So I’m trying to build a router. Just need something to handle the networking in my house and the plan is to separate things out via virtual local area networks. Anyway, reading a bunch of threads and comments, I think my design will be something akin to this. Is this good or bad? Ultimately I wanna run OPNSense since that’s...
Your router and wireless access point seem OK. The switch looks suspicious, there is conflicting information in the description, some parts indicate Managed and some indicate Unmanaged. I caution against that switch specifically.
Everything you’ve said here also aligns with my knowledge!
I can add some additional information.
The Masquerade option changes how the packet rule behaves when performing in a NAT situation. When Masquerade is off, the rule is configured statically with each interface’s address when the rule is loaded. When Masquerade is on, the rule is evaluated dynamically every time against each interface’s current address.
If you are routing packets through an interface, and the interface’s address is dynamic (which is the case for most residential internet connections), you should have Masquerade ON to be able to route packets after the interface’s address changes during normal operation.
I investigated more and it seems that one can indeed perform NAT with Linux netfilter without the Masquerade action. If one knows the address of the interface, simply using the “SNAT” action with a to-address of the outbound interface will achieve the same result as using the “MASQUERADE” action, as long as the address of the outbound interface does not change.
But, this fact only matters for the actual underlying netfilter. I should have been thinking about OP’s application specifically. For OpenWRT it probably does just mean Checked->NAT, Unchecked->No NAT.
Advice On Proposed Router Design
So I’m trying to build a router. Just need something to handle the networking in my house and the plan is to separate things out via virtual local area networks. Anyway, reading a bunch of threads and comments, I think my design will be something akin to this. Is this good or bad? Ultimately I wanna run OPNSense since that’s...
Could someone explain these OpenWRT LuCI firewall settings to me? I am having trouble interpereting what they are saying exactly. ( sh.itjust.works )
cross-posted to: sh.itjust.works/post/14114626...