Mega home network upgrade

Sinn Fein

Infidel and White Interloper
Wackbag Staff
#1
I mentioned in the cable cutting thread that I was going to put together a pfSense box. I could not be happier with how it all works and what I learned during the process. I think I finally got everything set up how I want. Performance is flawless. I am running the popular add-on packages:

Snort (intrusion detection)
Squid (transparent caching proxy)
SquidGuard (add-on for the proxy that blacklists undesirable sites)
pfBlockerNG (blocks ads and malvertising)

Everything is super fast, plus most ads and such are blocked. Hopefully this will minimize the damage caused by my wife who clicks on everything which leads to me having to disinfect her computer fairly frequently.

Since it has a quad-port NIC, I created three separate LAN networks with separate subnets. One has almost everything on it (PCs, laptops, Roku, smart TVs, tablets, smartphones, and so forth). One is for my DirecTV stuff, and one for my Ooma device. Everything is firewalled, so each network is truly separate. If either Ooma or DirecTV ever have a security breach, the rest of my stuff is protected.

Once this was all done, I decided to upgrade my WiFi. I went with Ubiquiti after looking at the various mesh systems. On the eBay I found someone selling three APs that were never used because they didn't know enough to get them working. I think I got a pretty good deal. I'm using a Raspberry Pi 3 B as the Unifi controller.

If you are in the mood to tinker around and learn a few things, I highly recommend a pfSense box instead of a standard consumer grade router. The performance and security are well worth it.
 

domelogic

Registered User
#2
I am going to guess this is for IT people because I have no idea what the hell you just wrote.
 

Sinn Fein

Infidel and White Interloper
Wackbag Staff
#3
I am going to guess this is for IT people because I have no idea what the hell you just wrote.
Pretty much, I guess... It's been a while since I actually enjoyed doing any "work" on my own stuff. For years I got into a funk, basically being a typical a-hole end user, and just wanted everything to work without any bullshit.

Even though I do this stuff for a living, there are some areas where I only know just enough to be dangerous. There was a little bit of a learning curve for me to figure some of it out, but it wasn't too bad. I learned a lot, which is always a good thing.
 

JoeyDVDZ

Well-Known Member
Donator
#4
I have the option of creating multiple firewalled VLAN's but I could be assed to even do so. I like to keep it simple at home. Too much of that shit to think about at work, hate to be the IT geek when I'm kicking at home. I do like to fuck around with other tech shit, like I'm slowly but surely building myself an audio studio now, so I'm teaching myself all the stuff that goes into that.
 

Mommadeez4u

Bastard coated bastard w/ bastard filling
#5
I'm happy for you but all I heard was that muted trumpet noise when an adult talks in any Peanuts cartoon
 
#8
Ubiquiti makes some good networking gear on a cost for performance basis. Residential pricing but you get all the commercial features and great scalability

Installed a pair of these a few years ago for a company that was remodeling their building and moved up the street during the renovation. They kept their old network running at the original site and used this to bridge to another building. Thing ran on POE, but at a slightly higher voltage/wattage. They also make a pretty slick outdoor rated ethernet cable: TOUGHcable.

 

Bobobie

Registered User
#9
I didn't understand most of it either and once figured out how to extend a single NIC connection 600 Feet using a Two Port Switch. I thought that was pretty clever ... guess not.
 

JoeyDVDZ

Well-Known Member
Donator
#10
I didn't understand most of it either and once figured out how to extend a single NIC connection 600 Feet using a Two Port Switch. I thought that was pretty clever ... guess not.
Meh. Points for knowing the term "two port switch".
 

Sinn Fein

Infidel and White Interloper
Wackbag Staff
#11
Ubiquiti makes some good networking gear on a cost for performance basis. Residential pricing but you get all the commercial features and great scalability
And you don't have to pay a license fee every three years to use it, as is the case with Cisco/Meraki.
 

Sinn Fein

Infidel and White Interloper
Wackbag Staff
#13
A bit of an update... I'm now up to five Ubiquiti APs, because I wasn't getting sufficient WiFI coverage outside for the security cameras. I also upgraded my network switches to Netgear smart switches. If I ever have the time to learn how to implement VLANs, I am going to do that.

The last pfSense software update broke my install, in a minor way. No matter what I do, I cannot get pfBlockerNG working again. Since I had the Raspberry Pi sitting here doing nothing but running my Unifi controller, I threw Pi-Hole on it. It works great. I really wasn't keen on relying on the Pi as my only DNS server, so I installed Pi-hole in Docker on my Synology to run as a secondary DNS server.

It worked on the Synology, but there's unresolved issues - I cannot modify the whitelist or blacklist. Poking around on Reddit tells me those problems have existed within that implementation for quite some time. That leads me to believe they will never be fixed. So, I decided to scrap that idea and just ordered another Pi so I can have a secondary DNS server in case the original Pi fails.
 

ruckstande

Posts mostly from the shitter.
Donator
#14
A bit of an update... I'm now up to five Ubiquiti APs, because I wasn't getting sufficient WiFI coverage outside for the security cameras. I also upgraded my network switches to Netgear smart switches. If I ever have the time to learn how to implement VLANs, I am going to do that.

The last pfSense software update broke my install, in a minor way. No matter what I do, I cannot get pfBlockerNG working again. Since I had the Raspberry Pi sitting here doing nothing but running my Unifi controller, I threw Pi-Hole on it. It works great. I really wasn't keen on relying on the Pi as my only DNS server, so I installed Pi-hole in Docker on my Synology to run as a secondary DNS server.

It worked on the Synology, but there's unresolved issues - I cannot modify the whitelist or blacklist. Poking around on Reddit tells me those problems have existed within that implementation for quite some time. That leads me to believe they will never be fixed. So, I decided to scrap that idea and just ordered another Pi so I can have a secondary DNS server in case the original Pi fails.
You lost me at Sunday.
 
Top