Richard Bucker

networking note

Posted at — Mar 31, 2019

Running public servers in the home network is a pain in the ass. One thing for certain is that it’s best to use a commercial router/firewall, put the servers in an isolated sub-net, apply some good network policy and if you can afford it consider IDS.I’ve been going back and forth with a ubiquiti Edgerouter X and a pfSense installation.In the ubiquiti I got the RULES and the NAT backwards…. first the NAT is applied then the RULES are applied.Then there is the hairpin that needs to be considered. The behavior is different between the machines inside and outside the private net. The question is “where is the hairpin taking place?"The Edgerouter does not render on a a smartphone.If you have a 1Gbps pipe then the ERX is not going to do more than 500Mbps.The ERX supports a number of VPN solutions, however, it provides no tools for managing certs which pfSense does.pfSense does not have a unified management solution. and when I’m monitoring multiple devices I have to investigate each individually.Both support dual wan.Prices in the ERX world escalate quickly. The pfSense has a hardware offering, however, there is no unified solution.What a mess!