Upgrading Home Network - Need Advice

The #1 community for Gun Owners of the Northeast

Member Benefits:

  • No ad networks!
  • Discuss all aspects of firearm ownership
  • Discuss anti-gun legislation
  • Buy, sell, and trade in the classified section
  • Chat with Local gun shops, ranges, trainers & other businesses
  • Discover free outdoor shooting areas
  • View up to date on firearm-related events
  • Share photos & video with other members
  • ...and so much more!
  • ToolAA

    Ultimate Member
    MDS Supporter
    Jun 17, 2016
    10,500
    God's Country
    Depending on your use case it might be cheaper to go with something that can fit a spinning hard drive. 1G ethernet is slower than pretty much any modern hard drive, so unless you are planning on doing IOPS heavy workload in it like a database i doubt that it is worth it.


    Mostly just laptop backups, music, documents, photos. Not really intended to be a media server or anything so 1GB connection is probably ok.

    I got tied of updating and supporting my own home built Linux servers and firewalls years ago. I've been using Synology NAS for a long time now and it just works without having to mess with it much. You can get a small 2 bay for <$200 + disks and it will even run pihole if that's what you want. If you want to learn then doing your own is a good project though


    I get a bit excited about learning new stuff but your comment rings true, I really don’t want to add any new significant routine maintenance tasks to my life.

    Though I happily brew things up for all sorts of uses, I’m up to ... let’s see ... maybe 10 Synology devices doing things in various roles. Gotta say, have been very useful. Mostly has NAS for VMs and backup dumping grounds, but there’s a solid ecosystem of productivity and networking/security apps.


    My goal is low power, no fan noise for the few devices I have in my equipment closet. It seems like every NAS I have ever owned were extremely noisy. The spinning fan and drives just seem like the common weak point. I’m looking at some of the new Samsung SSD drives that claim 750TB read/write reliability. If I run two in raid configuration I doubt I would ever come close to reaching the failure threshold. I would probably disable the fan on drive enclosure.
     

    ToolAA

    Ultimate Member
    MDS Supporter
    Jun 17, 2016
    10,500
    God's Country
    I have the Netgate 3100 for the simple reason that I upgraded to 1Gig Fios. I had a smaller one prior to that. Pfsense is pretty easy to use.

    As far as pihole goes, I’m actually running it on a raspberry pi.


    Thanks. After the discussion here, I am going forward with the SG-3100. They are currently out of stock but I don’t have a firm timeline.

    Regarding the PiHole do you find that sometimes legitimate sites you try to access wont load? Its not a problem for me, but if my wife cant access CBS the Bachelor/Bachelorette for any reason, then it’s going down in the Toolaa house.
     

    Derek1320

    Active Member
    Nov 10, 2009
    791
    Regarding the PiHole do you find that sometimes legitimate sites you try to access wont load? Its not a problem for me, but if my wife cant access CBS the Bachelor/Bachelorette for any reason, then it’s going down in the Toolaa house.

    I haven't stumbled across this yet, using the standard blocklist. Loading tiles in Hulu slowed down quite a bit on my Firestick but Hulu sucks so I got rid of it. It didn't seem to affect other Firestick apps, Netflix kept working fine.
     

    ToolAA

    Ultimate Member
    MDS Supporter
    Jun 17, 2016
    10,500
    God's Country
    Ok another neophyte question for those more familiar with network administration than I.

    I ordered a small Synology NAS and I’m researching some of the extended capabilities.

    It seems that there are some benefits to setting up a DNS on your home network. Mainly you seem to be sharing one less piece of personal data with Google and your ISP. Maybe also a slight bump in speed.

    On the topic of ISP’s capabilities to block DNS to specific sites by eliminating the DN from their servers. Does it make sense to setup my own UnBound DNS? Does this mean that if somehow MDShooters.com is blacklisted, I wouldn’t have any interruption by using my own DNS?
     

    euler357

    ,
    Industry Partner
    MDS Supporter
    Apr 6, 2011
    584
    Odenton, Marylandistan
    I believe that you can just run PiHole on the Synology and add routes to it if there is DNS shenanigans going on. I have never tried Unbound. You are likely already using your router as a caching DNS which limits some of the repeated hits to external DNS. The benefit of PiHole is to block spam / junk / ads / etc. You can whitelist things if you have issues with it blocking too much or switch DNS blacklists.

    I used to run PiHole but am not running it at the moment.
     

    Occam

    Not Even ONE Indictment
    MDS Supporter
    Feb 24, 2018
    20,239
    Montgomery County
    On the topic of ISP’s capabilities to block DNS to specific sites by eliminating the DN from their servers. Does it make sense to setup my own UnBound DNS? Does this mean that if somehow MDShooters.com is blacklisted, I wouldn’t have any interruption by using my own DNS?

    If you run local DNS, that local DNS still has to have a way to reach out and resolve domain names it doesn't already know about. You could hardwire that local DNS to hand you back certain domains (like MDS) from a local list (though you could also just edit the HOSTS file on your PC ... not as easy with your phone or tablet, etc), but when you want to click on a search result for an obscure drill bit vendor you've never visited before, your local DNS is at sea unless it knows how to go out and hunt down unknown domains.

    When your normal user connects to an ISP using their cable modem or whatnot, that ISP hands you an IP address and also bundles up, through the DHCP protocol, things like where your gateway IP is, and a couple of recommended name servers for you to use. Those are usually name servers run by the ISP (say, Verizon) so they can keep that traffic in-house, and cut down on huge numbers of lookups traversing their network to the outside world so a million of their customers can resolve "UPS.COM" every day. Their own name servers look it up, cache it according to the domain's TTL (time-to-live) so that it doesn't have to reinvent the wheel for every lookup.

    An in-house DNS running on your Synology device will play the same role. Which is to say, it will answer your device's name resolution requests without looking to the outside world if it considers that information fresh enough from the last time it looked it up - or, if you've defined some entries (like MDS) to be considered locally authoritative, thus never looking to the outside world.

    Historically, I've told lots of infrastructure to ignore the local ISP's name servers, and to instead ask Google's name servers (8.8.8.8, 8.8.4.4) where things are. Obviously, I now have good motivation to stop allowing Google to be authoritative on that front, even though their name servers are geographically diverse and very fast to respond. Can't trust them any longer to be simply pass-through and neutral on that front.

    A strong contender is DNS.WATCH (https://dns.watch/), which offers the use of:

    84.200.69.80 and 84.200.70.40

    as public-access DNS which they say is UNCENSORED and DOES NOT LOG REQUESTS. I'm betting their traffic has quadrupled over the last couple of weeks.
     

    Alan3413

    Ultimate Member
    Mar 4, 2013
    16,929
    I used to run a dns server on a Server 2008 machine. Just like your ISP, it would use root hints to seek out the authoritative name server for a given domain.

    I actually found it slower than using a hosted dns server. These days, the server only handles internal queries and forwards external queries. I've found Cloudflare (1.1.1.1) faster than Google (8.8.8.8),.
     

    Alan3413

    Ultimate Member
    Mar 4, 2013
    16,929
    Not sure if the OP has decided, but it's worth while to run Snort as an intrusion detection app on your firewall/IDS device. Firewalls keep the bad guys out. They don't do anything if they're already inside. Intrusion detection systems can do both. They analyze incoming traffic for suspect patterns, and help identify bad actors trying to phone home.

    Snort maintains lists of IPs of known infected (botnet), suspect, and bad-actor addresses. It also monitors suspicious traffic like bad http requests, SIP hacks (voip) and others. There are also "enterprise policy" categories that will attempt to block facebook, twitter and other social media sites, executable downloads via http and others. It is endlessly configurable.

    Snort periodically updates it's bad-IP and suspect traffic signatures. It has a free and subscription level. Subscription is $30 annually. It provides frequent updates. Free is generally about 4 weeks behind.

    Snort has a plugin for pfSense. Many other firewall/network appliances (Cisco, and possibly Ubiquiti) support some variant of Snort.

    There's also plugins that will parse Snort logs and display a map of the world showing where attacks on your address are coming from.
     

    Anotherpyr

    Ultimate Member
    Thanks. After the discussion here, I am going forward with the SG-3100. They are currently out of stock but I don’t have a firm timeline.

    Regarding the PiHole do you find that sometimes legitimate sites you try to access wont load? Its not a problem for me, but if my wife cant access CBS the Bachelor/Bachelorette for any reason, then it’s going down in the Toolaa house.

    PiHole issues? No. DNS provider selected? Yes. I’ve run into issues using Cloudflare and OpenDNS servers that block porn and malicious content blocking some legitimate sites. You can add sites to the PiHole’s whitelist if it does block something you access.
     

    ToolAA

    Ultimate Member
    MDS Supporter
    Jun 17, 2016
    10,500
    God's Country
    Crap, we use Fios for TV.

    Well, I'm locking things down as best I can until I do more research.


    You can get around the fios router issue like I noted above. Here are two links.

    Option - 1 setup the ActionTec router in bridge mode. More tech savvy to setup but cost about $20 if you buy a used ActionTec router and return your rented one back to Verizon. https://kb.netgear.com/23977/Will-my-NETGEAR-router-work-with-Verizon-FiOS


    Option - 2 purchase a Cat5 MoCA adapter. ($60). Easier to setup but cost a little more. https://www.wikihow.com/Use-Your-Own-Router-With-Verizon-FiOS
     

    ToolAA

    Ultimate Member
    MDS Supporter
    Jun 17, 2016
    10,500
    God's Country
    New question. I got my Ubiquiti AP’s and they are working great. Total coverage in the house. I got my Synology NAS partially setup. That was a great recommendation. I’m thinking about replacing the backup system at work with Synology.

    Here is my new question. I like the Ubiquiti Management software. Apparently you can set it up to run on a PC or Pi connected to the network. I would like to avoid adding yet another device. Does anyone know if I could install the Unifi controller on either the Netgate 3100 or on the Synology NAS?
     

    traveller

    The one with two L
    Nov 26, 2010
    18,270
    variable
    Here is my new question. I like the Ubiquiti Management software. Apparently you can set it up to run on a PC or Pi connected to the network. I would like to avoid adding yet another device. Does anyone know if I could install the Unifi controller on either the Netgate 3100 or on the Synology NAS?

    The APs dont need the management software to run all the time. I have the Unifi software on my laptop. The only time I need to fire it up if I want to upgrade firmware on the APs or something, other than that they are just doing their thing without further intervention.
     

    adit

    ReMember
    MDS Supporter
    Feb 20, 2013
    19,513
    DE
    New question. I got my Ubiquiti AP’s and they are working great. Total coverage in the house. I got my Synology NAS partially setup. That was a great recommendation. I’m thinking about replacing the backup system at work with Synology.

    Here is my new question. I like the Ubiquiti Management software. Apparently you can set it up to run on a PC or Pi connected to the network. I would like to avoid adding yet another device. Does anyone know if I could install the Unifi controller on either the Netgate 3100 or on the Synology NAS?

    The APs dont need the management software to run all the time. I have the Unifi software on my laptop. The only time I need to fire it up if I want to upgrade firmware on the APs or something, other than that they are just doing their thing without further intervention.

    I do the same. I have UniFi and Omada (TPLink) that I run from a laptop when I need it.

    You sorta can install UniFi on pfSense. I haven't done this since I changed my preference to the TPLink AP's. https://github.com/gozoinks/unifi-pfsense
     

    traveller

    The one with two L
    Nov 26, 2010
    18,270
    variable
    You can run Unifi on a Pi. If you want to keep an eye on what lives on your network, it may not be a bad idea to build a 'Network control appliance' that runs Unifi. Touch-screen with a bezel mounted somewhere on the wall that continuously shows you the monitoring screen on Unifi. It would use minimal power to do so.
     

    kool361

    Active Member
    Apr 16, 2020
    133
    Damascus
    It does seem to be overkill but it's your money. If you can hardwired is certainly the way to go but sometimes that just isn't going to work. You may want to think about what plan on fios you have. If it is something that is one of their cheaper versions you just can't get what your trying to do. I have the gigabit connection and it works flawlessly for me and my family.
     

    ToolAA

    Ultimate Member
    MDS Supporter
    Jun 17, 2016
    10,500
    God's Country
    You can run Unifi on a Pi. If you want to keep an eye on what lives on your network, it may not be a bad idea to build a 'Network control appliance' that runs Unifi. Touch-screen with a bezel mounted somewhere on the wall that continuously shows you the monitoring screen on Unifi. It would use minimal power to do so.

    I just discovered that I can install the Unifi software on the Synology NAS using the Docker App. At the last minute I decided to get the slightly better NAS the DS720+ Now in hindsight I'm glad some of you guys recommended the Synology, I've got a Netgear ReadyNAS at work and the Synology just blows it away in terms of functionality and ease of setup and use. Once I get everything figured out I'll be able to put PiHole, DNS and Unifi on the NAS.

    It's a solid product and one that I would recommend for any home user.
     

    ToolAA

    Ultimate Member
    MDS Supporter
    Jun 17, 2016
    10,500
    God's Country
    My SG-3100 came in Yesterday. I've been banging my head against the wall trying to configure ports 1 & 2 to be part of a Link Aggregated Port to connect to the switch. I finally seem to have figured it out but it's been 4-5 hrs of resetting the 3100 to default settings because I kept getting locked out of the LAN. However during the process I've come to really like the flexibility of pfsense. I see a lot of finely tuned customization opportunities and OpenVPN remote access.
     

    dealsearch

    Member
    Aug 21, 2020
    9
    I'd recommend to look into Eero. managed from a smart phone and is pretty good for me after I increased my plan with FIOS to 1gb/s
     

    Users who are viewing this thread

    Latest posts

    Forum statistics

    Threads
    274,938
    Messages
    7,259,652
    Members
    33,350
    Latest member
    Rotorboater

    Latest threads

    Top Bottom