:: Re: [DNG] request for advice
Pàgina inicial
Aquest missatge és part del següent fil:
M\l'arbre de fils complet ordenat per data
MMcapercally.bleery670 en <-
Mo1bigtenor en ->
Delete this message
Reply to this message
Autor: Charles
Data:  
A: dng@lists.dyne.org
Assumpte: Re: [DNG] request for advice
G-morning,

The opnsense firewall/router was built on an 'old' Mini-PC Intel Atom 1.8GHz 2GB mobo with a Compact Disk of all things but anything with at least 2 nics will be fine. This particular one had 4 nics. I got it for $20 on ebay. Maybe a NUC?

I tried many firewalls and opnsense 'just fit' for me. It puts the /var/logs, etc into ram so it doesn't eat up the file system. It was easy for me to setup.

Yes, OpenWRT can do alot of stuff. I installed a vpn on it so all the traffic going out from it is 'protected' I have been using pihole for many years and love it.

Yes, each layer can do NAT/PAT if needed. I was just showing some possibilities for the OT.

Not to complicate it but I use each section as like a check valve. More protected as it goes deeper. I keep guests and Iot (actually don't use them) at the upper level between the radio modem and the firewall. I don't care what DNS they use or ads they see. My personal network is after the Openwrt router. A poor man's divided network.

See https://www.grc.com/nat/nat.htm

Steve Litt has some good information on his website for a 'straight BSD' firewall. Just make sure the system and var logs go into ram. I kept having issues until I figured that out on the other firewalls.

I am by no means a network guru, just a hobbyist. My original idea was to be able to change ISP without changing anything on my network. I add things a little at a time.

The wife streams her TV, I have security cameras, an NAS (Truenas core 13) on a separate section and everything purrs along at whopping 4.27Mbps from the ISP.

Other Interesting article:
https://cryptsus.com/blog/edge-openbsd-pf-firewall-securing-the-first-gate-of-your-network.html

Hope this helps

Cheers!

Sent with Proton Mail secure email.

------- Original Message -------
On Wednesday, July 12th, 2023 at 9:57 PM, capercally.bleery670@??? <capercally.bleery670@???> wrote:


> On Thu, Jul 13, 2023 at 12:56:48AM +0000, Charles via Dng wrote:
>
> > My setup = radio modem > opensense firewall > Pihole > Open-WRT
> > router > LAN
>
>
> What hardware for opensense?
>
> I have considered it but on the freebsd lists I have read some
> reports that indicated I'd need a fairly modern amd64 - there is
> some kernel flag needed for running on older ones and opensense
> just disables it IIRC.
>
> The one amd64 system I can spare right now is maybe 12 years old.
>
> Does each of the systems in your setup do an additional NAT/PAT level?
> That would be scary.
>
> --
> Ian
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Aquest missatge es va enviar a les següents llistes de correu:
dng
Informació sobre la llista de correu | Missatges propers		<-Re: [DNG] [OT] Help on change (split) partitions of an md raid[DNG] Daedalus support for btrfs RAID ?->

Donate to Dyne.org

dyne.org open discussions
administrat per dyne.org hackers		Lurker (versió 2.3)