Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Fleshing out my home network

    Scheduled Pinned Locked Moved General pfSense Questions
    10 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      arctichenry
      last edited by

      Hi there all,

      So as of late, the current monstrosity of airport extremes has been running into some issues.

      Currently, we are paying for 50/10 via a cable modem, which acts as a straight pass through device. No DHCP, NAT, nothing.

      My current network looks something akin to this:

      Cable modem
            =
      Airport extreme 2nd gen (DHCP, NAT)
            =
            =
            =

      Wireless bridge (airport extreme to airport extreme)
            =

      =
      Upstairs bedroom airport extreme (end of the bridge)
            =
      Managed switch ====> Managed switch =====> ESXI host, VOIP host, bunch of pogoplugs for dev work
            =
      Alternate airport extreme to run another network for 5ghz

      So, thats the monstrosity. What I would like to do is run a power line adapter from the cable modem to the upstairs bedroom, through a ESXI server running a PfSense VM, and then to a DMZ and a few other things. From there, to the managed switch, and then to the airport extremes in bridge mode to provide downstairs wifi.

      Is this fesable? Should I run another powerline adapter to the downstairs on the LAN side of the PfSense box?

      Thanks

      1 Reply Last reply Reply Quote 0
      • A Offline
        almabes
        last edited by

        If it were me, I'd run some real networking cable.  You can get relatively inexpensive outdoor jacketed cable at either the orange or blue home improvements retailer.  If you want shielded cable, you can get Toughcable from a ubiquiti reseller such as netgate.

        Nothing beats running CAT6 for speed and reliability. (Edit- Except fiber, which is overkill in your situation)

        I had a wireless bridge going for the kids PCs.  I could DOS them by warming up something in the microwave.  When they got tired of me warming stuff up to kick them off "World of Time Wasting", they helped run a CAT6 drop.

        1 Reply Last reply Reply Quote 0
        • A Offline
          arctichenry
          last edited by

          Thanks for the response! However, running cable is out of the question. Both because its my parents house, and also because its a old house with no way of running without ripping up a wall.

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            So this house has no attic or basement or crawlspace that you can run cables?  Why people insist there is no way to run cables is nuts.  There is always a way to run cable.

            But yeah I would think powerline adapters would be better than wireless bridge.  There is some that get good reviews and have gig interfaces that from benchmarks show over 200mbit throughput

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

            1 Reply Last reply Reply Quote 0
            • A Offline
              almabes
              last edited by

              I am leery of those powerline adapters.  Not quite tinfoil hat leery, but I wouldn't use one.
              You need a whole house surge suppressor to keep your packets from leaking out onto the power grid and into your neighbor's house.
              They will only connect on the same power leg, which means you have a 50% chance of it not working where you want, unless you install some sort of bridging between legs.

              1 Reply Last reply Reply Quote 0
              • johnpozJ Offline
                johnpoz LAYER 8 Global Moderator
                last edited by

                So they leak out to the power grid, yet if they are not on the same power leg they wont work?  Which is it?  Who by the way is sniffing packets off their outlet?  How the traffic going to get past the fuse box and the power meter out to public?  Now if you were in a apt building or something.. then ok.

                Also you can encrypt the traffic between them if your tin foil hat is a bit tight.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                1 Reply Last reply Reply Quote 0
                • A Offline
                  almabes
                  last edited by

                  It's both.
                  2 out of the three 3 legs or phases of power come to both you and your neighbor.  Usually it will be the same two. 
                  That means that half of your house and half for your neighbor's house are bridged together, at least from the standpoint of one of these powerline adapters.

                  Who would sniff packets off their outlet? 
                  Good question.  Not me.  I was too busy microwaving stuff to knock the kids of WoTW.
                  EDIT:
                  This guy did:  https://www.bentasker.co.uk/documentation/security/282-infiltrating-a-network-via-powerline-homeplugav-adapters

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ Offline
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    good read thanks - but again this is inside a home, not from the house down the street or across town, etc.  So while if your in say a apt building this might be of a concern.. I don't think the guy next door would be able to do this.  The electric company meter would be the block..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                    1 Reply Last reply Reply Quote 0
                    • A Offline
                      almabes
                      last edited by

                      An electric meter is not designed to be a filter, and will not stop the data leaking from your house to your neighbors house.  Security is only as strong as it's weakest link, and these powerline network adapters are a very weak link.

                      I'm taking my tinfoil hat off now.

                      1 Reply Last reply Reply Quote 0
                      • DerelictD Offline
                        Derelict LAYER 8 Netgate
                        last edited by

                        MoCA.  Screw the powerline stuff.

                        http://www.amazon.com/Actiontec-Ethernet-Adapter-without-Routers/dp/B008EQ4BQG

                        And a high-pass filter for your entry point:

                        http://www.amazon.com/Filter-MoCA-Cable-Coaxial-Networking/dp/B00DC8IEE6

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.