Hey everyone, I am starting to experiment with some “smart home” ideas I have. Right now the main pain point I have is that my router is very limiting in terms of configuring and managing my network. Even the simplest port forward is a pain with it. I was wondering if you have any recommendations for a router that has a good user experience and allows for an extensive configuration. Preferably with easy mesh integration and a decent GUI.
I was looking into Google Nest but I don’t really know if it’s good.
Thanks!
My friend, port forwarding is a very dangerous game. I’ve been a CyberSecurity architect for 20 years and I still do not use port forwarding. If you do make sure your target endpoint is sitting on a DMZ isolated from your home network. Better yet, use VPN.
I absolutely love my EdgeRouter 4 (from Ubiquiti), running the v2.xx version of the EdgeOS. It’s a router only; you have to bring your own WIFI, or better yet, hard-wire everything).
Setting up my VLAN’s for IOT stuff, kids’ stuff, untrusted stuff, etc., was pretty effortless. And although I prefer the command line for some of this stuff, custom firewall rules allowing, e.g., untrusted VLAN’s to access the Plex server using the GUI was easy.
I literally never have a problem with this router, compared to all of the consumer stuff I’d run in the past.
On the subject, I use a Brocade 6450-24P as a switch. It was dirt cheap off of eBay, and once you have PoE (power over Ethernet) available, you soon start to see great applications for it. Setting up VLAN’s to work with the router was easy, and although there’s a GUI, I did this in the command line. This is enterprise hardware, by the way, but I’m not an IT guy and it was fun and useful to figure out. Now when you plug any device into the spare ports in the home office, you get put onto my guest network. I’m doing “router on a stick” (Google it) but I plan, some day, to move all of the routing into the switch in the future.
Finally for WIFI, I moved to a Grandstream GWN7664, replacing three different Asus AP’s running FreshTomato. Part of the problem with FreshTomato was having only four VLAN’s available over WIFI, and although I forced them to restart every night, sometimes they needed actual power cycling to clean themselves up. One each in the basement, ground floor, and second floor (in US speak). The Grandstream takes advantage of the PoE from the switch, and I ran a new line in a perfect spot on the ground floor to give me coverage in every corner of all three floors, extending far enough outside to control irrigation, holiday lights, etc. when I’m out there. It supports at least 16 VLAN’s (maybe more) on different SSID’s, so it’s perfect for IOT, WLED, untrusted stuff, kids’ stuff, work’s stuff, etc., things that I can’t plug in.
Check UniFi’s new router: https://youtu.be/v1FCTh8vNwk?si=rdwcESawnCvY0uOn
This is the way. Edgerouter-X is basically free for the price. You can then go figure out your wireless strategy seperately.
Consider a NUC style device, like a Protectli Vault FW4B, and install opnSense or pfSense.
I have not used Firewalla, but from the screenshots the interface looks more simplistic than what I would expect from a several hundred dollar dedicated router. It may not be able to do everything you want. OTOH, pfSense or opnSense may have a steeper learning curve but more capability.
Il second this, bit of learning curve for me with opnsense but I love the protectli vault pro I purchased with 4x 2.5gb ports. I’m chugging along now and learning so much. It’s all good news.
I love my MikroTik stuff.
The ubiquity stuff is ok but man I hate the ui.
This isn’t the best recommendation*, but I’ve personally had no issues with tons of devices and a large two building layout with 4 Google Wifi pucks.
- I gather that some of the other mesh solutions like Eero work better but I’ve never used them.
Mikrotik !
XR500 with OpenWRT installed.
Found my used one for $10.
O hope you have a good understanding of network security if you are forwarding ports like that.
It is like having doors on your house that are always open if the thieves only bother to check.
There should be no need to forward ports from the outside when things are done right.
Tp link Archer c7 with openwrt