|
Thermopyle posted:I got tired of my cable modems piss-poor status page, so I made this: This is cool. Yes. Please post details. Do you have a github or another more public space you can host this?
|
#
?
Jun 23, 2017 09:14
|
|
|
|
| # ? Apr 20, 2024 03:05 |
|
|
I recently got a UniFi Security Gateway 3P, UniFi Switch 8 POE-60W, and UniFi AP-AC-Pro. Setup was easy and performance is great, but holy poo poo does the POE switch run hot. Is it ok to let it run without some sort of external fan pointed on it? I guess it could be designed to operate this way but I don't think I've ever had a piece of networking gear run so hot.
|
|
#
?
Jun 23, 2017 14:49
|
|
|
snuff posted:Sorry if this is the wrong thread. Don't. Just don't. I've done this stuff for a living. Don't do it. Here's where you're going to fail hard - it's not anything physical - it'll be piracy. Using a commercial connection - your complex ownership is now guaranteeing that all it's tenants/users will not download the latest film, do childporn, all that crap. If just one person does it enough, your building connection gets cut off, and the remainder of the contract generally has to get paid out - usually immediately. Is the apartment complex willing to handle that financial risk? Probably not. (In a commercial environment, IT guy finds the culprit and they're [eventually] fired - you don't have that leverage in your setting). It'll be great when it works, but when it breaks (and it'll break in ways you don't like/want/know) you're going to go through hell. And it'll be at the worst time too since you're residential. You're going to start dealing with Bob having a cranky day and wanting to play the latest game and his ping times are 10% above what he wants (even though the server is in outer slobania on an isdn connection) and he'll be calling you at 10pm on a Friday when you want to go out with your friends or whatever and ranting for an hour about how the internet sucks and you need to fix it now. You'll spend 2 hours only to learn there's nothing wrong on your side of things. But now your night is finished. There's cheap technical solutions to what you want to do, but the biggest cost center isn't technical (hasn't been for a while) - it's everything else.
|
|
#
?
Jun 23, 2017 15:21
|
|
|
Thanks all, I will be giving up on the idea of a shared line. I already have a headache imagining all the poo poo that could happen.
|
|
#
?
Jun 23, 2017 20:41
|
|
|
snuff posted:Thanks all, I will be giving up on the idea of a shared line. I already have a headache imagining all the poo poo that could happen. Maybe the company offering the inexpensive shared line offers a managed service option? It's not unheard-of for a bandwidth provider to plop a managed switch at customer sites and provision different services on various ports.
|
|
#
?
Jun 23, 2017 21:20
|
|
|
As unknown mentioned the main issue here is a legal one, not a technical one. You need some way to make each user legally accountable for whatever stupid poo poo they download. That way they get sued and not you. The usual solution is for the ISP to sell connections directly to the people living in the building. That way the tenants are each responsible for their own poo poo and the ISP handles all the tech support. All the building owner has to do is allow the ISP to install the needed wiring to each apartment. Often times an ISP will want some sort of exclusivity agreement with the building owner when it comes to installing the wiring. This is how you often end up with stupid
|
|
#
?
Jun 24, 2017 02:22
|
|
|
Wouldn't passing a public IP to each unit cover this? Get a block big enough to cover all the units, give them a static for the WAN side of their crap, document each unit and then call it a day? I figure it wouldn't be under an individual's name, just the HOA.
|
|
#
?
Jun 24, 2017 03:39
|
|
|
You could do that, it's just it worth it. You're still the owner of those IPs and you're still managing equipment you shouldn't be. It's better to just have the ISP handle it.
|
|
#
?
Jun 24, 2017 03:59
|
|
|
Good call on that for liability reasons, unless the price per unit is insane.
|
|
#
?
Jun 24, 2017 05:06
|
|
|
I just want to make sure I'm not doing anything wrong before I pull the trigger on this and would appreciate opinions on it - I've had a router given for free by the ISP the last 4-5 years (100mbit & VoIP telephone). It's been at best adequate, but it's frankly time for an upgrade with more tablets, phones and lately a chromecast being added to the WiFi making the thing buckle. The OP recommends both the Ubiquiti Edgerouter X and the Ubiquiti Unifi AC Lite as an Access point. My goal is to have a network that supports 2 wired PCs, a wired Network Printer, 3 phones, 2 tablets and a TV hooked up to a Chromecast without crashing and burning. I'm assuming the two Ubiquiti products play nice together and aren't a nightmare to setup? My only experience with Home Networking is "Plugin cables, set Wifi password", but I'm willing to put in the time to learn how to set it up if it means I won't have to reboot the devices every few days. 
|
|
#
?
Jun 25, 2017 00:16
|
|
|
I need to buy a very secure wired router. Is there a spectrum of security for wired routers? I heard this one was pretty good: https://www.amazon.com/ZyXEL-Genera...0fc2bf30beeb371 But does anybody have a personal recommendation?
|
|
#
?
Jun 25, 2017 01:20
|
|
|
Well now I'm just interested, what constitutes "very secure" to you? What's the use case?
|
|
#
?
Jun 25, 2017 01:34
|
|
|
Internet Explorer posted:Well now I'm just interested, what constitutes "very secure" to you? What's the use case? Protection against hacking. Used for a small business.
|
|
#
?
Jun 25, 2017 01:42
|
|
|
Lamquin posted:I just want to make sure I'm not doing anything wrong before I pull the trigger on this and would appreciate opinions on it - I've had a router given for free by the ISP the last 4-5 years (100mbit & VoIP telephone). It's been at best adequate, but it's frankly time for an upgrade with more tablets, phones and lately a chromecast being added to the WiFi making the thing buckle. Setting up the Edgerouter is pretty easy. There's a guide to get you going here - it takes you through connecting to the device and running a wizard to get your network set up. You can get it all set up before swapping out your old router, so you can stay connected to the internet if you need help. The access point is also pretty easy as well, the only hitch is that it's not managed by the router - you have to use the Unifi Controller software on a different device to get it set up. The controller sets the wireless name and network that the access point will use, and allows you to set the IP address of the AP once it's connected to the controller. You don't need to have the controller running for the AP to work once it's all set up.
|
|
#
?
Jun 25, 2017 18:33
|
|
|
Actuarial Fables posted:Setting up the Edgerouter is pretty easy. There's a guide to get you going here - it takes you through connecting to the device and running a wizard to get your network set up. You can get it all set up before swapping out your old router, so you can stay connected to the internet if you need help. You can even just do this with the Android or iPhone app now too, works pretty well if you're just doing a quick install.
|
|
#
?
Jun 25, 2017 18:44
|
|
|
Actuarial Fables posted:Setting up the Edgerouter is pretty easy. There's a guide to get you going here - it takes you through connecting to the device and running a wizard to get your network set up. You can get it all set up before swapping out your old router, so you can stay connected to the internet if you need help. I've been a big fan of the ERL, but I just set up an install with a USG and Unif WAP and I think if we are going to recommend Unifi WAPs we might as well just recommend the USG to go with it. If you're going to need to set up the controller software anyways, might be easier for most people.
|
|
#
?
Jun 25, 2017 20:23
|
|
|
I have a device that you connect your phone to, then tell it the wifi details for your setup and it in turn connects to the router. I'm having issues with it at this stage and am wondering if it's an IP thing. I've seen it turn up very briefly in the DHCP list but then disappear again. The device itself has an internal IP of 192.168.10.1, so I thought I'd reserve this IP on the router for it, but it tells me that's an invalid IP. My router is currently at 192.168.1.1 with the 255.255.255.0 subnet. Should something with a 10.1 IP be able to connect to this? What should I set the router up as if not? (I read someone's review saying to make sure the router isn't 10.1 as it'll clash, I'm wondering if something similar is happening).
|
|
#
?
Jun 25, 2017 21:20
|
|
|
EL BROMANCE posted:I have a device that you connect your phone to, then tell it the wifi details for your setup and it in turn connects to the router. I'm having issues with it at this stage and am wondering if it's an IP thing. I've seen it turn up very briefly in the DHCP list but then disappear again. Your router is saying that it's an invalid IP address because you're trying to reserve an address that's out of the range of the network. Your router provides IP address from (I assume) 192.168.1.2 to 192.168.1.254. The internal IP address your device has, 192.168.10.1, could be for communications between the device and your phone, not between the device and your router. It should (from what I can tell) be just fine getting an IP address from your router as is. What device is it specifically?
|
|
#
?
Jun 25, 2017 22:21
|
|
|
It's a Quirky Link hub, it's old and rubbish and not supported anymore so I'm most likely just going to trash it and get a new Wink hub. It was in the house when we moved in, and was hoping it might control some of the lights here (although I've not seen any compatible bulbs yet) as they're on pull cords that have a habit of breaking. I've sunk too much time into it already to be honest, and I'm just going to put it down to good old fashioned unexplainable incompatibility. Thanks!
|
|
#
?
Jun 25, 2017 22:35
|
|
|
I replaced my fixtures with better ones that have chains that don't break. Not a networking solution, I know.
|
|
#
?
Jun 25, 2017 22:54
|
|
|
I noticed the guy in the ER-X video changed his DNS to Google's. Is this generally considered better practice than using your ISP's DNS? Also when configuring devices, should I set their DNS to the router's IP or to the ISP/Google addresses?
|
|
#
?
Jun 25, 2017 23:09
|
|
|
EL BROMANCE posted:It's a Quirky Link hub, it's old and rubbish and not supported anymore so I'm most likely just going to trash it and get a new Wink hub. It was in the house when we moved in, and was hoping it might control some of the lights here (although I've not seen any compatible bulbs yet) as they're on pull cords that have a habit of breaking. I've sunk too much time into it already to be honest, and I'm just going to put it down to good old fashioned unexplainable incompatibility. Thanks! Looking around, it seems as though you have to reset it to factory default if you need to change the WiFi settings. The support page (which doesn't allow text highlighting!!!) says to just power cycle the device to change the settings. I'd give that a shot if you're feeling up to it. CubanMissile posted:I noticed the guy in the ER-X video changed his DNS to Google's. Is this generally considered better practice than using your ISP's DNS? Also when configuring devices, should I set their DNS to the router's IP or to the ISP/Google addresses? Your ISP's server might be slow. They might redirect your to advertisements. They might block websites due to their content. They might go down for a while. They might log what sites you're requesting and sell that information. Or they might not, who knows. Google's DNS servers have really good up time and the IP addresses are easy to remember. There are plenty other publicly available DNS servers as well, if you don't like using Google. I configure my devices to go to the router for DNS. The router will do the lookup and cache the result for a while, so if any other device wants to lookup the same domain the router can instantly provide it instead of doing another lookup.
|
|
#
?
Jun 25, 2017 23:34
|
|
|
Actuarial Fables posted:Google's DNS servers have really good up time and the IP addresses are easy to remember. There are plenty other publicly available DNS servers as well, if you don't like using Google. Google's DNS servers may also have a rate limit to try to prevent certain types of DNS DDoS attacks, so if you're getting disconnected from the internet but pinging IP addresses still works, try switching back to your ISP's DNS servers.
|
|
#
?
Jun 25, 2017 23:55
|
|
|
Having a caching DNS on your own gateway is a great way to speed up domain queries. For me I have dnsmasq + unbound and they work well together.
|
|
#
?
Jun 26, 2017 00:04
|
|
|
Actuarial Fables posted:Looking around, it seems as though you have to reset it to factory default if you need to change the WiFi settings. The support page (which doesn't allow text highlighting!!!) says to just power cycle the device to change the settings. I'd give that a shot if you're feeling up to it. Yeah, I've power cycled it about 20 times, tried different sockets, tried a non-secure 2.4ghz line in case it was something to do with WPA2 it didn't like. Same result every time. It's not a big deal, id probably find out there's no bulbs set up here anyway!
|
|
#
?
Jun 26, 2017 00:46
|
|
|
Actuarial Fables posted:They might log what sites you're requesting and sell that information. I mean, there's a zero percent chance that Google's DNS is not doing that for Google's own benefit. But all the same I'd rather use theirs which actually returns in-spec responses, instead of Cox's DNS servers that kick back ad pages when a query fails.
|
|
#
?
Jun 26, 2017 00:49
|
|
|
IOwnCalculus posted:I mean, there's a zero percent chance that Google's DNS is not doing that for Google's own benefit. But all the same I'd rather use theirs which actually returns in-spec responses, instead of Cox's DNS servers that kick back ad pages when a query fails. You could use OpenDNS
|
|
#
?
Jun 26, 2017 01:33
|
|
|
IOwnCalculus posted:I mean, there's a zero percent chance that Google's DNS is not doing that for Google's own benefit. But all the same I'd rather use theirs which actually returns in-spec responses, instead of Cox's DNS servers that kick back ad pages when a query fails. Yeah, true enough. I've been trying to roll my own servers (email has been an experience), I suppose getting a DNS server up would be fun.
|
|
#
?
Jun 26, 2017 02:19
|
|
|
bobfather posted:You could use OpenDNS I use Android, I never said I was actually concerned about said data mining. I'd much rather have Google do it than Cox.
|
|
#
?
Jun 26, 2017 08:26
|
|
|
I recently moved to my new home, and I am having some small problems with my internet. I have a fiber connection, 100/100. This is the configuration of my house (I live in "1" and "2"):  Since the connection enters the house (and the modem/router is placed there too) in the ground floor, the WiFi signal is pretty bad in "1" and "2". There is a conduit there that I can use to pass an ethernet cable up, and put a second router in "1", as well as passing an ethernet cable to "2" to connect my desktop directly to the network and actually use the fiber's actual speeds. My question is the following: 1. My router is a DrayTek Vigor2132FVN, connected via this type of fiber cable (sorry, I don't know the name): http://imgur.com/bvafgOw Can I, instead of passing an ethernet cable via the conduit, just pass a fiber cable like that one (provided these exist and are for sale) and hook the router up in "1"? This is my first experience with fiber, so I'm not sure about how long the cable can be, whether it might be too fragile for a conduit, etc. I would really prefer this option, since the router is currently in a location that is accessible to another apartment, and I'd rather not have third parties with direct access to it. 2. If I can only pass an ethernet up, and get another router in "1"; would the speeds be the same, or would the connection take some of the speed away? 3. If I pass an ethernet cable up the conduit, and connect it to a double face-plate (and I know this is a stupid question); do I need 2 cables, or can one cable be divided into two with a double faceplate? I really appreciate the help, and I apologize if these are really stupid!
|
|
#
?
Jun 26, 2017 10:59
|
|
|
I've a pretty straightforward home network and the EdgerouterX barely breaks a sweat so I've had a go at setting up the on router hosts file ad blocking and it works pretty well so far. I also set up an L2TP IPsec VPN Server and that works great too. And means I get ad blocking when connected to the VPN Is there some routing I can do so that I can leave the VPN 'always on' on my Android phone? As it is at the moment, when I connect to my home WIFI with the VPN turned 'always on' the vpn fails and I get no network access. It's not something essential, I can just manually turn the VPN on and off as needed. This is more as a learning by doing type thing.
|
|
#
?
Jun 26, 2017 12:49
|
|
|
I purchased a Netgeat CM500 to replace my Xfinity rental modem last week. I have a Nighthawk (R6700) and the Xfniity Extreme 150. My speedtests with the Xfinity modem usually run from 70 mbps to 170 mbps. This depends on time of day/week, which network I am on (2.4 or 5), and how much other stuff is running on that network at the time. Well after switching to the CM500 my speedtests dropped around 25-30 mbps with a up of 5-15 mbps. I rebooted the modem and router several times, but it stayed in that range. After about half an hour I switched back to the Xfinity modem, and my speeds jumped back up to 176 mbps down 24.41 mbps on the very first test (and every test after that was in the same range). The CM500 is rated at 680 mbps, so there should be no problem hitting the max offered speeds. Is Comcast throttled me since I had got my own modem (I doubt it)? Is there something I'm missing here? I want to stop paying $10 a month for their modem, but that drop is insane.
|
|
#
?
Jun 26, 2017 16:48
|
|
|
Non Serviam posted:1. My router is a DrayTek Vigor2132FVN, connected via this type of fiber cable (sorry, I don't know the name): http://imgur.com/bvafgOw 1. Maybe. The max cable length for fiber is ridiculously long. Like, measured in kilometers instead of feet. You could't hit the max length in an apartment even if you tried. (Different fiber types have different max cable lengths but in an apartment it just doesn't matter. Hell, even in a 360,000 square foot warehouse it just doesn't matter.) However the cables are pricey and fragile. You can't just bend them willy-nilly like you can ethernet cables. You can bend them, you just have to be mindful of the fact that its fiber and not copper wire and handle them properly. The angle of the bend is very important. Basically you have to bend it "slowly" and take the turn gradually over a long enough amount of length. So depending on the bends in your conduit it might not work very well, or at all. 2. It would be the same speed as just plugging directly into the first router. However if you go this route I would recommend that you put a switch and AP in "1" instead another router. Or just use a wifi router as an AP by ignoring its WAN port and turning off its DHCP server. 3. With 100 mbps ethernet, technically yes if you are good with manual rj45 termination, but don't. If you want to make things easy for yourself run two cables for the double face plate. Or even better, run one cable to a single face plate and stick a switch and/or AP on it. Antillie fucked around with this message at 18:31 on Jun 26, 2017 |
|
#
?
Jun 26, 2017 18:04
|
|
|
Mutant Standard posted:Protection against hacking. Used for a small business. Since no one else picked up this question, I'll give it a shot. I'm not really a networking guy and not really a security guy, so take this with a grain of salt, just my opinion, etc. Firewalls are fairly commodity at this point, unless you start getting into the upper end or talking about really fancy stuff. As long as the device doesn't have an active exploit for it, which is somewhat rare these days (unless you're the NSA, then go hog wild apparently), as long as you are taking proper precautions most of your security is going to come from other layers. Proper precautions being things like blocking all inbound ports except what is necessary, not exposing the management interface to the WAN, having a strong password, regularly updating firmware, and depending on who you ask disabling things like UPnP. There are firewalls that can do deep packet inspection and things like that, but again, you're getting into the more complex stuff. I'm not familiar with the firewalls of the brand you posted, I've only used their powerline adapters. I would look at something like an Edgerouter Lite or Unifi Secure Gateway. You can also look at Sonicwall / Fortigate / Watchguard if you want something a little more business-oriented with a little more support. From a security standpoint, the next steps are things like web filtering, spam filtering, antivirus, making sure you're not running local admin, a decent password policy, timely patching, network segregation (if necessary), two-factor authentication, proper logging/monitoring/alerting. Obviously there's a lot more to it, security is a constant cat and mouse game with the bad guys, but I guess my point is "a decent firewall" is practically an assumption in the security world these days.
|
|
#
?
Jun 26, 2017 18:24
|
|
|
Internet Explorer posted:Good stuff. Pretty much this. Security for a business is about an awful lot more than just having a firewall. But with regards to picking a firewall you are going to want something that will receive support and security updates for a while. So most consumer grade stuff is out. You also need something that accommodates the design (and possibly compliance) requirements of your company network. All business grade firewalls handle the simple "block random inbound crap" job just fine. What really matters is the other stuff. How easily can you (or someone in your IT dept) manage it? Will you need training on how to manage/configure it? What kind of support can you get when it doesn't work or you need help configuring something? How does the vendor handle security updates and patches? How much do these services cost on an ongoing basis and how long will they be available for? What are the design and/or compliance requirements for your network? Do you need to perform HTTP or other traffic inspection at layer 7? What is your budget? Business grade networking, AKA, network engineering, is a totally different beast from home networking. And information systems security is an entirely different subject that encompasses a whole ton of stuff besides parts of network engineering. Internet Explorer's recommendations are good but if we go much past them we aren't really talking about home networking any more. At that point you might want to look into hiring a consultant. Antillie fucked around with this message at 19:04 on Jun 26, 2017 |
|
#
?
Jun 26, 2017 19:01
|
|
|
Internet Explorer posted:From a security standpoint, the next steps are things like web filtering, spam filtering, antivirus, making sure you're not running local admin, a decent password policy, timely patching, network segregation (if necessary), two-factor authentication, proper logging/monitoring/alerting. Internet Explorer posted:I'm not familiar with the firewalls of the brand you posted, I've only used their powerline adapters. I would look at something like an Edgerouter Lite or Unifi Secure Gateway. You can also look at Sonicwall / Fortigate / Watchguard if you want something a little more business-oriented with a little more support. NAT is not a firewall. The "firewall" functionality built by the wizards on the Edgerouter Lite is the bare minimum, IMHO. The USG has a bit better policy to start, but neither of them are terribly robust firewalls. Fortigate, Watchguard, etc are decent but not terribly user friendly. If you just want CYA, pretty graphs to show the moneybag-holder, and somebody to yell at over the phone, get a Meraki firewall. If you're paranoid as hell and have money to burn get a Palo Alto or Checkpoint. Also, do never Sonicwall. That company has changed hands so many times that it's a baked potato by now. CrazyLittle fucked around with this message at 19:27 on Jun 26, 2017 |
|
#
?
Jun 26, 2017 19:24
|
|
|
CrazyLittle posted:I'm of the opinion that this is the start point, and that the firewall/router/NAT gateway is going to be less effective than regular snapshots, backups, user training, sane data and usage policies, and locking down your endpoints. What do you mean bare minimum? The Edgerouter does all the important firewall things.
|
|
#
?
Jun 26, 2017 19:35
|
|
|
Can we talk about pfSense? It's a phenomenally powerful, free firewall. It runs on just about any computer hardware. Even a $100 PC from 2012 will run it just fine. I've never evaluated it against the corporate solutions named above, but it's in a completely different league against the firewalling provided by any of the consumer products Ubiquiti makes. If anyone would like I can put together my most recent pfSense hardware build. It came to less than $200 for a unit that pulls 8-10w from the wall and uses a 4-port Intel gigabit nic.
|
|
#
?
Jun 26, 2017 20:49
|
|
|
bobfather posted:If anyone would like I can put together my most recent pfSense hardware build. It came to less than $200 for a unit that pulls 8-10w from the wall and uses a 4-port Intel gigabit nic. by all means
|
|
#
?
Jun 27, 2017 01:19
|
|
|
|
| # ? Apr 20, 2024 03:05 |
|
|
As a poweruser/homelab-someday-wannabe, what are the merits of having a real computer running something like PFsense to route on, versus just running one of the WRT flavors? I've always wanted to play with a PC Engines ALIX board (or whatever the latest revision is). It seems like a real nifty little piece of hardware in a small form factor.
|
|
#
?
Jun 27, 2017 01:23
|
|
