Hi Folks,
I host a nextcloud instance, a NAS, and a few content portals for things like ebooks and music (internal only). I’ll be migrating Smartthings to Home Assistant eventually. We’re going to be upgrading to fiber soon and I have the opportunity to rebuild my wife’s network with a long term outlook (we’ll likely be here for years). Currently we have an older eero mesh system over cable internet. My desk is right where the cable currently comes in so all my Ethernet devices can live near the router.
My question is this:
What am I missing out on as a self-hoster by using whatever equipment metronet gives me?
What am I missing out on as a regular internet user by using the default equipment.
Am I likely to be annoyed about where the fiber comes into the house?
If it makes sense to buy my own router or access point(s), what is a reasonable balance between “daddy Bezos please read all my emails” and “you’ll never be secure until you build a router from custom circuit boards you custom ordered and hand assembled in a secure area”.
I’d like to avoid complex configuration, but if I can surface advanced options when needed, that would be great.
My Linux knowledge is intermediate. My networking knowledge is begintermediate.
I like OpenWRT but it does require knowledge and time to maintain.
Am I likely to be annoyed about where the fiber comes into the house?
That one depends on the company installing it. When I got it installed they asked me exactly where I wanted the fiber to terminate and ran it through the house to an outlet under my desk. So let them know and they might put it where you need it.
As for the router, I recommend buying a mini PC with at least 2 Ethernet ports and 4GB of RAM and running OPNsense. It’s great and will give you all the control you need. Or you can repurpose any old PC you have lying around and just add some Ethernet ports on a PCIE card.
Depends on how good the ISP router is. I’ve had one that had most of the advanced settings available, so I didn’t feel the need to change. For a while I had offloaded DHCP and DNS and VPN to a Raspberry Pi. It’s very much possible to make do with the ISP router. That ISP would let you passthrough the public IP to a box on your network which lets you do a lot of stuff without going into bridge mode, so I could make my server the target while still letting the router do the routing so if my server was down it didn’t take the whole network with it.
Then I got a bad one where it won’t even let you set up port forwards unless the device is registered over DHCP so my static stuff and VMs didn’t work. Got my EdgeRouter X back online to get my stuff done.
I do use VLANs and stuff now so it makes sense for me to use my own router. With everything getting breached these days, I have a VLAN just for my computers, another one for smart but trusted-ish devices (the TV’s gotta reach the NAS), one for IoT that’s completely shielded off.
What you’re missing out on depends a lot on what features you don’t have you could make use of. If you have like 3 devices using the network like I did when I lived alone, yeah you’re probably not going to miss out on the VLANs. But maybe you want to do ad blocking network-wide. Maybe you’d want to better prioritize interactive traffic like VoIP and video calls or games. Maybe you want a reverse proxy or VPN that works even if your home server is down. Maybe you want your kids to not hog all the bandwidth. There’s a lot of things a router can do.
So if the ISP router does everything you want and you’re happy with its performance, it’s fine. Just keep it in mind, when you start being like “I wish it had X and Y features” maybe consider an upgrade then.
If you have the option of not getting a router from your ISP, I would definitely recommend bringing your own. If they provide it regardless and you’d be replacing it through unofficial means, eh, if it works well…
I went through this at the beginning of the year, it get 900/900 fibre, settled on openwrt running on a nanopi r4s. My other options were a nanopi r6s with openwrt, or nuc type hardware/server running something like pfsence/opnsence etc. The openwrt install took about 5mins then a couple of hours of exploring various menus options etc, which I didnt end up changing.
I’m thinking about the RS6 a lot but really want to put Alpine Linux on it if I can manage it. My reasoning is I already know how to set up a router from scratch on the command line.
OpenWRT is probably easier but I’ve had bad experiences with its UI (and the distro as a whole) in the past, but the version of it on my GL.inet travel router is pretty rock solid though the UI still annoys me and I’d rather do most configuration via SSH.
Does OpenWRT support multiple WireGuard interfaces and VLANs? This is kind of what I’m wanting.
pfSense (I know, it’s UNIX) looked good on paper too but after playing with it on a VPS the UI just seemed overly complex. I don’t want to learn the ins and outs of some weird UI.
What am I missing out on as a regular internet user by using the default equipment.
You miss an understanding about what your devices do. Including the devices you got from your provider.
As a consequence, you remain clueless when your devices get attacked and taken over.
What am I missing out on as a self-hoster by using whatever equipment metronet gives me?
You miss the chance of securing your network.
As a self hoster, you are a little bit more attractive, and there are more possibilities of attacking your devices, than a typical PC or mobile user.
My suggestion is an extra router with OpenWRT between the metronet device and all your other stuff. You will get some better understanding just by configuring your OpenWRT for the first time. Their documentation is very good.
