• 1 Post
  • 11 Comments
Joined 1Y ago
cake
Cake day: Jul 04, 2023

help-circle
rss

I got a Netgear AC2000 (R6850) for cheap on sale, and it’s been working flawlessly so far




WIth my previous ISP, I swapped the ISP’s router with my OpenWRT’s and everything worked fine. With my current ISP, it appears that it’s not that simple to swap the router altogether. But I’ll be honest, the biggest factors are price and number of routers/switch. As I want 2.5gbps, I’d need a router with at least dual 2.5gbps ports. The WIFI6 offering is also quite nice. And if I can’t swap my ISP router, it would just add another device. In a perfect world, I’d have a single router running openwrt, with wifi6 and couple of 2.5+gbps ports (but unfortunately openwrt doesn’t play nice with most wifi6 routers and these routers can get very expensive) For now, my ISP router does the job and I haven’t had any issue (yet)


If I ever need to update any device on the home automation vlan, I’d add an exception to the firewall for this specific host for the time of the update


I heard everyone on the internet is nice and have good intentions. Did they lie to me?


Well, to be honest if someone has access to my Wi-Fi, I’d consider that I’ve already lost. As soon as you’re on my lan, you have access to a ton of things. With this setup I’m not trying to protect against local attacks, but from breaches coming from the internet


Indeed, the isp router only has 1x 2.5gbps and 2x 1gbps. I wanted both my pc and my server to have 2.5gbps to wan, and I wanted 2.5gbps between them too


I’m not well versed in ARP spoofing attack and I’ll dig around, but assuming the attacker gets access to a “public” VM, its only network adapter is linked to the openwrt router that has 3 separated zones (home lan, home automation, dmz). So I don’t think he could have any impact on the lan? No lan traffic is ever going through the openwrt router.


I’m afraid I can’t take your upvote sir… excalidraw.com


Thanks, excalidraw.com if you’re ever interested


Dedicated wifi for automation allows me to have devices such as Xiaomi Vaccuum, or security camera not phoning home. OpenWRT with good firewall rules completely isolate my "public" containers/VMs from my lan. ![](https://programming.dev/pictrs/image/2c824cd3-4eb9-4b15-b40d-725fd8f271c8.png) Server was built over time, disk by disk. I'm now aiming to buy only 12TB drives, but I got to sacrifice the first two as parity... ![](https://programming.dev/pictrs/image/39e1650a-8a1c-4ab8-83e4-b44ded2f6ec6.png) I just love the simplicity of snapraid / mergerfs. Even if I were to loose 3 disks (my setup allows me the loss of 2 disks), I'd only loose data that's on these disks, not the whole array. I lost one drive once, recovery went well and was relatively easy. ![](https://programming.dev/pictrs/image/c45339ed-45a7-4b46-af19-793be22906b4.png) I try to keep things separated and I may be running a bit too many containers/vms, but well, I got resources to spare :)
fedilink