| View previous topic :: View next topic |
| Author |
Message |
Tony0945
Watchman
Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA
|
 Posted: Thu Jan 23, 2020 7:54 pm Post subject: Looking for router recommendations |
 |
|
My old D-Link DIR-655 is getting flaky. It thinks it's January 6 and keeps reverting to that time. The firmware hasn't been updated in a long time. The wireless support is only "N" and it's 2.4GHz only.
I'm soliciting hardware recommendations from the forum. Hopefully inexpensive routers.
I don't game. Wireless isn't strictly needed as I also have AP's.
Max workload would be two streaming Firestick/Roku devices simultaneous with a portage update. That's highly unlikely as we haven't streamed on two devices simultaneously yet, but might and Gentoo updates are mostly done when no streaming is on.
I have two wireless HP printers but have them blocked from the network and attached with USB as they keep on wanting to phone home to HP and if powercycled revert to allowing anyone including passersby to access them.
Some of my streaming is from a LAN Gentoo server.
What firmware do you recommend? Manufacturer's proprietary, DDWRT, Tomato, OpenWRT? I'd like to run a Gentoo PC as router and have experimented with that but I have zero time to work on a nice interface. |
|
| Back to top |
|
 |
cboldt
Veteran
Joined: 24 Aug 2005
Posts: 1046
|
| Posted: Thu Jan 23, 2020 10:12 pm Post subject: |
|
|
I have a couple middle of the road ASUS routers, and like them.
RT-AC66W
RT-N66U
I use the ASUS proprietary software. The AC66W is the router. The other is an access point. Happened that way just on account of order of purchase. Been running two or three years with no trouble and reasonable performance. |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5939
|
| Posted: Thu Jan 23, 2020 10:53 pm Post subject: |
|
|
i've run a gentoo router for a while, at first i was using a custom script with iptables and ipsets, but have since migrated to firehol. granted you need to set up dhcpd and friends by hand, but at least you're not at the mercy of (insert router vendor here). 
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
erm67
l33t
Joined: 01 Nov 2005
Posts: 653
Location: EU
|
| Posted: Fri Jan 24, 2020 8:24 am Post subject: |
|
|
The problem, as always, is ADSL/VDSL/modem drivers which are proprietary.
Otherwise a modem/router supported by openwrt is probably the best
https://openwrt.org/toh/recommended_routers
official PF sense are probably expensive:
https://www.pfsense.org/products/
Are you sure that you really need a router? If all the traffic is inside the local eth network + internet access maybe you need a good switch combined with a small modem/router/AP. The built-in switch in most modems are not very good ...
_________________
Ok boomer
True ignorance is not the absence of knowledge, but the refusal to acquire it.
Ab esse ad posse valet, a posse ad esse non valet consequentia
My fediverse account: @erm67@erm67.dynu.net |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5939
|
| Posted: Fri Jan 24, 2020 12:23 pm Post subject: |
|
|
the reason i run my own is because any amount of p2p would crush those consumer routers, even if i was nowhere near bandwidth limits... they make them cheap for a reason.
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
erm67
l33t
Joined: 01 Nov 2005
Posts: 653
Location: EU
|
| Posted: Fri Jan 24, 2020 1:34 pm Post subject: |
|
|
I had the same problem running transmission on the router, but IMHO the router/firewall should do just that, so I moved transmission to a separate server and tuned a bit the router, now it's fast.
| Code: |
root@dsldevice:~# conntrack -l
.......
conntrack v1.4.2 (conntrack-tools): 846 flow entries have been shown.
|
_________________
Ok boomer
True ignorance is not the absence of knowledge, but the refusal to acquire it.
Ab esse ad posse valet, a posse ad esse non valet consequentia
My fediverse account: @erm67@erm67.dynu.net |
|
| Back to top |
|
|
Tony0945
Watchman
Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA
|
| Posted: Fri Jan 24, 2020 3:16 pm Post subject: |
|
|
| erm67 wrote: | | The problem, as always, is ADSL/VDSL/modem drivers which are proprietary. . |
No problem, I have a cable modem, you can even connect a PC directly.
| erm67 wrote: |
Are you sure that you really need a router? If all the traffic is inside the local eth network + internet access maybe you need a good switch combined with a small modem/router/AP. The built-in switch in most modems are not very good ... |
I do for internet access. The DLink router has four LAN ports but I only use one. I have a ten port TP-Link unmanaged switch that connects to everything else with one port connected to the router LAN port. |
|
| Back to top |
|
|
Tony0945
Watchman
Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA
|
| Posted: Fri Jan 24, 2020 3:30 pm Post subject: |
|
|
| bunder wrote: | | i've run a gentoo router for a while, at first i was using a custom script with iptables and ipsets, but have since migrated to firehol. granted you need to set up dhcpd and friends by hand, but at least you're not at the mercy of (insert router vendor here). |
I already have dhcpd shut off on the router and running as a service on my file server that runs 24/7. With a Gentoo router, it would be a simple task of copying that installation to the Gentoo router.
Perhaps I should run the file server as a router? I just feel queasy about having the files so close to the internet.
I run dnsmasq on that file server too. I don't want to use DLINK's DNS servers.
---------------------------
A big stumbling block has been writing a nice web interface for a Gentoo router, since I have never witten any html/php.
When I woke up this morning I realized that with a PC router I don't need a web interface. I had been planning to forego X, but Openbox with a wxwidgets interface can be accessed by all my PC's using rdp. I definitely know how to write and bebug wxwidgets C++ code.
firehol, shorewall, bare iptables - that would be the next major decision. |
|
| Back to top |
|
|
erm67
l33t
Joined: 01 Nov 2005
Posts: 653
Location: EU
|
| Posted: Fri Jan 24, 2020 3:51 pm Post subject: |
|
|
| Tony0945 wrote: | | erm67 wrote: | | The problem, as always, is ADSL/VDSL/modem drivers which are proprietary. . |
No problem, I have a cable modem, you can even connect a PC directly.
| erm67 wrote: |
Are you sure that you really need a router? If all the traffic is inside the local eth network + internet access maybe you need a good switch combined with a small modem/router/AP. The built-in switch in most modems are not very good ... |
I do for internet access. The DLink router has four LAN ports but I only use one. I have a ten port TP-Link unmanaged switch that connects to everything else with one port connected to the router LAN port. |
more or less like me, basically a wireless AP/firewall,
an AC3000 access point /router is overkill? You said wifi is not so important .... (the 3Gbits is the combined speed of multiple clients not the speed of a single conncetion)
try a AC1200 instead, they are a lot cheaper.
_________________
Ok boomer
True ignorance is not the absence of knowledge, but the refusal to acquire it.
Ab esse ad posse valet, a posse ad esse non valet consequentia
My fediverse account: @erm67@erm67.dynu.net
Last edited by erm67 on Fri Jan 24, 2020 3:53 pm; edited 1 time in total |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5939
|
| Posted: Fri Jan 24, 2020 3:52 pm Post subject: |
|
|
| Tony0945 wrote: | | Perhaps I should run the file server as a router? I just feel queasy about having the files so close to the internet. |
in theory, if the firewall is configured properly, it should be invisible to the internet except for what you have port forwarded to hosts or VM's on the inside. but that's been a huge debate for ages now.
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54650
Location: 56N 3W
|
| Posted: Fri Jan 24, 2020 7:41 pm Post subject: |
|
|
Tony0945,
My router is a gentoo KVM on a gentoo server.
For a long time, I used Smoothwall. It has a nice shiny web interface but when I wanted to move to a KVM, it would not install.
I installed Gentoo in the KVM along with the bits and pieces of Smoothwall that I actually used.
I moved to VDSL a while ago and Openreach provided a VDSL to PPPoE bridge doda to interface to my router. In those days, it was a home visit.
The engineer could not get his head round my router being a piece of software in a system in my garage.
I use shorewall to write iptables rule for me. I don't recommend it for new installs until | https://en.wikipedia.org/wiki/Shorewall wrote: | | On 18 February 2019, primary developer Tom Eastep announced that he is retiring from the project. |
its future is determined.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
Tony0945
Watchman
Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA
|
| Posted: Fri Jan 24, 2020 11:54 pm Post subject: |
|
|
| NeddySeagoon wrote: | | The engineer could not get his head round my router being a piece of software in a system in my garage. |
I'll bet!
The idea of having the DHCP, DNS, and NAT all on one box is intriguing.
As I've said in another thread, I have an Intel GB PCI-e card available and plenty of short cables. The server is only about four feet from the cable modem.
The builtin is Realtek r8169 and the card is Intel e1000 so an eudev rule making the r8169 lan0 and the e1000 wan0 should be easy.
It's very tempting but the CPU is a Kaveri APU
| Code: | Trantor ~ # lscpu | grep Model
Model: 48
Model name: AMD A8-7600 Radeon R7, 10 Compute Cores 4C+6G
Trantor ~ # free -h
total used free shared buff/cache available
Mem: 14Gi 107Mi 10Gi 1.0Mi 4.2Gi 14Gi
Swap: 0B 0B 0B
|
More memory than I remember.
That box already has openbox and a browser, just in case I need to access the router or modem nearby.
But is all this a strain on the Kaveri? | Code: | # hdparm -I /dev/sd? |grep Model
Model Number: Crucial_CT250MX200SSD1
Model Number: WDC WD5001FZWX-00ZHUA0
Model Number: WDC WD1003FZEX-00K3CA0
|
System (Gentoo stable) is on a SATA SSD, mass storage on two SATA Hard Drives. My video collection is on the big one.
I can put the DIR-655 into AP mode.
It does start to come together.
Best not to put the GUI on root logon. Maybe create user & group "admin" or "router" |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54650
Location: 56N 3W
|
| Posted: Sat Jan 25, 2020 12:15 am Post subject: |
|
|
Tony0945
My bare metal server (Gen 7 HP Microserver) shows
| Code: | roy@Eccles_2 ~ $ lscpu | grep Model
Model: 6
Model name: AMD Turion(tm) II Neo N40L Dual-Core Processor
roy@Eccles_2 ~ $ free -h
total used free shared buff/cache available
Mem: 15Gi 6.2Gi 153Mi 0.0Ki 9.3Gi 9.1Gi
Swap: 8.0Gi 15Mi 8.0Gi
roy@Eccles_2 ~ $ |
The KVM running the router claims
| Code: | router ~ # lscpu | grep Model
Model: 2
Model name: AMD Phenom(tm) 9550 Quad-Core Processor
router ~ # free -h
total used free shared buff/cache available
Mem: 2.0Gi 38Mi 1.7Gi 0.0Ki 266Mi 1.8Gi
Swap: 487Mi 0B 487Mi
router ~ # |
Router has two cores as the bare metal only has two cores. It needs 2G RAM to build gcc.
The bare metal shows | Code: | | top - 00:04:06 up 45 days, 11:37, 1 user, load average: 0.01, 0.10, 0.08 |
There is nothing very strenuous. KVMs for a media server, a mail server, the router (IPv4 and IPv6) and my VPN end point, for mobile devices when I'm out and about.
The mail server also does my private rsync mirror and runs http-replicator.
Nothing has a GUI. Networking is a 4 port Intel card. Storage is 4x4TB HGST drives in raid5
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
Tony0945
Watchman
Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA
|
| Posted: Sat Jan 25, 2020 12:35 am Post subject: |
|
|
A GUI isn't needed, true. It's just nice to have.
Neddy, how much resource is consumed while streaming or heavy uploading/downloading? |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54650
Location: 56N 3W
|
| Posted: Sat Jan 25, 2020 12:56 am Post subject: |
|
|
Tony0945,
Streaming 3 DVDs over NFS from the media server and a ssh connection to the bare metal.
The media server will not go through the router.
| Code: | top - 00:45:47 up 45 days, 12:18, 2 users, load average: 0.33, 0.24, 0.14
Tasks: 124 total, 1 running, 123 sleeping, 0 stopped, 0 zombie
%Cpu(s): 3.0 us, 1.8 sy, 0.0 ni, 94.1 id, 0.0 wa, 0.0 hi, 1.0 si, 0.0 st
MiB Mem : 15992.1 total, 168.8 free, 6354.0 used, 9469.3 buff/cache
MiB Swap: 8192.0 total, 8176.2 free, 15.8 used. 9361.5 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
3590 qemu 20 0 3054248 2.0g 14324 S 8.3 12.8 138:51.41 qemu-system-x86
3595 root 20 0 0 0 0 S 1.7 0.0 2:37.52 vhost-3590
3558 qemu 20 0 2752104 2.0g 14464 S 1.0 13.1 953:24.72 qemu-system-x86
3620 qemu 20 0 2727380 2.0g 14416 S 0.7 13.0 1445:35 qemu-system-x86 |
Streaming one 4k video from youtube.
| Code: | top - 00:50:30 up 45 days, 12:23, 2 users, load average: 0.41, 0.24, 0.14
Tasks: 124 total, 1 running, 123 sleeping, 0 stopped, 0 zombie
%Cpu(s): 6.9 us, 8.3 sy, 0.0 ni, 83.4 id, 0.0 wa, 0.0 hi, 1.4 si, 0.0 st
MiB Mem : 15992.1 total, 153.0 free, 6354.7 used, 9484.4 buff/cache
MiB Swap: 8192.0 total, 8176.2 free, 15.8 used. 9360.8 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
3558 qemu 20 0 2752104 2.0g 14464 S 23.3 13.1 953:46.29 qemu-system-x86 |
About 25% of the bare metal CPU is used but its only running at 800MHz
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
Tony0945
Watchman
Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA
|
| Posted: Sat Jan 25, 2020 1:08 am Post subject: |
|
|
Given that the Kaveri is rated higher (Passmark 5057) than your Turion (Passmark 930), it certainly seems up to the job.
The Realtek built-in gets some bum wraps but it has a 1000 Mbps rating while I have 30MBps service (might upgrade to 100), so it should handle traffic well.
I was concerned about the CPU which bogs down compiling updates, but it looks like this is a definite contender to a commercial router.
A point in faver is that I'm 99% sure that the Gentoo software isn't hiding spyware or some other back door. |
|
| Back to top |
|
|
Tony0945
Watchman
Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA
|
| Posted: Sat Jan 25, 2020 1:14 am Post subject: |
|
|
cboldt,
Your input is appreciated. the RT-AC66W would have a big wireless upgrade. But $170 vs hardware on hand is driving me back to the Gentoo router.
I appreciate your prompt response. |
|
| Back to top |
|
|
Tony0945
Watchman
Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA
|
| Posted: Sat Jan 25, 2020 1:19 am Post subject: |
|
|
Just wanted to mention that I bought a cheap Buffalo N400 a while back and put it in AP mode. List was $12 and I bought it on sale for $8.
Hardware is surprisingly good. Software .... It has a setting to reboot periodically (5 days max setting) to clear firmware glitches. (REALLY!)
Probably programmed by the same $9 an hour "software engineers" that programmed the Boeing 737MAX.
No way would I put it on the internet. |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54650
Location: 56N 3W
|
| Posted: Sat Jan 25, 2020 1:24 am Post subject: |
|
|
Tony0945,
| Code: | router ~ # cat /var/lib/portage/world
app-admin/metalog
app-admin/sudo
app-admin/ulogd
app-editors/nano
app-misc/screen
app-portage/gentoolkit
app-portage/ufed
app-text/wgetpaste
net-analyzer/snort
net-analyzer/tcpdump
net-analyzer/traceroute
net-dialup/ppp
net-dialup/xl2tpd
net-dns/unbound
net-firewall/shorewall
net-misc/dhcp
net-misc/dhcpcd
net-misc/ntp
net-misc/radvd
net-proxy/squid
net-vpn/strongswan
sys-apps/ethtool
sys-apps/pciutils
sys-apps/portage
sys-apps/usermode-utilities
sys-boot/grub-static
sys-devel/gettext
sys-fs/eudev
sys-kernel/gentoo-sources
sys-libs/gpm
sys-process/dcron
sys-process/lsof
router ~ # |
Its not much is it?
net-misc/radvd is only for IPv6
net-dialup/ppp is for my uplink, which is PPPoE
net-vpn/strongswan can go. It has its own KVM.
app-admin/sudo ... there is only a root account
| Code: | router ~ # df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/root ext4 17G 7.2G 8.8G 45% /
devtmpfs devtmpfs 10M 0 10M 0% /dev
tmpfs tmpfs 200M 520K 200M 1% /run
shm tmpfs 1000M 12K 1000M 1% /dev/shm
/dev/vda4 ext4 1.8G 2.8M 1.7G 1% /home |
There will be a few GB of junk in there too. /home is wasted.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
erm67
l33t
Joined: 01 Nov 2005
Posts: 653
Location: EU
|
| Posted: Sat Jan 25, 2020 8:20 am Post subject: |
|
|
| Tony0945 wrote: | | Just wanted to mention that I bought a cheap Buffalo N400 a while back and put it in AP mode |
Did you check if you can put openwrt on it? It probably doesn't have enough ram however ......
_________________
Ok boomer
True ignorance is not the absence of knowledge, but the refusal to acquire it.
Ab esse ad posse valet, a posse ad esse non valet consequentia
My fediverse account: @erm67@erm67.dynu.net |
|
| Back to top |
|
|
cboldt
Veteran
Joined: 24 Aug 2005
Posts: 1046
|
| Posted: Sat Jan 25, 2020 1:05 pm Post subject: |
|
|
Something makes me think the ASUS routers were about $100 each - bought on sale or refurbs or similar. The second one was essentially a "range extender" at the other end of a cable, not a router.
The LAN here uses dnsmasq for assigning IP addresses, so the router provides two network functions, basically, WAN to LAN firewall, directing incoming traffic to selected machines; and wireless LAN access. I'd say I get the benefit of low power drain using the router, but the "main" server here (mail, print, dnsmasq) is on a laptop (Thinkpad X201) and stays up on battery more than 10 hours as long as display is dark.
The X201 has enough computing power to act as router too. Somewhat inertia on my part to have a purchased router in the mix, but it is also the first source of wireless, and something had to go between the cable modem and the rest of the LAN anyway. The mail/print server (and sshd contact point to outside world) and doc/music/photo (mass storage) server are separate machines, with the mass storage machine able to "do it all" if the mail/print server goes down. That arrangement harks back to a makeshift screenless laptop pressed into service when the big iron had a motherboard die. Having a "two machine server" arrangement (one laptop, one mid-tower) ended up being pretty cheap redundancy. I need the email - music and photos can be down for a few days and not screw up my paying job. |
|
| Back to top |
|
|
AlexJGreen
Tux's lil' helper
Joined: 19 Sep 2018
Posts: 149
|
| Posted: Sun Jan 26, 2020 1:11 am Post subject: |
|
|
_
Last edited by AlexJGreen on Mon Dec 28, 2020 3:21 am; edited 1 time in total |
|
| Back to top |
|
|
figueroa
Advocate
Joined: 14 Aug 2005
Posts: 3007
Location: Edge of marsh USA
|
| Posted: Sun Jan 26, 2020 4:02 am Post subject: |
|
|
| erm67 wrote: | | Are you sure that you really need a router? If all the traffic is inside the local eth network + internet access maybe you need a good switch combined with a small modem/router/AP. The built-in switch in most modems are not very good ... |
Of course one needs a router. What are you thinking? A router is what gives you NAT. Whatever you do should be on the LAN side of the router while only the router is directly exposed to the Internet.
_________________
Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
| Back to top |
|
|
erm67
l33t
Joined: 01 Nov 2005
Posts: 653
Location: EU
|
| Posted: Sun Jan 26, 2020 8:43 am Post subject: |
|
|
| figueroa wrote: | | erm67 wrote: | | Are you sure that you really need a router? If all the traffic is inside the local eth network + internet access maybe you need a good switch combined with a small modem/router/AP. The built-in switch in most modems are not very good ... |
Of course one needs a router. What are you thinking? A router is what gives you NAT. Whatever you do should be on the LAN side of the router while only the router is directly exposed to the Internet. |
Are you sure that it is wise to expose routers directly to the internet without a firewall? I thought that a router forwards data packets between computer networks, while a firewall is directly exposed to the internet and doespacket filtering and NAT  If for you firewalls are routers how do you call routers? Oh yes "soho all-in one router/firewall/switch/modem" was too long .....
There is nothing to route in his setup he already has a bridging comcast modem all he needs is a firewall, maybe in a VM, like Neddy, he only has a switch + a VDSL modem configured for PPPoE relay and uses a VM on the home server as firewall. There is no physical "soho all-in one router".
BTW Neddy did you ask your provider if you can configure the modem (dodo) in RFC 2684 bridge and do without PPPoE passthrough/relay, some providers permit that and it is faster and better. PPP causes some latency and problems with dual stack ipv4/ipv6...
I used that configuration with my previous provider and was a lot better than the mandatory all-in-one that I must use with my current provider, the only "good" thing is that they update the firmware remotely regularly .... losing my settings sometimes.
_________________
Ok boomer
True ignorance is not the absence of knowledge, but the refusal to acquire it.
Ab esse ad posse valet, a posse ad esse non valet consequentia
My fediverse account: @erm67@erm67.dynu.net |
|
| Back to top |
|
|
C5ace
Guru
Joined: 23 Dec 2013
Posts: 488
Location: Brisbane, Australia
|
| Posted: Sun Jan 26, 2020 10:12 am Post subject: |
|
|
I just purchased this one:
https://www.umart.com.au/Netgear-D6200-Gigabit-WiFi-Modem-Router_24716G.html
Works very well.
Price excluding tax is $41.10 Australian Dollars or about $26.90 US-Dollars.
_________________
Observation after 30 years working with computers:
All software has known and unknown bugs and vulnerabilities. Especially software written in complex, unstable and object oriented languages such as perl, python, C++, C#, Rust and the likes. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Gentoo Chat
