ASUS gets their butt handed to them by the feds
-
@hobbit666 said:
There is a additional issue with home users the average person would expect a certain level of security from a consumer device and they should do the job.
As you mentioned things like the EdgeRouter are nice and cheap but getting on set-up it not going to be easy with the UK ADSL/Fibre market. As you can't simply connect the EdgeRouter to the wall socket and away you go, your going to need a ADSL/VDSL modem between, and most ISP's don't make it easy to use them a bridge devices or like you using your own kit.e.g. I have SKY fibre at home, I plan on upgrading to UniFi AP and Edge Router later in the year, but I know the default Sky router won't go into bridge mode, and sky don't tell you the username and password to allow you to use a 3rd party router/modem. Yes I can create a separate network using the UniFi kit and just plug in the sky router into WAN port but isn't that defeating the issue of upping the security? For average home users this is beyond what they could do.
I don't understand where your issue is. Is the ISP provided device a NAT firewall? in other words, they don't just provide you an IP that is on the net?
In the US, I have a cable modem or a DSL modem - they both provide me with a real IP that's directly on the internet.
That said, I know there are a few providers (Windstream) those devices don't provide a real IP, the ISP controlled device does local home NATing - in which case to get them out of the middle, you can use bridge mode to hopefully get a real IP to your own firewall - but I guess the question is - is that really necessary? I suppose if the ISP doesn't have their device completely open to the internet, if they are doing any type of filtering at all - that could cause problems.
-
@coliver said:
You can get an ER-X for 60$ (Not sure if that is what others here would recommend) you can also get a UAP-AC for $100. Not bad for the start of an enterprise network.
If you have an account on the Ubiquiti site, you can buy them for $49 from Ubiquiti.
I just looked, you can also buy the AC-LITE for &89.00
Edit: If you're in the US.
-
@johnhooks said:
@coliver said:
You can get an ER-X for 60$ (Not sure if that is what others here would recommend) you can also get a UAP-AC for $100. Not bad for the start of an enterprise network.
If you have an account on the Ubiquiti site, you can buy them for $49 from Ubiquiti.
I just looked, you can also buy the AC-LITE for &89.00
Edit: If you're in the US.
Oooh... That's tempting, I may pick one of those up. I need something to replace my aging Linksys/DD-WRT router.
-
@Dashrender said:
I don't understand where your issue is. Is the ISP provided device a NAT firewall? in other words, they don't just provide you an IP that is on the net?
What i'm saying is in the UK 90% of ISPs will give a dynamic IP. Also unless I can connect the EdgeRouter (or better Router) to the "internet" with a real IP and not set it up double NAT'n so to speak I don't see the point. Now with SKY for example they consider the Routers as managed devices so you can't use your own kit.
So for the average home user being able to use a 3rd party router would be pointless or over their technical ability to configure the network.
-
@johnhooks said:
@coliver said:
You can get an ER-X for 60$ (Not sure if that is what others here would recommend) you can also get a UAP-AC for $100. Not bad for the start of an enterprise network.
If you have an account on the Ubiquiti site, you can buy them for $49 from Ubiquiti.
I just looked, you can also buy the AC-LITE for &89.00
Edit: If you're in the US.
Think I know where some of my bonus is going
-
@hobbit666 said:
@Dashrender said:
I don't understand where your issue is. Is the ISP provided device a NAT firewall? in other words, they don't just provide you an IP that is on the net?
What i'm saying is in the UK 90% of ISPs will give a dynamic IP. Also unless I can connect the EdgeRouter (or better Router) to the "internet" with a real IP and not set it up double NAT'n so to speak I don't see the point. Now with SKY for example they consider the Routers as managed devices so you can't use your own kit.
So for the average home user being able to use a 3rd party router would be pointless or over their technical ability to configure the network.
Yup, just got PlusNets "new" supposed top class router...its horrible, cant assign IP's to MAC's, can't setup multiple SSID's or change anything I want to...all I have is change SSID name, decide whether its dual band (2.4 and 5GHz) or to split them, change the DHCP pool range and...thats about it...
-
@hobbit666 said:
@Dashrender said:
I don't understand where your issue is. Is the ISP provided device a NAT firewall? in other words, they don't just provide you an IP that is on the net?
What i'm saying is in the UK 90% of ISPs will give a dynamic IP. Also unless I can connect the EdgeRouter (or better Router) to the "internet" with a real IP and not set it up double NAT'n so to speak I don't see the point. Now with SKY for example they consider the Routers as managed devices so you can't use your own kit.
So for the average home user being able to use a 3rd party router would be pointless or over their technical ability to configure the network.
I'd guess that 90%+ in the US also give a dynamic IP, that doesn't preclude you from using a ERX or any normal firewall. Grant that DHCP provided IP is a real internet IP, not an internal only IP, like 10.1.2.x.
Unless double NAT causes you a specific problem - what's wrong with it? The point of double NATing would be to protect you from the ISP. As you said, the ISP maintains control over their device. By double NATing, the only thing the ISP can see it the router/firewall appliance you connect to their device. This protects you from them. By them having control of that router, they have ethernet level access to your network, which allows them to do all kinds of bad things.
As for configuring the router from an end user point of view - why is this any harder than what we have in the US?
You plug the device(D1) into the ISP provided device, D1 gets a DHCP provided address from the ISP device (doesn't matter than it's an internal IP), then all of your computers behind D1 are protected.
As far as your ISP is concerned, you only have one computer at home accessing the internet.
-
@NattNatt said:
Yup, just got PlusNets "new" supposed top class router...its horrible, cant assign IP's to MAC's, can't setup multiple SSID's or change anything I want to...all I have is change SSID name, decide whether its dual band (2.4 and 5GHz) or to split them, change the DHCP pool range and...thats about it...
Using their device is like letting the fox in the henhouse - I'd disable as much functionality as possible, install my own ERX behind theirs.. and my own AP behind the ERX.
Now you can have whatever you want settings wise, config, etc. -
I don't use Comcast equipment. I bought my own modem for like $70 and use that. Theirs sucked and you had to pay extra or some nonsense for bridging.
-
@Dashrender said:
@NattNatt said:
Yup, just got PlusNets "new" supposed top class router...its horrible, cant assign IP's to MAC's, can't setup multiple SSID's or change anything I want to...all I have is change SSID name, decide whether its dual band (2.4 and 5GHz) or to split them, change the DHCP pool range and...thats about it...
Using their device is like letting the fox in the henhouse - I'd disable as much functionality as possible, install my own ERX behind theirs.. and my own AP behind the ERX.
Now you can have whatever you want settings wise, config, etc.Yeah, I'm just saving up and debating what to get....
-
@johnhooks said:
I don't use Comcast equipment. I bought my own modem for like $70 and use that. Theirs sucked and you had to pay extra or some nonsense for bridging.
TWC does the same thing. I bought a decent DOCSIS 3 modem from the local big chain store. Much better then the one the tech was trying to install. They wanted to charge me an arm and a leg for the rental too.
-
@coliver said:
@johnhooks said:
I don't use Comcast equipment. I bought my own modem for like $70 and use that. Theirs sucked and you had to pay extra or some nonsense for bridging.
TWC does the same thing. I bought a decent DOCSIS 3 modem from the local big chain store. Much better then the one the tech was trying to install. They wanted to charge me an arm and a leg for the rental too.
Ya it was like $5-10 a month for that junk.
-
I had a DOCSIS 2 which was working fine at our place in FL, but when we moved back they wouldn't let me use it. I only have 30 down and 3 up so speed wasn't affected. I don't know why I couldn't use it.
-
@johnhooks Because they want to charge you that rental fee for their piece of equipment.
-
@DustinB3403 said:
@johnhooks Because they want to charge you that rental fee for their piece of equipment.
Ha they didn't get it anyway. I just went and bought one for cheaper.
-
@johnhooks said:
I don't use Comcast equipment. I bought my own modem for like $70 and use that. Theirs sucked and you had to pay extra or some nonsense for bridging.
I'm not sure about Comcast - but with Cox use theirs, use yours, doesn't matter, they have full control over the device. You give them a serial number, and there must be carrier level default username and passwords on it because Cox is who manages the thing.
I would personally never use a cable modem/ADSL all in one router device. I just don't want the ISP inside my private network.
-
@Dashrender said:
@johnhooks said:
I don't use Comcast equipment. I bought my own modem for like $70 and use that. Theirs sucked and you had to pay extra or some nonsense for bridging.
I'm not sure about Comcast - but with Cox use theirs, use yours, doesn't matter, they have full control over the device. You give them a serial number, and there must be carrier level default username and passwords on it because Cox is who manages the thing.
I would personally never use a cable modem/ADSL all in one router device. I just don't want the ISP inside my private network.
You give them the mac address but I think it's just to attach it to your account. Ya the one I bought is just the modem, I have an ERX.
-
@Dashrender said:
@johnhooks said:
I don't use Comcast equipment. I bought my own modem for like $70 and use that. Theirs sucked and you had to pay extra or some nonsense for bridging.
I'm not sure about Comcast - but with Cox use theirs, use yours, doesn't matter, they have full control over the device. You give them a serial number, and there must be carrier level default username and passwords on it because Cox is who manages the thing.
I would personally never use a cable modem/ADSL all in one router device. I just don't want the ISP inside my private network.
So you'd recommend a separate router and modem at home too? Any recommendations other than the Unify stuff mentioned above (not sure how expensive/easy to get hold of they are in the UK?
-
@Dashrender That seems insane that every Modem/ Router provider would be creating a custom account that the ISP could use to access a personally owned device..
-
@DustinB3403 said:
@Dashrender That seems insane that every Modem/ Router provider would be creating a custom account that the ISP could use to access a personally owned device..
And (from the UK point of view) certainly a legal grey area at best...