Technical Discussion
  >> Home Networking, Internet Connection Sharing, etc.


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread
Standard User dsf58
(newbie) Tue 26-Jul-16 13:04:38
Print Post

Time to upgrade home network


[link to this post]
 
I have just "cooked" my old ADSL modem/Wireless router. (It had to be on a window sill and despite shading it and raising it on blocks to improve ventilation it still died).

So I am on a temporary replacement but thinking what to do next.

0. At home I run: laptop, tablets, smartphone, smart TV - rarely more than one at a time
1. I am on ADSL getting about 7Mbps and currently happy with what I have (very occasional buffering when I do watch catchup TV is minor inconvenience).
2. Changing costs (or better cloud computing) may persuade me to move to ADSL2 or even fibre (FTTC - about 100m away)
3. I am concerned about network security and have never liked not being able to update my firmware. This may point me towards open-wrt compatible equipment.
4. I have also wondered about a better firewall (thinking for instance that better control over "phone home" will give me more privacy and more security against malware). Something like Sophos UTM Home Edition looks as if it might be interesting. This would also give me a VPN to link back to when using unsecured wi-fi away from home.

My initial conclusions are that I should not be looking for another "single box" solution - unless the view is that the boxes are now so cheap that replacing them every year or so is economically (if not environmentally) viable.

So, I am thinking:
1. a relatively "dumb" ADSL modem (which I can then swap if I upgrade to ADSL2 or fibre). Choose carefully and I may be able to get one unit that is upwards compatible.
- ethernet connection out of the back of the "modem" into -
2. a relatively "clever" "box" that handles security. For the Sophos type solution this would be a dedicated low powered PC.
- ethernet connection out of the back of the "box" into -
3. a relatively "dumb" router and wireless access point (possibly even the temporary modem/router that I am using at the moment).

Alternatively 2&3 might be combined in a open-wrt compatible box.

Obviously I don't want to spend a fortune; I am thinking of £100 max plus the cost of any hardware to run "box 2" in the above list.

Any ideas or suggestions?
(The router review pages look a little out of date!)

David
Standard User Skilty
(committed) Thu 28-Jul-16 20:35:05
Print Post

Re: Time to upgrade home network


[re: dsf58] [link to this post]
 
Something like the BT OR HG612 strictly as a modem for (1).

Then a small box (A4-5000 supports AES) for around £150 to handle UTM (Sophos, Untangle or pfSense+Snort etc) for (2 + 3).

I would then look at the Ubiquiti UAP-AC-LITE or UAP-AC-PRO for wifi.

You end up with best of breed for all three components. When a new wifi standard comes out simply swap out the Ubiquiti AP for another.

I am in the process of ditching my Asus RT-AC87U for the above myself. Constant complaints about "bad" wifi and the fact that switching QoS on the Asus switches off hardware acceleration...

plusnet Fibre > Sky Fibre Pro > Pulse8 Fibre XL - 14ms Ping, Sync ~ 65.78/18.73Mbps - BQM
Standard User dsf58
(newbie) Fri 29-Jul-16 10:42:08
Print Post

Re: Time to upgrade home network


[re: Skilty] [link to this post]
 
Thanks, thinking along the sort of lines that I was, although I had not thought of separating the wifi from the router - which is logical if you are investing principally in a secure router [2+3 in my OP] (which will hopefully have a long life).

Some new products for me to research, but I feel more secure with open source which is frequently updated than with proprietary that either can't be updated or is updated very infrequently even when you read about live exploits.

Home security has to look secure as well as be secure, so I like the security of boxes "in a line" and being able to "see" what each does. Doing it by virtualisation feels/looks less secure (another link in the chain to fail) and takes up CPU cycles etc.

I don't think it is "tin hat" time to want a secure home network. It's not that I want to stop the NSA from coming and calling (besides they should have better things to do), it's that if they can others can and the latter may create havoc or just steal personal identity information which can then result in a lot of hassle!


Register (or login) on our website and you will not see this ad.

Standard User Skilty
(committed) Fri 29-Jul-16 10:48:43
Print Post

Re: Time to upgrade home network


[re: dsf58] [link to this post]
 
So for my setup I am looking at:


Modem >>> Dedicated UTM/Router Athlon A4-5000 (offers AES and performs better than a J1900 Soc) >>> WAP

pfSense is free and open source you need to add things like Snort, Squid and AV to create a UTM.

Untangle is $50 per year for home use and is a UTM

There is also Sophos UTM but people have some complaints around the XGH version of the product.

I did think abut putting pfSense on my VMWare server but backed away from it simply because if I mess up the VLANs then there could be little to no protection.

I want it because with 4 streams of Netflix on the go along with Sky Q things can slow down a little so I want QoS and be able to stop the kids from going to places they shouldn't or at least see where they have been and control the time they can surf etc.

plusnet Fibre > Sky Fibre Pro > Pulse8 Fibre XL - 14ms Ping, Sync ~ 65.78/18.73Mbps - BQM
Standard User Skilty
(committed) Fri 29-Jul-16 14:34:04
Print Post

Re: Time to upgrade home network


[re: dsf58] [link to this post]
 
This is what I am looking at for your points 2+3:

2x Corsair DDR3 1600MHz 4GB 1X240 DIMM Unbuffered
ASRock QC5000M-ITX/PH AMD A4-5000 Motherboard
Dual NIC Intel PCIe card (already own, bought from the bay for £20) for WAN/LAN
Cooler Master Elite 110 USB3.0 Mini-ITX Case
300w PSU
Hard Drive (already own)

All up around £150 plus £120 for the Ubiquiti AP. Will then try both pfSense and Untangle to see which I prefer.

plusnet Fibre > Sky Fibre Pro > Pulse8 Fibre XL - 14ms Ping, Sync ~ 65.78/18.73Mbps - BQM
Standard User dsf58
(newbie) Fri 29-Jul-16 20:43:57
Print Post

Re: Time to upgrade home network


[re: Skilty] [link to this post]
 
Thanks for the spec of your "box". I have been looking at various mini pc suppliers (like http://www.pcspecialist.co.uk) but have always fancied just "getting the bits" presumably from the likes of Maplin RS and Dabs (or am I out of date with suppliers - dabs.com now takes me to BT Shop! Perhaps it's ebay or Amazon now!).

300s PSU: Is that just because that is "how they come" or does your box have an appreciable power consumption? For something "always on" I was hoping for something with a considerably lower power demand.

Does the motherboard include HDMI for plugging in a monitor (keyboard via USB) whilst you set it up or can that be done remotely (as with purchased routers)? Bringing a totally "dead" box alive is I guess the major uncertainty for people who have not done it before. I am anticipating something like installing Linux via a boot from USB.

Is your LAN entirely wireless or is there another bit (I for instance have an old netgear ethernet hub from my pre-internet home network (4 ports one switchable between "normal and uplink").

I would like to recommission my NAS (which I switched off when I detected it was leaking to the outside world) and I was anticipating cable connecting it to the "secure" side of the firewall box.
Standard User Skilty
(committed) Fri 29-Jul-16 20:57:59
Print Post

Re: Time to upgrade home network


[re: dsf58] [link to this post]
 
I tend to use Scan or Ebuyer for server parts these days. Overclockers or Scan for my gaming rig. Yes, Dabs is now owned by BT smile

300w simply because it was relatively cheap to be honest. I would consider a 150w picoPSU but they aren't that cheap and most MATX cases leave a gaping hole in the back where a PSU is supposed to go.

Depends on the motherboard, some offer VGA, DVI and HDMI! The SuperMicro boards have IPMI so you can access the BIOS etc remotely (I use it on my 56TB VMWare box, runs Windows Server 2012, Linux, FreeBSD and whatever else I fancy having a play with).

My network consists of the BT modem feeding my current router (Asus RT-AC87U) that then feeds the SamKnows box, that then feeds four 8 port gigabit switches connecting to a 48 port patch panel for my internal wired network and the plan will be to use the Ubiquiti AP in place of the Asus router for the internal WiFi. We have a number of dead spots so I will probably have an AP for each floor as they can also do zero handoff.

The last step will be to do away with the Asus completely by replacing it with the pfSense box.

plusnet Fibre > Sky Fibre Pro > Pulse8 Fibre XL - 14ms Ping, Sync ~ 65.78/18.73Mbps - BQM
Standard User panda
(committed) Fri 29-Jul-16 21:48:24
Print Post

Re: Time to upgrade home network


[re: dsf58] [link to this post]
 
I built a small and silent (no moving parts) system based upon an Intel Atom DN2800MT fitted in a M350 mITX case, running Smoothwall.

It provides the usual firewalling functions, along with web filtering (e2Guardian), SMTP filtering (qpsmtpd/Dspam), Intrusion Detection (Snort), VPN (Zerina/OpenVPN) - and others - by the addition of available 'mods'.

Keyboard & screen are only required during initial installation, although I have mine connected to a KVM switch along with my web/mail server.
Power usage (as measured by a device similar to a 'Kill-a-Watt') is between typically 15-20W.

It's a few years old now, but still provides ample capacity for my use.

Eats shoots and leaves.

Edited by panda (Fri 29-Jul-16 21:56:19)

Standard User dsf58
(newbie) Tue 09-Aug-16 12:43:50
Print Post

Re: Time to upgrade home network


[re: panda] [link to this post]
 
Thanks to all for the thoughts so far. I need to start researching specific boxes (taking great care with the descriptions that some retailers use - the words modem, router, switch, hub etc., seem to be used with remarkably little care in some places!)

Initially I think I will concentrate on the main "security box". I think I can take my existing Netgear modem/router and disable the wifi and use it (as a ADSL modem) to feed "the box" and then take the output of the box by wire into my existing Netgear hub (to provide ethernet) and plug a new wireless unit into that (to provide wifi).
Standard User APTMAN
(regular) Wed 10-Aug-16 00:35:29
Print Post

Re: Time to upgrade home network


[re: dsf58] [link to this post]
 
My setup is.
BT ADSL2 long phone line, block of static IP's > HG612, Modem only in bridge mode feeds in to a Smoothwall firewall which also does the routing, with 4 Ethernet card , Network LAN, DMZ for server, WiFi LAN, Spare LAN.
I up-graded my Smoothwall box with the parts from https://www.cclonline.com/
I also monitor my ADSL 24/7 http://www.s446074245.websitehome.co.uk/index.html
http://forum.kitz.co.uk/index.php/board,46.0.html

If your exchange has been up-graded to 21CN you may ask your ISP to do a free up-grade from ADSL to ADSL2 to get some improvement in your connection.

Also I mount my HG612 1" (25mm) off the wall and mount it vertically to get good ventilation.
Standard User rhetherington
(committed) Sun 28-Aug-16 13:22:16
Print Post

Re: Time to upgrade home network


[re: dsf58] [link to this post]
 
Back when i was on ADSL i used a Draytek Vigor 120. This is a dumb modem that translates PPPoE (set in your router) into PPPoA for your ISP.

There's a newer model, the DrayTek Vigor 130, that does ADSL, ADSL2+ and VDSL2 (FTTC).

For small, x86 machines, these look pretty nice. 4 Intel NICs, a J1900 Celeron (3x the speed of the CPU in Panda's Smoothwall machine), starting at ~£130. Just add RAM and storage and install pfSense or some other firewall OS.

For the wireless either the Ubiquiti Unifi APs already mentioned, or routers flashed with OpenWrt.

My network is currently powered by OpenWrt. Next month i'll be ordering one of those J1900 boxes and installing pfSense on it. Then my OpenWrt routers will be reconfigured to serve purely as access points (4 networks, each on their own VLAN). Further down the line i'll probably replace them with Ubiquiti Unifi APs.
Standard User sergiup
(newbie) Tue 25-Oct-16 13:08:02
Print Post

Re: Time to upgrade home network


[re: rhetherington] [link to this post]
 
In reply to a post by rhetherington:
Back when i was on ADSL i used a Draytek Vigor 120. This is a dumb modem that translates PPPoE (set in your router) into PPPoA for your ISP.

There's a newer model, the DrayTek Vigor 130, that does ADSL, ADSL2+ and VDSL2 (FTTC).

For small, x86 machines, these look pretty nice. 4 Intel NICs, a J1900 Celeron (3x the speed of the CPU in Panda's Smoothwall machine), starting at ~£130. Just add RAM and storage and install pfSense or some other firewall OS.

For the wireless either the Ubiquiti Unifi APs already mentioned, or routers flashed with OpenWrt.

My network is currently powered by OpenWrt. Next month i'll be ordering one of those J1900 boxes and installing pfSense on it. Then my OpenWrt routers will be reconfigured to serve purely as access points (4 networks, each on their own VLAN). Further down the line i'll probably replace them with Ubiquiti Unifi APs.


I'd be very interested to know how you get on with those Celeron J1900 / quad LAN boxes; I was going to get one, but opted for a cheaper mATX Core2Duo based old PC with an HP quad-port NIC. I'm also sticking to UniFi APs (well, one so far) on the wireless side, but I'm going to try Sophos UTM or XG for the firewall.
Standard User rhetherington
(committed) Tue 25-Oct-16 14:47:23
Print Post

Re: Time to upgrade home network


[re: sergiup] [link to this post]
 
In reply to a post by sergiup:
I'd be very interested to know how you get on with those Celeron J1900 / quad LAN boxes; I was going to get one, but opted for a cheaper mATX Core2Duo based old PC with an HP quad-port NIC. I'm also sticking to UniFi APs (well, one so far) on the wireless side, but I'm going to try Sophos UTM or XG for the firewall.


Right after i ordered one of those J1900 boxes Ars Technica published an article on it.

I think the author of the article must have had a misconfiguration when using pfSense on his unit as i haven't experienced the same problems.

I did have a few problems though:

* Customs charge of £19. Expected, but annoying.

* The power supply blew on initial plug-in (loose solder) and local shops wanted between £30 (Maplin) and £45 (Currys/PC World) for a replacement. I ended up ordering one from Amazon for £12 (£8 + £4 shipping) and a spare from China for £4.50.

* My J1900 box ran pretty hot, idling at 65C. I replaced the thermal paste between the heatsink and chassis with Artic Silver and the thermal pad between the CPU and heatsink with a thicker, 1.5mm, Fujipoly one. It now idles at <45C.

These little boxes make great routers and i don't regret buying it, but i did end up paying more than i expected. With the box itself + customs fee + mSATA SSD + replacement PSU + thermal pad i ended up paying around £190 (and that's only because i had 4GiB of compatible RAM lying around).

CPU usage varies between 5-8% but i'm currently only running two additional packages (Avahi and pfBlockerNG blocking >100,000 ad domains).

For Wifi I'm using my old OpenWrt routers as pure access points. I am eventually planning on replacing them with Unifis but have decided to hold off until after Christmas.
Standard User MHC
(sensei) Tue 25-Oct-16 15:02:00
Print Post

Re: Time to upgrade home network


[re: rhetherington] [link to this post]
 
In reply to a post by rhetherington:
* Customs charge of £19. Expected, but annoying.



How much was the "handling" levied by the Royal Mail or carrier? The rest, I assume would be VAT.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

M H C


taurus excreta cerebrum vincit
Standard User rhetherington
(committed) Tue 25-Oct-16 17:08:08
Print Post

Re: Time to upgrade home network


[re: MHC] [link to this post]
 
£19 was the total cost, not sure what the breakdown was. IIRC the carrier was DHL.
Standard User MHC
(sensei) Tue 25-Oct-16 17:11:25
Print Post

Re: Time to upgrade home network


[re: rhetherington] [link to this post]
 
If it was DHL, you were lucky. They are apparently te cheapest when it comes to collecting VAT and duty payment. Yours will have been VAT only though. At a guess the device was around £55-60 plus £11-12VAT and £7-8 handling.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

M H C


taurus excreta cerebrum vincit
Standard User rhetherington
(committed) Tue 25-Oct-16 18:42:27
Print Post

Re: Time to upgrade home network


[re: MHC] [link to this post]
 
Cost of the PC was £130 (i think that was with shipping at the time i bought it, now it's an extra £13) so they probably marked the price down on the customs declaration.

If anyone else is looking at these the Qotom-310G4 might be a better bet. Slightly cheaper with newer Intel NICs and CPU (half the number of cores, but each core is twice as performant as those of the J1900). I *think* Qotom pre-pays any VAT and fees to the shipping company too.

I haven't seen any reports on how well pfSense runs on this newer model though, so if anyone picks one up and tries it post your experiences.
Standard User MHC
(sensei) Tue 25-Oct-16 18:55:26
Print Post

Re: Time to upgrade home network


[re: rhetherington] [link to this post]
 
Prepay of customs/VAT will mean no fees paid to DHL though.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

M H C


taurus excreta cerebrum vincit
Standard User legume
(experienced) Wed 26-Oct-16 00:19:13
Print Post

Re: Time to upgrade home network


[re: MHC] [link to this post]
 
I use a J1900 (Asrock Q1900 DC itx).

For some reason they are way more expensive now than when new - I paid £78 + free delivery pre order on amazon - they are currently £118!

There are power state issues with Linux, but being headless + choosing right kernel can avoid. Uptime currently 202 days CPUs 39 degrees, max according to sensors is 105. I've never got above 68 when compiling stuff, there are no fans.

Of course I needed ram + a nas disk + case (used old netbook power block) The DC board will take 9-20v - I did have plans for a pico ups setup, but never got round to it. It's a PVR/TV streamer as well as a router/qos/firewall/server box with 2x DVB-T2 USB tuners and seems to have plenty spare CPU for what I use it for, it can easily max gig eth when copying stuff over.

Never did get round to getting a second nic for it - Open reach FTTC modem currently plugged into a switch. Not optimal WRT multicast but meh I'm stingy.
Standard User dsf58
(newbie) Sun 30-Oct-16 12:01:39
Print Post

Re: Time to upgrade home network


[re: dsf58] [link to this post]
 
The recent DDoS attack has made me think a bit more about my requirements and whether they reflect the requirement not to be an anti-social "netizen".

I had been thinking that installing an up-datable router (e.g. OpenWRT compatible) and then using my old less secure modem/router (with wifi disabled) as a pure ADSL modem would give me the main elements that I was looking for. Certainly my gut feel is that your primary investment should be in the router.

Recent events however have me wondering about the wisdom of using the old modem/router as a pure modem on the outside of my firewall. Would it be visible and "recruitable" into a bot network? Is it "dumb" enough (or can it be made dumb enough) to be used outside the firewall?

I may have protected my internal network, but I won't have protected my bandwidth and data allowance and might still have an "anti-social" setup.

I guess buying something like the DrayTek Vigor 130 ADSL/VDSL Ethernet Modem gives me that extra protection, but is that essentially all that I get for the £85 cost?

Edited by dsf58 (Sun 30-Oct-16 12:05:37)

Standard User sergiup
(newbie) Fri 04-Nov-16 09:39:51
Print Post

Re: Time to upgrade home network


[re: dsf58] [link to this post]
 
@dsf58 I think that's actually a very good point. As a baseline you should set the 'modem' so that it doesn't respond to WAN-side management requests, but as we've seen recently there's little guarantee that this is 100% secure for now and in future.

In theory, using it as a modem (bridge) only should mean that it doesn't get a public IP address and therefore it would be useless for most DDoS attacks. However, I wouldn't be surprised if some ISPs still assign them an IP address for their management purposes - I may well be wrong but I suspect Virgin do this even if the SuperHub is in modem mode for example.

I don't think there's a way around this really, as long as the modem is another box it will have some sort of potentially exploitable flaws; some manufacturers will be better at reducing the risk and issuing updates, some won't really care.
Standard User Scientistnsaint
(learned) Thu 07-Nov-19 16:28:23
Print Post

Re: Time to upgrade home network


[re: dsf58] [link to this post]
 
In reply to a post by dsf58:
the words modem, router, switch, hub etc., seem to be used with remarkably little care in some places!)

Do a search on this site for 'RJ45' and see how many uses of it are correct, i.e. are genuinely referring to a telephone system registered jack, and how many actually mean 8P8C.
Standard User Realalemadrid
(member) Thu 07-Nov-19 22:37:55
Print Post

Re: Time to upgrade home network


[re: Scientistnsaint] [link to this post]
 
I notice you have appeared on this forum recently with some strong opinions and quite a lot of posts, that's fine but is there any value in replying to a post that is well over 3 years old?
Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread

Jump to