Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[hushcoden]

I was thinking to buy a dedicated firewall (getting on in years made me perhaps too paranoiac...) to install between a modem and the access point (a Netgear R7000 in AP mode) and I found out that Ubiquiti (a brand never heard before) makes good appliances, at least for the SOHO market: on Amazon the EdgeRouter Lite is about £90 and I've attached how (considering I am not a geek) I think I should connect the devices.

Apparently the integrated firewall of the R7000 is not really good...

Using the Sky hub I have IPv6 working and I'd like to keep the feature, is this feasible?

Any advice/suggestions are more than welcome.

Thanks.

[burakkucat]

Your diagram certainly shows one method of connection.

However you mention IPv6 and recent posts have shown that the ZyXEL VMG1312-B10A does not handle IPv6 correctly.^* If you substitute a VMG1312-B10D for the VMG1312-B10A, then usage of IPv6 will be successful.

Revised diagram:

ZyXEL VMG1312-B10D  <--->  Ubiquiti ERLite3  <--->  Netgear R7000
 (In bridge mode)      (Firewall & PPP client)          (WAP)

Edited to add: ^*As has subsequently been pointed out, a VMG1312-B10A will have no problem with IPv6 when in bridge mode. It is only when used as an all-in-one box solution does the IPv6 connectivity fail.

[skyeci]

Just about any vdsl modem in bridge mode  and PfSense works just fine with sky...my ipv6 works with no issues this way.

[hushcoden]

Many thanks for the quick replies...

As for pfSense, I just checked their website and the entry level appliance, the SG-3100, costs $349.00... Perhaps better but out of my budget and unfortunately I don't have the knowledge/skills to build my own device...

[skyeci]

Pfsense units in the UK are around 240 pre built or if you have a spare pc with 2 nics you can install it yourself and have a play first. I can send you the settings if it's something you want to try or would like some help.

My unit is one of these  but as I said I had a play on a spare pc first. If it was for not wanting ultimately a lower power device I would have left the pc running for good as it worked just fine.


https://linitx.com/product/linitx-apu2-c4-4gb-3nicusbrtc-pfsense-msata-firewall-kit-black/14244

[vic0239]

the ZyXEL VMG1312-B10A does not handle IPv6 correctly.

My twin ZyXel VMG1312-B10As in bridge mode and Firebrick FB2700 (bonded) handle IPv6 without issue. 

[skyeci]

My twin ZyXel VMG1312-B10As in bridge mode and Firebrick FB2700 (bonded) handle IPv6 without issue. 

Sky's ipv6 is pretty specific. Your firebrick will be handling the ipv6 stuff and not the 1312's as they are in bridge mode. I have used both the 8924 and the 8324 with sky but pfsense in my case handles the ipv6 config as the zyxel were in bridge mode only.

[jelv]

The problem the B10A's have is handling the IPv6 IP allocation following a PPP drop. In bridge mode that will not be handled by the B10A so I can't see how it would ever be an issue.

[highpriest]

I was thinking to buy a dedicated firewall (getting on in years made me perhaps too paranoiac...) to install between a modem and the access point (a Netgear R7000 in AP mode) and I found out that Ubiquiti (a brand never heard before) makes good appliances, at least for the SOHO market: on Amazon the EdgeRouter Lite is about £90 and I've attached how (considering I am not a geek) I think I should connect the devices.

I use Ubiquiti gear at home. An EdgeRouter PoE 5 as router and firewall and a couple of Unifi access points. VMG8324 as a modem in bridge mode. Very capable gear, and endlessly configurable. I don't have IPv6 with my current Plusnet service but they will support it without any hassle.

[smf22]

The Ubiquiti products are very good. I use the Ubiquiti ER-X EdgeRouter X 5-Port Broadband Router which at under £50 for a full IPv4/IPv6 router, statefull firewall, gigabit capable Layer-2 switch etc., offers excellent value for money. I'm with BT, but Sky and BT have pretty much the same IPv6 setup i.e., 'link local' address on the WAN interface with IPv6 prefix delegation of a /56 prefix. I've been using the ERX with IPv4 and IPv6 for well over a year now and seen no real issues.

I don't use the GUI of the EdgeRouter, but from the brief glance I've given it, I'd say it's probably not as simple as some of the more consumer focused products from ZyXel, Netgear, TP-Link etc. That said, don't let that put you off as once it's up and running there's little need for it. Also the CLI is excellent and there's plenty of good support over on the EdgeMAX Ubiquiti Networks Community, and by the seems of things, here on Kitz also.

[Ixel]

I can also agree with the EdgeRouter being excellent. I have an overkill model but it works for me. I've even got it to do various other tasks such as blocking ads on the fly (no more need for a Chrome extension like uBlock really). I have the EdgeRouter Pro 8 with an EdgeSwitch 16 150W, but that's overkill for most home users .

[Chrysalis]

Many thanks for the quick replies...

As for pfSense, I just checked their website and the entry level appliance, the SG-3100, costs $349.00... Perhaps better but out of my budget and unfortunately I don't have the knowledge/skills to build my own device...

you dont need to buy netgate hardware to run pfsense.

Low cost options could be to run in a VM on an existing PC.  Or buy something like a qotom unit for under £200.

[hushcoden]

Thanks all for the helpful feedback.

I will probably go for the Ubiquiti one, especially because it's within my budget (and I don't have the skills to build/assembly my own device)... and now I have to find out if it supports DHCP 60/61, in case one day I will move to Sky Fibre...

[highpriest]

It does.

https://community.ubnt.com/t5/EdgeMAX/Newbie-Sky-Fibre-amp-MER-dhcp-options-60-61/td-p/1356544

As someone else pointed out, the GUI is fairly limited; most of the magic happens on the command line.

[Chunkers]

you dont need to buy netgate hardware to run pfsense.

Low cost options could be to run in a VM on an existing PC.  Or buy something like a qotom unit for under £200.

+1 to skyeci and Chrysalis

If you have spare PC its well worth trying out pfSense or OPNsense before investing in something else, its pretty easy to install, free and works brilliantly.  Mine handles load balancing and fail-over of my two lines much better than "proper" router ever did.

If you like it then there is some great hardware out there as Chrysalis says.

Chunks