I am planning to eventually build my own home server, and when I do I will hook it up via ethernet. But I do want to switch away from the generic FIOS router and use my own for more control over my data and security. Any recommendations?

  • JJGadget@lemmy.world
    link
    fedilink
    English
    arrow-up
    14
    ·
    1 year ago

    This right here. get something cheap, throw opnsense or pfsense on it and start learning. It will probably be incredibly frustrating at first but when it starts to click then it is really fun and rewarding.

    I bought an old dell r210ii years ago and threw pfsense on it then swapped to opnsense and could not be happier. It is still in use today, a good 6 years later.

    • Semi-Hemi-Demigod@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      I did mine by just adding some iptables rules to set up NAT. It’s all of four commands:

      echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

      iptables –t nat -s 192.168.0.0/16 –A POSTROUTING –o $wan0 -j MASQUERADE

      iptables –A FORWARD –i $wan0 –o $lan0 –m state --state RELATED, ESTABLISHED -j ACCEPT

      iptables –A FORWARD –i $lan0 –o $wan0 –j ACCEPT

      Just set $lan0 and $wan0 to your LAN and WAN interfaces. For wifi I’ve got a couple Unifi access points around the house for good coverage.

      Yes, I know IPv6 is better and yadda yadda yadda but I can’t remember the addresses let alone type them so I’m not changing anything.

      • d13@programming.dev
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I did this as well, but I’m wondering if it was the wrong call. It’s harder to work with firewalls (particularly if docker is involved), and I’ve struggled with stuff like SyncThing.

        Most likely more learning could solve it, but I wonder if I should switch to a dedicated router OS where more support resources are available.

        • Semi-Hemi-Demigod@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I’ve got almost all of my services running on a separate, bigger system and only have a couple ports open on this one. Iptables isn’t too hard once you understand the shorthand.

          • d13@programming.dev
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I think my problem is trying to run docker at the same time. Docker messes heavily with iptables and makes it a real pain.

            • Semi-Hemi-Demigod@kbin.social
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              The only docker containers I run on my router are a simple search proxy and an Infrared instance that routes Minecraft server connections to another box on my LAN. But IIRC that took a bunch of fiddling

      • Jivebunny@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        1 year ago

        As fast as the slowest denominator in your LAN. So give the PC that you’re going to host this on a decent Ethernet card and you should be flying.