this post was submitted on 11 Aug 2023
6 points (100.0% liked)

networking

2811 readers
1 users here now

Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.

founded 1 year ago
MODERATORS
manifex@sh.itjust.works
6
is a separate firewall required or does openwrt include that? (lemmy.ca)
submitted 1 year ago* (last edited 1 year ago) by imaradio@lemmy.ca to c/networking@sh.itjust.works
20 comments fedilink hide all child comments
 

For a while I have been planning to switch from an all-in-one wifi router to having separate devices because that way they can be upgraded piece by piece instead of having to replace the whole thing.

I am confused about the role of the firewall.

If I have a router running OpenWRT, does it have a firewall included? Either by default or by installing certain packages?

Or is it required to have a separate firewall running opnsense/pfsense?

If not required, what would be the benefits that would lean in favour of separate firewall?

use case: small home network 2-3 users. some internal self hosting and maybe one day external self hosting.

ETA: The best internet I could subscribe to where I’m at is 1024 Mbps down, 50 Mbps up. So don’t worry about wasting fibre speeds. :(

My assembled components so far are: router, WAPs, switches, ethernet cable and cable modem.

Thanks for any advice.

you are viewing a single comment's thread
view the rest of the comments
[–] spaghettiwestern@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago) (1 children)

In your response to the OP's question where you said "most wifi routers aren’t fast enough to run complicated firewall rules, VPNs, etc. at full speed" were you also "talking about 1gbps between multiple clients on LAN and VPN"?

OP: "use case: small home network 2-3 users. some internal self hosting and maybe one day external self hosting."

From their comments they don't even have a gigabit Internet connection, much less anything that would stress even a moderately priced router.

Openwrt isn't capable of providing enterprise level performance either but that's not what's being discussed. A high end router running Openwrt (and even cheaper hardware) should be able to handle OP's stated use case without breaking a sweat.

[–] Ajen@sh.itjust.works 1 points 1 year ago

Yes, that's what I was talking about. And yes, OP has said in other comments that they have gigabit upstream. OP's original question was about why some people use openwrt as just an AP and use a separate machine for a firewall. I gave a common reason.

Personally, I'm building a NAS with 8 SAS drives controlled with an enterprise RAID controller and 2.5gbps ethernet. Total cost is under $300 (including drives) since it's all used hardware. Enterprises have moved past 1g/2.5g ethernet and SAS 2 a while ago, so lightly used hardware is cheap.