Networking General - Discussion about hardware and software of computer networks

Slav Power

Slav Power

I drink to forget.
True & Honest Fan
kiwifarms.net
Joined
Dec 17, 2019
Since there isn't a thread about it, I thought I might start one, even though I have no idea how to start one. So how about I tell you about my home network setup.

homenetwork.png
(I actually don't know how to do proper topology diagrams lol)
So how does this mess work, well.

The Internet connection comes from the fiber in the wall to an ONT modem, which then gets connected to the MikroTik router via Ethernet. The MikroTik has replaced my ISP's router, leading to more options in terms of what I can do with my network. Now I can remotely connect to my home network through a VPN and have full access to my PC from essentially anywhere. I've also set up PCQ queues splitting the bandwidth equally between all devices on the network, and some simple queues for the sake of monitoring the network usage. It's definitely not a router for rookies, as it won't hold you by the hand through the configuration like any other consumer router. That being said, the firmware allows for very advanced networking that would never be possible on my ISP's router. I think the IPTV box boots up faster with the MikroTik than the ISP router, which is amusing.

The Pi Zero connected directly to the router via USB and serves as a DNS server/ad and tracker blocker. This basically means that I have a DNS faster than what Cloudflare offers because the query goes through my local network and doesn't have to go out through millions of routers to get to Cloudflare's server that have to send the IP address back to me. And of course I can cut out on more tracking and ads as the filtering happens on the entire network and not just my browser.

Unfortunately since I've chosen a router model that has internal antennas, I still had to use the TP-Link router to improve the WiFi coverage. It runs on OpenWRT and serves as a dumb access point, a pretty basic network extension that does what it has to do. Both the TP-Link and the IPTV box are connected with cables that I've cut to size and crimped myself, since it's easier to push a plain cable through a hole in the wall and by cutting it to size I don't need to guess what length I need.

Feel free to critique this setup, or even share your own. This is meant to be a general discussion thread so you could even bitch about your workspace's network or whatever.
 
  • Like
  • Autistic
  • Thunk-Provoking
Reactions: nah, no-exit, REGENDarySumanai and 2 others
This is meant to be a general discussion thread so you could even bitch about your workspace's network or whatever.
Click to expand...
private fiber runs in datacenters are ridiculously expensive, and if one more fuck tells me on the phone they need "qualified professionals" to do it, a fucking trained ape could do it. If i can step on a plane to get over there and make those 2 bare metals kiss for a fraction of the cost theres something wrong with you.
 
The Pi Zero connected directly to the router via USB and serves as a DNS server/ad and tracker blocker. This basically means that I have a DNS faster than what Cloudflare offers because the query goes through my local network and doesn't have to go out through millions of routers to get to Cloudflare's server that have to send the IP address back to me. And of course I can cut out on more tracking and ads as the filtering happens on the entire network and not just my browser.
Click to expand...
Your DNS server still has to query upstream for any record that it doesn't have cached, and the cached records have an expiry date unless theres some fuckery you've not mentioned. The DNS blacklisting sounds cool though.
 
  • Agree
Reactions: Reverend
libRT said:
Your DNS server still has to query upstream for any record that it doesn't have cached, and the cached records have an expiry date unless theres some fuckery you've not mentioned. The DNS blacklisting sounds cool though.
Click to expand...
You can make unbound query a cached record right before it expires to reduce latency, but I'm not sure the best practices regarding that.
 
Vecr said:
You can make unbound query a cached record right before it expires to reduce latency, but I'm not sure the best practices regarding that.
Click to expand...
Sounds good for a home network, I guess it could become a problem with a busy network or when DNS cache gets big. Can you limit the amount of records that it will refresh? e.g 100 most requested domains
 
libRT said:
Sounds good for a home network, I guess it could become a problem with a busy network or when DNS cache gets big. Can you limit the amount of records that it will refresh? e.g 100 most requested domains
Click to expand...
DNS records have a Time To Live expiration date, at that time they will demand to be refreshed regardless of the present cache state:

ns1.com

Understanding TTL Values In DNS Records

Time To Live, or TTL for short, is the sort of expiration date that is put on a DNS record. The TTL serves to tell the recursive server or local resolver how long it should keep said record in its cache.
ns1.com ns1.com
 
What ads does your PiHole stop? Correct me if I'm wrong, but simple DNS blackholing no longer works for blocking, say, Youtube ads or Android's in-app ones.
 
Frail Snail said:
What ads does your PiHole stop? Correct me if I'm wrong, but simple DNS blackholing no longer works for blocking, say, Youtube ads or Android's in-app ones.
Click to expand...
In my case it does manage to block in-app ads, though it fails to replace uBlock Origin in terms of website ad filtering. It's more or less a supplementary than a be-all-end-all solution.
 
  • Informative
Reactions: Frail Snail
I was gonna create a similar thread, but the search brought me here.

I currently have a Pi-Hole installation with Unbound running and it's been excellent. However, I know that's amateur hour.

I'm flirting with the idea of creating my own OPNSense router using used/off-the-shelf PC parts. There's just a few potential complications that are making me do a double-take.

1. Assuming that I get everything up and running, how can I make Pi-Hole and OPNSense work in tandem? Are there features that Pi-Hole and OPNSense share, but it happens that OPNSense can do it better (I believe this is the case with dnscrypt-proxy and Unbound, though I could be mistaken)?

2. How in the actual fuck do I learn to configure my own firewall on a network level? I've briefly fiddled with IPTables and PF in my teen years, but I remember nothing from back then and so much has changed since then.

3. Any decent recommendations for access points to run alongside OPNSense?
 
Dread First said:
1. Assuming that I get everything up and running, how can I make Pi-Hole and OPNSense work in tandem? Are there features that Pi-Hole and OPNSense share, but it happens that OPNSense can do it better (I believe this is the case with dnscrypt-proxy and Unbound, though I could be mistaken)?
Click to expand...
Pi-Hole is basically DNS blackholing for retards, right? Your first login to the OPNsense web UI will take you to a first run wizard where you can specify your DNS servers and in there you'll want to put the IP of the Pi-Hole.
Dread First said:
3. Any decent recommendations for access points to run alongside OPNSense?
Click to expand...
Literally doesn't matter what you run as long as it's decent. I have a Ubiquiti AP and it's ok, the management UI is very fancy but you'll need to setup a VM to run it or buy their stupid cloud stick thing.
 
  • Informative
Reactions: Mister Uno
Distended Gunt said:
Pi-Hole is basically DNS blackholing for retards, right? Your first login to the OPNsense web UI will take you to a first run wizard where you can specify your DNS servers and in there you'll want to put the IP of the Pi-Hole.

Literally doesn't matter what you run as long as it's decent. I have a Ubiquiti AP and it's ok, the management UI is very fancy but you'll need to setup a VM to run it or buy their stupid cloud stick thing.
Click to expand...
Pi-Hole is basically a dedicated DNS server that can also blackhole domains from hosts lists, which the main reason you even bother installing it. It also has options to use multiple upstream DNS servers at once, but the gist of it is that you set it up on whichever device, and then set the DNS on your router to that device.
 
Dread First said:
I was gonna create a similar thread, but the search brought me here.

I currently have a Pi-Hole installation with Unbound running and it's been excellent. However, I know that's amateur hour.

I'm flirting with the idea of creating my own OPNSense router using used/off-the-shelf PC parts. There's just a few potential complications that are making me do a double-take.

1. Assuming that I get everything up and running, how can I make Pi-Hole and OPNSense work in tandem? Are there features that Pi-Hole and OPNSense share, but it happens that OPNSense can do it better (I believe this is the case with dnscrypt-proxy and Unbound, though I could be mistaken)?

2. How in the actual fuck do I learn to configure my own firewall on a network level? I've briefly fiddled with IPTables and PF in my teen years, but I remember nothing from back then and so much has changed since then.

3. Any decent recommendations for access points to run alongside OPNSense?
Click to expand...

With OPNSense I'm pretty sure you can use PFBlockerNG which does the same thing as pihole,, unless you have to have the pretty pihole interface. Setting up OPNSense to use the pihole for DNS should be pretty simple, though.
 
Dread First said:
I was gonna create a similar thread, but the search brought me here.

I currently have a Pi-Hole installation with Unbound running and it's been excellent. However, I know that's amateur hour.

I'm flirting with the idea of creating my own OPNSense router using used/off-the-shelf PC parts. There's just a few potential complications that are making me do a double-take.

1. Assuming that I get everything up and running, how can I make Pi-Hole and OPNSense work in tandem? Are there features that Pi-Hole and OPNSense share, but it happens that OPNSense can do it better (I believe this is the case with dnscrypt-proxy and Unbound, though I could be mistaken)?

2. How in the actual fuck do I learn to configure my own firewall on a network level? I've briefly fiddled with IPTables and PF in my teen years, but I remember nothing from back then and so much has changed since then.

3. Any decent recommendations for access points to run alongside OPNSense?
Click to expand...

1. you won't use pi-hole anymore. adguard home is a package available for opnsense that does the same thing better, natively right on your opnsense router.

2. opnsense makes this easy by default, block all incoming, allow all outgoing. dont open ports till you understand what you are doing and why you are opening it. (do not open rdp.)

3. I hate ubiquiti shit now but their APs are ok. Aruba and Rukus are next on my list to try at home
 
  • DRINK!
Reactions: Dread First
PFM said:
With OPNSense I'm pretty sure you can use PFBlockerNG which does the same thing as pihole,, unless you have to have the pretty pihole interface. Setting up OPNSense to use the pihole for DNS should be pretty simple, though.
Click to expand...
negative, no PFBlockerNG on OPNsense. AdGuard Home however, same concept.
 
You must log in or register to reply here.
Back