@kortopi
separate na ano pogi separate ISP? meaning tag isang ISP sila or gusto mo lang I limit bandiwdth ng WIFI para di affected yung wired.
Forum Topic
Official Networking Thread (LAN Configuration, Internet Sharing, Routers, Switches, etc.)
-
@Jessum
look for a compatible router that you can install Tomato/OpenWRT firmware to it.
Majority of Asus routers support Tomato firmware.
You also want to have multiple SSID support so with Asus router, it has that option available for you, theres a caveat though since multiple SSID feature of Asus still puts you in the same network subnet, so once guest logged in to that guest AP, they can still access your private network.
To fix that, you need to install OpenWRT or Tomato (which one is compatible, for Asus its Tomato) to separate your private and guest network you need to create two network bridges eg, 192.168.1.0/24 for your private network and 10.0.0.0/24 for your guest network. Once you created that, go to Virtual Wireless and you will have a option to create additional SSID there, create one with its own SSID for guest network and/or a passphrase for that SSID as well, once done, go to VLAN and make sure that guest SSID is bind to the guest interface, lets say br0 is for 192.168.1.0/24 network and br1 is for 10.0.0.0/24 for your guest network, then we choose the Guest SSID to be on br1. After that, all users connected on guest ssid will have a 10.0.0.x IP while your private network will have 192.168.1.x, default firewall setting for tomato is it blocks all connection between bridges so all Guest users cant peek inside your private network and vice versa. -
Has anyone here use Sophos UTM as their firewall/router/security device at home using their custom built machines? Planning in building one and primary reason is traffic shaping.
-
Has anyone here use Sophos UTM as their firewall/router/security device at home using their custom built machines? Planning in building one and primary reason is traffic shaping.
Sophos UTM is good. Full Featured for a free. -
Mitsurugi,
Do you have one at home? Nagdadalawang isip ako bibili ng hardware for incompatibility issues. Habol ko lang is low powered machine kasi running 24/7. -
@rhizom3
how about pfsense? -
@rhizom3
how about pfsense?
Yeah, I actually considered PfSense and based on the feedback for those users who used both, they prefer Sophos UTM. Additionally, traffic shaping is better in Sophos; you can also use two AV engines at the same time (e.g. Sophos and Avira). My end points are using Avira and they're pretty good in detecting malware. -
@rhizom3
Yeah, I actually considered PfSense and based on the feedback for those users who used both, they prefer Sophos UTM. Additionally, traffic shaping is better in Sophos; you can also use two AV engines at the same time (e.g. Sophos and Avira). My end points are using Avira and they're pretty good in detecting malware.
ooh. nice. Setting up the traffic shaper in pfsense was tricky for me. I might give this a try. Thanks for the info sir! -
^Sophos is a good UTM software, depending on how knowledgeable you are on Sophos, you may have trouble making it work, because at default, all internet access are blocked, I mean totally. You have to configure 1 by 1 which service you want to access to the internet and what is blocked and what is etcc.... And last but not the least, its high memory consumption is a downside, if you run torrent traffic, a 2GB RAM would not be sufficient, CPU usage may spike stable at 50% to 100%. I can still remember that a Atom 330 is struggling on it with only max memory support of 2GB while pfsense doesnt even need more than a 1gb or RAM not unless you run a proxy server.
NAT speed wise, it depends on CPU but on my last test, Atom 330 manage to get 450mbps NAT speed on pfsense, while Sophos is around 200mbps and it dips waay below to 40mbps depending on CPU load eg if theres a virus scanning running on background etc...
I recommend Sophos if you got a high performance processor and at least 4-6GB of RAM well at least for a 200mbps internet connection, if youre on DSL which is max at around 20-24mbps (kung meron man) so a Atom board dual core with 2GB Ram is absolute minimum at default configuration.
Compatibility wise you only need to worry about the network cards you were using, preety much every processor and motherboard chipsets are supported anyways, just look on the freeBSD site what network cards are supported (all Realtek, Intel and Atheros based network cards are supported, beware of Broadcom chipsets, they dont respect opensource and they only provide binary blobs so most of their network cards are not supported), for Sophos, you can check their website since they were using their own Linux Kernel. -
Np sir. I assume you already have PfSense running. May I know the hardware specs?
-
Sophos UTM is good.
At least have 4GB to 6GB Memory. Kung e turn on mo ang web filtering at application control modules, hanap ka ng tuts para e run eto sa memory para mas mabilis.
Turn off na rin ang dual AV, kung may AV ka na rin sa PC mo. Webroot is better.
CPU better ang new celeron or pentium kung pambahay lang. sobra sobra na. kasi yan lang rin ang laman ng mga low SG models nila. with the addition ng mga bagong atom models ma malakas.
Sa shaping, pwede ma shape per application like youtube, facebook, torrents, or any others na makita sa application control, pero wala pa ring dynamic traffic shaping as of 9.3 version.
So kung na set mo youtube sa 2Mbps, di pa rin sya aakyat sa 5Mbps kahit meron kang internet na 5Mbps kung wala namang ibang user na gumagamit ng bandwidth.
Wala rin syang queue priority kagaya ni Mikrotik.
Maganda ang webfiltering nya at application control.
Intrusion Prevention is also simple with option for advanced attacks ek ek, block nya ang mga ip na malicious.
Anti-spam feature is also best, kulang lang sa pag determine kung nag eexist ang email account or not.
Reports the best din, lalo na kung e connect mo sa iView.
for business use, sulit sya kasi di masyadong mahal ang subscriptions fees. made my life easier for 5 years now.
kung pambahay lang free sya for 50 IPs,
kung may mali ako, paki correct na lang ako.
-- edited by phdot_com on Feb 04 2016, 01:58 PM -
phdot_com,
Thanks for the inputs. I'm eyeing on Biostar motherboard (in-built CPU) which uses Intel Celeron N3150 1.6ghz quadcore.
<click here for link>
RAM is so damn cheap nowadays so it's easy to plug 2 x 4GB. I'm also planning to install it with a 60GB SSD (Kingston or Corsair whatever's cheaper). A pci-e Intel Dual port LAN card will be plugged in as well. I won't be using the built in Realtek LAN port at least for the near term.
<click here for link>
Do you think I can get all of these (including PSW, case..etc) for under 10k?
Here are my priorities:
1. Traffic shaping (prioritize through IP and application-L7 such as Netflix, YouTube, Spotify)
2. Web security (block shady and porn sites)
3. Reporting (I have a teenager at home and I want to know what sites he visits)
4. Parental control features such as control specific devices to connect to the internet at a specific time (e.g. No internet between 10pm-7am)
5. Low power (as much as possible below 15w load) - since this acts as my router, this will run 24/7
6. Fan-less
7. VPN
Nice to have's:
1. Dual AV (I know there are AV installed on PC's/macs. But majority of the devices use Android / iOS which do not have AV installed)
2. Proxy server
3. VLANs
We only have less than 10 devices at home (both mobile/PCs/Macs). 50 IPs for the home edition is more than enough. Here's the network would look like:
Internet (PLDT Fibr) > Fibr Modem > Sohpos UTM > Asus Router RT-N16 (will be converted as access point > client devices
Good thing you mentioned about Mikrotik. Do you think it does the same thing I mentioned above? -
Do you think I can get all of these (including PSW, case..etc) for under 10k?
HIndi ako sure kung below 10k lahat.
Siguro don't use SSD para mas mura. go for HDD lang, 250GB or 320GB is already too much. 80GB lang dati laman ng hardware eh. Turn off caching sa webfiltering.
Estimate mo lang power usage using some tools online, then bili lang ng magandang klaseng power supply na di naman sobrang mahal pero it would do the job 24x7.
Try mo din 4GB lang muna, less cost.
2. Web security (block shady and porn sites)
Wala nito ang Miktrotik. kung meron man, mas simple sa sophos kasi include mo lang category na pornography and the likes... ayos na, per group profile or per ip.
3. Reporting (I have a teenager at home and I want to know what sites he visits)
-Wala ding ganito si Mikrotik na ganun ka easy at simple sa sophos.
1. Dual AV (I know there are AV installed on PC's/macs. But majority of the devices use Android / iOS which do not have AV installed)
pwede rin e on mo lang sya sa profile for android/ios devices lang. sa mga pc, pwedeng hindi na. pero no one is stopping you para e turn on sa lahat.
> Fibr Modem > Sohpos UTM >
kung kaya mong e bridge ang fibr device, better.
kung hindi naman pwede e bridge si fibr device, either e bridge mode si sophos utm, router mode, or gateway mode (double nat)
overall, if you have the money and you want more features, go for sophos utm.
else mikrotik, cheaper and low power with good featues as to traffic shaping, di nga lang sya "click click next next" mag set up pero meron na rin gui.
for porn, pwede dns nina nortondns at greendns. basta e restrict lang na sa ganyang dns lang dapat mag query lahat ng devices connected.
syempre kung mahilig ka mag learn and experiment, sophos utm plus mikrotik :)
before buying, google more for sophos utm build or sophos utm home build. para sa actual experiences ng mga nag set up. :)
-- edited by phdot_com on Feb 04 2016, 06:32 PM -
Great, thanks for the insights!
-
I'm not sure if I'm in the right thread, pero I'd like your insights/suggestions regarding cable management.
Hindi lang actually regarding networking, pati TV/AV cables and such.
Do you have any ideas kung san makakabili nung parang cable raceway?
Or any other suggestions.
So far kelangan ko ifix sa wall (cement wall, cant nail) mga 3-4m long na LAN cable.
Also, tons of cables sa likod ng TV rack. (kasi nandun din networking cables.) -
question lang po sa mga may alam..
makaka apekto ba sa speed ang pag gamit ng mahabang ethernet cable? around 40m. plan ko kc i move pc ko sa main house namin and nde ko pde i move ung modem ko, babagal ba ng malaki kapag ganun na kahaba ung cable? -
100meters po ang max length bago mag degrade ang data transmition ng cat5e cable
-
Well there's the issue of cable quality(cat5e copper or copper clad aluminum) and termination(with jacks or R45solid/RJ45stranded connector) but unlike Wifi, even with errors okay pa din ang throughput ng ethernet.
In short kaya yan.
Personally I'm using 30+ meters from switch to PC with CCA cable and kaya naman gigabit 800-900mbps bi-directional with iperf.
Btw for outdoor ba yung cable? -
@blu3, gwainne
thanks sa sagot, and itll be for outdoors.. speaking of that since ma expose cia sa rain/sunlight, meron ba specialize ethernet cable para dun? if not meron ba way para i reduce ang wear and tear ng cable? -
@blu3, gwainne
thanks sa sagot, and itll be for outdoors.. speaking of that since ma expose cia sa rain/sunlight, meron ba specialize ethernet cable para dun? if not meron ba way para i reduce ang wear and tear ng cable?
There's outdoor rated cable and direct burial rated cable.
or as a sort of DIY you can use those orange flexible plastic electrical conduit used for solid wires to protect the cable. It cost about 6php per meter(the smallest diameter one) when I asked a local hardware store before.
-- edited by Blu3martini on Feb 05 2016, 08:03 PM -
@bambamz
meron sir yung Shielded Twisted Pair or STP, yung indoor kasi UTP unshielded twisted pair. -
@bambamz
meron sir yung Shielded Twisted Pair or STP, yung indoor kasi UTP unshielded twisted pair.
I don't think that will be any different from using cheap UTP cable outside.
STP protects it from interference like EMI from electrical lines not from elements.
Unless you meant outdoor rated STP.
-- edited by Blu3martini on Feb 05 2016, 08:21 PM -
yung sa smartbro kasi sir stp yung gamit sa antena nila sa bubong namin and 8 years na good pa rin yung cable
-
We also used Smart Bro Canopy before and while I didn't bother stripping the cable to check if it's STP, I believe the cable is outdoor rated.
Baka kasi bumili siya ng STP cable pero hindi outdoor rated sayang pera.
best choice of course is get an outdoor rated cable but medyo mahal nga lang. -
patulong po mga sir mron po akong 17 units n pc 8 mb pldt dsl ip ko may mga netlimiter nmn po minsan lag parin sa lol ano po kaya mganda settins slmat s tulong and s tpc godbless
-
mga sir pa post lang.
current setup: pldt baudtec modem/router set to bridged mode + dlink dir-600 wifi router
goal is to extend the range of wifi signal, because some parts in the house medyo mahina or hindi na abot. also, affected din ba ang speed based sa router or its just the range/flexbility? hindi ko alam ung tamang term. hehe
im looking at asus routers (single/dual antenna na mahaba, as suggested by Blu3martini) pero d ko alam which one is ok. im also looking at tplink adsl2 modem+router, if i will go with a standalone unit. -
pasingit po ako ng kaunti mga master,
using PLDT P660HN -T1a V2, wired coonected 7 units pisonet.
Q1: pwedi po bang magamit yung TPlink TL-WR741ND para magamit to extend wifi range?
Q2: if YES, pa guide po.
Maraming salamat -
Mga sir any suggestion po base on hardware ive got. Pldt isp ko, meron akong router/modem (baudtec) na galing sakanila then i set it to bridge mode para maconnect sa nabili ko router cdrking cw-5358u. Tapos meron akong spare na modem/router n galing dn sknla, which is zte xv10 w300. Ang goal ko is ma extend ang coverage ng wifi
Ano kaya pedeng magawang solution mga sir para ma extend ang signal ko? -
pasingit po ako ng kaunti mga master,
using PLDT P660HN -T1a V2, wired coonected 7 units pisonet.
Q1: pwedi po bang magamit yung TPlink TL-WR741ND para magamit to extend wifi range?
Q2: if YES, pa guide po.
Maraming salamat
Yes
Zyxel P660HN-T1A(192.168.1.1 routing mode) lanport/yellow >>>> TPLink WR741ND(192.168.1.2 DHCP OFF) yellow/lan port.
Mga sir any suggestion po base on hardware ive got. Pldt isp ko, meron akong router/modem (baudtec) na galing sakanila then i set it to bridge mode para maconnect sa nabili ko router cdrking cw-5358u. Tapos meron akong spare na modem/router n galing dn sknla, which is zte xv10 w300. Ang goal ko is ma extend ang coverage ng wifi
Ano kaya pedeng magawang solution mga sir para ma extend ang signal ko?
I don't know if you can use Wifi ADSL Routers/Wifi Modems as an Access Point like we can do with Wifi Routers.
You might as well try it.
CDR King CW5358u(192.168.1.1) yellow/lan port >>>>> ZTE modem(192.168.1.2 DHCP OFF) yellow/lan port.
If that works then great.
On that note I suggest you use your ZTE zxv10 W300 rather than the buadtec for the modem part. - Post deleted #11596394