Have you considered making your own firewall running opnsense? You could toss in a 10g nic or two
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Make sure the appliance you choose can handle the throughput. Just because it has two 10g nics does not mean you'll get 10g throughput, especially if you start loading it up with firewall rules. Protectli makes some nice little appliances that are designed for running OpnSense.
Personally I don’t think I will be getting anything over 5gb fiber so as long as it can do 10gb combined then it should be okay.
Flat out, I will never buy another item from QNAP. Ever. Their "support" is a joke, and their only fix for hardware that doesn't work on "supported" OS due to old firmware is to return it and hope to get a new one with a new firmware that actually works. Like, WTF? And "supported" here means they have some old, janky, partially functional Linux app that ran on an Ubuntu desktop once upon a time. No headless system support for a server attached product. And really, they want you running it on a Windows desktop.
Beyond that, the physical hardware itself was super generic gear. I was unimpressed with paying a premium after friends all recommended QNAP, and I got what was basically a child's toy that they didn't expect a professional to be using.
As for multi-gig router, if you're doing dynamic, addressing and masquerading then I can recommend the unified dream machine pro. The second edition is more capable, and has a faster backplane between the 10 gig land and land ports and the one gig ports. The original dream machine pro that I have does not have that feature, and it's sorely missed.
If you need to do any complex routing, or static addressing then things get a little more wonky. Wonky. Very obviously does not expect this device to be a real router, but rather than that and masquerade gateway for a small business office. It totally works, and I've had mine for a few years now, but it's just something to be aware of.
Mikrotik also makes a 10g router device, as do a couple other companies. They'll expect you to be a bit more experienced, though. I'm not sure what your skill level is, but they are options at least.
Edit: you want an sfp+, btw. An sfp only does 1gbit, an sfp+ does 10gbit, and qsfp does 25+ gbit. https://www.black-box.eu/en-int/page/45646/Resources/technical/Black-Box-Explains/lan/SFP-vs-QSFP-What-s-the-difference
Using a Unifi Dream Machine Pro here. I have it connected to Xfinity with an SFP. Works great. I wouldn't trust TP-Link, they seem to have quality control issues. Never used QNAP before.
Also liking my dream machine
SFP is pretty straightforward. Most of the SFP modules you can buy you just connect and they work. For something like that, you would be doing fiber to ethernet hand off at a switch. Then you have pretty much everything run to the switch including router and just VLAN isolate. It's not super complicated, but if you never messed with VLANs it might be better to go with something pre-packaged unless you're up for learning.
You could also do a DIY router and run a multi-gig SFP+ network card over PCIe. You still have to purchase a separate SFP module for that, but that is another option.
If I was going to do this today, I would probably get a GoWin R86S-N with the N100 or N305 cpu (since the 10G Fiber Jack has a 10GbE port, this should be fine. The NICs on this device can't negotiate 2.5Gb or 5Gb links) and set it up with OPNSense. Since you're not going to saturate the 10Gb links, you should be fine for most networking tasks. For wifi, I'd probably get the TP-Link Deco XE75 Pro.
I think I like this option the best. I’ve got a month before I get back home and have the fiber installed and the shipping from Ali express lines up.
Ended up buying this, arrived this week, and have it all setup. Was pretty simple to get it configured. Now just need to wait another week for google fiber to be installed.
Keep us posted!
It has been a bit over 3 weeks and everything has been really smooth. I forgot to mention last time but I got the R86S-N with the N305. This was due to research showing that the N100 would not be able to hold 5gbits throughput and I wanted to have some wiggle room in case I upped the number of firewall rules.
Getting consistent 5.5gbits down, 5.6gbits up on speed tests. Steam download peaks at 213MiB/s and holds around 190MiB/s(but this could be the max I can get from steam🤷).
No issues with the R86S-N, no random reboots or forced reboots. Opnsense install was quick and didn't cause issues.
That's great! Glad it's working out.
I can't help with the 2 options you presented, but if you're interested in an sfp+ router, I've used the DEC2750/DEC750 from OPNsense as a directly fiber connected router for Comcast Gigabit Pro 2Gig fiber for several years. It's super capable, you'll have an enormous state table to accommodate tons of P2P connections for torrenting, and you'll be able to enable loads of plugins, VPN connections, IDS, etc without the CPU breaking a sweat.
My info may be outdated as I last had G Fiber about a year ago but have moved out of their service area so stuck with AT&T fiber along with their horrible modem+router :(
When I first got the 2G down/1G up G Fiber service there was no bridge mode & had to use their provided device as modem+router+wifi. They updated it to add in a bridge mode option but I never tested it. I had dropped back down to 1G down & up before that option was available.
edit: forgot to mention I had read some people had luck using Unifi Dream Machine to plug in G Fiber's 2.5G SFP looking module but I wasn't willing to spend any more money on anything Unifi besides WiFi APs.
Plugging the provider’s SFP+ module into a UDM Pro is my plan for when I inevitably upgrade to multigig. You can spoof the ONT/modem/router’s MAC address in software. Suspect the same is possible on other more advanced platforms.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
Fewer Letters | More Letters |
---|---|
AP | WiFi Access Point |
PCIe | Peripheral Component Interconnect Express |
Unifi | Ubiquiti WiFi hardware brand |
VPN | Virtual Private Network |
4 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.
[Thread #157 for this sub, first seen 23rd Sep 2023, 00:35] [FAQ] [Full list] [Contact] [Source code]