Helping You Build A Better [Home Network]

AngelHedgieAngelHedgie Registered User regular
edited March 18 in Help / Advice Forum
I've seen a lot of responses - both in here and in threads in other sections - where forumgoers struggle with networking at home. The hope here is to help get some of this stuff demystified for the neophyte, and show people that running your own home network is easier than it looks. We'll even discuss some more advanced items that are easier than you'd think (like getting a Pi Hole running on your network, letting you say goodbye to online ads across your network.)

So, What's In A Router Anyway?

Let's start with the one piece of network gear that many people have - a router. The reality is that there's a lot going on in said device - more than one would think. First off, the term "router", in networking parlance, refers to a device that routes packets between two networks with different subnet definitions. As such, it will have two ports with two different IP addresses - we refer to the address internal to our own network (usually 192.168.0.1) as the "near" side, and the side that get an address from our ISP as the "far" side. But as you've noted, your "router" does more than that - this is because it's a purpose built appliance with a number of components inside, such as:
  • A multi-port switch, so that multiple devices can be hooked to it for network access.
  • A Dynamic Host Control Protocol (DHCP server, so that your network devices can be given addresses dynamically, instead of being statically assigned (though there are cases when a device needs a static IP.)
  • A Domain Name Service (DNS) relay, to let your devices know how to resolve domain names. (That said, most consumer grade routers just relay the location of a DNS service online, whether it's your ISP's DNS server or one run by a large online entity like Google or Cloudflare.)
  • A wireless access point, to allow devices to connect wirelessly to the network. There may even be guest networks that the router isolates.
  • A lightweight web server to provide a front end to manage the router.

Higher end routers may even have things like Quality of Service (QoS) settings, which allows the router to prioritize packets based on function, so that things like communications and games run better when there's traffic on the network. There are even mesh routers which use special wireless networking protocols to interlink multiple physical units to provide physical network access in areas where running a cable may be difficult.

Now, how much router you need depends on your network and the devices you're using. If all you have connected to it is your smartphones, a laptop that only gets light use, and a streaming device, then a basic router will do the job fine. If, on the other hand, you have a ton of connected devices, you're gaming frequently online, and/or have smart home devices - you'll want to consider a more powerful router that supports things like QoS and guest networks, while people with large houses or who want to supply connectivity to an unconnected workshop should look into mesh solutions to bridge large gaps in coverage. That said, no matter what sort of router you get, always change the default settings such as password and network name/passcode. The default passwords for most major brands of router are well known, and not changing them makes you vulnerable - so get them changed!

XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
AngelHedgie on
Stabbity StyleceresTofystedethAbsoluteZeroDisruptedCapitalistmysticjuicerthatassemblyguyZilla360NightDragonIoloBobble
«13

Posts

  • AngelHedgieAngelHedgie Registered User regular
    Roundfiling Ads In The Pi-Hole

    Advertisements are everywhere online these days - and worse, they are often vectors for various types of network attacks. Beyond the security issues, ads are bloat, making web pages load slowly. And while its possible to install browser based blocking, companies like Google (which makes its money on advertising) are pushing back on such solutions. Wouldn't it be nice if you could just deal with ads at the network level, protecting every device on your network?

    Well, you can - by using a Pi-hole. This small device uses the Domain Name Service system to kill ad requests at the root, preventing them from being served to you. And because its been done at the network level, it applies to every device on your network. Furthermore, there are ways to further enhance your Pi-hole, allowing you to use actual domain names to access your router, or adding more security to your DNS requests.

    While Pi-hole can run on a number of platforms, the name comes from the original design idea - to be run on a Raspberry Pi, which is a small, inexpensive computing platform that can be used for a number of tasks, from embedded electronics to media to retrogaming. While Pi-hole will run on most Raspberry Pi platforms (it needs only 512 MB of memory and about 52 MB of storage), it's recommended to use a Raspberry Pi 4 since it has a devoted gigabit Ethernet jack. (This is going to become a key part of your network, so you want to use a wired connection for it, and the gigabit connection will improve performance.) It's also recommended to go with kits, as these will have all the components you'll need (I used the CanaKit Raspberry Pi 4 2GB Starter Kit, as it came with an active cooling solution.)

    What You'll Need
    Besides your kit, you'll want to get a monitor with an HDMI port, a keyboard, and a mouse for initial setup. Also, on your computer you'll want to install an SSH client and a VNC client for remote management - you can find PuTTY (SSH) and RealVNC on Ninite, which will allow you to install both cleanly. Set up your Pi as per your kit's instructions, and install Raspbian - a Debian variant designed for the Pi. (A lot of instructions online recommend installing it without the GUI, but that requires being extremely comfortable with management via command line. Since we have VNC available, go ahead and install Raspbian with the GUI, but not with any additional addons. (That said, you'll still want to be comfortable using a command line as a lot of Linux configuration is done via it, GUI or no.)

    Configuring Raspbian For Remote Operation
    You'll want to set up Raspbian to be managed remotely over your network - this way, you can just run the Pi headless (that is, without a physical user interface.) Once you've gone through initial configuration, click on the little raspberry icon in the upper left, then Preferences>Raspberry Pi Configuration. On this window, select the Interfaces tab, and enable both SSH and VNC. We also want to set a static IP address on eth0 (the Ethernet interface), so right click on the arrow icon in the upper right, and select Wireless and Wired Network Settings. In the window that comes up, select to configure the eth0 interface, then place a static IP address in your network range in the IPv4 Address field (if your router is at 192.168.0.1, you'll want to put the Pi at 192.168.0.xxx, where xxx is a value in your network range between 2 and 255.)

    With this done, the Pi is now configured to be accessed remotely. You can now disconnect it from the monitor, and connect it to where you'll want it to be running on your network. On your computer, start up RealVNC Viewer, and log into the static IP address you defined above. You'll be asked for the login information set up during the Raspbian initial install, and once logged in, you'll now have the Viewer showing you the Pi's desktop. From now on, you'll manage the Pi remotely through the Viewer.

    Installing Pi-Hole
    Now that we're running remotely, it's time to actually install Pi-hole. Open up a terminal window by clicking the terminal icon on the bar at the top, and type in the following two commands in order:
    wget -O basic-install.sh https://install.pi-hole.net
    sudo bash basic-install.sh
    

    The first line sets up the installer from pi-hole.net, while the second runs the installer as root (sudo is a Unix command to run what follows it as the superuser, a.k.a. root.) Once you do this, you'll get the installer telling you that you're now installing Pi-hole. The first few screens will tell you about how to donate to support Pi-hole, as well as the need for a static IP address (which we set up already.) The next screen will ask what interface to use for network access - select eth0. You'll now be given a selection of who your upstream DNS provider will be (this is who the Pi-hole will go to in order to resolve URIs.) Pi-hole provides details on each, but for most users, either Google or Cloudflare are recommended (the latter especially, as they discard logs after 24 hours and don't sell data, as well as allowing DNS over HTTPS (though this takes a bit more work to enable on the Pi-hole.)) You'll be able to change this later, so don't worry about your selection.

    The next screen gets to the heart of what makes Pi-hole work - the blocklists used to generate the gravity values used to determine which requests get sent to /dev/null. In addition to ads, the default lists also track known malware domains and tracking domains - leave all these selected, and move on. You'll then be asked which protocols to enable - just leave both selected. Finally, Pi-hole will show you the current network settings, and ask if you want to use them as a static address. Since we configured that already, select Yes. You'll get a warning about the router possibly trying to assign the address - we'll be setting up the Pi-hole to handle DHCP requests, so that won't be a problem. Finally, you'll be asked if you want to turn on the web interface - select yes, and then yes to installing lighttpd, a lightweight web server.

    You'll be asked next if you want to log queries - while useful for troubleshooting, this will eat at the SD card's life. We can turn off logging in the web interface, so leave it on. The final screen will give information on how to log into the web interface, and the custom password for logging in. Hit enter, and you'll see Pi-hole come online. Finally, there's one last command we want to run, because the random password you got may be tough to remember - in the terminal, type in:
    pihole -a -p
    

    and enter in a new password when prompted.

    Pi-hole is now active, but it's not currently being used by your devices. Let's change that.

    Setting Up Pi-Hole for DNS and DHCP

    There are a few ways to set up Pi-hole with your devices, but I recommend making it your DHCP server as well as your DNS server to remove overhead on the router. To do this, we need to first turn off the router's DHCP server - follow the instructions in the router's web interface to do so. Once that's done, log into the Pi-hole web interface, and go to Settings, then DHCP. Toggle the DHCP server on, then select the range of addresses to be served, as well as the router's IP address. For the domain name, you can give it anything you'd like (though it's recommended that you avoid any of the major TLDs.) Finally, you can set the lease length, though the default of one day should be fine. Click Save at the bottom, and the Pi-hole will now be working as the DHCP server as well as the DNS server, and all your devices will now be protected.

    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
    ShadowfireMichaelLCdispatch.oArchStabbity StyledavidsdurionsBullheadAbsoluteZeroXaquinVoodooVmysticjuicerZilla360NightDragonspool32Tox
  • ShadowfireShadowfire Vermont, in the middle of nowhereRegistered User regular
    I've been meaning to build a Pi hole for a long time. With the possibility of being stuck at home for a while if they shut down our field work, I may have some time to do a project or two and this may be one of them.

    WiiU: Windrunner ; Guild Wars 2: Shadowfire.3940 ; PSN: Bradcopter
  • MugsleyMugsley Registered User regular
    You probably have a next step coming, but you missed the steps of pointing your router's DNS address at the PiHole

  • AngelHedgieAngelHedgie Registered User regular
    Mugsley wrote: »
    You probably have a next step coming, but you missed the steps of pointing your router's DNS address at the PiHole

    That's only necessary if you're keeping the router as the DHCP server, as then it needs to know how to tell your other devices that the Pi-Hole is your new DNS server. Since we're using the Pi-Hole as the DHCP server as well, it automatically informs all devices that it is also the DNS server.

    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
  • ArchArch Neat-o, mosquito! Registered User regular
    Wow, what an amazingly well-timed thread! I was going to post this question as it's own thread, but this seems more apropos.

    Okay, I've been having some interesting problems with my home internet. I get my internet through Spectrum, and I'm using an ARRIS SURFboard SBG6900-AC modem and router.

    What's been happening is that many times during the day my internet will just "drop out". That is, I'm connected to the WiFi network, but the connection switches from "Connected, secured" to "Connected, no internet" and stays that way for a bit, sometimes up to minutes at a time.

    At first I thought it was just my phone, since I got a bargain version from Google. However, I just built a new PC, and didn't skimp on anything, and have noticed it happening quite often. What's more, I got even more suspicious when I had to download and install things. This problem seems to occur nearly exclusively when I'm downloading files, particularly large ones.

    It made me think back- many of the other times I've encountered this have been when we've been using the WiFi pretty heavily (i.e. my wife watching Youtube in HD while I also watch Netflix on our phones, me downloading three games at a time, online gaming, trying to stream).

    So my question is three-fold:

    1. Is it possible I'm seeing this because of the router? If so, how do I fix it? Are there setting I should change on the router to maximize transfer rate, or something?

    2. Is this more likely to be due to shitty behavior by my ISP, and if so, what do I do?

    3. How can I distinguish between these two scenarios?

    mysticjuicer
  • AngelHedgieAngelHedgie Registered User regular
    edited July 21
    Improving Your Pi-Hole

    So, now we've got a working Pi-hole - but it's just stock. There are a number of quality of life improvements we can make to improve things.

    Save Your SD Card With Log2RAM

    So, you may have heard about early model Teslas self-bricking a few months back - this was due to logging in the internals pushing the flash memory past its maximum write capacity, and thus causing it to fail. Something similar can happen with the logs on your Pi - constant writing can prematurely wear out the Pi's SD card. To prevent this, we can add Log2RAM - a set of scripts that sets /var/log (where all system logs get written) to something called a RAMdisk - a virtual disk held in the Pi's RAM. In addition, it sets up CRON (a Unix automation tool) jobs to write the contents of /var/log to the SD card on a regular schedule - by default, this is done daily and on shutdown/reboot.

    The GitHub archive lined above has instructions for installing Log2RAM either via the Debian APT package manager (a tool for managing installs) or through manual download. (And since it's hosted on GitHub, you can also just clone the repository via Git and install that way - though if you're comfortable doing that, you probably don't need this walkthrough.)

    Set Up A Home Domain
    NB: This configuration method is no longer necessary as of Pi-hole 5.1. If using 5.1 or later, domain configuration can be handled via the Local DNS Configuration screen on the Pi-hole Dashboard.
    Back when we set up the Pi-hole as a DHCP server, we got to define a domain name for our network. Domain names like our host's are human readable ways to define network domains, and the locations within - this is the whole purpose of the Domain Name Service, to turn "34.98.75.234" into "penny-arcade.com". Furthermore, since the Pi-hole runs our domain, it's considered authoritative for it, which means that we could define actual domain names for the static devices on our network. Doing so, however, will take a bit more work (but not much!)

    Step one is to tell dnsmasq where it can find the listing of our domain hosts, which is done by adding another config file to it:
    echo "addn-hosts=/etc/pihole/lan.list" | sudo tee /etc/dnsmasq.d/02-lan.conf
    
    (The tee command is basically a more flexible pipe that pushes the result of the first command both to the console and to the file name given. The name comes from a plumbing T-connector that splits a pipe into two.)

    Now that we've told dnsmasq where it can find a hosts list of our network, lets create that list. To do that, we'll need to generate the file with root, so you can use one of the following commands in the console:
    sudo nano /etc/pihole/lan.list
    sudo mousepad /etc/pihole/lan.list
    
    (Nano is an in-console text editor that's decently new user friendly, with the various commands listed at the bottom of the window and some WYSIWYG elements like arrow keys moving the cursor. Mousepad is a Notepad clone that will pop open in a separate window when invoked.)

    This will now allow you to edit the hosts file and add records - you'll want to do so in the format "IPAddress DomainName HostName" as shown below:
    192.168.5.1	gateway.hedgienet	gateway
    192.168.5.55	pihole.hedgienet	pihole
    192.168.5.80	backbone.hedgienet	backbone
    
    Of course, you'll want to replace "hedgienet" with the domain you defined in the DHCP server screen, and the addresses with the ones for your own devices. When done, save the file and close the editor.

    Finally, we need to restart the DNS server so that it will recognize the new entries:
    sudo pihole restartdns
    

    Once restarted, you can now access your hosts using the defined domain names instead of their IP addresses.

    Next, we'll cover improving DNS security.

    AngelHedgie on
    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
    Archdavidsdurions
  • AngelHedgieAngelHedgie Registered User regular
    Arch wrote: »
    Wow, what an amazingly well-timed thread! I was going to post this question as it's own thread, but this seems more apropos.

    Okay, I've been having some interesting problems with my home internet. I get my internet through Spectrum, and I'm using an ARRIS SURFboard SBG6900-AC modem and router.

    What's been happening is that many times during the day my internet will just "drop out". That is, I'm connected to the WiFi network, but the connection switches from "Connected, secured" to "Connected, no internet" and stays that way for a bit, sometimes up to minutes at a time.

    At first I thought it was just my phone, since I got a bargain version from Google. However, I just built a new PC, and didn't skimp on anything, and have noticed it happening quite often. What's more, I got even more suspicious when I had to download and install things. This problem seems to occur nearly exclusively when I'm downloading files, particularly large ones.

    It made me think back- many of the other times I've encountered this have been when we've been using the WiFi pretty heavily (i.e. my wife watching Youtube in HD while I also watch Netflix on our phones, me downloading three games at a time, online gaming, trying to stream).

    So my question is three-fold:

    1. Is it possible I'm seeing this because of the router? If so, how do I fix it? Are there setting I should change on the router to maximize transfer rate, or something?

    2. Is this more likely to be due to shitty behavior by my ISP, and if so, what do I do?

    3. How can I distinguish between these two scenarios?

    This is why I really do not like the all in one router/modem combos that ISPs are enamored of, because a problem with one can impact the other. To answer your questions - Yes, you're probably overloading the router, which is causing it to cut out. The problem here is that you have a single device that's doing two things badly, instead of two devices that each do something well. I would recommend having Spectrum take back the combo router/modem and bring you (and I know they have them, since I'm a Spectrum customer as well) a standalone cable modem. Then I would get your own router, and make sure it's a solid one - I'd be looking at either the Nighthawk (I use a Nighthawk R7960P personally) or Orbi mesh router lines from Netgear in your circumstance, as you need a router with the ability to handle both a large number of devices and high data throughput.

    (Also, from a security perspective, I much prefer running my network on hardware I own, which is why I prefer segregation between my cable modem (which is on Spectrum's side of the fence) and my router (which is on my side.))

    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
    VoodooV
  • ArchArch Neat-o, mosquito! Registered User regular
    Well, that's distressing. Spectrum didn't provide that router, I went and bought it myself.

    Any suggestions to help ameliorate the issue temporarily whilst we're holed up for the pandemic? Any settings I could tinker with?

  • AngelHedgieAngelHedgie Registered User regular
    Arch wrote: »
    Well, that's distressing. Spectrum didn't provide that router, I went and bought it myself.

    Any suggestions to help ameliorate the issue temporarily whilst we're holed up for the pandemic? Any settings I could tinker with?

    So, I looked at the router documentation, and it doesn't seem to have any Quality of Service support, which would allow it to prioritize connections.

    The best thing I can recommend at the moment is to try to connect as many devices as you can via wired connections. One thing that most people don't realize is that a Wi-Fi network connection has more overhead than an Ethernet connection.

    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
  • mRahmanimRahmani DetroitRegistered User regular
    edited March 18
    I don't recommend this, but since I already had a Plex server running, I installed Ubuntu on a VM and ran Pi-Hole through there. Seems to be working remarkably well so far, though I am only using it for DNS. I have a Unifi USG as a DHCP server/router.

    I do think this thread is skewing a little far on the techie side of things, but since it's primarily techie people here I'm not sure how far. So, any tech newbs reading, please ask questions! It's hard to gauge what other people don't know.

    mRahmani on
  • mRahmanimRahmani DetroitRegistered User regular
    edited March 18
    @AngelHedgie some other topics that might be useful to cover:

    - basic modem, router, and AP recommendations for apartments and small houses
    - choosing an ISP, service speed, data caps
    - basic wireless network security

    I can chip in on some of these after work.

    mRahmani on
  • MugsleyMugsley Registered User regular
    I think it's finally time to set up a proper Home Networking thread in the Tech Tavern. I can try to gin up a decent OP later tonight.

    I should use this to get off my ass and put up a proper (non-software) Engineering thread over in DnD.

  • AngelHedgieAngelHedgie Registered User regular
    So, since we've gotten a question about a router issue, let's talk a bit more about routers, since they're pretty much the heart of any home network.

    Your standard consumer grade router is basically a purpose built computer designed to manage your entire network (hence why they have all those bits mentioned above - that's basically the effective minimum to have a working home network these days.) And like any other computer, they have their limits. Wireless networking has made this worse, because while a finite number of Ethernet jacks does impose a limit on wired connections, you can keep connecting more and more wireless devices to your poor router until it raises the white flag. It's also worth noting that a wireless connection takes more overhead for a router to maintain, since it's not just pushing electrons down a wire, but transmitting a signal out to be heard by other devices (and not just the target device either, which makes wireless less secure by its very nature.) If your router is being sluggish due to high wireless use, one fix you may be able to do is to just run a physical connection to devices like consoles, streaming devices, smart TVs, and other bandwidth hogs - it's easier for a router to push bits through a wired connection. Also, if your router is multiband, make sure that devices that support newer wireless standards are using the bands that can take advantage of them - putting your console on the 2.4GHz band means that it won't be able to use features like beamforming and MU-MIMO.

    That said, the hardware in your router matters. First off, avoid combination router/cable modem units:
    • Combo units try to pack two moderately sized electronic components into a shell that's about the size of a standard router. This means that the combined unit is going to be making compromises on both sides, resulting in a single device that does two things poorly.
    • As I stated above, the cable modem is on the ISP's side of the fence, while the router is on yours. Mixing the two blurs that delineation, making it questionable as to what your ISP gets to dictate rules on.
    • Many times, these units are provided by the ISP, which exacerbates the above - not to mention that you no longer own the hardware powering your network.
    • Combo units also make it difficult to improve to better technologies - for example, if fiber becomes available in your neighborhood, you'll have to get rid of your router, since it won't be able to handle the fiber input.

    Second, consider your usage and needs. If your household only has light to moderate network usage - web browsing, some light streaming, etc. - a basic router will be fine. But if you've got people gaming and streaming from multiple rooms simultaneously, you'll want a router with some genuine horsepower under the hood, as well as features to improve performance:
    • Quality of Service (QoS): Routers with QoS features will monitor communications and prioritize messages that are more time-critical, so packets for an online gaming session will take precedence over streaming video, which in turn will be prioritized over a download. Be aware that this won't make your connection faster - it will just use it more efficiently and in a manner that will impact users less.
    • Multiuser-Multiple Input/Multiple Output (MU-MIMO): MU-MIMO routers can break up wireless communications into multiple channels, allowing wireless devices to interact with the router simultaneously, instead of in a first in first out queue as with older wireless protocols. MU-MIMO is specific to 802.11ac, so make sure devices that can use that protocol are on the correct band to do so.
    • Beamforming: Routers with beamforming can further align the signals they send from their antennae to improve connectivity to devices, allowing connections from further away and with less interference. Again, this is tied to the 802.11ac standard, so make sure that you have devices capable of using it on the right band.
    • Multiband: Today, virtually all routers you can by in the commercial market are at the least dual-band - this means they have a 2.4GHz radio for the legacy standards and for devices such as smart home systems that focus on range and wide support over bandwidth, and a 5GHz radio for the newer standards focusing on bandwidth. Higher end routers will add additional radios - for example, a tri-band router will have a second 5GHz radio, adding on a second access point at that bandwidth.

    Finally, there are mesh routers. These routers use multiple units that interconnect using a special wireless communication channel separate from normal wireless networking, creating a widescale network without requiring running cables everywhere. Some systems like Google WiFi use standardized nodes that interconnect in a true mesh, while others like Netgear's Orbi have one central "master" unit that then connects to satellite units that provide both wired and wireless access. Mesh routers can provide wide coverage over large spaces, while not requiring running wires through walls - but at the same time won't be as effective as an actual wired network.

    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
    ceresJebus314DisruptedCapitalistZilla360Iolo
  • John MatrixJohn Matrix Registered User regular
    Thank you for putting this together, Angel. Would it be possible to do a post about recommended devices/cost ranges for the items discussed? I'm trying to build a rough budget and set performance expectations.

    Thanks again

  • AngelHedgieAngelHedgie Registered User regular
    edited March 20
    Thank you for putting this together, Angel. Would it be possible to do a post about recommended devices/cost ranges for the items discussed? I'm trying to build a rough budget and set performance expectations.

    Thanks again

    For hardware recommendations, I like to point people to review lists put out by reputable sites that test the physical hardware, like Tom's Guide, Consumer Reports, or The Wirecutter. There are a few commonalities that I see when looking at these lists, though:
    • For most consumers, budget between $100-200 for a solid router. If you're going mesh, you may want to consider setting your max range to $300, as most of the better systems go for about $100/node.
    • If you're on a budget, the TP-Link Archer A7 routinely pops up as a top notch router for those seeking a balance between cost and power. While it doesn't have higher end features like MU-MIMO, it does have QoS, and performs well in testing.
    • Google's offerings are solid, and all work as mesh nodes (expect to pay $100 for a base node, and $150 for a node with a Google Home speaker built in.) I've recommended them to family and friends who aren't as skilled with networks as I am, because they're very easy to set up and use. That said, the reason for their ease of use is also why I won't use them personally - they're easy to use because Google manages a lot of the operational interface, and can be difficult to manage at a more advanced level. They're very much designed as appliances - but there's a tier of user for whom that's a positive!
    • Personally, I use a Netgear Nighthawk R7960P router, which retails for around $200. It's a solid router with a dual core processor, tri-band radios, QoS, MU-MIMO and beamforming support, as well as a USB 3.0 port to set up a USB hard drive as network accessible storage (NAS). I am getting to the point that if I do some of the things I want to do, like setting up a Plex server - I'm seriously considering rolling my own router using a specialized fanless NUC microPC designed for doing so. Needless to say, rolling your own router is not an exercise for network novices, but the performance benefits of doing so cannot be denied.

    AngelHedgie on
    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
    Feraldavidsdurions
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    FYI, the default Pi-Hole settings render Google Shopping unusable. I keep meaning to fix this at my home and I keep not actually bothering to do it.

    You have to whitelist www.googleadservices.com to make Google Shopping work again, though this will open up Google's text-based ads in search results.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
  • ShadowfireShadowfire Vermont, in the middle of nowhereRegistered User regular
    Google WiFi is kind of terrible now. They've replaced their old units with new ones that are a lot larger and have Google Assistant built in. Problem is they're faster but with lower range, and a lot more expensive.

    I've championed Eero a lot before and they've brought out a version that's only $250 regular price and does a great job. Something worth considering in place of Google WiFi now.

    WiiU: Windrunner ; Guild Wars 2: Shadowfire.3940 ; PSN: Bradcopter
  • AngelHedgieAngelHedgie Registered User regular
    It's sad to hear that Google's offerings are worse now. There's definitely a place in the market for "appliance" routers for people who aren't knowledgeable about how routers work or networking.

    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
  • AngelHedgieAngelHedgie Registered User regular
    edited March 27
    We've discussed routers, but let's now discuss the other two items that many home networks will use - cables and switches.

    Cables: Inserting Plug A Into Jack B

    Network cables are the backbone of the network, allowing you to plug devices into your router, letting them communicate. Standard network cables are unshielded twisted pair (UTP) cables - this means that the cable actually contains pairs of internal wires that are twisted together (specifically, there are four color coded sets - blue, orange, green, and brown - with one wire being solid and the other having a white stripe) that has no metal shielding from interference. (For specialized applications, there are shielded twisted pair (STP) cables - but these sell at a premium, due to the shielding in the cable.) The cable will terminate with an RJ-45 plug, which looks a lot like the classic RJ-11 phone plug, only wider (since it has double the conductive wires.) Network cables today come in three common ratings:
    • Category 5/5 Extended (Cat5/Cat5E): The standard network cable today (and routinely used for phone wire in new construction as well), Cat5 cable is designed around the 100BaseTX Ethernet standard, capable of supplying a transmission rate of 100Mb/s The original spec had issues with sustaining higher rates over longer runs, resulting in the Cat5E standard, which improved performance at length. Being cheaper than Cat6, Cat5/5E runs are perfectly acceptable when bandwidth is not an issue.
    • Category 6 (Cat6): With the advent of the 1000BaseTX Gigabit Ethernet standard, Cat5 cables were found lacking - they can sustain the transfer rates with short runs, but not at length. As a result, Cat6 cables were developed to handle gigabit transmission rates. For today's needs at home, Cat6 is recommended when bandwidth is necessary.
    • Category 7 (Cat7): Just as Cat6 was designed for gigabit Ethernet, Cat7 was developed alongside the 10GigE standard, which allows a 10 Gb/s transfer rate. There is little in the way of home networking gear that uses this standard today - but if you're putting in a wired network, futureproofing with Cat7 may be worth considering.

    While you can make cables, I really don't recommend doing so. Network cables can be cheaply purchased in bulk through vendors like Amazon or Monoprice - make sure that the plugs have relief jackets (these look like sleeves that extend from the plug down the cable a short way, and help relieve stress on the cable.)

    For exceptionally long runs (for example, running a line between two houses or to an outbuilding), fiber is a solid choice for doing so as it has high throughput over long distances, and is non-conductive. However, it's also more expensive, as you will need not only the fiber cable, but adapters on each end to convert back to standard Ethernet.

    Switches: Because Four Jacks Is Not Enough

    A switch is a network device that allows multiple devices to interconnect through it - and share an upstream network connection, with the switch sending packets to their proper destinations by looking at the Media Access Control (MAC) address on the packet. Switches can have a massive number of ports (rackmount switches usually come in multiples of 24, for example,) but consumer grade switches usually come in 5 and 8 port flavors. In addition, switches come in two types: managed and unmanaged. Unmanaged switches are basically plug and play - plug into power, plug your devices in, and they'll now be on the network. Managed switches can provide further control over your network, as they can provide things like QoS and other administrative functions.

    When buying a switch, make sure to confirm which Ethernet standards it supports - a switch that only supports 100Mb/s cannot handle gigabit communications, even if everything else on your network can. For my own network, I use a Netgear GS105Ev2 managed switch as the house's backbone in the network closet, and Netgear GS308 unmanaged switches in my living room and bedroom to connect all the devices there. Both are more on the "prosumer" side with metal cases and more advanced features for the managed switch - if you need something a bit more inconspicuous, the Netgear GS208 unmanaged switch is the same functionality as the GS308, but in a sleek plastic shell and back facing ports.

    Edit: A little rumination on the history of switches (or, Hedgie Explains Why You Whippersnappers Have It Good As He Adjusts His Onion):
    Back in the 80s and 90s, there was another type of network device that could be used in lieu of a switch - hubs. Hubs looked like switches, but were much simpler - they would take a message coming in on one port, and send it to every other occupied port, effectively reducing available bandwidth for each device to (full bandwidth available)/(number of devices attached to the hub) for Ethernet. At the time, hubs existed because switches were expensive - a switch would be an order of magnitude more costly than a hub of equivalent size. (This is also why there were alternative networking protocols like Token Ring, which used a token that said who had the "right" to send messages - while Token Ring was slower in theory than Ethernet, in practice it was competitive because of the issues with hubs.) The explosion of home networking in the late 90s and the development of cheaper processors caused switches to crater in price, becoming competitive with hubs - and when that happened, it was the end of the hub.

    In addition, the ports on the network gear of that era were basically dumb mechanical connectors, and if you tried to chain together two hubs/switches with a regular cable, the result would be nothing, because the new device wouldn't be able to communicate properly. Instead, you would need to buy (or more likely make) something called a crossover cable - this is a cable where the transmit pins on one plug are connected to the receive pins on the other, and vice versa. Eventually, hardware manufacturers would add one or two ports at the end which would have manual switches to change the transmit/receive pins in the port itself, so you wouldn't need a crossover cable - and then eventually developed ports that can autonegotiate connections, making manual switches unnecessary. Today, the ports on modern network equipment are all capable of autonegotiation, so this sort of management is a thing of the past.

    AngelHedgie on
    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
    davidsdurionsShadowfireZilla360Tofystedeth
  • AngelHedgieAngelHedgie Registered User regular
    Also, if you're interested in what you can really do with home networking, I recommend this video from retrotech YouTuber The 8 Bit Guy as he goes over his home network:



    I found this to be very educational, especially his discussion on why he (a network professional) chooses more "prosumer" grade equipment for at home, as opposed to professional rackmount gear. There's also bits on Power over Ethernet and Network Attached Storage that some of you will find interesting (and if you want me to talk about these, let me know!)

    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
    John MatrixdavidsdurionsZilla360
  • VoodooVVoodooV Registered User regular
    Thank you for putting this together. Like Shadowfire said, I've been meaning to use my new Pi for this for some time. I got laid off because of the pandemic so I've got a lot of free time on my hands now in-between job applications.

  • AngelHedgieAngelHedgie Registered User regular
    edited April 4
    So, let's finish up setting up your Pi-hole by improving the security of your DNS requests.

    A Short Digression On DNS

    So, before we get into how we can improve our security with DNS, it will help to explain how DNS works. The Domain Name System was created to give users on the internet a way to dynamically resolve a human readable domain name (for example, "penny-arcade.com") to an IP address (34.98.75.234). With the way the Pi-hole is configured, this process goes like this:
    1. The device sends the request to the Pi-hole.
    2. The Pi-hole checks the request against its blacklists to see if the request should be allowed. If the gravity passes a certain threshold, the Pi-hole kills the request.
    3. If allowed, the Pi-hole looks to see if it's a domain it's authoritative over (for example, your local domain.) If it is, the Pi-hole personally serves the address from its records.
    4. If the Pi-hole is not authoritative, it checks its cache of previously requested domain records to see if it has a valid entry for the domain name. If it does, then it just returns that record.
    5. If the cache has no valid record for the domain, the Pi-hole then calls on the upstream DNS server set up in configuration, which will return the record to the Pi-hole. In addition to returning the record, it also adds it to its cache so it can serve the domain record from the cache in the future.

    Upstream DNS servers like the ones run by Google and Cloudflare have a different process that they go through, called a recursive lookup. The DNS system is hierarchal, with domains (both "three letter domains" (TLDs) and country code domains) slowly moving up to the DNS root server (which in actuality is a cluster of servers located around the world.) If one of these servers needs to look up "penny-arcade.com" (say that their existing cache record has expired and is no longer valid, for example,) they follow a different process:
    1. The server makes a request of the root server to find out which DNS server is handling the ".com" domain, and the root server replies with the address of the ".com" DNS server.
    2. The server now contacts that server, and asks which server is handling "penny-arcade.com". The DNS server responds with an address for the specific registrar's DNS server that is considered authoritative for the domain.
    3. The server contacts the registrar's server, and asks it for the IP address for "penny-arcade.com", which it returns.

    Now, the bad news is that because DNS is such an old part of the internet, having existed for decades at this point, it was built in an era where security wasn't as much of an issue as it is today. As a result, DNS requests are sent in plaintext, which can be intercepted and used to track you. We can mitigate this by one of two ways:
    • We can run our DNS requests through HTTPS to an upstream server, so that our requests are encrypted. Do note that while this protects the request from outside lookers, the DNS server we're using can still read our request freely.
    • Instead of relying on an external DNS server for resolution, we can set up our own recursive DNS server and resolve our own requests, using a server that supports DNS over TLS for added security. In addition, it would make us less vulnerable to DNS poisoning attacks, where a major DNS provider has a false record redirecting users to a malicious website added by attackers.

    AngelHedgie on
    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
    davidsdurionsZilla360
  • AngelHedgieAngelHedgie Registered User regular
    edited April 4
    DNS over HTTPS with cloudflared

    In the first strategy, we're going to set up a connection to CloudFlare, which provides DNS over HTTPS services. Because we want to use this encrypted channel, we need to set up a special client locally that knows how to send DNS requests over HTTPS, called the CloudFlare daemon, or cloudflared for short. (For Unix novices, daemons are processes that run in the background to provide services. Pi-hole is built on top of several of these daemons, to provide both the DNS resolution and the web front end, to name a few examples.) As such, installation will take a few steps here.

    Step 1 is to get the daemon installed on our Pi. First, we want to get the compiled binary from CloudFlare's repository:
    wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-arm.tgz
    

    Note the ".tgz" extension at the end. This means that the binary is in an compressed tape archive file (also known as a "tarball"), a standard means of packaging binaries in Unix. Of course, this does us no good, so we need to unpack it into something more usable:
    tar -xvzf cloudflared-stable-linux-arm.tgz
    

    tar here is a standard Unix utility for handling tape archive files, and the flags here are telling it to decompress (z) and extract (x) the given file (f) in a "verbose" (v) manner which will list every file extracted. Now that we have the fully uncompressed daemon binary, we need to place it where it needs to live to be usable, as well as tell the system that the folder contains executable code:
    sudo cp ./cloudflared /usr/local/bin
    sudo chmod +x /usr/local/bin/cloudflared
    

    cp is short for "copy", and copies the uncompressed cloudflared folder to /usr/local/bin, a location where available local binaries are placed for use. chmod alters the permissions on the file or folder targeted - in this case, we're adding the execute (x) permission. Finally, we need to verify that the binary runs:
    cloudflared -v
    

    Now that we have the binary installed, we need to set it up to run in the background. While the instructions I linked to have both manual and automatic configuration, we're explicitly going to use the manual process, because the automatic process installs the daemon under the root user, which is a serious security flaw. With the manual process, we'll create a "cloudflared" user who will act as a sandbox ffor the process:
    sudo useradd -s /usr/sbin/nologin -r -M cloudflared
    

    Again, there's a bunch of flags here. We're using the -s (shell) flag to assign our new user to have no login shell (since nobody should be logging into this user.) -M tells useradd that cloudflared should have no user directory, and -r makes cloudflared a system user. Now that we have our user, we want to standardize the options it will use when it starts cloudflared. We'll need to open the file for editing with one of the following two commands:
    sudo nano /etc/default/cloudflared
    sudo mousepad /etc/default/cloudflared
    

    Then in the file, we add the following line:
    CLOUDFLARED_OPTS=--port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query
    

    What we're doing here is creating a reference that contains the command arguments we want to run cloudflared with. Since Pi-hole courrently runs off port 53 (the standard DNS server port), we need to tell cloudflared to run on another port (in this case, 5053), and we need to tell it which upstream DNS servers to connect to (1.1.1.1 and 1.0.0.1 are the addresses for the CloudFlare DNS servers.) That said, since we created/moved files under root (note the sudo commands above), cloudflared can't access the config file or the binary because it doesn't have ownership. We want it to be able to, so we'll need to grant ownership using chown:
    sudo chown cloudflared:cloudflared /etc/default/cloudflared
    sudo chown cloudflared:cloudflared /usr/local/bin/cloudflared
    

    Finally, we need to set up a script for systemd (the system daemon, which is used to initialize a Linux system on startup) to get cloudflared running if we ever reboot the Pi. Once again, we'll be opening a file, this time in the systemd folder:
    sudo nano /etc/systemd/system/cloudflared.service
    sudo mousepad /etc/systemd/system/cloudflared.service
    

    In this script, we'll be adding the following configuration:
    [Unit]
    Description=cloudflared DNS over HTTPS proxy
    After=syslog.target network-online.target
    
    [Service]
    Type=simple
    User=cloudflared
    EnvironmentFile=/etc/default/cloudflared
    ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS
    Restart=on-failure
    RestartSec=10
    KillMode=process
    
    [Install]
    WantedBy=multi-user.target
    

    Note in the ExecStart line the $CLOUDFLARED_OPTS reference - this calls back to the configuration we set up earlier. Finally, we need to enable systemd to run the process at startup, then tell it to start cloudflared, and finally check the status of the cloudflared process:
    sudo systemctl enable cloudflared
    sudo systemctl start cloudflared
    sudo systemctl status cloudflared
    

    Congratulations - we now have cloudflared running locally on our Pi. Now, we need to tell Pi-hole to route DNS requests through cloudflared, instead of the DNS server we've been using. Log into the Pi-hole interface, then go to Settings > DNS. You'll notice on the right side of the screen a section for custom upstream DNS servvers. In Custom 1, type in the following:
    127.0.0.1#5053
    

    The "127.0.0.1" part is a special IP address called the loopback address, which tells Pi-hole to refer to itself internally, while "#5053" tells it to use port 5053 - the port that cloudflared is running under. Uncheck the providers on the left you were using before (because we don't want the Pi-hole sending requests to anything but cloudflared), and click Save.

    And with that, you're done. Pi-hole will now route all DNS requests through cloudflared, which will communicate to the CloudFlare DNS server over HTTPS.

    AngelHedgie on
    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
    VoodooVShadowfireJebus314davidsdurionsZilla360
  • VoodooVVoodooV Registered User regular
    edited April 4
    Once again, thanks again for doing this. A question though.

    I got the cloudflared service set up. I typo'd the ExecStart and put user instead of usr so it took me a bit to get that fixed up. (side note, I'm a relative linux/pi newb so I had to google that you have to enter 'q' to exit out of the systemctl status screens otherwise I was stuck for a while.

    But I did get that fixed up and just for good measure I rebooted my pi and the status does show as running. In regards to the pi-hole configuration, when you're specifying the custom 1 entry, do I not need to also uncheck the box for the existing upstream DNS on the left hand side of that screen (currently set to cloudflare, just not https). Or does setting the Custom 1 field override the Upstream DNS Servers settings on the left? Cuz we don't want both, right?

    EDIT: derp, I suck at reading the entire post, nevermind.

    VoodooV on
  • AngelHedgieAngelHedgie Registered User regular
    Ars Technica posted a piece discussing why Wi-Fi doesn't scale well. I recommend reading it in full, as it gets into a lot more detail as to why, but the short version is that it's very easy to overload the capacity of Wi-Fi networks, especially with streaming - which is why you want those devices wired if you can. Ars also does a rundown on several mesh router systems - they recommend the Amazon Eero system as a compromise between power and ease of use.

    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
  • CiriraCirira IowaRegistered User regular
    This is an excellent read for most anyone. I've personally got the Ubiquiti equipment setup at home for my home network and have been meaning to tweak it. I had to take my pi-hole down since it was blocking a few of the streaming apps my wife likes to use as well. I know you can just whitelist those ad-sites (mostly the CBS app seemed to shit the bed), but if you go with the pi-hole solution you may run into something similar as a FYI. This was on a fire TV that works without the pi-hole running.

    I'm not the best network guy but I can try to answer some questions if folks have them as well.

  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    edited April 15
    Ars Technica posted a piece discussing why Wi-Fi doesn't scale well. I recommend reading it in full, as it gets into a lot more detail as to why, but the short version is that it's very easy to overload the capacity of Wi-Fi networks, especially with streaming - which is why you want those devices wired if you can. Ars also does a rundown on several mesh router systems - they recommend the Amazon Eero system as a compromise between power and ease of use.

    Decent article.

    I'd be a little bit cautious about the phrase "Wi-Fi doesn't scale well." For home users, that's generally true.

    At a business, we scale out Wi-Fi by adding more access points and wiring each of those access points back to the central network with an Ethernet cable.

    At home, you usually have a single access point (which is inside your router). With a mesh system, you have multiple access points, but they're all communicating wirelessly. (Mesh is better than a single access point, but it's worse than having multiple access points all connected back to the network by cables.)

    It is possible for a home user to get a similar experience as a professionally-built business Wi-Fi network. If you own your own home, I highly recommend getting Ethernet wiring (CAT-6) installed, especially if the home has multiple floors or is otherwise very large.

    If you don't want to install Ethernet wiring, or you can't (because you rent), then powerline Ethernet and MoCA Ethernet are good fallback options. I'm sure you (or I, or somebody else) will describe those later in this thread.

    Feral on
    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
    Zilla360bowen
  • MugsleyMugsley Registered User regular
    I was going to use the copycat thread I made in the Tech section for this but this gets more eyeballs.

    For residential use, do I need to buy a CloudKey in order to use Ubiquiti APs? The internet seems divided on this.

  • CiriraCirira IowaRegistered User regular
    Mugsley wrote: »
    I was going to use the copycat thread I made in the Tech section for this but this gets more eyeballs.

    For residential use, do I need to buy a CloudKey in order to use Ubiquiti APs? The internet seems divided on this.

    You can run one off of a Raspberry Pi or any old PC laying around. You need one to run their APs I believe but don't have to buy their expensive hardware if you don't want since the software is free I believe.

  • Jebus314Jebus314 Registered User regular
    Feral wrote: »
    Ars Technica posted a piece discussing why Wi-Fi doesn't scale well. I recommend reading it in full, as it gets into a lot more detail as to why, but the short version is that it's very easy to overload the capacity of Wi-Fi networks, especially with streaming - which is why you want those devices wired if you can. Ars also does a rundown on several mesh router systems - they recommend the Amazon Eero system as a compromise between power and ease of use.

    Decent article.

    I'd be a little bit cautious about the phrase "Wi-Fi doesn't scale well." For home users, that's generally true.

    At a business, we scale out Wi-Fi by adding more access points and wiring each of those access points back to the central network with an Ethernet cable.

    At home, you usually have a single access point (which is inside your router). With a mesh system, you have multiple access points, but they're all communicating wirelessly. (Mesh is better than a single access point, but it's worse than having multiple access points all connected back to the network by cables.)

    It is possible for a home user to get a similar experience as a professionally-built business Wi-Fi network. If you own your own home, I highly recommend getting Ethernet wiring (CAT-6) installed, especially if the home has multiple floors or is otherwise very large.

    If you don't want to install Ethernet wiring, or you can't (because you rent), then powerline Ethernet and MoCA Ethernet are good fallback options. I'm sure you (or I, or somebody else) will describe those later in this thread.

    I'm not sure I would advocate powerline ethernet over a mesh solution. I have my in-laws setup with two access points on either side of their house, with powerline in between. Works great, except since it is opposite sides of the house the powerline has to be on different circuits, and something keeps killing the connection. So every few weeks they will complain about no internet access, and it is always because the powerline isn't communicating again.

    Caveats abound, but I feel like those two solutions are probably similar in their ease of installation/reliability (generally).

    Still trying to decide how to make that setup more reliable (switch to a wifi mesh? Some kind of a watchdog on their computer that tries to reset the powerline adapter every so often?).

    "The world is a mess, and I just need to rule it" - Dr Horrible
  • mysticjuicermysticjuicer [he/him] I'm a muscle wizard and I cast P U N C HRegistered User regular
    Is there a "how to identify the cause of an internet issue" guide that exists? I'm getting the same kind of issues that Arch mentioned (internet just craps out, sometimes every 2 or 5 minutes for a while, usually reappearing after 30 seconds or so), except I'm wired directly into my router. I could call my ISP, but I'd like to be able to do some super basic trouble-shooting on my own before doing that.

    Doing a 5 minute power down of the modem sometimes "solves" the issue for a while. Likewise turning off the router. The modem, router, and ethernet cables are brand new (within the last two months). :sad:

    narwhal wrote:
    Why am I Terran?
    My YouTube Channel! Featuring Yomi tournament commentary and tutorials!
  • Knight_Knight_ Dead Dead Dead Registered User regular
    Mugsley wrote: »
    I was going to use the copycat thread I made in the Tech section for this but this gets more eyeballs.

    For residential use, do I need to buy a CloudKey in order to use Ubiquiti APs? The internet seems divided on this.

    No. You don't even need the software running if you don't want to to do the fancier tools like captive portal and whatnot. You can install it on your pc, setup your configuration, and either turn it back on when you want to update/fiddle with your settings, leave it running forever, or turn it off and the APs will just keep on keeping on. I have been using ubiquiti stuff for like 5 years now and it's the best.

    I have since bought a cloud key because it's extremely easy management of the system (and I have one at my parent's house so I can manage their connection and run their updates and whatnot) but certainly not required.

    aeNqQM9.jpg
    mRahmaniZilla360
  • TavTav Registered User regular
    This seems like the right place for this sort of question.

    We recently upgraded to fttc internet which comes into the house and connects to an ISP modem which I have connected to a Netgear R8000 for wifi. When we upgraded, the ISP gave us a new modem which is an Eir F3000, which is just a rebranded Huawei device. The annoying thing is that this new modem doesn't allow you to specify a custom DNS server, which means my pi-hole has stopped working. I've tried looking into replacement modems but I'm kind of at a loss at the differences in dsl vs vsdl vs adsl and whether or not a new modem will actually be compatible with my ISP. Is there a way of knowing this ahead of time, or do I just need to call up the ISP and go "hey this thing is garbo, what'll work as a replacement?"

  • AngelHedgieAngelHedgie Registered User regular
    Tav wrote: »
    This seems like the right place for this sort of question.

    We recently upgraded to fttc internet which comes into the house and connects to an ISP modem which I have connected to a Netgear R8000 for wifi. When we upgraded, the ISP gave us a new modem which is an Eir F3000, which is just a rebranded Huawei device. The annoying thing is that this new modem doesn't allow you to specify a custom DNS server, which means my pi-hole has stopped working. I've tried looking into replacement modems but I'm kind of at a loss at the differences in dsl vs vsdl vs adsl and whether or not a new modem will actually be compatible with my ISP. Is there a way of knowing this ahead of time, or do I just need to call up the ISP and go "hey this thing is garbo, what'll work as a replacement?"

    @Tav - If you're wanting to replace the modem, then yes, you'll need to ask your ISP for what they need on their end to get it to work. That said, it sounds like they gave you a combo modem/router - there are ways to work around that without replacing your existing router (though they do tend to be a pain.)

    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
  • TavTav Registered User regular
    Tav wrote: »
    This seems like the right place for this sort of question.

    We recently upgraded to fttc internet which comes into the house and connects to an ISP modem which I have connected to a Netgear R8000 for wifi. When we upgraded, the ISP gave us a new modem which is an Eir F3000, which is just a rebranded Huawei device. The annoying thing is that this new modem doesn't allow you to specify a custom DNS server, which means my pi-hole has stopped working. I've tried looking into replacement modems but I'm kind of at a loss at the differences in dsl vs vsdl vs adsl and whether or not a new modem will actually be compatible with my ISP. Is there a way of knowing this ahead of time, or do I just need to call up the ISP and go "hey this thing is garbo, what'll work as a replacement?"

    @Tav - If you're wanting to replace the modem, then yes, you'll need to ask your ISP for what they need on their end to get it to work. That said, it sounds like they gave you a combo modem/router - there are ways to work around that without replacing your existing router (though they do tend to be a pain.)

    Yeah it's a modem/router combo. I have the wifi turned off on it and it just feeds into a router I have here because the last box they gave me was awful.

  • AngelHedgieAngelHedgie Registered User regular
    Tav wrote: »
    Tav wrote: »
    This seems like the right place for this sort of question.

    We recently upgraded to fttc internet which comes into the house and connects to an ISP modem which I have connected to a Netgear R8000 for wifi. When we upgraded, the ISP gave us a new modem which is an Eir F3000, which is just a rebranded Huawei device. The annoying thing is that this new modem doesn't allow you to specify a custom DNS server, which means my pi-hole has stopped working. I've tried looking into replacement modems but I'm kind of at a loss at the differences in dsl vs vsdl vs adsl and whether or not a new modem will actually be compatible with my ISP. Is there a way of knowing this ahead of time, or do I just need to call up the ISP and go "hey this thing is garbo, what'll work as a replacement?"

    Tav - If you're wanting to replace the modem, then yes, you'll need to ask your ISP for what they need on their end to get it to work. That said, it sounds like they gave you a combo modem/router - there are ways to work around that without replacing your existing router (though they do tend to be a pain.)

    Yeah it's a modem/router combo. I have the wifi turned off on it and it just feeds into a router I have here because the last box they gave me was awful.

    That works fine - just a few things to do to make it as smooth as possible:

    * Since you're not relying on the cable modem/router (CMR) to provide any services, turn off DHCP and DNS on it if possible, and assign your personal router (PR) a static IP address on the WAN.
    * If the CMR allows port forwarding or DMZ configuration , set it to forward all ports to the PR static IP address.
    * Make sure that the local network masks for the CMR and PR local networks are different - i.e. if the CMR has a network mask of 192.168.0.x, set the PR network mask to 192.168.2.x.

    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
  • TavTav Registered User regular
    edited April 21
    Tav wrote: »
    Tav wrote: »
    This seems like the right place for this sort of question.

    We recently upgraded to fttc internet which comes into the house and connects to an ISP modem which I have connected to a Netgear R8000 for wifi. When we upgraded, the ISP gave us a new modem which is an Eir F3000, which is just a rebranded Huawei device. The annoying thing is that this new modem doesn't allow you to specify a custom DNS server, which means my pi-hole has stopped working. I've tried looking into replacement modems but I'm kind of at a loss at the differences in dsl vs vsdl vs adsl and whether or not a new modem will actually be compatible with my ISP. Is there a way of knowing this ahead of time, or do I just need to call up the ISP and go "hey this thing is garbo, what'll work as a replacement?"

    Tav - If you're wanting to replace the modem, then yes, you'll need to ask your ISP for what they need on their end to get it to work. That said, it sounds like they gave you a combo modem/router - there are ways to work around that without replacing your existing router (though they do tend to be a pain.)

    Yeah it's a modem/router combo. I have the wifi turned off on it and it just feeds into a router I have here because the last box they gave me was awful.

    That works fine - just a few things to do to make it as smooth as possible:

    * Since you're not relying on the cable modem/router (CMR) to provide any services, turn off DHCP and DNS on it if possible, and assign your personal router (PR) a static IP address on the WAN.
    * If the CMR allows port forwarding or DMZ configuration , set it to forward all ports to the PR static IP address.
    * Make sure that the local network masks for the CMR and PR local networks are different - i.e. if the CMR has a network mask of 192.168.0.x, set the PR network mask to 192.168.2.x.

    yeah its not possible to disable the DNS, which is why I was asking about the replacement

    I think this will do the trick so i'm going to try it

    Tav on
  • DisruptedCapitalistDisruptedCapitalist screaming Registered User regular
    I haven't tried setting up a home network in Windows since XP but thanks to the quarantine, I'm trying to make sure everyone's computer can access the printer. The problem is that it seems like the Microsoft live login thingy doesn't work. Even if both computers are signed in to the same account and the folders/printers are shared and the pin signin is disabled, I still can't access anything on any other computer. The only way I've been able to get around this is to create a dummy account called "printjobs" as a local account on the computer attached to the printer.

    This seems stupid. Is there a better way to do this, or as usual has Microsoft made something needlessly complex?

  • AngelHedgieAngelHedgie Registered User regular
    I haven't tried setting up a home network in Windows since XP but thanks to the quarantine, I'm trying to make sure everyone's computer can access the printer. The problem is that it seems like the Microsoft live login thingy doesn't work. Even if both computers are signed in to the same account and the folders/printers are shared and the pin signin is disabled, I still can't access anything on any other computer. The only way I've been able to get around this is to create a dummy account called "printjobs" as a local account on the computer attached to the printer.

    This seems stupid. Is there a better way to do this, or as usual has Microsoft made something needlessly complex?

    Your printer doesn't have its own network spool? Most printers today are designed as network devices to be directly connected to the network without having to be attached to a computer.

    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
  • AngelHedgieAngelHedgie Registered User regular
    Tav wrote: »
    Tav wrote: »
    Tav wrote: »
    This seems like the right place for this sort of question.

    We recently upgraded to fttc internet which comes into the house and connects to an ISP modem which I have connected to a Netgear R8000 for wifi. When we upgraded, the ISP gave us a new modem which is an Eir F3000, which is just a rebranded Huawei device. The annoying thing is that this new modem doesn't allow you to specify a custom DNS server, which means my pi-hole has stopped working. I've tried looking into replacement modems but I'm kind of at a loss at the differences in dsl vs vsdl vs adsl and whether or not a new modem will actually be compatible with my ISP. Is there a way of knowing this ahead of time, or do I just need to call up the ISP and go "hey this thing is garbo, what'll work as a replacement?"

    Tav - If you're wanting to replace the modem, then yes, you'll need to ask your ISP for what they need on their end to get it to work. That said, it sounds like they gave you a combo modem/router - there are ways to work around that without replacing your existing router (though they do tend to be a pain.)

    Yeah it's a modem/router combo. I have the wifi turned off on it and it just feeds into a router I have here because the last box they gave me was awful.

    That works fine - just a few things to do to make it as smooth as possible:

    * Since you're not relying on the cable modem/router (CMR) to provide any services, turn off DHCP and DNS on it if possible, and assign your personal router (PR) a static IP address on the WAN.
    * If the CMR allows port forwarding or DMZ configuration , set it to forward all ports to the PR static IP address.
    * Make sure that the local network masks for the CMR and PR local networks are different - i.e. if the CMR has a network mask of 192.168.0.x, set the PR network mask to 192.168.2.x.

    yeah its not possible to disable the DNS, which is why I was asking about the replacement

    I think this will do the trick so i'm going to try it

    You shouldn't need to worry about the CMR DNS on the PR network - since you control that network, you should be able to define where local devices on that network get their DNS queries resolved.

    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
Sign In or Register to comment.