Hi . I know am a bit late to comment , if I have been watching lots of your videos . Dude you are the most under rated RU-vid I came across . Your videos are so clear and concise and you are so open about real life home scenarios which Anybody can use for their own personal home . Your channels are more noob friendly like myself 😓 keep up dude a big fat thumbs up from Uk .
I’m glad you’re enjoying them! I was telling my friend the other day I was struggling to find the right balance between beginner-friendly and useful for more advanced users. Cheers!
Great video! Instead of using two Wifi Access Points for two different VLANs, you could get a dedicated WAP that supports VLANs (and if we're talking new devices might as well go for Wifi 6) such as Unifi U6-Lite or U6-LR, Aruba Instant On AP22, TP Link Omada EAP620, etc. Benefits in this case: 1 device to manage instead of 2, 1 power source taking up an outlet on your UPC instead of 2, these devices are probably stronger than your existing Netgear devices, you have to be careful of wifi channel overlap and radio interference with 2 wifi broadcasters right next to each other, with a single device you don't have that problem. Also you can mount these devices in a ceiling in a central location in your house for optimum coverage.
Won't that diminish the quality of the speeds? Since you have to separate the channels and bands for its own clients? Im just getting into networking and I have minimal knowledge so far so that's why I'm asking if that would be the case.
I should say that your videos are very informative, the pace at which you explain is perfect and the time you take to explain stuff is very good and the examples you give to explain a concept is very helpful. Overall a 10/10. Kudos Raid owl!
Thanks for explaining the entire setup in an easy manner. That's one thing I do enjoy about your videos. You speak in an actual language I can understand!!
Thanks for the simple step by step, very helpful. Useful video suggestion: How to setup a VPN connection between two computers (over the internet)--and the proper settings needed for the SG-1100 to do this (as well as the setup on the two computers to establish the connection). That would be pretty educational.
This is a great video. I plan to redo my home network setup and treating it as a lab environment. I have seen those netgate pfsense devices at work and it’s piqued my interest to learn more about how they can be configured and whatnot. You just got yourself a subscriber, and I am looking forward to learning more from this channel.
best video on home lab network now i need how to setup this the small setting on net gate and qnap switch and accesspoints. I really want to mirror this setup. i realy like and undertstand the thinking behind this home network. I learned alot
The Netgate SG-1100 is a great security gateway, but please be aware that it only allows for a maximum network speed of up to 472Mbps. I learned this the hard way as I have a 500Mbps fiber connection that gives me 525Mbps on average. With the Netgate SG-1100 connected, I could not go any faster than 425Mbps. I therefore lost a 100Mbps. The SG-2100 and the SG-4100 does offer faster speeds, but the price also increases substantially! Just read those specs before you buy!
Running Protectli fw4b w/ pfsense, refurb Cisco catalyst switch and two used ruckus APs. Just migrated to the fw4b from a netgear w/ openwrt. Like it so far. More will be revealed. Thanks for your content. Always enjoyable
Do you have the Catalyst connected to the PfSense LAN port? If so, did you just need to make the port a trunk port? Trying to figure this out myself, thanks a bunch.
14:05 krimp them into keystone jacks. Those were a life saver for me! And you can tidy it all up if you plug them into a patch panel. Short patch kabels with color coding, and you'll always know that red is important and yellow is not so important. Right since you wanted to know my home network . . . its a little more complex. I'm running 5 Vlans, a Vlan for IoT devices that don't know what DHCP is. one for CCTV, one for home networking, one for iTV (this one's a PITA btw) and last but not least one for my server. Reason i did this is so i can block internet traffic from / to my CCTV cam's which record onto my Server which is Vlan aware.
Yeah I was waiting until I get a real server rack to do punch downs and keystones...so we'll see haha. I considered setting up multiple VLANs but 2 works for now since I don't have too many IoT devices (yet). Pfsense makes it so easy to control access between VLANs so I shouldn't have any issues expanding later on down the line. Thanks for sharing!
my setup is similar except for im running a supermicro 1u server with 4 gigabit ports and an add in intel yt674 4 port nic for my pfsense box. all that for 2 pc's and 2 roku's lol. Oh, and 3 wifi hotspots. Still need to figure out the whole vlan thing. The thing i love about my pfsense rackmount router is that it has enough routing horsepower to make it to where nobody lags! Great info brother! keep it coming!
Just discovered your channel and really like your paced way of talking about networking. Also the humble small networks for me are the best to play with. You can keep pushing that until you need more :)
Thanks for your down to earth video. Kind of a game changer for me. I think i leave the unifi stuff for what it is except the ap's. And yes please if you would like to explain how to do the fancy stuff i am in. Cheers!
I ran PFSense on an old XP machine for a while, but upgraded to the SG-3100 to bring my power requirements down. I needed my internet connected to my alarms and security cameras to keep an eye on my Mom when I was at work, and the old XP box would kill the BUPS too quickly. Never really got the PFSense set up the way I wanted it...and your network configuration looks exactly like what I want. I kept having issues with all my WIFI devices, like the Nest stuff trying to get them isolated. Problem is, that you access them via your cell phone APP and wasn't able to get that working when on different wireless AP's. The SG-3100 has 4 ports so I should be able to use 1 for the ioT wireless AP and 1 to feed everything else. Maybe use 1 for a server as an extra layer of security to keep it away from your main PC.
You got a like, also because you pointed out "do it after you watched the video". Nohing is more stupid than giving a like before having watched the video... though most people want this. Great video!
awesome video man. i came across your channel a couple weeks ago and really like the the overviews you give of everything. im a new user about to setup an unraid server (coming from basic omv) and am trying to learn the basics of networking. Things like pfsense, reverse proxies, vpn's, port forwarding, etc. are things i am piecing together bit by bit. I am definitely interested in all the things you mentioned at the end of your video and would love a video in your style that introduces the how to's and what everything means. i've never played around with vm's but im after the use case of being able to access vm's at school through like a tablet. a lot of details from a to z on that one lol. anyway, thanks for your content recently man! keep up the good work, gonna stay up to date with your videos regardless if you can hit any of the above
I definitely plan on doing an in depth video of how to set up the reverse proxy soon. First step is you’re going to need to purchase a domain name if you don’t already have one. I recommend Google Domains. You can usually snag one for $12/year. Thanks for watching!
All good stuff with one nitpicky exception...at this point in time I cannot see any need for a 10g NIC on a typical home network. 1g is arguably overkill when you consider 8k streaming doesn't break 100mbps. Sitting here right now I have my wife watching Netfix on an Xbox Series X, my two sons gaming on max settings and my daughter doing whatever she is doing and then my very limited bandwidth doing this while also streaming F1TV...we are taxing the network with less than 200mbps on a 16 port 1g switch that can push 32gb all in...all attached to the world at 500...and NOTHING lags.
Good question! I originally set up HAProxy for Nextcloud so plenty of people could access it. Then since it was already set up for that, I added it to other services. The VPN was set up so I could access everything myself.
Can somebody help decipher what I have at home. My service provider installed a box that the fiber cable plugs into, then a Lan cable goes from there into "modem/router?" that then distributes wifi as well as lan ports. Which is the modem and which is the router? Still pretty new to this, thank you in advance!
Great review, thanks. Though was a bit unhappy with the prices of some elements lol. Having a separate AP for the guest network is ok, but not sure if it's a good idea to combine it with home security "layer". Oh and please make that washer review separately!
Mines simpler, i have the OEM modem giving internet to my pc and any wifi device in the back of the house, and a RT-AC59U from Asus in the living room running in wireless router mode that is connected to the main router via HPNA that gives wifi to any device in the front of the house, the same cable used for HPNA is streaming my ISPs iptv
Great videos. I've been watching a lot of videos in hopes of setting a more secure home network and yours seem to be the most understandable ALMOST down at my level. I'm in the weeds and it seems we're living in the boonies since we have DSL and nobody ever talks about DSL. I don't see many DSL routers on the market so am I stuck with the ISP-provided ZYXEL XMG351 or can I connect a Netgate 1100 to it and build up from there? All this talk of smart devices making my network vulnerable is making me very uncomfortable.
Great video, thanks for that. I am just getting into the IT world and want to do what you have done. From a cost and ease of set up angle, is there a way to just have a single access point?
Hi there! Nice video, nice newbie explanations. Literally everything I wanted to comment on was already covered by my fellow commentators below, with the exception of one thing: PLEASE do not use expressions that already exist in IT for other stuff, willingly or unwillingly =) Those are not "Plugs" on your Router, it's "Ports". And your switch is not acting "as a Hub", because a hub is something that exists in networking IT, and it works significantly different from a switch. These tiny things - if handled carefully going forward - can be the differentiator between you and the other channels doing newbie explanatory videos that do not care about proper terminology. Also, your modem does not get you an external IP, that is also your router. Your modem is literally a "modulator demodulator" that translates between different ways of data transmission between WAN and LAN, basically the electrical interface, nothing more.
Hi, there! Thanks for the heads up and the thorough explanations. Question for you concerning your statement on the Modem not getting the external IP and that also being the router: I understand the Modem is there to translate the signal coming in, but if I plug a computer directly into it, then I still get an IP from my ISP...is this because Modems essentially have built in router functionality? or am I missing something there?
@@RaidOwl That depends on which of the following two scenarios applies to you: Do you perform the dial-in to your ISP with the computer in such a case, or does the modem do that? Generally speaking it also depends a bit on the technology that you ISP is using. Here in Germany the ISPs are still strongly relying on PPPoE for dialing into their networks, which is old and sucks, but it helps you clarify what device does what, because this is basically the edge-device. If your ISP literally has a DHCP server running and as soon as you plug the ISP-provided modem into their network, it assignes a public IP to it is harder. As said, a modem by itself only does the electrical translation so that the router behind it can talk ethernet and still communicate with whatever technology is used behind the mode on the ISP-side. That means, if you plug a PC into the modem and the modem has DHCP running and assigns an internal IP to your PC, then it is definitely not just a modem, but a combination of modem and router. The thing is, you can line up multiple routers behind each other and it still works. In your case, this might actually what we are looking at, where you ISP "Modem" is in fact a router that dials into the ISP network and has DHCP running, basically assigning an internal IP to the WAN interface of your PFsense box. However, a router will by default use NAT between the WAN and the LAN interfaces, and by using multiple routers behind each other, you are also stacking multiple layers of NAT. 99% of services will still work that way, but it does get utterly complicated when you are trying to use VPN (inbound), self-hosted web-servers or sudden streaming use-cases that do not like double-NAT. To put it short and simple: With the information I have, I cannot answer your question with certainty, but I do assume that your ISP modem is also acting as a router right now. If you can log on to it you might be able to switch it to bridge-mode and thus eliminate this additional hop in your network.
Is there any video on a simple setup that just gives a 10gig connection to either a build router/wifi or off the shelves? I.e modem to router/wifi 10gig.
No mentioning that the Netgate SG 1100 router cannot handle internet traffic above 500mbit, i have a gigabit connection. This is the reason i skipped this version. Is this correct?
lol I would be more excited about the washer and dryer after our set cost more than all of my networking equipment combined a lot of which is unifi so thats saying something.
I really need to move some of my network out of my bedroom. Do the netgate machines really need those flashing lights? I finally threw a towel over it...
Do you recommend Ryzen for Proxmox, PfSense or Truenas? I've seen there are some ipmi motherboard compatible with Ryzen and ECC Ram (like the ASRock X470D4U2-2T). Or there are compatibility and driver issues due everything is made for Intel ?? I'd love to build a Ryzen with 4 x 8tb nvme for Truenas and add Nextcloud and a VM for Collabora (or onlyoffice) and a pxe server, in the same server ... Thank you for your videos.
Yeah Ryzen is definitely a good platform for home servers with the ECC and more boards supporting IPMI. The only trade off is that you’re stuck with about 20 pci lanes rather than 128 with newer server platforms.
Im late to this video and discussion, but Im interested in this subject and not sure if have what I need to do it. What kind of support is needed on the router, if using a smart switch (eg. Netgear GS308T)? I'm a software developer but I only know enough about networking to be dangerous (to myself). I have a Linksys EA7300 router and want to setup a VLAN to isolate 2 PC's on my home network so they can access the internet, but cant access other devices on my network - or see any traffic the other devices are generating.
I am a little confused. You mention you are using a negate SG-1100 router, but you are using 10Gb network cards. Isn't the 1100 too slow? My understanding is that it is too slow for 1 Gb Ethernet, and definitely too slow for 10Gb. What am I missing or misunderstand? I ask because I will move soon and I expect to have 1 Gb fiber service. Can I actually use this router successfully, or is it going to choke my performance? If choke, which device would still be reasonably priced, not Chinese, and support the full 1Gb?
The 10G cards are for communication between local systems, which takes your ISP connection speed out of the equation. If you're talking about uploading and downloading from the internet then yeah you'll definitely be limited by your ISP speed.
@@RaidOwl Actually, in this case I believe that a 1Gb fiber ISP speed is going to be limited not by the ISP speed but by the SG-1100, if I am reading the specs correctly (which I am not sure of).
@@RaidOwl Aha! Thank you! So, to the other part of my question, since the SG4100 is so expensive, is there a decent alternative for a lower price but still able to run pfSense with 1Gb internet? I saw one video that strongly recommend "protectli" but in a different video I saw it mentioned that it is a Chinese product (neither their website nor anything I could find online indicates its ownership chain nor whether it is built in the US or in China). Clearly, given the Chinese laws and propensity for industrial espionage (and other kinds) it would be insane to buy a Chinese product for "security" that might instead be collecting and reporting your data to mother China.
Great share and lots of great info! Really interesting to see how other people setup their networks. I am using multiple VLANs to segregate various types of traffic, like Guest, IOT and my office. I am curious as to what is the advantage of separating out your WiFi with separate access points, as opposed to using one device to do it all. I use Mikrotik’s hAPac2 router, which is about the size of Netgate you showed here. It is a router and also comes built-in with two WiFi radios (2.4 and 5GHz) and it handles my WiFi traffic and VLANs etc. Do you run a DNS for your internal network? I’m looking into that right now and trying to figure out what to do. So if you can make a video on that topic, that’ll be great.
Hi! Yeah I just use separate wifi routers for simplicity, honestly. I have specific VLANs going to specific ports on my switch so its super easy to just plug in an AP to that port and not have to worry about configuring any VLANs to do specific tagging on the AP. Plus I have like 5 APs laying around lol.
Raid Owl, My setup is an omada SDN and I want to future proof so I have a 8 port M2 switch with 2 SFP ports and both 10Gbe. should I really go for the ER8411 router with 10G SFP port a TL-R605 should be good enough? my ISP speed is 1Gbe spectrum just like yours
If you have multi gig devices that need to communicate then maybe. Id stick with the 605 until you really need an upgrade. They also have some ‘cheap’ 4-port 10g Mikrotik switches
I have a humble question. Lets say your smart TV on that IOT separate network of yours, would you say that by just logging into netflix on that TV that wouldnt be enought to expose your identity on this intire setup?
It’s less about exposing your “identity” and more about separating those devices from important ones on your network. So if your tv gets compromised they may get data from your tv but they can’t traverse your network to reach your personal PCs or servers.
@@RaidOwl thank you for explain it. Theres even a way, of getting more private on iots devices? I mean, it seems that if the SO on that TV want to turn on his mic (and camera in some devices) and sell it across the world wouldnt be a way of knowing right? So, the secure sollution would be a 'custom rom' for that smart TV?
The best way to disable the mic in the smart tv is to disconnect the hardware in the tv itself. You will not have to worry about the mic ever being active.
running sense at home on custom machine inside a 1u chassis. supermicro 1u server for running truenas core and unifi controller. 24p dlink and 16port netgear prosafe POE switch for cameras and APs. supermicro server hosting ubuntu VM running unifi-video
Oh I get what you’re saying. The Guest network is mainly just a separate network right now. I only give friends the password to use it. In the future I plan on creating more specific VLANs.
Great video but... When you talk about VLans you never explain to the viewer what a Vlan is. For most home users will not understand the lingo except you and I. Back when I was starting out I had no clue what Vlan stood for. If I was new and I did not understand the content I would be gone. I highly recommend going into detail on the aberrations you talk about. When a viewer can learn from your video they will be back for more. I stumbled upon your video while doing research on PF Sense router. I am using Zeroshell router and have been thinking about switching to pf sense so I have been doing some testing on a PC. Is the PF Sense PC installer just as good as your Netgate bought router?
I am kind of surprised with that choice: 1- this netgate runs horrible processor and NIC yet it costs more than a box with decent CPU with 4x 2.5Gbps NICs 2- pfsense has the history of being... lets say: worse than opnsense the rest I like ;-)