this post was submitted on 19 Feb 2024
490 points (99.2% liked)

Technology

59534 readers
3195 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] oatscoop@midwest.social 8 points 9 months ago* (last edited 9 months ago) (1 children)

Every single one of my "internet facing" devices is blocked from accessing the internet at the router. If I want to access them they either get added to my HomeAssistant instance or another computer that's only accessible from the outside through my VPN.

All of the convenience with the privacy concerns practically eliminated. It costs $6 a month in hosting for the VPS I set the wireguard server up on.

[–] Patches@sh.itjust.works 7 points 9 months ago (1 children)

Every single one of my "internet facing" devices is blocked from accessing the internet at the router.

This would be a lot more common if router software stopped being developed in the fuckin 80's. Unless you get a commercial product they're all so cryptic, and difficult to navigate.

[–] towerful@programming.dev 5 points 9 months ago* (last edited 9 months ago) (1 children)

Routing, NAT and firewall are pretty complex things because its the backbone of everything: phones, websites, enterprises, government. It all uses the same tech. And very few networks are the same (the exception being consumer broadband home networks).
The money for development is in the products for enterprise, so they have to have all the tuneables available and seem hugely complex to non-specialist users.

So, there arent really any "easy" router/firewalls that are also flexible.

Ubiquiti & TP-link do Software Defined Network stuff, abstracts away a lot of the complexity. But as soon as you want to do anything complex, you are digging into CLI and might as well use something designed for that.

OpenWRT is apparently pretty good. Ive never used it.

I now use OPNSense. Essentially freeBSD set up as a router/firewall, with a nice webGUI and loads of flexibility.
I feel like this is what you are looking for

I also dable in Mikrotik routers, and im considering moving to their RouterOS... Or even one of their appliances.

openWRT, OPNSense, RouterOS can be installed on your own hardware. So you could use an old desktop, stick a decent network card in it and use that with a bridge modem.

[–] Patches@sh.itjust.works 2 points 9 months ago

I got a Synology router which is absolutely far from the best hardware but it is so human readable. I don't have to guess what anything does, or what sub menu it is under. That was worth the premium for me.

I tried openWRT on a TM Ac1900. It is not an easy process to get that loaded - I can tell you that.