Router upgrade
Should I buy a better router than the router/modern unit my ISP gave me?
Are there security benefits in doing so?
Any other benefits in upgrading?
Cheers Fam
- 10 Replies
L0 
L4: Noob Hi Chris, if you are staking at home … absolutely! How is your ISP setup? Is your modem and router 2 separate boxes or is it an all in one unit?
-
L2: Probably A Person
Hi John,
It’s an all in one unit.
What would you recommend I add to tighten up my security.
Networking is an area of computing I have very little experience with and something I would like to get a better understanding of before solo staking
-
L0
L4: Noob
This will probably take a little setup on your part then. I think to make this as simple and cheap as possible, and to isolate your validator from the rest of your network here’s what I would do.
Purchase a small router like the Protectli box I mentioned below. If they’re out of your budget then the Qotom Q330G4 is a cheaper alternative. If you go with Protectli they can install PFSense or OPNSense for you. If you go with a Qotom you’ll need to install PFSense or OPNSense on it. They’re both free. Once that’s done, connect the WAN port to one of the LAN ports on your main router. In the settings go in and put the new router in the DMZ. That puts it outside of your current routers firewall. Then plug your validator into the new router and configure ports, etc..
That way the validator is on it’s own network and all your PCs/Devices/Wifi are on their own. Isolated from each other. One thing for sure is to use static IPs and static ARP tables. OPNSense and PFSense make that easy, and they also have great intrusion detection software you can enable which will help to detect if you’ve been compromised.
-
L2: Probably A Person
Ok, cool! Thanks for the detailed response JBM, You rock!!
Those mini PC/routers are suuuper nice, I have a couple old computers kicking around so I think I’m gonna poke around with pfsense on one of those first. I am not a solo staker right now (hopefully one day) so it’s not that urgent.
If I go the dedicated hardware route, could I have my validator and a home server for my small business website both behind the pfsense firewall but still isolated enough from each other that I could play around on my server fiddling with websites without worrying about endagering the validator? Currently my site is on a DO droplet I managed to set up a few years ago, if I’m getting more into home network gear I would like to save on the monthly server costs.
-
L0
L4: Noob
Ok, cool! Thanks for the detailed response JBM, You rock!!
Happy to help anytime!
Those mini PC/routers are suuuper nice, I have a couple old computers kicking around so I think I’m gonna poke around with pfsense on one of those first. I am not a solo staker right now (hopefully one day) so it’s not that urgent.
It’s definitely a splurge item. That’s a good idea! If you have the space, there’s nothing wrong with
using an old PC all the time. I did it for years until I decided to treat myself recently. You need 2 network cards to make it work.
PCI network cards are pretty cheap used on eBay though. I would recommend anything with an Intel chipset as they’re usually the most compatible. You don’t have
to have the mini pc to make this work.If I go the dedicated hardware route, could I have my validator and a home server for my small business website both behind the pfsense firewall but still isolated enough from each other that I could play around on my server fiddling with websites without worrying about endagering the validator? Currently my site is on a DO droplet I managed to set up a few years ago, if I’m getting more into home network gear I would like to save on the monthly server costs.
Sure! PFSense and OPNSense both provide an option for “port isolation” which can do that, but each device you want isolated from the others will need its own ethernet connection to the router (PFSense PC), so if you’re buying a new network card already get one that has 4 ports. Then you can use the one built into your motherboard for a management port, which would be connected to your LAN with your desktop pc. The other 4 you can plug devices into and isolate them from each if you want. That keeps all that stuff separated from your home LAN, but you can still interact and manage the server from your home LAN.
Sounds complicated but if you need help when you’re setting it up I’m be happy to help.
-
L0
L4: Noob
This is an excellent choice. If you have a little money to spend, you can buy specialized router sized mini PCs you can use for this. I like Protectli Vaults. They have the Opensource Coreboot BIOS installed. They can even pre-install PFSense or OPNSense if you want. All sorts of options, including 4G LTE failover. These are good too because their power requirements are low so you can run it and your validator longer on battery in the event of a power failure.
-
L3: A Person
This is a lot nicer than my setup. Maybe I can buy one after the merge. Thanks @JBM
-
L2: Probably A Person
Thanks Binary….this is interesting and something I was not aware of…. honestly not sure what it is for 😂🤦
I have a lot of homework to do on the networking front
-
L3: A Person
No problem bro. If you have some questions just ask
