[SOLVED] Advice for new wired router

[paulo_andre]

Hi
I wanted to upgrade my home network and make it as future-proof as possible. My main concerns are security and network speed.
Apparently, the best is to separate the wired and wireless parts, I'll have several (big house...) AP's just distributing signal and upgrade them as the technology improves. For now I just want to update the main entry point, the router.
From what I read, the best is to have a x86 router, with freebsd or openbsd installed, but finding the best hardware is proving to be difficult.
My requirements are:

• small, to fit in a cabinet
• must have or support having 3 NIC's (wan, lan and guest network)
• gigabit ethernet on all interfaces (and needs to handle full gigabit ethernet)
• hardware 100% supported in freebsd/openbsd

I don't exactly have a budget, but I didn't want to spend too much... and certainly not a price of a full pc.
The cabinet is well insulated, so maybe a fanless solution is not required.

 

[bill001g]

Key is going to be how much traffic you intend to pass.

The main reason you would use a PC for a router is when you are running vpn on the device. It takes a lot of cpu power to do the encryption.

You have to be careful to not fall into the trap of thinking more is always better especially when you don't understand details.

Lets say you use a $50 mid grade router. It will block 100% of any incoming traffic from the internet. This is a function of the NAT. NAT does not know which of your internal machines to give the traffic to so it just discards it. You don't need a firewall when you block ALL incoming connections.

Performance a cheap router will actually outperform many smaller pc. Routers have a hardware accelerator that does the NAT function. This allows even very inexpensive routers to pass a gigbit of traffic wan-lan. You standard PC does not have this hardware feature and must do the processing via the CPU.

Pretty much unless you know some feature that you want to use that is not provided by a router you are doing lots of work for little to no benefit. Your best future proof is to use a cheap router now and when you actually know the function you need then implement it and if that requires a pc you do it then.

 

[paulo_andre]

I agree with evertything you said, the main reason I wanted a x86 router was because of security.
I can't block 100% of the traffic, I need to open ports for services I have exposed.
From what I read, freebsd and openbsd are better updated than openwrt and that leaves less vulnerabilities to exploit. Am I mistaken here?
Also, yes, the router will have a vpn, but vpn performance is NOT on my list of concerns. I only use it a few times, and 10Mbps is more than enough for those times, even a cheap router can handle that.

It's not on my list of requirements, but would be a nice to have if I could migrate the open services to the router:
-caddy server
-file server
-syncthing
-qBittorrent interface

But again, this is just a nice to have. The main concern is and always will be security and network performance. Right now the network performance WAN<->LAN is only 110Mbps, but my ISP already has 1Gbps available and it's tempting...

 

[bill001g]

I would bet you need nothing better than say a i3 to do what you want.

In some ways the more stupid a box is the safer it is. Any unix implementation is always going to have some risk that you misconfigure something.

It will mostly be your preference what exact image you run. The firewall/router prebuilt images are stripped of many of the extra features of a actual server. This makes them run faster on a smaller machine as well as reduces the things that can be attacked.