I am planning to eventually build my own home server, and when I do I will hook it up via ethernet. But I do want to switch away from the generic FIOS router and use my own for more control over my data and security. Any recommendations?
If you want the full control use https://opnsense.org/ on a mini pc or in a VM on your home server.
Can this work with the “off the shelf” mesh routers.
This seems like it’s geared toward higher power hardware that’s not generally available on a consumer-grade router.
You could buy a $300 consumer router and it would be worse than just using an old PC with OPNsense.
I bought a mini pc with four Ethernet ports and turned that into a router
This right here. get something cheap, throw opnsense or pfsense on it and start learning. It will probably be incredibly frustrating at first but when it starts to click then it is really fun and rewarding.
I bought an old dell r210ii years ago and threw pfsense on it then swapped to opnsense and could not be happier. It is still in use today, a good 6 years later.
I did mine by just adding some iptables rules to set up NAT. It’s all of four commands:
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.confiptables –t nat -s 192.168.0.0/16 –A POSTROUTING –o $wan0 -j MASQUERADEiptables –A FORWARD –i $wan0 –o $lan0 –m state --state RELATED, ESTABLISHED -j ACCEPTiptables –A FORWARD –i $lan0 –o $wan0 –j ACCEPTJust set
$lan0and$wan0to your LAN and WAN interfaces. For wifi I’ve got a couple Unifi access points around the house for good coverage.Yes, I know IPv6 is better and yadda yadda yadda but I can’t remember the addresses let alone type them so I’m not changing anything.
I did this as well, but I’m wondering if it was the wrong call. It’s harder to work with firewalls (particularly if docker is involved), and I’ve struggled with stuff like SyncThing.
Most likely more learning could solve it, but I wonder if I should switch to a dedicated router OS where more support resources are available.
I’ve got almost all of my services running on a separate, bigger system and only have a couple ports open on this one. Iptables isn’t too hard once you understand the shorthand.
You already have some good suggestions, so i just want to mention openWRT which can be flashed on off-the-shelf router combo (just check their supported devices first, if you go this route)
Love OpenWRT!
As a networking noob I spent more than a week configuring it to get it right, including needing to SSH into it because I flashed the wrong firmware (do not get NA and EU confused, the difference is enough to flat line your modem).
But in the end, I eliminated my bufferbloat with SQM; a feature the stock device lacked. I also set up a USB to act as expanded storage to install more software.
My TP-Link ER8411 can’t be flashed with OpenWRT even though their software is based on a very old version of it. :(
I have 10Gbps internet and can’t find any 10Gbps routers that support custom firmware. Building a pfSense system that supports 10Gbps would be much more expensive and use more power than a router that has a purpose-built SoC.
Have you thought about getting something like this?
Everyone has some great recommendations. I didn’t see anything about Ubiquiti so I’ll throw it out there since I’ve had a good experience with them. The Dream Machine is for home/small office setups and is fairly inexpensive for what it does: https://store.ui.com/us/en/collections/unifi-dream-router.
Edit: it’s now the dream router. They changed the name it seems.
This is interesting, I hadn’t seen this from them before and I’m in the market for a new router! Does this play nicely with additional access points?
They work with existing Ubiquiti AP’s no problem. I have the Dream Machine (I guess Dream router now) and it’s awesome. Wish I got the Dream Machine Pro which is switch-like and comes with no AP’s so you have to add them as needed and it supports cameras.
I have an older version but I think they all work pretty much the same. It should work fine for you depending on the brand/voltage of the APs you have currently.
I wish they had more 2.5G or even SPF+ options in this range. I’m lucky enough to have a >1gigabit home connection but router options are surprisingly limited if I want that full connection speed going to my server
I’ve had amazing luck with the Synology routers. You can start with one then if you want/need you add more to create a mesh network. I find the interface easy as well. My 2 cents of course…
Another vote for Synology here. I have 2 RT2600 and 1 RT1600 between myself and my parents houses. They have been completely bullet proof and the oldest one is going on 7 years old now.
It all depends on the features you want in that router and how much you’re willing to spend. I bought a MikroTik hAP ax3, which has many enterprise features (that can come handy to us selfhosters as well) that I found myself not necessarily needing, but definitely enjoying.
I like the fritzbox ones but I think in USA the best is the base Unifi one (dream router)
Or a cheap decommissioned thinkcentre tiny m700 with opnsense
if you run a router on a computer like you suggest, can you also do other stuff with the computer like file serving? or is it a single function device for reasons of security or system resources?
UniFi Dream Router is also a nice router for internet speeds up to 700 Mbps.
Ubiquiti is hot garbage on a good day.
Pfsense or opnsense are really powerful options.
You’ll need a wireless access point as well, but those two are quite powerful and can run on quite powerful hardware.
I just got a MikroTik RB5009UPr+S+in and I’m loving it so far. I’m going to pair it with their AX ceiling wireless AP if I can ever catch it on sale again.
I want that router, but I don’t have a good reason to give my wife why our RB4011 needs to be upgraded…lol
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters AP WiFi Access Point DNS Domain Name Service/System NAT Network Address Translation PiHole Network-wide ad-blocker (DNS sinkhole) RPi Raspberry Pi brand of SBC SBC Single-Board Computer SSH Secure Shell for remote terminal access Unifi Ubiquiti WiFi hardware brand VPN Virtual Private Network
8 acronyms in this thread; the most compressed thread commented on today has 14 acronyms.
[Thread #26 for this sub, first seen 11th Aug 2023, 15:25] [FAQ] [Full list] [Contact] [Source code]
Good bot
Can you give us some details about your house?
My house was built in the golden age of having voip landlines that needed CAT 5e cable but before cell phones were the norm so I have a wired backhaul mesh.
I live in a town house with relatively good Wifi signal coverage with no extenders needed. I am planning on eventually paying a professional to get wall Ethernet ports installed so I can hook up my most network dependent devices (gaming desktop, gaming devices) and use the router with the rest that wouldn’t make sense to hook into Ethernet.
I’m using a ~30 USD thin client with a 4 port networking card (~20 USD), just using plain
nftableson Debian. It routes handles my network just fine (complex rule set with many subnets & rules, 250/100 Mbps connection). Also using codel/cake for traffic shaping, avoiding lousy ping times even when downloading/streaming et c.I use two TP-Link EAP 245v3 (ancient by now, but I can still use all my WAN speed from all rooms) for WiFi. Works great.
If I would redo it I’d use VyOS, OpenWRT or maybe OPNSense, but still using x86 hardware due to cost/power usage/performance. And then newer ceiling access points.
I don’t know if it’s the best one, but I’ve been using Mikrotik Hex S for years and it’s been a great experience so far.
Mikrotik RB5009 is my router.
Moving to OPNsense
