<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">At my house, its<div class=""><br class=""></div><div class="">Cable modem -> D-link Switch -> 1gig Ports of my its cluster > Vmware Switch > pfsense vm / a ubuntu machine with lots of firewall stuffs</div><div class=""><br class=""></div><div class="">Then I run a vm of pfsense, this cuts down on my power, hardware and other stuff, while providing all those uptime benefits of vm's on a cluster, But it really sucks to recover when you do something stupid.</div><div class=""><br class=""></div><div class="">Josh</div><div class=""><div class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Sep 4, 2019, at 8:02 PM, Grand Rapids Linux Users Group <<a href="mailto:grlug@grlug.org" class="">grlug@grlug.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">+1 Edgerouter X.  Been using Ubiquiti gear (edgerouter 8-Pro, 10G switch, several Edge Lites, and an X) for YEARS.  They rock.  Love their Unifi gear too and have outfitted a church with all kinds.  Gotta recognize my pfSense though.  Tried it back before it was born (m0n0wall) and still love it.  For home use under <a href="https://store.ui.com/products/edgerouter-x" class="">$60 bucks</a>, the EdgerouterX can't be beaten. Anything sub $100 with >= 3ports that can run pfSense though, has my vote too.  The <a href="https://store.netgate.com/pfSense/SG-1100.aspx" class="">SG-1100</a> comes in at $160, but I'm too cheap.  Heck I bought an old thin client for <$50 bucks once.  Modded it to add 2nd NIC and compact flash card and ran early version of pfSense for a long time.  Eventually the CF card died.  <br class=""></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Aug 26, 2019 at 10:20 PM Grand Rapids Linux Users Group <<a href="mailto:grlug@grlug.org" class="">grlug@grlug.org</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="overflow-wrap: break-word;" class="">DD-WRT / Open Router should handle just about any netgear router, and is secure and solid.  I had it on an AC1200 range-extender for a few years, then ported the configs over to my current NightHawk, after I needed to expand my wifi range.  It was also able to handle 2 public IPs on the cox business connection.<div class=""><br class=""></div><div class="">Total cost is free.</div><div class=""><br class=""></div><div class="">-Van<br class=""><div class=""><br class=""></div><div class=""><div class=""><blockquote type="cite" class=""><div class="">On Aug 26, 2019, at 18:50, Grand Rapids Linux Users Group <<a href="mailto:grlug@grlug.org" target="_blank" class="">grlug@grlug.org</a>> wrote:</div><br class="gmail-m_-4274522510599294804Apple-interchange-newline"><div class=""><div dir="auto" class=""><div dir="ltr" class=""></div><div dir="ltr" class="">I suggest pfsense </div><div dir="ltr" class=""><br class=""></div><div dir="ltr" class="">Best choice:</div><div dir="ltr" class=""><a href="https://www.amazon.com/Firewall-Appliance-Gigabit-Celeron-AES-NI/dp/B07G9NHRGQ/ref=mp_s_a_1_3?keywords=pfsense&qid=1566870381&s=gateway&sprefix=pfsense&sr=8-3" target="_blank" class="">https://www.amazon.com/Firewall-Appliance-Gigabit-Celeron-AES-NI/dp/B07G9NHRGQ/ref=mp_s_a_1_3?keywords=pfsense&qid=1566870381&s=gateway&sprefix=pfsense&sr=8-3</a></div><div dir="ltr" class=""><br class=""></div><div dir="ltr" class="">Cheaper</div><div dir="ltr" class=""><br class=""></div><div dir="ltr" class=""><a href="https://www.amazon.com/Firewall-Appliance-Gigabit-Celeron-AES-NI/dp/B07G9NHRGQ/ref=mp_s_a_1_3?keywords=pfsense&qid=1566870381&s=gateway&sprefix=pfsense&sr=8-3://www.amazon.com/SG-1100-pfSense-Security-Gateway-Appliance/dp/B07MTMPXKG/ref=mp_s_a_1_4?keywords=pfsense&qid=1566870453&s=gateway&sprefix=pfsense&sr=8-4" target="_blank" class="">https://www.amazon.com/Firewall-Appliance-Gigabit-Celeron-AES-NI/dp/B07G9NHRGQ/ref=mp_s_a_1_3?keywords=pfsense&qid=1566870381&s=gateway&sprefix=pfsense&sr=8-3://www.amazon.com/SG-1100-pfSense-Security-Gateway-Appliance/dp/B07MTMPXKG/ref=mp_s_a_1_4?keywords=pfsense&qid=1566870453&s=gateway&sprefix=pfsense&sr=8-4</a></div><div dir="ltr" class=""><br class=""></div><div dir="ltr" class=""><br class=""></div><div dir="ltr" class="">Or edge routers are nice and at 70 bucks.  They used to run a version of vytta </div><div dir="ltr" class=""><a href="https://www.amazon.com/gp/aw/d/B00YFJT29C/ref=psdcmw_300189_t1_B07MTMPXKG" target="_blank" class="">https://www.amazon.com/gp/aw/d/B00YFJT29C/ref=psdcmw_300189_t1_B07MTMPXKG</a></div><div dir="ltr" class=""><br class="">On Aug 26, 2019, at 5:52 PM, Grand Rapids Linux Users Group <<a href="mailto:grlug@grlug.org" target="_blank" class="">grlug@grlug.org</a>> wrote:<br class=""><br class=""></div><blockquote type="cite" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Dual interfaces: unfortunately, the RasPi only has one port, though it's gigabit if you want to do some vlan tinkering</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Open source: <a href="https://dd-wrt.com/" target="_blank" class="">DD-WRT</a> is pretty good if they support your hardware, might be worth a look.  <a href="https://en.wikipedia.org/wiki/Tomato_(firmware)" target="_blank" class="">Tomato</a> might also work for you, but it has a more limited set of supported hardware (hence my never having tried it).</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Unifi Security Gateway: I like my USG when it works, though I think I got a bad update and might need to ship it back.  It also requires a controller running if you want anything do to anything with it more than VERY basic stuff (dhcp and dns configuration), so that'd be another computer (or raspi-like device) running on a regular basis, though I guess since you already have a Unifi AP, you've solved that issue somehow.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br class=""></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">If you're looking to get more into the Unifi space (and already have a controller), the USG would be pretty good.  I've had more than my fair share off issues with it, but I get the feeling that I'm in the minority as most of the people I know that have them are pretty happy.  Unifi ships updates pretty regularly and it generally gets out of your way.  The downsides are that it takes a while to boot up and you'll need to turn off deep-packet inspection if you have more than 300Mbps of throughput.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br class=""></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Otherwise, the <a href="https://www.amazon.com/NETGEAR-R6700-Nighthawk-Gigabit-Ethernet/dp/B00R2AZLD2/ref=sxin_1_sp_qu_bss_is?crid=1WKY6HYSMV8IO&keywords=netgear+nighthawk&pd_rd_i=B00R2AZLD2&pd_rd_r=8c037a03-4e83-4b3f-b4e9-6483afc61ba8&pd_rd_w=UXP16&pd_rd_wg=Y2x3S&pf_rd_p=59c36603-576b-471f-8561-ef24e0883aa1&pf_rd_r=24VB8R4F31AFF8PVK7SJ&qid=1566867100&s=gateway&sprefix=chest+%2Caps%2C146" target="_blank" class="">Netgear Nighthawk</a> is very solid and it just gets out of your way.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br class=""></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">--Thomas</div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Aug 26, 2019 at 7:56 PM Grand Rapids Linux Users Group <<a href="mailto:grlug@grlug.org" target="_blank" class="">grlug@grlug.org</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr" class="">I'd be tempted by something like this.  <a href="https://www.cnx-software.com/2019/02/20/nanopi-r1-allwinner-h3-gateway-dual-ethernet-wifi-bluetooth/" target="_blank" class="">https://www.cnx-software.com/2019/02/20/nanopi-r1-allwinner-h3-gateway-dual-ethernet-wifi-bluetooth/</a></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Aug 26, 2019 at 6:47 PM Grand Rapids Linux Users Group <<a href="mailto:grlug@grlug.org" target="_blank" class="">grlug@grlug.org</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div class="">I'm in need of a firewall/router and I really don't want yet another old computer running 24/7 in the house.<br class=""></div><div class=""><br class=""></div><div class="">I have an old netgear wifi router that I have been using who's wifi wasn't reliable so I turned off the antennas and bought a unifi ap.  I'm still using the old netgear for port forwarding and firewall tasks, but recently settings have been changing and I suspect that this is due to unpatched vulnerabilities.  I've disabled most administration functions so I think I'm good for now, but I am looking for something to replace this.</div><div class=""><br class=""></div><div class="">Does the raspberry Pi have a dual ethernet interface?</div><div class="">Maybe flashing the netgear with some opensource firmware?</div><div class="">Maybe unifi Security Gateway?</div><div class="">If running an old computer is the best I guess I could do that as well.<br class=""></div><div class=""><br class=""></div><div class="">What are my best options?<br class=""></div><div class=""><br class=""></div><div class=""><div class=""><div dir="ltr" class="gmail-m_-4274522510599294804gmail-m_-5921789816025344912gmail-m_8980751167493318887m_7274656444400076341gmail-m_-2566671806922100858gmail_signature"><div dir="ltr" class=""><div class=""><a href="http://www.hhgproject.org/entries/shareandenjoy.html" target="_blank" class="">Share and Enjoy</a><br class="">Ben</div></div></div></div></div></div></div></div>
-- <br class="">
grlug mailing list<br class="">
<a href="mailto:grlug@grlug.org" target="_blank" class="">grlug@grlug.org</a><br class="">
<a href="https://shinobu.grlug.org/mailman/listinfo/grlug" rel="noreferrer" target="_blank" class="">https://shinobu.grlug.org/mailman/listinfo/grlug</a><br class="">
</blockquote></div><br clear="all" class=""><br class="">-- <br class=""><div dir="ltr" class="gmail-m_-4274522510599294804gmail-m_-5921789816025344912gmail_signature">Roger<br class=""><br class="">Roger Roelofs<br class="">Know what you value.</div>
-- <br class="">
grlug mailing list<br class="">
<a href="mailto:grlug@grlug.org" target="_blank" class="">grlug@grlug.org</a><br class="">
<a href="https://shinobu.grlug.org/mailman/listinfo/grlug" rel="noreferrer" target="_blank" class="">https://shinobu.grlug.org/mailman/listinfo/grlug</a><br class="">
</blockquote></div><br clear="all" class=""><div class=""><br class=""></div>-- <br class=""><div dir="ltr" class="gmail-m_-4274522510599294804gmail_signature"><div dir="ltr" class="">Thomas</div></div>
</div></blockquote><blockquote type="cite" class=""><div dir="ltr" class=""><span class="">-- </span><br class=""><span class="">grlug mailing list</span><br class=""><span class=""><a href="mailto:grlug@grlug.org" target="_blank" class="">grlug@grlug.org</a></span><br class=""><span class=""><a href="https://shinobu.grlug.org/mailman/listinfo/grlug" target="_blank" class="">https://shinobu.grlug.org/mailman/listinfo/grlug</a></span><br class=""></div></blockquote></div>-- <br class="">grlug mailing list<br class=""><a href="mailto:grlug@grlug.org" target="_blank" class="">grlug@grlug.org</a><br class=""><a href="https://shinobu.grlug.org/mailman/listinfo/grlug" target="_blank" class="">https://shinobu.grlug.org/mailman/listinfo/grlug</a><br class=""></div></blockquote></div><br class=""></div></div></div>-- <br class="">
grlug mailing list<br class="">
<a href="mailto:grlug@grlug.org" target="_blank" class="">grlug@grlug.org</a><br class="">
<a href="https://shinobu.grlug.org/mailman/listinfo/grlug" rel="noreferrer" target="_blank" class="">https://shinobu.grlug.org/mailman/listinfo/grlug</a><br class="">
</blockquote></div><br clear="all" class=""><div class=""><br class=""></div>-- <br class=""><div dir="ltr" class="gmail_signature"><div dir="ltr" class=""><div class=""><div class=""><font face="monospace, monospace" class=""><br class=""></font></div><div class=""><font face="monospace, monospace" class="">ᕦ(ò_óˇ)ᕤ</font></div><div class=""><font face="monospace, monospace" class="">do you even lift bro?</font></div>Ubber::Geek <br class=""><a href="http://grlug.org/" target="_blank" class="">http://grlug.org/</a></div></div></div>
-- <br class="">grlug mailing list<br class=""><a href="mailto:grlug@grlug.org" class="">grlug@grlug.org</a><br class="">https://shinobu.grlug.org/mailman/listinfo/grlug<br class=""></div></blockquote></div><br class=""></div></div></body></html>