networking

When I go to iknowwhatyoudownload.com, a bunch of stuff shows up for my IP that’s definitely not being downloaded by anyone in my house (foreign language torrents). Aside from that my router (AT&T Arris BGW210) needs to be restarted about once a week, due to some kind of dhcp issue. The most recent event seemed bad - none of my devices had internet, they could all talk to each other, and my ONT activity light was flickering steadily. During this time I had no access to the router, even plugged in directly to LAN. Fixed by a restart but no idea what was going on.

The DHT torrent thing has been happening for months and the router thing could just be that AT&T sucks. I have no other evidence that something is wrong.

I could buy a firewall and put it downstream of the AT&T equipment.

I could switch internet providers, get a new IP address and router, and see if that fixes it.

Should I try to figure out what’s going on or just keep restarting the router once a week and ignore the DHT hits from my static IP?

So I am trying to track down what is possibly slowing down my download connection from my Debian server to my devices (streaming box, laptop, other servers, etc).

First let me go over my network infrastructure: OPNsense Firewall (Intel C3558R) <-10gb SFP+ DAC-> Managed Switch <-2.5gb RJ45-> Clients, 2.5gb AX Access Point, and Debian Server (Intel N100).

Under a 5 minute stress test between my laptop (2.5gb adapter plugged into switch) and the Debian Server (2.5gb Intel I226-V NIC), I get the full bandwidth when uploading however when downloading it tops out around 300-400mbps. The download speed does not fair any better when connecting to the AX access point, with upload dropping to around 500mbps. File transfers between the server and my laptop are also approximately 300mbps. And yes, I manually disabled the wifi card when testing over ethernet. Speed tests to the outside servers reflect approximately 800/20mbps (on an 800mbps plan).

Fearing that the traffic may be running through OPNsense and that my firewall was struggling to handle the traffic, I disconnected the DAC cable and reran the test just through the switch. No change in results.

Identified speeds per device:

• Server: 2500 Mb/s
• Laptop: 2500Base-T
• Switch: 2,500Mbps
• Firewall: 10Gbase-Twinax

Operating Systems per device:

• Server: Debian Bookworm
• Laptop: macOS Sonoma (works well for my use case)
• Switch: some sort of embedded software
• Firewall: OPNsense 24.1.4-amd64

Network Interface per device:

• Server: Intel I226-V
• Laptop: UGreen Type C to 2.5gb Adapter
• Switch: RTL8224-CG
• Firewall: Intel X553

edit: Forgot to add that the OpenSpeedTest is being hosted in Docker by my local server.

Hi there,

I find myself in remote areas regularly, and I have internet, when nobody else does.

I'm happy to share this internet with people, but I want a time restriction on them, and throttle their speeds etc, so that they don't smash my internet / data allowance.

I'm looking for a really easy system where they can just sign into a portal, it gives them a certain amount of time based on my settings, then kicks them off again.

I'm using a GLiNet AX1800 if that makes any difference? Also, all of my machines run different versions / distros of Linux.

I'd really appreciate any feedback, or guidance on this.

Thanks so much

Let's say I have a Linux VM. Default route is the gateway to the top of rack switch for public internet and a public IP is bound on one virtual nic.

2nd interface is on a private network so the VM can be reached anywhere on the VPN. This is a management network where the gateway is on the other side of the data center.

A lot of stuff sits on the 10.0.0.0/8 that needs to reach this vm so a static route for the second interface points that /8 to that gateway on say 10.100.100.1

Now inside the same cabinet are devices sitting on 10.20.20.0/24.

If I didn't do anything, would hitting something on say 10.20.20.2 route traffic through gateway outside of the cab and back? I would think so as it sees the routing table and has no way of knowing.

If I want to optimize traffic so nothing is routed and traffic stays local to the cab, could I just add a third nic and give it an IP of say 10.20.20.3 and hitting .2 would arp / hit it directly through the switch in the cab?

I'm going to be overhauling my network over the next few months as I get ready for my new municipal fiber installation. I have a general idea of how to set things up, but I'm not an expert and would appreciate a few extra pairs of eyes in case I'm missing something obvious.

Hardware available:

• Microtik Routerboard - 5 ports
• Ubiquiti AP - AC-Lite; plan to add U6+ or U6 Lite once I get faster service
• some dumb switches

Devices (by logical category; VLANs?):

• main - computers and phones (Wi-Fi for now, I plan to run cable)
• media - TVs, gaming consoles, etc
• DMZ - wired security cameras, Wi-Fi printer (2.4GHz wireless g only)
• guest - guests, kids computers

Goals:

• main - outgoing traffic goes through a VPN
• media - outgoing traffic limited to certain trusted sites; probably no VPN
• untrusted - cannot access internet, can be accessed from main
• guest - can only access internet, potentially through a separate VPN from main

Special devices:

• NAS (Linux box) - can access main, media, and DMZ
• printer - accessible from main, rest of devices on untrusted don't need to be (I can tunnel through the NAS if needed); can potentially configure a CUPS server on the NAS to route print jobs if needed

Plan:

Router ports:

1. Internet
2. WiFi APs
3. main VLAN
4. untrusted (VLAN)
5. unused (or maybe media VLAN)

WiFi SSIDs (currently have a 2.4Ghz and 5Ghz SSIDs):

1. main VLAN
2. guest VLAN
3. untrusted - hidden SSID (mostly for printer) - 2.4GHz only

If the VPN causes issues, I would like the ability to move individual MACs to another VLAN (say, to media, or a separate, usually unused backup VLAN). Not required, just a backup plan in case the VPN causes issues.

This is my first time configuring VLANs, so I'm not really sure what my options are. Also, I'm not super familiar with Mikrotik routers (I'm not a sysadmin or anything, just a hobbyist), I just got fed up with crappy consumer hardware and wanted something a bit more reliable.

Does that sound like a reasonable plan? Is there something I could improve or suggestions you have?

Edit: DMZ is the wrong term, so I replaced it with "untrusted". By that I meant a local-only network, so no Internet access. Ideally I could access these devices from my main network, but they can't initiate connections outside their VLAN. However, that's not necessary, since I can tunnel through my NAS if needed.

I don't need help, it's just too implausible for me not to be curious.

Aside, it's been fascinating anonymously watching this network evolve over the past decade as a citizen-user who has business in the building. I've been battling with the faceless network admins trying to find ways to access my home lab year-after-year.

First they blocked my personal domain because I tried to reach vpn.mydomain.com. Then I couldn't use OpenVPN at all (or I was too green at the time to bypass). Next, Wireguard worked for a while until it didn't. Now tailscale is working but I'm forced to use the slow DERP servers to reach home. I might try Headscale with a different personal domain next.

My next project is a little more radical - hiding an old pi 3B on the network as an exit node on that network. Then I can use the state-owned IP instead of my home one when websites are dicks about third-party VPN IPs.

Hey there, I've been on a networking journey that has, over a few years, taken me from simple unmanaged networking, to managed networking, to advanced VLAN management. It's all been self taught, but mostly successful. However, I've gotten myself into a bit of a pickle and I'm hitting a wall in troubleshooting. Apologies for the length of the post, however I want to provide as much detail as possible.

High level, I have several /16 vlans for things. VLAN 99 is networking, 2, is servers, 4 is clients, 6 is wireguard clients, and there are some others. They're all 10.99.0.0/16 with a gateway at 10.99.1.254, etc.

I have had a very old Netgear Layer3 switch for some time. I've replaced it with a Brocade ICX6610, mostly so I can move my storage infrastructure to 10G fiber (I have a small hypervisor cluster). I had done a ton of preparatory work to configure the new L3 switch so that it could just be dropped in place of the old one; this was MOSTLY successful...

...However, in doing that I broke the connection to my opnsense firewall and sort of had to redo that piece from scratch. During my planning, I didn't realize some of the config changes I'd made would require changes on the firewall, and after the cut over I was locked out of the firewall. This is all my fault; that's the piece of this I understand the least, and I had followed dodgy guides when getting it to initially work. I have a backup in xml format, but even having that I'm realizing what I had been doing didn't make sense. Previously, I had a firewall interface on all of my vlans and the trunk going to it was carrying all the VLANS. Now, I set this up with only 2 vlans going to the firewall, the networking vlan and the wireguard vlan, as it seems to make more sense with my understanding of how Layer 3 routing works. All routing should happen on the Brocade L3 switch. The firewall itself has 4 physical ports, 1 going to my comcast gateway, and 2 in an LACP lagg going to my L3 switch. (I have a single interface right now going to the L3 switch separately for troubleshooting, removing the LACP lag as a complexity source).

So, in recovering this, I had to get into the firewall at the console and re-define the interfaces and IP's. I got this to work, but at this point I had tons of connection problems which I didn't understand fully. I have found some of opnsense's configuration to be a bit obfuscating, which I think is making my learning more difficult. The following were put in place:

• The "LAN" interface was given a static 10.99.1.40/16 IP, and an upstream gateway was defined at 10.99.1.254.
• The "WAN" interface was given DHCP, and is up and works

Once I recovered the connection to the web interface I had to make the following changes:

• Under the "Firewall" sidebar, under "Aliases", I defined each of my VLANS/Subnets with a CIDR notation and a name.
• Under the "Firewall" sidebar, under "NAT" and then under "Outbound" I switched the mode to "hybrid" and added a rule for each of my vlans on the "LAN" interface, with the "Source" being the aliases defined above, and the target (NAT Address) being the "WAN address"
• Under the "Firewall" sidebar, under "NAT" and then under "Port Forward" I added some port forward rules.
• While it's outside the scope of my immediate troubleshooting, I had a working WireGuard setup. I have an interface defined for it on that VLAN, and a second gateway defined at 10.6.1.254. It's all set up according to the opnsense documentation, and I can connect from the WAN and can access any resources on the LAN.

So onto the problem...I can access the internet from almost all of my LAN clients. I can access LAN clients via the port forward rules from the WAN. The firewall itself CANNOT access the WAN; for example, I can't check for updates. I can access the firewall web interface from anywhere on the LAN, I can ssh to the firewall from anywhere on the LAN, but once I'm ssh'd in, I can't ping back to the client I'm connecting from. The firewall CAN ping things like 8.8.8.8, but as my DNS resolver is on the LAN, DNS queries from the firewall fail. I believe in a related note, my WireGuard clients can access anything on the LAN, but cannot connect to anything on the WAN.

I believe this has to do with outbound routes from the firewall, but any time I mess with it I end up locking myself out and having to reset interfaces from the console. I tried defining some static routes in "System" -> "Routes" -> "Configuration" but that isn't working. I'm kind of stumped and have been looking at it so long that I don't think more reading and configuring is going to help me anymore. I'll post some screenshots of rules and routes as well (you'll be able to see various things enabled/disabled for experimentation), but I'm kind of in over my head and need some help.

!

!

!

!

!

!

!

Hiya, I've got a desktop (connected to wifi), and a server (without a networking card), and I do not have access to Ethernet/or the router. However, I do have a networking switch - and was wondering if I could bridge the WiFi from my desktop(Nobara), to the Switch, and have my other devices such as Raspberry Pi and my main server connect to that. If thats possible please let me know how, or point me to some resources, I believe I have to touch iptables in this case, but have never tweaked those before.

This is a very temporary solution for not having access to a router. But gotta live like this for 5 months, so gotta find a solution to get WiFi on my server, as cheap as possible.

cross-posted from: https://lemmy.world/post/12521221

> Dear all, I have some questions for what I'm about to do with my HomeLab. > I recently upgraded my connection to a 1000/1000 and the ISP sent me this shit ass router (Fastweb Nexxt) which is very locked down. > I want to change it. > > Today this Fastweb Nexxt is not doing DHCP because I'm running a VM with OPNSense on it from which I manage IP reservation etc. > > The fiber connection comes to my house and it's connected to a small box, an ONT from ZTE. Then an ethernet cable goes to the wan port of the Fastweb Nexxt and then LAN to my server where the OPNSense VM is hosted. > > Now, I'm open to solution, the goal is to remove the Fastweb Nexxt. > > The "Cheap" idea would be to use a USBC to Ethernet cable so to add a second Ethernet card to my server and connect the ZTE device to it. I would then assign in OPNSense this cable as WAN and leave the existing card as LAN for the switch. I'm quite sure I would need as well to clone the MAC address of the Fastweb Nexxt device and assign this MAC to the wan of my OPNSense right? > > I'm open to any kind of suggestion, even something like "this is the best home-router for 100€"

Hiya, quickly wondering if there is a big difference between speeds when using a vpn compared to using a proxy server solution? Anyone got any experience here or good articles to refer to?

Thanks 🌻

VyOS 1.4.0 is finally here as a full LTS release (although, it's early production access).

So many great features are highlighted in the post. I've been using 1.4 images for quite some time, with great success, in my labs. Looking forward to using this one more.

Congrats to the VyOS team.

I posted about OpenWISP a while back but I need to report that it is buggy and unpolished. The community behind it also is very small so not much happens.

Hello networking community

driven by the vision of a decentralised, independent and neutral network, I have set out into the depths of netowrking. I have compared different networks and tried to understand the underlying structures.

But my head is spinning from all the research and I've lost track a bit, which is why I'm turning to you. I would like to compare and categorise all these networks according to their protocols using the osi model.

I would be grateful if you could help me to fill in the following table as good as possible. You can simply copy it or write your answer in the comments.

| Network | WWW | Usenet | GNUnet | Freenet | I2P | Tor | ZeroNet | Lokinet | Internet Computer | |-------------|-----|--------|--------|---------|-----|-----|---------|---------|-------------------| | L1 | - | - | - | - | - | - | - | - | - | | L2 | | | | | | | | | | | L3 | IP | IP | | | | IP | | | | | L4 | TCP | | | | | | | | | | L5 | | | | | | | | | | | L6 | | | | | | | | | | | L7 | | | | | | | | | |

I'm in need of a cable crimper and some other network tools like a tone gen/probe, cable snipper/stripper, and I'll probably also get a cable tester, for a couple of jobs I'll be doing soon

So, I'm assembling a basic toolkit to install the physical network parts, and I'm asking here for recommendations on mid and high quality tools so I can decide on what to get

As one should do with tools, I'm ready to spend a buck (or euro, in this case) to get good and durable stuff, but these days looking for reviews online is a marketing shitshow, so I thought I'd come here to look for recommendations and try to find someone with actual practical knowledge and experience

Any advice is welcome!

cross-posted from: https://lemmy.ca/post/14107888

> I have a very specific questions about Linux Traffic control and u32 filters in particular. However, I don't know where the right place is to ask such a question as it's fairly niche. > > The Linux Advanced Routing & Traffic Control site says it has a mailing list for questions, but the last post was from 2019. There is also the incredibly busy 'linux-netdev' mailing list, but, the traffic there looks like strictly source changes. > > Any ideas? > > The question I'm trying to find an answer to is: The u32 tc filter seems to support negative byte offsets which allows you to examine the Ethernet frame header (I don't think I even found documentation on this, this is thanks to ChatGPT). However, when using u32 values to examine 8 bytes I can only use offsets in increments of 4 - like "at -8" or "at -12", with any other increment giving me the error Illegal "match". > > This seems like only a curiosity, but, I've been struggling to get my bit-matching to match the way I expect, and I'm wondering if this suggests that matching doesn't function the way I think.

Hey all, I was wondering if anyone could help me work out how to do this? Basically, I have a stupid number of smart devices and my router has become increasingly unstable. I want to have all my IOT devices on one router and reserve the other for priority devices like phones and PCs.

I plan to put my IOT hub on 2G only and my primary hub on 6G and 6e only to avoid 2G congestion.

Problem is, if I connect both my routers to my modem, only one can connect to the internet. I tried putting a network switch between the routers and the modem, no dice.

Does anybody know how I can have 2 separate networks using 2 separate routers on a single modem? Both require internet connection but they don’t need to be able to communicate.

Thanks in advance for any help people can give :)

I may soon be upgrading to 2.5Gbps internet, however all the routers that support said speed seem to be expensive. Is there any that cost less than $100?

I'm building this implementation of a circular DHT from scratch because I want to learn and understand how peer-to-peer protocols work. So far so good, but I'm realizing I don't know two things and I don't know where to find them:

1. What NAT traversal method to use. Do I necessarily need to rely on relay servers for UDP hole punching or STUN?
2. What is the most reasonable way to test the overall system is working? Should I build a docker network with each node being a container or are there specialized tools for testing networked applications?

Thanks in advance for any answers or pointers!

Hi all!

I have 2 ISPs with their own routers.

Router A: 192.168.0.1/24

Router B: 192.168.20.1/24

I have my servers plugged into Router A and all my endpoint and users' devices connected to Router B.

I want users connected to Router B (192.168.20.1/24) to have access to server 192.168.0.90

I thought plugging a LAN cable and connecting Router A and Router B and then defining static routes in both routers would solve the issue.

However, at the first step itself I have an issue. When connecting the routers via a LAN cable, both routers dont get any IP.

I was also referring to this post on superuser. Though Router B is capable of creating subnet and static route, I am not sure if Router A (Archer XR500v) is capable of creating a subnet and/or a static route.

https://superuser.com/questions/1667068/connect-two-routers-with-different-subnet

I am a computer networking student and i'm in an extremely lucky position next semester. I only have to work weekends and complete a few elective courses. I basically have four months to study and attain the CCNA.

Unfortunately, I think that employers seeking interns might see my certification as me compensating for my grades (2.6 gpa with a bunch of withdrawn courses). Is this a well founded fear?

Thanks. I also have a couple months repairing laptops as experience but I'm thinking of leaving that out.

I'm looking at a permanent install of a Windows machine that runs a few digital signs. I want to achieve remote access and file upload to the Windows box, as well as accessing the internal web server of the displays on the same LAN. This LAN will be attached to a corporate network, but I would prefer if it did not have access to the internet. I'll have to work with the IT department to get this happening, of course, but I'm hoping to go in prepped with potential solutions. Could anyone tell me if these ideas will work, or what I'm missing?

• VPN tunnel. This would be whichever VPN that their IT supports. Would I be able to simply install the client on the windows box and my machine, and then on my machine connect to the VPN, use TeamViewer in LAN mode for control of the Windows box, and web browser for control of displays? I'm assuming their IT would set up the upstream switch to only pass that VPN connection, so that the Windows box does not see the internet, and I cannot see their internal network.
• Some kind of IPMI/PiKVM solution- This would be a second computer, attached to the corporate network, but not to the signage LAN. It would just be a KVM for the Windows box. I would then dial into that via its webserver, and control the Windows machine. The control for the displays would be accessed via browser on the Windows machine. I like this solution, as it keeps the networks separate, but I think that uploading files will be a challenge.
• Or is there a better way?

I'm trying to set up a Pi-hole on my in-laws' home network. I've got everything configured on the pi but ad-blocking wasn't working. So I did some digging into the logs and found that DNS requests were all coming from the router.

After some reading it seems that the DHCP server that the router used was adding a DNS suffix to all requests (search.charter), so I turned off the DHCP server on the router and used pi-hole's built-in DHCP to see if this would resolve the issue. I didn't have enough time to test the fix, but here's my understanding of what was happening before I changed the configuration:

I set the primary DNS server to the IP address of the pi-hole in the router settings so they would have network wide adblocking. All of the clients get a DHCP assigned DNS server address which was set to the router's address. I would input example.com into a client's browser, the DNS request would be sent to the router, then the router would act as a client in the pi-hole logs. Pi-hole tells the router that example.com is found at 192.158.1.38 and the ads being hosted on the website are at 0.0.0.0. The router sees that the DNS server didn't return a result for one of the queries, so it goes to an upstream DNS server hosted by the ISP where they provide the IP for the ad. Both addresses are sent along to the client device and the pi-hole shows the ad domain as being blocked.

Is that true? Did changing the DHCP server to the Pi-hole fix the problem? Is there anything more that I need to do? Did I totally whiff on troubleshooting? Let me know if you need more information. Any help would be appreciated since I'm trying to learn a little bit more about networking and take a little more control of my home network. Thanks!

I've made eireguard tu nel out to VPS (to circumvent CGNAT). Dns server works, web server + Gitea, Jellyfin,.. works. All the stuff running on my thin Ubuntu client. What doesn't work is forwarding the RDP port to my windows machine. No firewall on the windows machine. Used to work before CGNAT got enabled by my ISP. I've tried also UDP port, but still no connection.

Here is my wg0 conf:

[Interface] PrivateKey = ..... Address = 10.1.0.2/24

PostUp = iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to-destination 192.168.1.21:3389; iptables -t nat -A POSTROUTING -p tcp --dport 3389 -j MASQUERADE

PostDown = iptables -t nat -D PREROUTING -p tcp --dport 3389 -j DNAT --to-destination 192.168.1.21:3389; iptables -t nat -D POSTROUTING -p tcp --dport 3389 -j MASQUERADE

[Peer] PublicKey = ........ AllowedIPs = 0.0.0.0/0 Endpoint = ...oraclevpsIP....:55108 PersistentKeepalive = 25

Link on the bottom if you wish to try out the new VPP addon.

Is it possible? Can proxies somehow "advertise" themselves the way some media services or printers do?

So on my host I run Mullvad VPN all the time due to living in one of the X eyes countries and being over-paranoid, but when I torrent I do almost no uploading due to Mullvad blocking port forwarding. I had the bright idea to create a VM then attach it to my network in a way to completely bypass my host (also running Linux) connection and in-turn bypass Mullvad, I'd then connect this VM to my own Wireguard server that I rent overseas and configure port forwarding on that. I think I'm almost there however I seem to have hit a roadblock that I think the only workaround is attaching a second ethernet cable to my host, in order to get another interface so that the VM doesn't steal my host's connection.

Doing the dual ethernet setup isn't impossible, but it is extra cables and dongles that I'd rather do without, so I was wondering if I could create a second IP address on my host and pass that into the VM to use? I'm using qemu and virt manager for my virtual machines, Artix on my host and probably Linux Mint on my torrent VM.

Again I have no idea if this is possible or not, I simply don't know enough about networking yet to know for certain. I feel like it is but I wanted to ask some people who know what they're talking about :D.

Hi all

Just snagged a fortigate 60D from work that has gone EoL, what can/should I do with it.

another quick question, the 5gHz wifi seems very slow - any pointers?

I run a Ubiquiti DMP at home and I want to help a relative manage their network. They're getting a Ubiquiti Dream Router. Should I set their network up under my account or can they set it up under their own account and share access to it? I don't pay for any Ubiquiti managed services. Any help would be appreciated!

So I need to move my server closet out of the guest room closet and into the basement so the closet can be used as a closet again.

I’ve got like 15 shielded cat6 with insulated risers patched into the back of a rack mount patch panel.

My goal is to end up with all of the existing cable extended 15’ or so to the new patch panel location, with maybe some kind of small door in the wall of the original closet so I can access the splices if anything goes wrong.

I invested in shielded cat6 when networking the house to future proof everything, and I have solid home runs to every location. I’m currently only running gigabit speeds, but I’d like to preserve the integrity of the original cables as much as possible.

With that in mind, what’s the best method for this extension? I’ve seen shielded punchdown junction boxes as well as female/female inline couplers. Keep in mind that there will be a bunch of them, so any advice on keeping things organized is appreciated.

(I know that I should have just used a mesh network)

I have a router from my ISP, and it is placed at one end of my house. My Chromecast, printer, and other IoT devices are connected to it. I recently connected another router via Powerline to the other end to get quicker speeds, and to get Ethernet for my PC. However, I can't print off of the second router's network, and I can't use the Chromecast virtual remote. The router shows up as a single device on my ISP router, and none of my other devices connected to it show up.

Do I need to put the router in bridge mode, or do I just need to mess around with the configuration of it? \ Will the router support 5GHz still? (My ISP router is only 2.4GHz) \

Second router model: Linksys EA6350

I have an orbi rbr50 with vowel firmware. I am abroad, but use openvpn to connect to nordvpn to connect via the united states.

Whenever I restart my router my configuration folder for open VPN gets deleted and I have to redo everything. AFAIK this is not supposed to happen. Anyone familiar with voxel firmware/orbi, that could potentially give me some insight for troubleshooting?

Hey everyone,

There is no real "homenetworking" community like there was on reddit so I thought I would try my luck here.

I live in a 130m^2 house (~1500sqft) that is being completely stripped. That means I am putting in 12-14 Ethernet jacks in the rooms that might need it and have to completely redo my home network setup.

It is a house from the 1950s in belgium, so 21cm thick internal brick walls, a bit thicker concrete floors on the 2 levels. It is essentially a square (8m x 9m outer dimensions), and most of the advice on the internet is built for sprawling American wood houses which have completely different absorption of wireless signals. It has central stairs and essentially 4 rooms, 2 on either side with the kitchen in the back being bigger.

The little advice that I have seen is "brick walls -> get a bunch of access points" but that doesn't sit right with me.

1. Currently we are using a Proximus (our ISP) modem/router in the northwest most far corner or the house and still get weak signal (enough for lower quality videos like Instagram reels) all the way in the southeast corner on the 2nd floor. It goes through 2 brick walls, a concrete floor, and a door and we can still use WiFi 6. Intuitively I would then set up something like an Asus rt-ax58u or a zenwifi XT8 mounted to the staircase wall or in the hallway in the center of the house. I don't know if that would be strong enough to reach everything we need, but it seems better to me than a router in each corner and blasting channel noise at our neighbors' houses since in belgium there isn't much side-garden if any.

2. I have a home server running a variety of local and internet-facing services for myself and family. Due to ease of wiring, I would prefer running modem -> TP-SG1SG016DE -> Wireless Router and using an Asus router. Would the TPlink kind-of-managed-switch be able to isolate the modem fron the rest of the network and just run it to my router to use the LAN of the router for the rest of the ports on my switch? It has port isolation functionality, so I assume so. Then I don't have to run double Ethernet to the hall.

I want to go with Asus because I hear that they generally have more features than other brands. I for sure need port forwarding, QoS, disabling PnP, assigning static IP, and NAT loopback if possible so that local access of services doesn't have to go through cloudflare and can go directly to my reverse proxy. My TPlink Archer A7 that I use now can't do NAT loopback and it makes any file transfers limited by my 5:1: asymmetrical upload speed. Also having VLANs for any cameras would be great, but I think you can do something similar via parental controls on an ASUS (restricting a certain device IP's internet access.

Would the Asus rt-ax58u or a zenwifi XT8 have the festures that I would need for my simpleish home server?

Thanks for the help!

Edit: Tl;dr since nobody reads this long of a post:

• I am running Ethernet (cat6) to every room. Modern laptops as well as phones have no Ethernet port, so I need wifi

• I am looking at 1 wireless router, no "mesh" bs at all. The advice of overstuffing a small house full of a dozen access points is overkill and detrimental to performance without power and channel usage tuning.

• I have specific features I want in a router, can one of the listed ones do all of that like NAT loopback?

Weird question, I know. My apartment comes with a modern/router combo that, for whatever reason, does not have an Ethernet port. So a friend advised me to purchase a modem, then connect it via coax cable to my apartment's modem/router, then connect that to my PC via cat5. I did so, but the Ethernet connection on my PC shows no Internet. Is this possible to set up? Is there a software related step I'm missing to complete the connections?

I initially posted this over on networking@lemmy.ml, but that community is more dead than some of the animals in my freezer. So you may have seen it over there in the last few hours.

TLDR: While I know that the following will work, I'm looking for feedback on my proposed solution in regards to best practices and possibly an idea about establishing logging. If you think I'm way off target, then by all means tell me so and what you propose instead.

With all that said, I present you with the following wall of text, read at your own peril but thanks if you lend me the time to answer my post :-)

I have a classroom that doubles as a lab for my soon to be IT-supporters, devops, and operations specialist apprentices. My main subject is CCNA introduction to networking and some Windows Server configuration. And while I've been teaching for 10 years, I fear my real world IT experience has slipped.

The classroom is equipped with about 16 tables, and preferably a single student pr table – depending on the number of applications, some tables can host 2 students for the first month or two. So, the infrastructure must fit at least 32 students and a teacher.

Currently the setup is an extremely old cisco 1812 router running a NAT, and routing between the school’s network, and an internal classroom LAN. Each student has a /24 scope on a /16 net and is instructed to create their own LANs using SoHo-equipment. There’s no routing setup internally in the classroom, other than the students individual SoHo router/switch/AP.

It really is just a 1812 with a single fastethernet connection to a 24port 2950 (yes, that was a 5 not a 6 in there) and some extra switches daisy chained together to reach a row of tables going down the middle of the room.

We have a literal van-load of ancient cisco gear for use in our labs. This is also the gear we’re using for the current classroom infrastructure. It works, not great, but it gets the job done.

What is changing? We have arranged to have a public IPv4 routed to a gigabitethernet port in the classroom. That port will be the only wired link out of the room. There will be no change in the service on the school administered WLANs. They are still usable for staff and students, both with school administered equipment and BYOD.

While we do have a lot of gear, the newest bit of kit is some 1941 routers, that we got at auction and don’t have any service agreements on, so no updates for them – and we’re not switching to newer cisco gear for obvious reasons that rhyme with money, DNAC and supply chain woes. I don’t know about you, but I don’t really feel like exposing the existing equipment to the wild west of a the internet.

All this boils down to the following conclusions:

• I have to build something new and
• Most likely make a purchase recommendation for my admin.

Requirements:

1. 33 clients must be able to connect to the internet.
2. 33 clients must be able to connect to each other.
3. All traffic going to and from the internet must be filtered.
4. Filtering must be relatively simple to configure.
5. Filtering must be able to stop the most common p2p-protocols and workarounds. I want to teach, not have to deal with DMCA letters all the time.
6. Both external and internal traffic should be monitored and logged to help hunt down individuals that somehow bypass the filtering. Speed degradation is not too much of a concern – We can live with 100Mbps or less, if we can have metadata logged, but faster would be nice.
7. Silent equipment would be nice to have, as it will most likely be positioned about a meter from my ear when sitting at the desk in the classroom, on account of the internet-connected port.

What I’m considering presently is a MikroTik solution consisting of

• 1x CCR2004-16G-2S+PC, running individual networks for 12 students and the teacher, as well as being the gateway out.
• 1x CRS326-24G-2S+IN, a managed L3 switch, which will route the remaining 20 student networks and connect to the CCR2004 with a 10G fiber.
• 2x S+85DLC03D, one in each of the above, and a bit of multimode LC-LC fiber.

All in all I’ve sourced this from a single vendor for about 700USD with a week’s lead time. But I've got nothing in regard to logging.

My ISP provided modem/router combo (Home Hub 3000 from Bell Canada) does not have a firewall setting, is this an issue for all of the devices on my network? Or is the router doing some packet filtering or something along those lines without me knowing? If anyone has this or any other Bell modem/router and is knowledgeable about the topic that would be greatly appreciated.