On Saturday, 2 May 2020 12:40:40 AM AEST Trent W. Buck via luv-talk wrote:
Mark Trickett via luv-talk wrote:
I connect to the Internet with a Telstra 4GX mobile modem, and the Netgear cradle for it. I want to put at least one network printer on a home network, but not expose it to the Internet. I would appreciate any recommendations about a router and or firewall.
So the Telstra device in question has 1 public IP address (possibly through some strange NAT system) and all your devices are on private IP addresses and use NAT in the Telstra device. There are ways for devices behind such routers as the Telstra device to request port forwarding, but I doubt that the printer would be doing that and even if it did the Telstra network probably wouldn't cooperate.
Every host should run its own firewall, in software. If you only have an "appliance firewall", you're really saying "every LAN host trusts every other LAN host to not turn evil." Which is dangerously optimistic.
Another possibility is that the hosts on the LAN don't offer insecure services. If for example all hosts on your LAN use protocols like ssh/scp to communicate then you shouldn't need a "firewall". If however you have services like NFS running then it's a different situation. If you want to have something like NFS running then have one Linux PC connected to the Internet (the Telstra device in this case) and have it not forward ports for such protocols.
You *can* do all this with a commodity OS (e.g. Debian) or commodity hardware (e.g. an old laptop). It just requires more skill and work do set it up.
That's a matter of opinion. I recently spent a few hours working on a Microtik router to get it to do some simple stuff I could have done on a regular Linux system in a minute. Maybe for someone who doesn't know how to do things in Linux, doesn't know where to look for advice, and doesn't want to learn about Linux those router devices are good. But for people on this list I think that just learning how to do things on Linux is a better option.
Also unless you make it Debian Live or similar, it usually needs handholding to recover from a bad power event. One ADVANTAGE of using an old laptop is that they have a built-in 1hr+ UPS :-)
What sort of problem is this? I've had lots of power failures for PCs running Linux and since about 1997 not much in the way of problems recovering from them (there were some Ext2 bugs in about 1995 that caused problems on power failure). The eBay prices on laptops are ridiculous. I've had my current Thinkpad now for about 2 years. Every time I've checked recently I haven't seen a similar Thinkpad on eBay for the price I paid on eBay 2 years ago. I've seen broken Thinkpads offered for parts at higher prices than I paid for a fully working Thinkpad 2 years ago! If you have an old laptop and don't need to do laptop things then it's probably best to sell it and buy a RaspberryPi or get an old desktop system for free.
I am considering going the 12v route because I do get power flicks now and then, and also am considering going off grid. A native 12v DC system will waste less power than using an inverter to go 240V AC and then back to the DC, along with being a separate system that has the potential to be left running 24x7, while I do switch the various items off at the moment.
This is sensible.
Certainly a fun project and worthy of a lecture at a LUV meeting once the pandemic is resolved. https://electronics.stackexchange.com/questions/105064/what-is-the-usage-of-... This page suggests that -5V and -12V aren't needed on modern motherboards. So to run such a motherboard from a 12V battery you just need to stabilise 12V (my tests showed that the only way to get the voltage of my car cigarette lighter socket down to 12V was to turn the headlights on while the engine wasn't running) and step down 12V to 5V.
I had considered a Raspberry Pi for a firewall, but I would prefer to run something with two full Ethernet ports. I know I could add one to a Raspberry Pi with a USB to Ethernet dongle, but there are bandwidth considerations within the Raspberry Pi. That may not matter as the broadband mobile is not always particularly quick, or the Telstra network and tower may be the limiting factor, but still thinking.
Right - running turning a rpi or old laptop into a router by adding a USB ethernet adapter is a cheap solution, but it feels yukky.
Routing 100baseT (the maximum speed of NBN) is not particularly strenuous. Any laptop that has USB 2.0 should be able to handle it if you have the right USB device, as Trent noted there's some low quality USB hardware out there. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/