:37 on Jun 29, 2017 |
|
#
?
Jun 29, 2017 02:35
|
|
|
unknown posted:the active splitter gives your cable boxes more signal (aka: more speed for modem). The best is to make sure your cable modem is on the port with "-4db" (the one with nothing plugged into it). Don't put an amplifier before your modem. Have a 2 way splitter going to your modem then the other leg split to your Cable TV box drops. If you need power for the TV side, amplify it. If your modem isn't getting a good signal after this, have your Cable company ramp up the power.
|
|
#
?
Jun 29, 2017 03:35
|
|
|
DizzyBum posted:Latest firmware, yes. Haven't contacted TP-Link yet so I'll do that. I cross flashed my C5 to a C7 and have no problems with wifi dropping out using the latest C7 version firmware Instructions; http://www.hagensieker.com/archerc5toc7/index.php
|
|
#
?
Jun 29, 2017 17:26
|
|
|
I got a new ISP router, and for some reason, my download speed caps at 9 Mbps now. The router was upgraded from 100/30 to 140/30 which made it crash, and the technician then replaced the router with a newer model. I'm using a standard Ethernet hub/splitter to add more ports, and my desktop via Ethernet seems to be the only one affected. When I plug it directly into the router, I get the full speed. Any idea what's up? I got shocked when I pulled the Ethernet out of the hub when I was trying to debug the initial issue, which seems like something that should never happen with an Ethernet port.
|
|
#
?
Jun 30, 2017 10:54
|
|
|
ufarn posted:I got a new ISP router, and for some reason, my download speed caps at 9 Mbps now. The new router is may be auto-negotiating with the switch at 10 Mbit instead of 100 or 1000. I'd check your cables in case you have a bad one or a bad connector. Also see if there's any settings on the modem for LAN port speed.
|
|
#
?
Jun 30, 2017 11:06
|
|
|
Hello thread. Some friends and I are moving into a new place, and we're looking to set up internet there. The OP was pretty straightforward, but I was hoping I could get some help / recommendations. We'll be getting Spectrum cable, which offers "up to 100 Mbps" for $45 / month. We're going to using the internet pretty heavily, no TV or anything else, so we're looking to get the best speeds we can on the best possible connection. Four people on multiple devices, lots of streaming, torrenting, uploading, and gaming going on. We're all broke twenty-somethings, but we don't mind spending a little extra on the best hardware we can get. What would be some good bang-for-your-buck modems and routers for us to get? Would the ones listed in the OP be compatible with our ISP? Anything I'm missing? Anything else I should know or look into? Thanks! literally this big fucked around with this message at 09:13 on Jul 1, 2017 |
|
#
?
Jul 1, 2017 07:38
|
|
|
Similar situation to the above, I'm looking to reduce my ISP bill. I only use internet, but live alone so I am only running a max of 2 devices at a time. I am currently paying $95 a month for what's supposed to be a 25mbps connection (and a basic cable service I don't use), though I just ran an internet speed test and I'm apparently getting 85mbps - I don't think that I can really utilize that speed as I only perform basic streaming/gaming/etc. with only occasional large downloads. In any case, short of getting my own modem and router and getting rid of the $10 rental fee, I'm not seeing any options to really reduce my costs with Comcast, as the plans they currently have on offer are either MORE expensive, or offer a sharp decline in service for only a minimal decrease in cost. One of the other ISPs in the Sacramento area is a group called Sonic which offers 20mbps for $50 per month (after an intro rate of $40 for a year). Apparently Sonic is rolling out Fiber networks primarily in the San Francisco area, but in Sacramento, the service is delivered over AT&T hardware with a Fiber-To-Node data line, so I'd have to use AT&T service people and possibly their hardware. Does anyone have any experience with Sonic's Fiber-to-node service? Would it even be worth downgrading to 20mbps for $50, or should I just get my own modem/router setup and keep my current service for $85 after I get rid of the equipment rental fee? Edit: After doing some additional research, I called Comcast, and got them to reveal that there was an internet only plan available at the same speed I have now for $20 cheaper - an option they didn't list on their website at all. When I replace their modem with my own (hopefully by monday), it'll be a net savings of $30. Thanks for anyone's time and consideration! Riders of Brohan fucked around with this message at 23:47 on Jul 1, 2017 |
|
#
?
Jul 1, 2017 19:12
|
|
|
Is there anything I can do if a wireless network in my vicinity insists on picking the same SSID as my network? It seems like it's trying to steal my WPA key (I connected to it from a live Linux for investigation and it redirects all HTTP requests to a page that wants you to enter a WLAN WPA key), and it wouldn't even really bother me, but every device stops connecting to my real wireless network as soon as they find the second one with the same SSID. Yes, I've tried changing my SSID, the other network just changes it too within an hour, even if SSID broadcasting is off. Admiral H. Curtiss fucked around with this message at 18:19 on Jul 2, 2017 |
|
#
?
Jul 2, 2017 18:16
|
|
|
If the malicious base station doesn't have your WPA key, how are your devices associating with it to even trigger the HTTP redirect? The authentication would fail and the client devices should retry and/or attempt to associate with another base station. Is the malicious station spoofing MAC address too? The attack sounds pretty aggressive, but I don't see what the point is other than a DoS. Maybe your own router got hacked?
|
|
#
?
Jul 2, 2017 18:48
|
|
|
|
| # ? May 30, 2024 19:16 |
|
|
My devices are not connecting to it, that was just me manually doing it once on a live Linux boot to check out what the hell it is. Rather, they don't connect to either network as soon as the second one shows up, for whatever reason. I don't think it's my router, as the malicious network persists even if I pull its power plug.
|
|
#
?
Jul 2, 2017 18:54
|
|