OVERKILL
$100 Site Donor 2021
That's OK, you could always try following the guide, if you have the spare hardware around, if not, there are other options that are less likely to be prone to compromise.
Building a home firewall - guide
- Thread starter OVERKILL
- Start date
I have a wifi maker (rotter?) that's it I think. I forget the brand though.
I did put a password on it, though no reason to, doesn't shoot out signal beyond my place, never mind my land. Neighbors are several few minutes walk one way and probably 2 or 3 miles the other.
OVERKILL
$100 Site Donor 2021
Well, that's a good place to start. The brand and model and whether it has ever been updated.
Revyee wifi 6 ax3200 (i looked up the Amazon order). Got it Aug 2022
OVERKILL
$100 Site Donor 2021
OK, so, like TP-Link, that's a Chinese brand, headquartered in China. The parent company is Ruijie, headquartered in Beijing.
Not great.
However, this unit is supported by OpenWRT from the looks of things:
[OpenWrt Wiki] Reyee RG-E5
Do you have any friends who are techie?
How well do you think this would run as a virtual machine ? I've got a lot of spare horsepower on my home media/nas server. (and spare NICs)
OVERKILL
$100 Site Donor 2021
Quite well, they are not resource intensive.
Do dogs count?
Few people I call every few months barely have flip phones.
I've been trying for2 years to get wifi outside for my cameras and driveway alarm. No luck so far.
Bought some Obeeboogee (??) "Easy to setup" install. Sent it back, was certainly not easy.
JHZR2
Staff member
I don’t know enough about this stuff. So is this for anyone that wants to have a firewall between their isp and their connected stuff? Would one change router settings? Turn off the built in router security stuff and rely on this device? Let both run in serial connection?
OVERKILL
$100 Site Donor 2021
If you've got an existing wireless router (which most people do) you'd turn it into a glorified access point and let this device handle NAT/PAT, traffic filtering, DHCP...etc.
JHZR2
Staff member
Ok sorry for being dense. Why??
Bear with me please, I’m slow…
This provides “protection” from the isp, in this case, Fios, which gives me an Ethernet cable from my ONT.
Why would it matter if the router I have (ASUS with MerlinWRT) does dhcp and whatnot, versus this thing?
Does the ubiquiti unit provide me some isolation from hacks/attacks/snooping/app call home/whatever??
I assume regardless of what does dhcp and whatnot, this ubiquiti thing gives me a superior firewall and protects me. Simple as that.
Sorry, I work high tech engineering but networking isn’t my thing. But protection is important to me.
Thanks!
To keep it simple you dont want 2 routers in series with NAT DHCP etc.
since the unifi gear has IDS/IPS and actually gets security patches in a timely manner you want that facing the internet.
all that is left is to have a device that provides wifi signal (wireless access point) so you either buy a WAP or turn your current wifi router into a wap.. most have that mode. Since its not connected directly to the internet its security flaws are mitigated.
Note: unifi express doesnt have ids/ips.. but it still a better option than most.. and includes a wifi 6 wap.
Also the cloud ultra is currently OOS but available from resellers.... such as B&H with no markup (many resellers have markup)
since the unifi gear has IDS/IPS and actually gets security patches in a timely manner you want that facing the internet.
all that is left is to have a device that provides wifi signal (wireless access point) so you either buy a WAP or turn your current wifi router into a wap.. most have that mode. Since its not connected directly to the internet its security flaws are mitigated.
Note: unifi express doesnt have ids/ips.. but it still a better option than most.. and includes a wifi 6 wap.
Also the cloud ultra is currently OOS but available from resellers.... such as B&H with no markup (many resellers have markup)
Last edited:
After the recent thread, I dusted off an old single core Atom mini-ITX box and refreshed the with the latest version of IPFire. It's about 13 years old, is just about the first gen Atom with 64 bit instructions with 2gb of ram. Testing to ensue.
In terms of performance, you'd be fine. It's not a recommended configuration, though. You would effectively have a single physical machine both inside and outside the firewall at the same time.
JHZR2
Staff member
Whats to say that an ASUS router with MerlinWRT has more security flaws than the ubiquiti? Purely objective question as I don’t know.
I'm not familiar with Merlinwrt and it's differences as compared to the other open source firmwares.
It's better than Chinese brand firmware and it is Asus hardware but when was the last time they had security patches would be my question. Ubiquiti has a business model and paid people. It's also low commercial or prosumer level products.
It's better than Chinese brand firmware and it is Asus hardware but when was the last time they had security patches would be my question. Ubiquiti has a business model and paid people. It's also low commercial or prosumer level products.
OVERKILL
$100 Site Donor 2021
Looks like the oldest CVE is from 2022:
CVE - Search Results (mitre.org)
And it's not that severe.
What firmware, and the date, are you running?
JHZR2
Staff member
| 3004.388.6_2 |
Nice overview. I ran Pfsense (and OPNsense briefly) for a few years on a Dell Optiplex. Both were very stable, but I found the Pfsense documentation to be more thorough.
To maximize the amount of time my UPS can keep my internet connection online during a power outage I looked for a less power-hungry appliance than a used PC. I ended up buying a Netgate 1100 and have been very happy with it.
To maximize the amount of time my UPS can keep my internet connection online during a power outage I looked for a less power-hungry appliance than a used PC. I ended up buying a Netgate 1100 and have been very happy with it.
JHZR2
Staff member
I ordered one from B&H. Should arrive Tuesday.
Any hints on setting it up? It will take data from my Fios ONT via Ethernet, and feed an ASUS AX-58…
