Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Civilization is the limitless multiplication of unnecessary necessities. -- Mark Twain


aus+uk / uk.comp.homebuilt / Re: OTish: Best free network manager- replace ClearOS? Maybe pfSense?

SubjectAuthor
* Re: OTish: Best free network manager- replace ClearOS? Maybe pfSense?Theo
+* Re: OTish: Best free network manager- replace ClearOS? Maybe pfSense?Pancho
|`- Re: OTish: Best free network manager- replace ClearOS? Maybe pfSense?Lee Nowell
`* Re: OTish: Best free network manager- replace ClearOS? Maybe pfSense?Theo
 `- Re: OTish: Best free network manager- replace ClearOS? Maybe pfSense?Lee Nowell

1
Re: OTish: Best free network manager- replace ClearOS? Maybe pfSense?

<dPf*Mqbvy@news.chiark.greenend.org.uk>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=1401&group=uk.comp.homebuilt#1401

 copy link   Newsgroups: uk.d-i-y uk.comp.homebuilt
Path: i2pn2.org!i2pn.org!aioe.org!nntp.terraraq.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!.POSTED!not-for-mail
From: theom+n...@chiark.greenend.org.uk (Theo)
Newsgroups: uk.d-i-y,uk.comp.homebuilt
Subject: Re: OTish: Best free network manager- replace ClearOS? Maybe pfSense?
Date: 26 Sep 2021 11:51:07 +0100 (BST)
Organization: University of Cambridge, England
Lines: 72
Message-ID: <dPf*Mqbvy@news.chiark.greenend.org.uk>
References: <08c0d4fa-0984-4a68-aafa-63d6455b09fcn@googlegroups.com>
NNTP-Posting-Host: chiark.greenend.org.uk
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: chiark.greenend.org.uk 1632653469 13490 212.13.197.229 (26 Sep 2021 10:51:09 GMT)
X-Complaints-To: abuse@chiark.greenend.org.uk
NNTP-Posting-Date: Sun, 26 Sep 2021 10:51:09 +0000 (UTC)
User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (Linux/3.16.0-11-amd64 (x86_64))
Originator: theom@chiark.greenend.org.uk ([212.13.197.229])
 by: Theo - Sun, 26 Sep 2021 10:51 UTC

leen...@yahoo.co.uk <leenowell@yahoo.co.uk> wrote:
> Hi All,
>
> I have been using ClearOS on an old PC for many years to manage my
> internal network. I have my broadband router on it's own subnet on one
> NIC of my ClearOS PC and then the internal network on a separate subnet on
> the other NIC. ClearOS then manages all the network, DHCP, DNS, in theory
> virus scan/ malware protection etc. etc.
>
> I am getting FTTP installed next week so thought I would take the
> opportunity to re-look at the network setup whilst I am at it. My version
> of ClearOS requires a full rebuild to upgrade anyway so thought I would
> look at what the best is these days.
>
> After a bit of Googling, pfSense seems to be the most popular but was
> wondering if anyone here had any views on pfSense vs ClearOS or indeed any
> alternative suggestions? I don't know what router I am getting with the
> install so maybe these days the routers are good enough and should scrap
> the external network manager - although I do like the idea of the internal
> and external networks being on separate subnets with a hardware/ physical
> separation (maybe a security expert might say this makes no real
> difference?).
>
> Also, any suggestions on good newsgroups I should post to instead who
> focus on these sorts of things?

uk.comp.homebuilt is fairly quiet but might be worth a go. Adding a
crosspost...

I suppose the real question is: what do you want your 'network manager' to
do?

Any router will handle DHCP, DNS, NAT. How do you handle wifi - is that a
separate AP/mesh setup? Do you have requirements on top of what a consumer
router would provide?

IMX a good reason for a DIY router is because the one you have can't handle
the internet bandwidth, which is more common with cable and FTTP setups.
The issue tends to be that the router CPU is too poor to handle routing
tasks like lots of connections being made at once.

https://arstechnica.com/gadgets/2016/09/the-router-rumble-ars-diy-build-faces-better-tests-tougher-competition/
gives some of the motivation behind using a mini PC for this which has
'PC' class hardware rather than the single-core 400MHz MIPS you got in
consumer routers. Jim Salter has a number of 'DIY router' articles on Ars
that benchmark his DIY build over consumer alternatives, which are worth
reading.

Your old PC is almost certainly going to take a lot more power than one of
those, so your running costs will be a lot higher than even a mini PC
solution. On the other hand, internet bandwidth has been rising slower than
router performance - these days routers can be more like a cheap smartphone
- eg quad 1.5GHz ARM cores which is a lot more horsepower than the single
400MHz MIPS. So the window in which using a 'PC' rather than a 'router'
seems to be closing.

On the other hand, if you want full control a proper OS is attractive,
especially if your ISP or a Netgear/etc router is too restrictive. A middle
ground would be to look at OpenWRT or dd-wrt or some of the other router
distros - you get to run these on a traditional low power router platform (a
reflashed Netgear or TP-Link or even an old ISP router if it has suitable
specs, although you can run them on PCs too) while giving you more control.

A suggestion: a cheap and simple entry point to this world is the BT Homehub
5 reflashed with OpenWRT. These can be bought preconfigured for about £20
on ebay (search 'homehub 5 openwrt'). The wifi on these is mediocre
(although good for its time) but otherwise it's a solid OpenWRT router, if
not the newest. That gives you a chance to play with OpenWRT on such a
platform, and if you don't like it you've only wasted £20. You'd probably
burn that in a few months of power of your old PC router.

Theo

Re: OTish: Best free network manager- replace ClearOS? Maybe pfSense?

<sipoc9$7cs$1@dont-email.me>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=1402&group=uk.comp.homebuilt#1402

 copy link   Newsgroups: uk.d-i-y uk.comp.homebuilt
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: Pancho.D...@outlook.com (Pancho)
Newsgroups: uk.d-i-y,uk.comp.homebuilt
Subject: Re: OTish: Best free network manager- replace ClearOS? Maybe pfSense?
Date: Sun, 26 Sep 2021 13:17:11 +0100
Organization: A noiseless patient Spider
Lines: 37
Message-ID: <sipoc9$7cs$1@dont-email.me>
References: <08c0d4fa-0984-4a68-aafa-63d6455b09fcn@googlegroups.com>
<dPf*Mqbvy@news.chiark.greenend.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 26 Sep 2021 12:17:13 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="f6ec46e0837213fcdae883c4c8acf13d";
logging-data="7580"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/SokRdWlHHBBq3t58+AP+BkTNLT3+9FN0="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101
Thunderbird/68.12.1
Cancel-Lock: sha1:UZffhW0jT4cJDaIQ/+x01N8kbYw=
In-Reply-To: <dPf*Mqbvy@news.chiark.greenend.org.uk>
Content-Language: en-GB
 by: Pancho - Sun, 26 Sep 2021 12:17 UTC

On 26/09/2021 11:51, Theo wrote:
> leen...@yahoo.co.uk <leenowell@yahoo.co.uk> wrote:
>> Hi All,
>>
>> I have been using ClearOS on an old PC for many years to manage my
>> internal network. I have my broadband router on it's own subnet on one
>> NIC of my ClearOS PC and then the internal network on a separate subnet on
>> the other NIC. ClearOS then manages all the network, DHCP, DNS, in theory
>> virus scan/ malware protection etc. etc.
>>
>> I am getting FTTP installed next week so thought I would take the
>> opportunity to re-look at the network setup whilst I am at it. My version
>> of ClearOS requires a full rebuild to upgrade anyway so thought I would
>> look at what the best is these days.
>>
>> After a bit of Googling, pfSense seems to be the most popular but was
>> wondering if anyone here had any views on pfSense vs ClearOS or indeed any
>> alternative suggestions? I don't know what router I am getting with the
>> install so maybe these days the routers are good enough and should scrap
>> the external network manager - although I do like the idea of the internal
>> and external networks being on separate subnets with a hardware/ physical
>> separation (maybe a security expert might say this makes no real
>> difference?).
>>
>> Also, any suggestions on good newsgroups I should post to instead who
>> focus on these sorts of things?
>
> uk.comp.homebuilt is fairly quiet but might be worth a go. Adding a
> crosspost...
>

pfSense is OK. I've been using it for many years. If you have a PC with
a dual NIC you can test it in a Virtual Machine.

People say OpenWRT is good. I would try it, but I have a working pfSense
set up and it is too much effort to change. i.e. pfSense doesn't annoy
me enough for the effort of a change.

Re: OTish: Best free network manager- replace ClearOS? Maybe pfSense?

<30fdfeaa-6c3c-4f93-9364-3848c83ac79en@googlegroups.com>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=1403&group=uk.comp.homebuilt#1403

 copy link   Newsgroups: uk.comp.homebuilt
X-Received: by 2002:ad4:466a:: with SMTP id z10mr19367531qvv.47.1632661711024; Sun, 26 Sep 2021 06:08:31 -0700 (PDT)
X-Received: by 2002:a25:2a57:: with SMTP id q84mr24163437ybq.404.1632661710782; Sun, 26 Sep 2021 06:08:30 -0700 (PDT)
Path: i2pn2.org!i2pn.org!aioe.org!feeder1.feed.usenet.farm!feed.usenet.farm!tr2.eu1.usenetexpress.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: uk.comp.homebuilt
Date: Sun, 26 Sep 2021 06:08:30 -0700 (PDT)
In-Reply-To: <sipoc9$7cs$1@dont-email.me>
Injection-Info: google-groups.googlegroups.com; posting-host=2.31.172.199; posting-account=S5azwAoAAACdr0U6eS6P_6NnzXINWTuF
NNTP-Posting-Host: 2.31.172.199
References: <08c0d4fa-0984-4a68-aafa-63d6455b09fcn@googlegroups.com> <dPf*Mqbvy@news.chiark.greenend.org.uk> <sipoc9$7cs$1@dont-email.me>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <30fdfeaa-6c3c-4f93-9364-3848c83ac79en@googlegroups.com>
Subject: Re: OTish: Best free network manager- replace ClearOS? Maybe pfSense?
From: leenow...@yahoo.co.uk (Lee Nowell)
Injection-Date: Sun, 26 Sep 2021 13:08:31 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 82
 by: Lee Nowell - Sun, 26 Sep 2021 13:08 UTC

On Sunday, 26 September 2021 at 13:17:14 UTC+1, Pancho wrote:
> On 26/09/2021 11:51, Theo wrote:
> > leen...@yahoo.co.uk <leen...@yahoo.co.uk> wrote:
> >> Hi All,
> >>
> >> I have been using ClearOS on an old PC for many years to manage my
> >> internal network. I have my broadband router on it's own subnet on one
> >> NIC of my ClearOS PC and then the internal network on a separate subnet on
> >> the other NIC. ClearOS then manages all the network, DHCP, DNS, in theory
> >> virus scan/ malware protection etc. etc.
> >>
> >> I am getting FTTP installed next week so thought I would take the
> >> opportunity to re-look at the network setup whilst I am at it. My version
> >> of ClearOS requires a full rebuild to upgrade anyway so thought I would
> >> look at what the best is these days.
> >>
> >> After a bit of Googling, pfSense seems to be the most popular but was
> >> wondering if anyone here had any views on pfSense vs ClearOS or indeed any
> >> alternative suggestions? I don't know what router I am getting with the
> >> install so maybe these days the routers are good enough and should scrap
> >> the external network manager - although I do like the idea of the internal
> >> and external networks being on separate subnets with a hardware/ physical
> >> separation (maybe a security expert might say this makes no real
> >> difference?).
> >>
> >> Also, any suggestions on good newsgroups I should post to instead who
> >> focus on these sorts of things?
> >
> > uk.comp.homebuilt is fairly quiet but might be worth a go. Adding a
> > crosspost...
> >
> pfSense is OK. I've been using it for many years. If you have a PC with
> a dual NIC you can test it in a Virtual Machine.
>
> People say OpenWRT is good. I would try it, but I have a working pfSense
> set up and it is too much effort to change. i.e. pfSense doesn't annoy
> me enough for the effort of a change.

Thanks both. Not sure how the cross posting works when using the Google groups front end as my replies only seem to be posted on the newsgroup I replied to whereas yours seem to appear on both. Anyway, manually cross posting my replies below for others on this group :)

===================Thanks both. The main appeal for me with the PC route is that there is hardware separation between my internal and external networks which seems more secure to me than a pure software firewall if I went down the router space. ClearOS also gives a lot better logging/ metrics that my routers - unsure what OpenWRT provides.

My house is all wired with cat6 so either have the end devices connected via Ethernet or via a series of other wifi routers dotted around the house to give coverage. For these routers, whilst I was at it, I was thinking about whether it is worth flashing these with OpenWRT (if the routers are supported)?

thanks

Lee.
==================Thanks Pancho - I was in a similar position with ClearOS in that it works fine and didn't have a reason to change it until now:). Do you use pfSense in a similar way to my use of ClearOS? Re: OpenWRT I thought that was only to replace the OS on the routers themselves as opposed to act as a separate network manager?

Thanks

Lee.

Re: OTish: Best free network manager- replace ClearOS? Maybe pfSense?

<bPf*rycvy@news.chiark.greenend.org.uk>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=1405&group=uk.comp.homebuilt#1405

 copy link   Newsgroups: uk.d-i-y uk.comp.homebuilt
Path: i2pn2.org!i2pn.org!aioe.org!nntp.terraraq.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!.POSTED!not-for-mail
From: theom+n...@chiark.greenend.org.uk (Theo)
Newsgroups: uk.d-i-y,uk.comp.homebuilt
Subject: Re: OTish: Best free network manager- replace ClearOS? Maybe pfSense?
Date: 26 Sep 2021 16:56:53 +0100 (BST)
Organization: University of Cambridge, England
Lines: 52
Message-ID: <bPf*rycvy@news.chiark.greenend.org.uk>
References: <08c0d4fa-0984-4a68-aafa-63d6455b09fcn@googlegroups.com> <dPf*Mqbvy@news.chiark.greenend.org.uk> <fc93cdf4-161a-4e89-b30b-770bacd24a7en@googlegroups.com>
NNTP-Posting-Host: chiark.greenend.org.uk
X-Trace: chiark.greenend.org.uk 1632671816 5199 212.13.197.229 (26 Sep 2021 15:56:56 GMT)
X-Complaints-To: abuse@chiark.greenend.org.uk
NNTP-Posting-Date: Sun, 26 Sep 2021 15:56:56 +0000 (UTC)
User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (Linux/3.16.0-11-amd64 (x86_64))
Originator: theom@chiark.greenend.org.uk ([212.13.197.229])
 by: Theo - Sun, 26 Sep 2021 15:56 UTC

leen...@yahoo.co.uk <leenowell@yahoo.co.uk> wrote:
> Thanks both. The main appeal for me with the PC route is that there is
> hardware separation between my internal and external networks which seems
> more secure to me than a pure software firewall if I went down the router
> space. ClearOS also gives a lot better logging/ metrics that my routers -
> unsure what OpenWRT provides.

I'm not sure what you mean about a 'pure software firewall'. The PC with
two NICs is using software to route from one NIC to the other. It doesn't
have a hardware firewall.

A typical wifi router has a single NIC but its five ports (4xLAN, 1xWAN)
are all connected to a VLAN-enabled switch. The OS sets up the VLAN tags on
the ports to be, for example, 1-4=VLAN #1, 5=VLAN #2, and designates VLAN#1
as LAN and VLAN#2 as WAN.

Then it sees a packet coming in on VLAN#2 and decides whether or not to
route it to VLAN#1. Depending on the SoC there may be a bit of NAT
acceleration in there, but it's mostly all software, just like the dual-NIC
case.

As far as the OS is concerned it has two network ports, which are enforced
by the VLAN tagging in the switch (ie hardware). An attacker coming in on
VLAN#2 can't forge the VLAN tag to make their traffic look like it came from
VLAN#1, because the tags are all internal and not sent over the wire.
So unless the OS sets up the VLANs in a broken way (in which case it
wouldn't work) it's effectively two NICs.

With a replacement router OS you can control the port<->VLAN mappings, so
you can decide to have 5 different isolated networks if you want. To do
that on a PC would require a 5 port NIC or an external VLAN tagged switch.

OpenWRT has some packages for logging etc. They aren't installed by default
(due to having to fit on routers with small amounts of flash) - I haven't
tried them.

> My house is all wired with cat6 so either have the end devices connected
> via Ethernet or via a series of other wifi routers dotted around the house
> to give coverage. For these routers, whilst I was at it, I was thinking
> about whether it is worth flashing these with OpenWRT (if the routers are
> supported)?

It could be worth a go. I have a HH5a as the main router, and a Ubiquiti AP
for wifi, both flashed with OpenWRT. Both have a port configured to export
VLAN-tagged traffic (ie not strip the VLAN tags inside the switch), and I
have multiple wifi networks configured, one for each VLAN. That means I
have a 'IoT junk never going near the internet' wifi network which routes
back to the firewall config on the main OpenWRT router. It's a bit more
fiddly setting this up than if it was integrated into the main router, but
then I can place the AP in a better location.

Theo

Re: OTish: Best free network manager- replace ClearOS? Maybe pfSense?

<ce602995-2eb0-48db-a6f0-1aff9871e453n@googlegroups.com>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=1416&group=uk.comp.homebuilt#1416

 copy link   Newsgroups: uk.comp.homebuilt
X-Received: by 2002:ac8:410e:: with SMTP id q14mr3853238qtl.377.1632812372168;
Mon, 27 Sep 2021 23:59:32 -0700 (PDT)
X-Received: by 2002:a25:ae64:: with SMTP id g36mr5034811ybe.26.1632812372022;
Mon, 27 Sep 2021 23:59:32 -0700 (PDT)
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: uk.comp.homebuilt
Date: Mon, 27 Sep 2021 23:59:31 -0700 (PDT)
In-Reply-To: <bPf*rycvy@news.chiark.greenend.org.uk>
Injection-Info: google-groups.googlegroups.com; posting-host=2.31.172.199; posting-account=S5azwAoAAACdr0U6eS6P_6NnzXINWTuF
NNTP-Posting-Host: 2.31.172.199
References: <08c0d4fa-0984-4a68-aafa-63d6455b09fcn@googlegroups.com>
<dPf*Mqbvy@news.chiark.greenend.org.uk> <fc93cdf4-161a-4e89-b30b-770bacd24a7en@googlegroups.com>
<bPf*rycvy@news.chiark.greenend.org.uk>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <ce602995-2eb0-48db-a6f0-1aff9871e453n@googlegroups.com>
Subject: Re: OTish: Best free network manager- replace ClearOS? Maybe pfSense?
From: leenow...@yahoo.co.uk (Lee Nowell)
Injection-Date: Tue, 28 Sep 2021 06:59:32 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
 by: Lee Nowell - Tue, 28 Sep 2021 06:59 UTC

On Sunday, 26 September 2021 at 16:56:56 UTC+1, Theo wrote:
> leen...@yahoo.co.uk <leen...@yahoo.co.uk> wrote:
> > Thanks both. The main appeal for me with the PC route is that there is
> > hardware separation between my internal and external networks which seems
> > more secure to me than a pure software firewall if I went down the router
> > space. ClearOS also gives a lot better logging/ metrics that my routers -
> > unsure what OpenWRT provides.
> I'm not sure what you mean about a 'pure software firewall'. The PC with
> two NICs is using software to route from one NIC to the other. It doesn't
> have a hardware firewall.
>
> A typical wifi router has a single NIC but its five ports (4xLAN, 1xWAN)
> are all connected to a VLAN-enabled switch. The OS sets up the VLAN tags on
> the ports to be, for example, 1-4=VLAN #1, 5=VLAN #2, and designates VLAN#1
> as LAN and VLAN#2 as WAN.
>
> Then it sees a packet coming in on VLAN#2 and decides whether or not to
> route it to VLAN#1. Depending on the SoC there may be a bit of NAT
> acceleration in there, but it's mostly all software, just like the dual-NIC
> case.
>
> As far as the OS is concerned it has two network ports, which are enforced
> by the VLAN tagging in the switch (ie hardware). An attacker coming in on
> VLAN#2 can't forge the VLAN tag to make their traffic look like it came from
> VLAN#1, because the tags are all internal and not sent over the wire.
> So unless the OS sets up the VLANs in a broken way (in which case it
> wouldn't work) it's effectively two NICs.
>
> With a replacement router OS you can control the port<->VLAN mappings, so
> you can decide to have 5 different isolated networks if you want. To do
> that on a PC would require a 5 port NIC or an external VLAN tagged switch..
>
> OpenWRT has some packages for logging etc. They aren't installed by default
> (due to having to fit on routers with small amounts of flash) - I haven't
> tried them.
> > My house is all wired with cat6 so either have the end devices connected
> > via Ethernet or via a series of other wifi routers dotted around the house
> > to give coverage. For these routers, whilst I was at it, I was thinking
> > about whether it is worth flashing these with OpenWRT (if the routers are
> > supported)?
> It could be worth a go. I have a HH5a as the main router, and a Ubiquiti AP
> for wifi, both flashed with OpenWRT. Both have a port configured to export
> VLAN-tagged traffic (ie not strip the VLAN tags inside the switch), and I
> have multiple wifi networks configured, one for each VLAN. That means I
> have a 'IoT junk never going near the internet' wifi network which routes
> back to the firewall config on the main OpenWRT router. It's a bit more
> fiddly setting this up than if it was integrated into the main router, but
> then I can place the AP in a better location.
>
> Theo

Hi,

Sorry still can't work out how to get my replies on one NG to appear on the cross posted so have pasted the latest updates below...

==========Thanks Theo. The router arrived yesterday it is a "Vodafone" THG3000 I had a quick scoot through the menus and couldn't see a way to set up vlans on different ports. I take your points re: Router may be the same conceptually as my setup in that it is all controlled by software. I may have misunderstood how these things work but my logic (may be flawed) was that in the router scenario everything was on the same subnet (assuming I couldn't do the vlan thing) and therefore more liable to attack if someone externally managed to get on my network. In my setup I have the usual router firewall and the ClearOS firewall to breach. Having said that, if someone got into my external subnet (i.e. 192.168.A.xxx - the one with just my router and the ClearOS NIC) and tried to get to devices on my internal subnet (192.168.B.xx) then I was assuming ClearOS will stop that but maybe it just routes it?

==========Now I have the FTTP router, it wasn't what I was expecting. I assumed it would be equivalent to an ADSL router where you connect the ADSL one side and the LAN connects to the other. So I assumed the fibre would connect to it somewhere and it would expose Ethernet ports for the LAN. With this one (Vodafone THG3000) it has a port labelled "INTERNET" which seems to be for an ADSL connection and a different one labelled "WAN" which seems to be like an Ethernet port but connects to whatever OpenReach installs (which I assume converts the optical fibre to Ethernet?). So wonder now whether in my setup in theory whether I need to even have the new router?

Having said that, the router has a couple of phone ports which it says will enable me to connect my normal phones to it and it will "convert" then to the Voip line Vodafone are providing. So irrespective of the above, I will need the phone bit but does maybe ask the question as to whether I could/ should put the new router after the ClearOS box. i.e. OpenReach thing -> ClearOS Nic 1 -> Clear OS Nic 2 -> New Router -> internal switch.

As you can probably tell, I don't know how this whole FTTP stuff works under the covers and suspect I am still missing something in my network knowledge :)

thanks in advance for you help.

Lee.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor