Greetings In anticipation of a fiber optical connection (moving from a wireless) I have been planning out and purchasing some bits of hardware. Am finding that networking is, at least sure seems to be, another black hole for time and effort.
TL;DR (skip to last paragraphs for the question(s)) At present this is a soho office kind of installation but that will slowly be morphing into something that is at least somewhat larger. There are a number of input sensor locations being worked on some of which would be generating, initially at least, up to 15 data streams sampled possibly every second (some maybe more often - - - decisions aren't all done as yet) so there will be a fair amount of data running around on my network which I'm trying to keep largely a wired affair. At this point I'm working on the three entry bits of hardware (and their software) - - - the router, hardware firewall, and the managed switch. The initial hockup on the fiber system is going to be at 250 Mbps sysmetric. For the router I'm planning on using OpenWRT running on a Nanopi r4s which according to the folks over on openwrt capable of even very close to full Gbps speeds (IIRC tested to some 918 Mbps) which would give some headroom for future increases although I don't see a need for the foreseeable future. For the switch I have found myself a XyZel 1900-48 that I'm working on getting OpenWRT on. This ability to run a managed switch on OpenWRT is somewhat new but its open source and I'm not tied (I don't think) to OpenWRT - - - - except I don't know any other real alternative - - - so that's not a difficult solution either. I don't 'need' 48 ports but I have 16 at present on a hub and its almost full and that's for stuff only here in the orifice (sic!). I also want the capabilities of forcing streaming services and wireless communications to not collect any more data from any other part of the network (using VLANs) as is possible. Then lastly to the hardware firewall. I've been looking at pfsense and opnsense. Both are ipv6 possible although both are mostly focused on ipv4 at the present. IPfire seems to have gotten itself into a holding pattern and is not continuing work toward ipv6 functionality. Any one of these options are producing headaches when I'm trying to figure out how to configure them - - - nothing installed at present, just researching so far. So - - - - questions - - - - 1. is my splitting the network system into the three parts a good idea or should I truncate parts 1 and 2 into the router? If you would please give reasons - - - please? 2. are there any good sources for information on and about networking? debian has moved to nftables from iptables - - - is devuan doing similar? Where does one find information to enable a firewall that works yet isn't stupid? (I've wondered about having some kind of easy 'switch' that when users left their systems that the system wouldn't be calling home in the overnight at least a la ms googly. Dunno if that's 'simple' or not - - - so much to learn and so little time to do it all in!) TIA
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng