Technical Discussion
  >> Home Networking, Internet Connection Sharing, etc.


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread
Standard User dsf58
(newbie) Tue 26-Jul-16 13:04:38
Print Post

Time to upgrade home network


[link to this post]
 
I have just "cooked" my old ADSL modem/Wireless router. (It had to be on a window sill and despite shading it and raising it on blocks to improve ventilation it still died).

So I am on a temporary replacement but thinking what to do next.

0. At home I run: laptop, tablets, smartphone, smart TV - rarely more than one at a time
1. I am on ADSL getting about 7Mbps and currently happy with what I have (very occasional buffering when I do watch catchup TV is minor inconvenience).
2. Changing costs (or better cloud computing) may persuade me to move to ADSL2 or even fibre (FTTC - about 100m away)
3. I am concerned about network security and have never liked not being able to update my firmware. This may point me towards open-wrt compatible equipment.
4. I have also wondered about a better firewall (thinking for instance that better control over "phone home" will give me more privacy and more security against malware). Something like Sophos UTM Home Edition looks as if it might be interesting. This would also give me a VPN to link back to when using unsecured wi-fi away from home.

My initial conclusions are that I should not be looking for another "single box" solution - unless the view is that the boxes are now so cheap that replacing them every year or so is economically (if not environmentally) viable.

So, I am thinking:
1. a relatively "dumb" ADSL modem (which I can then swap if I upgrade to ADSL2 or fibre). Choose carefully and I may be able to get one unit that is upwards compatible.
- ethernet connection out of the back of the "modem" into -
2. a relatively "clever" "box" that handles security. For the Sophos type solution this would be a dedicated low powered PC.
- ethernet connection out of the back of the "box" into -
3. a relatively "dumb" router and wireless access point (possibly even the temporary modem/router that I am using at the moment).

Alternatively 2&3 might be combined in a open-wrt compatible box.

Obviously I don't want to spend a fortune; I am thinking of £100 max plus the cost of any hardware to run "box 2" in the above list.

Any ideas or suggestions?
(The router review pages look a little out of date!)

David
Standard User Skilty
(committed) Thu 28-Jul-16 20:35:05
Print Post

Re: Time to upgrade home network


[re: dsf58] [link to this post]
 
Something like the BT OR HG612 strictly as a modem for (1).

Then a small box (A4-5000 supports AES) for around £150 to handle UTM (Sophos, Untangle or pfSense+Snort etc) for (2 + 3).

I would then look at the Ubiquiti UAP-AC-LITE or UAP-AC-PRO for wifi.

You end up with best of breed for all three components. When a new wifi standard comes out simply swap out the Ubiquiti AP for another.

I am in the process of ditching my Asus RT-AC87U for the above myself. Constant complaints about "bad" wifi and the fact that switching QoS on the Asus switches off hardware acceleration...

plusnet Fibre > Sky Fibre Pro > Pulse8 Fibre XL - 14ms Ping, Sync ~ 65.78/18.73Mbps - BQM
Standard User dsf58
(newbie) Fri 29-Jul-16 10:42:08
Print Post

Re: Time to upgrade home network


[re: Skilty] [link to this post]
 
Thanks, thinking along the sort of lines that I was, although I had not thought of separating the wifi from the router - which is logical if you are investing principally in a secure router [2+3 in my OP] (which will hopefully have a long life).

Some new products for me to research, but I feel more secure with open source which is frequently updated than with proprietary that either can't be updated or is updated very infrequently even when you read about live exploits.

Home security has to look secure as well as be secure, so I like the security of boxes "in a line" and being able to "see" what each does. Doing it by virtualisation feels/looks less secure (another link in the chain to fail) and takes up CPU cycles etc.

I don't think it is "tin hat" time to want a secure home network. It's not that I want to stop the NSA from coming and calling (besides they should have better things to do), it's that if they can others can and the latter may create havoc or just steal personal identity information which can then result in a lot of hassle!


Register (or login) on our website and you will not see this ad.

Standard User Skilty
(committed) Fri 29-Jul-16 10:48:43
Print Post

Re: Time to upgrade home network


[re: dsf58] [link to this post]
 
So for my setup I am looking at:


Modem >>> Dedicated UTM/Router Athlon A4-5000 (offers AES and performs better than a J1900 Soc) >>> WAP

pfSense is free and open source you need to add things like Snort, Squid and AV to create a UTM.

Untangle is $50 per year for home use and is a UTM

There is also Sophos UTM but people have some complaints around the XGH version of the product.

I did think abut putting pfSense on my VMWare server but backed away from it simply because if I mess up the VLANs then there could be little to no protection.

I want it because with 4 streams of Netflix on the go along with Sky Q things can slow down a little so I want QoS and be able to stop the kids from going to places they shouldn't or at least see where they have been and control the time they can surf etc.

plusnet Fibre > Sky Fibre Pro > Pulse8 Fibre XL - 14ms Ping, Sync ~ 65.78/18.73Mbps - BQM
Standard User Skilty
(committed) Fri 29-Jul-16 14:34:04
Print Post

Re: Time to upgrade home network


[re: dsf58] [link to this post]
 
This is what I am looking at for your points 2+3:

2x Corsair DDR3 1600MHz 4GB 1X240 DIMM Unbuffered
ASRock QC5000M-ITX/PH AMD A4-5000 Motherboard
Dual NIC Intel PCIe card (already own, bought from the bay for £20) for WAN/LAN
Cooler Master Elite 110 USB3.0 Mini-ITX Case
300w PSU
Hard Drive (already own)

All up around £150 plus £120 for the Ubiquiti AP. Will then try both pfSense and Untangle to see which I prefer.

plusnet Fibre > Sky Fibre Pro > Pulse8 Fibre XL - 14ms Ping, Sync ~ 65.78/18.73Mbps - BQM
Standard User dsf58
(newbie) Fri 29-Jul-16 20:43:57
Print Post

Re: Time to upgrade home network


[re: Skilty] [link to this post]
 
Thanks for the spec of your "box". I have been looking at various mini pc suppliers (like http://www.pcspecialist.co.uk) but have always fancied just "getting the bits" presumably from the likes of Maplin RS and Dabs (or am I out of date with suppliers - dabs.com now takes me to BT Shop! Perhaps it's ebay or Amazon now!).

300s PSU: Is that just because that is "how they come" or does your box have an appreciable power consumption? For something "always on" I was hoping for something with a considerably lower power demand.

Does the motherboard include HDMI for plugging in a monitor (keyboard via USB) whilst you set it up or can that be done remotely (as with purchased routers)? Bringing a totally "dead" box alive is I guess the major uncertainty for people who have not done it before. I am anticipating something like installing Linux via a boot from USB.

Is your LAN entirely wireless or is there another bit (I for instance have an old netgear ethernet hub from my pre-internet home network (4 ports one switchable between "normal and uplink").

I would like to recommission my NAS (which I switched off when I detected it was leaking to the outside world) and I was anticipating cable connecting it to the "secure" side of the firewall box.
Standard User Skilty
(committed) Fri 29-Jul-16 20:57:59
Print Post

Re: Time to upgrade home network


[re: dsf58] [link to this post]
 
I tend to use Scan or Ebuyer for server parts these days. Overclockers or Scan for my gaming rig. Yes, Dabs is now owned by BT smile

300w simply because it was relatively cheap to be honest. I would consider a 150w picoPSU but they aren't that cheap and most MATX cases leave a gaping hole in the back where a PSU is supposed to go.

Depends on the motherboard, some offer VGA, DVI and HDMI! The SuperMicro boards have IPMI so you can access the BIOS etc remotely (I use it on my 56TB VMWare box, runs Windows Server 2012, Linux, FreeBSD and whatever else I fancy having a play with).

My network consists of the BT modem feeding my current router (Asus RT-AC87U) that then feeds the SamKnows box, that then feeds four 8 port gigabit switches connecting to a 48 port patch panel for my internal wired network and the plan will be to use the Ubiquiti AP in place of the Asus router for the internal WiFi. We have a number of dead spots so I will probably have an AP for each floor as they can also do zero handoff.

The last step will be to do away with the Asus completely by replacing it with the pfSense box.

plusnet Fibre > Sky Fibre Pro > Pulse8 Fibre XL - 14ms Ping, Sync ~ 65.78/18.73Mbps - BQM
Standard User panda
(committed) Fri 29-Jul-16 21:48:24
Print Post

Re: Time to upgrade home network


[re: dsf58] [link to this post]
 
I built a small and silent (no moving parts) system based upon an Intel Atom DN2800MT fitted in a M350 mITX case, running Smoothwall.

It provides the usual firewalling functions, along with web filtering (e2Guardian), SMTP filtering (qpsmtpd/Dspam), Intrusion Detection (Snort), VPN (Zerina/OpenVPN) - and others - by the addition of available 'mods'.

Keyboard & screen are only required during initial installation, although I have mine connected to a KVM switch along with my web/mail server.
Power usage (as measured by a device similar to a 'Kill-a-Watt') is between typically 15-20W.

It's a few years old now, but still provides ample capacity for my use.

Eats shoots and leaves.

Edited by panda (Fri 29-Jul-16 21:56:19)

Standard User dsf58
(newbie) Tue 09-Aug-16 12:43:50
Print Post

Re: Time to upgrade home network


[re: panda] [link to this post]
 
Thanks to all for the thoughts so far. I need to start researching specific boxes (taking great care with the descriptions that some retailers use - the words modem, router, switch, hub etc., seem to be used with remarkably little care in some places!)

Initially I think I will concentrate on the main "security box". I think I can take my existing Netgear modem/router and disable the wifi and use it (as a ADSL modem) to feed "the box" and then take the output of the box by wire into my existing Netgear hub (to provide ethernet) and plug a new wireless unit into that (to provide wifi).
Standard User APTMAN
(regular) Wed 10-Aug-16 00:35:29
Print Post

Re: Time to upgrade home network


[re: dsf58] [link to this post]
 
My setup is.
BT ADSL2 long phone line, block of static IP's > HG612, Modem only in bridge mode feeds in to a Smoothwall firewall which also does the routing, with 4 Ethernet card , Network LAN, DMZ for server, WiFi LAN, Spare LAN.
I up-graded my Smoothwall box with the parts from https://www.cclonline.com/
I also monitor my ADSL 24/7 http://www.s446074245.websitehome.co.uk/index.html
http://forum.kitz.co.uk/index.php/board,46.0.html

If your exchange has been up-graded to 21CN you may ask your ISP to do a free up-grade from ADSL to ADSL2 to get some improvement in your connection.

Also I mount my HG612 1" (25mm) off the wall and mount it vertically to get good ventilation.
Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread

Jump to