|
Fragrag posted:Does anyone have any recommendations for (Ikea) furniture to install my consumer level networking equipment? I have a small router/modem, a Synology ds218j NAS and a Raspberry Pi that's currently just laying in a corner on the ground. I was thinking of something like this but I'm uncertain about if my cables will fit through that gap in the back. I have all my stuff behind an Ikea entertainment stand with doors at the bottom and slots at the top. Lets me easily run 3 feet of Cat5e for my Sonos speaker, AppleTV, Caavo, NIntendo Switch, PS4, and Soundbar. My massive Fractal Design R5 server case is too big to hide behind the doors, but a DS218j definitely could.
|
#
?
Oct 19, 2019 15:54
|
|
|
|
| # ? May 23, 2024 07:34 |
|
|
Finally bit the bullet and got a Unifi set up for my apartment. Got everything provisioned in no time so all good there. We’ve got quite a few IoT devices - smart lock, plug switches, etc - what’s the best way for me to separate those from my main network for security purposes, while still maintaining ease of use? I have no experience with VLANs or anything but I’m sure I can figure it out if pointed in the right direction.
|
|
#
?
Oct 19, 2019 18:33
|
|
|
Does the Unifi USG do PiHole type functions? Or would you want to run both? Is the standard Unifi WiFi setup a USG, Edgerouter-X, and a few Lite Access points?
|
|
#
?
Oct 19, 2019 19:37
|
|
|
H2SO4 posted:For what it's worth I decided to try an Edgerouter 4 and it's working swimmingly with eap_proxy keeping the AT&T gateway out of the traffic path. Does the EAP proxy work on all the Edgerouters? I recently switched to using a Unifi AP for wifi instead of the AT&T gateway's wifi and now I'd like to completely remove the gateway from the picture with an Edgerouter but my network is pretty simple so I don't want to buy a higher end one unless it's necessary.
|
|
#
?
Oct 19, 2019 20:36
|
|
|
ScooterMcTiny posted:Finally bit the bullet and got a Unifi set up for my apartment. Got everything provisioned in no time so all good there. If your setup is entirely UniFi (USG, USW, UAP) - You'll need to create a new Corporate Network (use the same LAN port as your home network), use a different subnet range (10.20.30.1/24), specify a VLAN id, and turn on DHCP. After making the network, you will also need to create a new Wireless Network and specify the same VLAN id. By default the USW is configured to accept all tagged VLAN traffic, so at this point if you connect your IoT devices to your new wireless network they will be able to reach out to the internet. To prevent any IoT traffic from reaching your home network, you will then need to create a LAN IN firewall rule to Drop all packets, the source being your IoT network, the destination your Home network. Further reading UniFi VLANs https://help.ubnt.com/hc/en-us/articles/219654087-UniFi-Using-VLANs-with-UniFi-Wireless-Routing-Switching-Hardware (skip the Switch portion for now) Disabling InterVLAN routing https://help.ubnt.com/hc/en-us/articles/115010254227-UniFi-USG-Firewall-How-to-Disable-InterVLAN-Routing
|
|
#
?
Oct 19, 2019 21:20
|
|
|
Depending on your setup, if your IoT talks directly to the cloud and not to other devices on the IoT network, you can also just put them on a guest wireless network. That will stop them from communicating to each other or your LAN. Unfortunately, not everything works well this way. No matter what you do, things like casting from your phone to your IoT devices won't work unless they're on the same network and can talk to each other.
|
|
#
?
Oct 19, 2019 21:53
|
|
|
I know a switch is pretty much a switch, but is there anything else in the price-point that is worth considering over this Netgear 24 port GS324? I kind of like the size, in that it is the same footprint as a 12 port but has dogears that you can use to rack mount it for later down the line. Unmanaged is fine.
|
|
#
?
Oct 19, 2019 21:58
|
|
|
I need to recommend someone a cable modem with voice support. There are like a million comcast supported devices, and I have very little idea other than trying to find something that is cheap and has decent reviews on amazon. Is that my best option or is there a decent resource for this stuff?
|
|
#
?
Oct 20, 2019 03:56
|
|
|
You mean a modem that can support telephony? Or one with e.g. Alexa/Siri/Cortana built in?
|
|
#
?
Oct 20, 2019 04:14
|
|
|
The former. Phone service over cable. It's harder to pick a good modem because they all tend to be fairly expensive and less reviewed.
|
|
#
?
Oct 20, 2019 05:54
|
|
|
The Unifi/Ubiquiti stuff seems high end but somehow every single time my Cloudkey has lost power or been shutdown it completely corrupts itself, either needing a factory reset and reload of the firmware or in now two separate cases an RMA of the device. I guess I'll migrate my configuration to a docker container running the same software but holy hell I don't understand how these things are so fragile.
|
|
#
?
Oct 20, 2019 19:09
|
|
|
Ubiquiti is definitely not high end. It is squarely budget pro-level gear.
|
|
#
?
Oct 20, 2019 19:19
|
|
|
redeyes posted:Ubiquiti is definitely not high end. It is squarely budget pro-level gear. What is high end? Cause I'm tired of this poo poo 
|
|
#
?
Oct 20, 2019 19:26
|
|
|
Less Fat Luke posted:The Unifi/Ubiquiti stuff seems high end but somehow every single time my Cloudkey has lost power or been shutdown it completely corrupts itself, either needing a factory reset and reload of the firmware or in now two separate cases an RMA of the device. I guess I'll migrate my configuration to a docker container running the same software but holy hell I don't understand how these things are so fragile. They added a battery to the second gen cloudkeys for this reason. I've had the controller running on a raspberry pi 3b+ and it hasn't given me any problems the couple of times we've lost power.
|
|
#
?
Oct 20, 2019 20:14
|
|
|
Yeah I have the same model of Pi however they're also notorious for corrupting their SD cards so I think I'll switch it over to a USB-based root device first.
|
|
#
?
Oct 20, 2019 20:25
|
|
|
Less Fat Luke posted:What is high end? Cause I'm tired of this poo poo Aruba or Cisco would both be more stable.
|
|
#
?
Oct 20, 2019 21:23
|
|
|
Aruba don't really have an integrated switch/Wi-Fi/gateway equivalent to UniFi. The closest is probably Meraki but I can't see the value in their switches and gateway boxes. People like Zyxel and Netgear compete with UniFi but I wouldn't expect it to be any better.
|
|
#
?
Oct 20, 2019 22:01
|
|
|
pairofdimes posted:Does the EAP proxy work on all the Edgerouters? I recently switched to using a Unifi AP for wifi instead of the AT&T gateway's wifi and now I'd like to completely remove the gateway from the picture with an Edgerouter but my network is pretty simple so I don't want to buy a higher end one unless it's necessary. It should be pretty generic as it's just a bit of Python. I'd be surprised if it didn't work on something like an ER-X for example. I'd google around and see if you can find a walkthrough for the model you're looking for. I've seen them for the ERL and USG.
|
|
#
?
Oct 21, 2019 00:40
|
|
|
H2SO4 posted:It should be pretty generic as it's just a bit of Python. I'd be surprised if it didn't work on something like an ER-X for example. I'd google around and see if you can find a walkthrough for the model you're looking for. I've seen them for the ERL and USG. Thanks, I didn't realize it was a Python program. I'll pick up a router and give it a shot.
|
|
#
?
Oct 21, 2019 08:16
|
|
|
Less Fat Luke posted:What is high end? Cause I'm tired of this poo poo It's not high end, and is actually priced underneath Ubiquiti, but I've been completely satisfied with my tp-link access points and controller. I've had multiple power outages and never had an issue.
|
|
#
?
Oct 21, 2019 13:53
|
|
|
There's someone in the thread who swears by Mikrotik. Maybe try that. Me? I have a UPS for my networking equipment, but maybe I'm crazy. That being said it's lovely the config drops on power outage. That's super lovely.
|
|
#
?
Oct 21, 2019 15:48
|
|
|
Alright, I'm gonna try to complete this dumb networking project. I have an old raspberry pi I used to use as a pi-hole that's setup for that. I also have an Archer C7 router and a ZTE USB LTE modem. I am trying to hook this up in a way where anyone connected to the wifi of the Archer C7 is served internet through the ZTE LTE modem. How should this network look? ZTE plugged into pi, pi tied in through WAN to Archer C7? Can both devices run DHCP? Should only the pi do this? I think these two devices are currently stepping all over each other's toes with DHCP and DNS service and I'm not 💯 on having my eth0 and usb0 tied up properly on the pi.
|
|
#
?
Oct 21, 2019 22:13
|
|
|
Goodpancakes posted:Alright, I'm gonna try to complete this dumb networking project. Do you hope to do packet processing on the pi? (pihole for example)? If so, Pi -> Archer LAN, wan port is empty. DHCP runs on one of two devices, NAT runs on the Pi, Pi inside interface (LAN side) gets a RFC1918 address (192.168.1.1/24 for example), Archer gets a random IP (192.168.1.254/24). sysctl enable routing on the pi. Set DNS in the DHCP handout to the Pi. Enable iptables/firewalld default deny inbound on the outside interface on the pi (your LTE modem.) Follow a guide, you need to do it statefully and only allow packets in from established connections. There are a zillion guides out there for "linux router." Your Archer is a dumb switch where one of the ports happens to be a wifi access point.
|
|
#
?
Oct 21, 2019 23:08
|
|
|
You could also just configure the Pi to do dumb bridging of LTE to its wired interface, then plug that into the WAN port of the Archer and not have to worry about configuring the Pi for DNS/DHCP/etc. Main downside would be that this means the Pi is pretty much dedicated to being an LTE -> ethernet bridge unless you get sassy with VLANs or something to host multiple services. That can get dicey if you're not used to mucking around with this stuff since it'd be easy to accidentally open something up directly to the unwashed masses. So really, as the poster above me stated, it's really a question of whether you want the Pi or the Archer to be the router/NAT/firewall device.
|
|
#
?
Oct 22, 2019 01:01
|
|
|
I actually don't care as long as it serves internet. But I've bungled the settings so much it can't get internet and I'm not sure how it's loving up at the moment. I've been mostly following this guide for my iptables and so forth. https://filippobuletto.github.io/home-router-lte/#what-i-need But I have no idea how to diagnose where it's loving up right now. I've had it get to websites in lynx briefly but it wouldn't share it's network over the Archer even when it did get online.
|
|
#
?
Oct 22, 2019 01:36
|
|
|
Goodpancakes posted:I actually don't care as long as it serves internet. But I've bungled the settings so much it can't get internet and I'm not sure how it's loving up at the moment. If you can `curl whatismyip.akamai.com` from your pi you're off to a good start. Hit "sudo iptables-save" and "sudo systemctl -a | grep net.ipv4" and "ip addr" and slap em in a pastebin. find/replace your actual public ip to 172.0.0.1 (this is the LTE modem IP.) I'm betting you either missed the net route parameter, don't have iptables setup to masquerade (NAT), or both. Remember, pi eth0 -> LAN 0 on the Archer. Heck, try just slapping a wired laptop into pi eth0 and seeing what happens.
|
|
#
?
Oct 22, 2019 01:41
|
|
|
Thanks for taking a look. sudo systemctl -a | grep net.ipv4 didn't produce an output to paste https://pastebin.com/bpRMHXps
|
|
#
?
Oct 22, 2019 02:00
|
|
|
Can the Archer C7 saturate a 250/250mbps internet connection or is there anything newer/more interesting on the market? I'm looking for a budget router to cover a studio apartment. 5ghz is a must with all the neighbouring APs, and I'd really like decent performance and reliability at a good price.
|
|
#
?
Oct 22, 2019 19:40
|
|
|
Thegrul posted:Can the Archer C7 saturate a 250/250mbps internet connection or is there anything newer/more interesting on the market? Over wifi? Likely not. Over wired? Sure. 250/250 over wifi is pretty drat good wifi performance and only achievable with a high-end client, short direct range, and clear channel.
|
|
#
?
Oct 22, 2019 19:52
|
|
|
Goodpancakes posted:Thanks for taking a look. Hrm, I don't know what the options are in whatever version of linux you're running to see the sysctl options. You could dump the whole shebang. Lets also see "ip route show". So far nothing stands out other than it looks like you're going to be double nat'd out that usb modem. (It has a RFC1918 address on your usb0 interface.) Edit: Your guide specifies the net.ip4.ip_forward=1 option, which makes me think your kernel/os exposes it differently and that is blocking the whole thing. For example, in Fedora Core Something running Linux 5.godknowswhat I get 440 options: $ sudo sysctl -a | grep net.ipv4 | wc 440 1330 17147 H110Hawk fucked around with this message at 20:00 on Oct 22, 2019 |
|
#
?
Oct 22, 2019 19:57
|
|
|
Twerk from Home posted:Over wifi? Likely not. Over wired? Sure. 250/250 over wifi is pretty drat good wifi performance and only achievable with a high-end client, short direct range, and clear channel. I've measured 220mbps on speedtest on my iphone at a friends place with similar conditions, and I'm assuming he has a fairly cheap router since he doesn't care. I was just hoping to get to the full 250 in my own place. edit: Turns out the isp provides a discount code that gets me a linksys ea7300 for basically the same price as the archer C7. Which of those models would be better? Thegrul fucked around with this message at 21:04 on Oct 22, 2019 |
|
#
?
Oct 22, 2019 20:19
|
|
|
Could anyone give a recommendation for a home lab switch? Looking for something with 16-24 gigabit ports, layer 3 capabilities, and not crazy expensive (used is fine). I'm used to Cisco and Ubiquiti devices, but I'd like to try out another vendor to get a bit more experience.
|
|
#
?
Oct 22, 2019 21:44
|
|
|
I picked up a HP 1820-24G ( J9980A ) for my home network last year. It's only a L2 switch, but if you look at the 1920's those are L3. I like the switch because it's fanless, and I'm trying to minimize noise and heat in my network closet, and it came renewed with some 99 year warranty. The Web interface makes it somewhat user friendly. Ebay shows some of the L3 office connect switches in the 160 range, or less. I bought mine from these folks https://www.ebay.com/usr/thedatacenterexpress?_trksid=p2047675.l2559
|
|
#
?
Oct 22, 2019 22:14
|
|
|
See if you can stretch to an Aruba 2930 or a 2920. If you don't need PoE and get it off eBay then you should do quite well. They are layer 3 devices in the sense they will route IP, but they won't do BGP.
|
|
#
?
Oct 22, 2019 22:28
|
|
|
Thanks for the suggestions. I'll keep an eye out on ebay and see if there's anything within my budget. Are there other sites that I should be looking at for used & Actuarial Fables fucked around with this message at 08:04 on Oct 23, 2019 |
|
#
?
Oct 23, 2019 07:55
|
|
|
.
sincx fucked around with this message at 05:57 on Mar 23, 2021 |
|
#
?
Oct 23, 2019 09:02
|
|
|
Your router's WAN interface is given the /128 address. This is equivalent to the public IPv4 address that is also assigned to the WAN interface, in that you're assigned an address from Comcast's network. You are also delegated an IPv6 prefix /64 for use in your local/internal network. As an equivalent, while not provided to home networks anymore, businesses can/could get blocks of IPv4 addresses to use for their internal network. Either the customer router or the ISP router would advertise how to get to those addresses - through the address assigned to the WAN interface. Comcast knows that your LAN /64 IPv6 address range is reachable from the /128 IPv6 address that is assigned to your WAN interface. Other provides know how to get to Comcast's assigned networks. Traffic with a destination of one of your /64 addresses gets routed to Comcast, Comcast routes it to your router, your router spits it out on the LAN. e. Also, it's important to note that your router has two sides - a WAN side and a LAN side. Your router routes traffic between networks - to do so, it must be connected to multiple networks and have an address from each one. The WAN side uses the 2001:: address, the LAN side uses the 2601:: address. As for security, not really. Consumer firewalls by default drop non-established outside communication, so the internal devices must always reach out first before outside traffic can enter your network. If you're concerned that someone can track you down because you're using an IPv6 address, they could also track you down if you were using an IPv4 address because your ISP knows where that public address is assigned. There is a method of auto-configuring IPv6 addresses that uses the MAC address which could be a privacy issue (since MAC addresses are supposed to be unique ok ok please stop laughing), but not all OSes use that (for instance, Windows). e2. I made this but it's 6:30am and I forgot to go to sleep so maybe it doesn't actually help 
Actuarial Fables fucked around with this message at 12:09 on Oct 23, 2019 |
|
#
?
Oct 23, 2019 10:22
|
|
|
It seems like the most confusing thing about IPv6 isn't really the differences between it and IPv4, it's that NAT goes away. If we had enough IPv4 addresses then you'd have a small subnet used to connect your router back to your ISP, and then a /24 or whatever of public space to use internally as well.
|
|
#
?
Oct 23, 2019 10:48
|
|
|
Thanks Ants posted:It seems like the most confusing thing about IPv6 isn't really the differences between it and IPv4, it's that NAT goes away. If we had enough IPv4 addresses then you'd have a small subnet used to connect your router back to your ISP, and then a /24 or whatever of public space to use internally as well. Yup. All devices are directly addressable and you better be certain you have a default deny firewall in the way. It's going to be hilarious the first company who forgets that in the consumer world. (It has probably happened in the corporate world because it is common enough in ip4 land.)
|
|
#
?
Oct 23, 2019 14:02
|
|
|
|
| # ? May 23, 2024 07:34 |
|
|
Ipv6 Is how I access my security cameras remotely. Gotta say, not needing a freakin static IPv4 address is sweeeet.
|
|
#
?
Oct 23, 2019 17:33
|
|