Breaking
January 22, 2025

Get more from your home network: 5 advanced tips for the hardcore | usagoldmines.com

Fancy doing something more with your home network? Or are you already up and running with a NAS device, a simple server of some kind, or a bunch of smart home gadgets you’d like to get more control over? Join us for this collection of advanced networking tips.

Other articles in this series:

1. Switch to alternative router software

Do you have a reasonably powerful router but have become curious about more advanced features missing from the settings? You don’t necessarily need to buy a new router or build your own, but alternative software can go a long way.

Openwrt is one of the oldest open source router software projects, and is still being developed so that it can be installed on many router models from different manufacturers.

Long ago, DD-WRT was common, but that project has not been updated for a long time. Tomato was another popular option, but died many years ago. Freshtomato is the name of a variant that has kept going and can still be a sensible alternative.

Foundry

For users with an Asus router, there is the Asuswrt-Merlin project with the same user interface as the bundled system, but with a number of additional features and settings. It is definitely the easiest way to get started with alternative software.

Openwrt is the most capable option, with support for features like VLAN and advanced quality of service features like Smart Queue Management. However, it’s also a little trickier to install and has a steeper learning curve for beginners.

Simply Nuc

2. Separate router/firewall and Wi-Fi

Workplaces almost always use separate devices for different parts of the network, each specializing in its own task. Access points for Wi-Fi, switches to connect different devices (including the access points) via Ethernet, and a router to link the local network with the internet. Firewalls are often built into routers, but can also be separate devices.

This division obviously requires more fiddling than a combined router/switch/access point, but the setup can be useful even in homes, especially if you have many devices of different kinds.

If you’re curious and want to try it out, you can do so relatively cheaply by keeping your current router (or mesh routers if you have a set of them), set to act as an access point. Most routers have this setting.

Then you install any open router operating system of your choice, either on an old computer you have on hand or a new cheap one — Openwrt works well on Raspberry Pi, for example, but you can also go for a more advanced operating system like Pfsense or Opnsense on a mini PC with an Intel or AMD processor. All you need is at least two Ethernet connectors and a reasonably powerful processor. For Raspberry Pi, you can get an additional connector with a so-called HAT+. There are models with dual 2.5 gigabit connectors.

Finally, get a switch and connect both your old router or routers and the new router to it. The cable from the wall that you normally connect to the router’s WAN connector, you connect to a different port in the new router. In the settings for Openwrt or whatever you have chosen, you then set the two connectors to act as WAN and LAN respectively.

The hardware in a mini PC like an Intel NUC is significantly more powerful than any consumer router and makes it possible to run advanced security features, for example.

Anders Lundberg

3. Network segmentation with VLAN

If you’re using guest networking on your router today, you’ve had a taste of what’s possible with a technology called VLAN. VLAN separates traffic on the network so that it can be kept apart for different purposes. This is done at a basic level and is set up in routers, switches, and Wi-Fi access points.

By creating different VLAN, different devices can be kept separate in different address spaces and with different sets of rules in the firewall. Among home users, perhaps the most common use case is to create a VLAN for IoT — the internet of things, i.e. smart home gadgets.

This makes it easy to protect other devices in the home in case a connected device is hacked or already contains malware, and to block internet access for devices that have nothing to do with the internet.

In my own home, I’ve done this to switch off the internet for all smart home devices, such as cameras that want to connect to the manufacturer’s servers — you’ve probably heard about how Ring, for example, has repeatedly mixed up different customers’ cameras so that customers have been able to watch video from each other’s homes.

I use my cameras locally using the Home Assistant smart home center and Scrypted software, with Apple’s Homekit for remote control because I trust Apple more than various more or less unknown manufacturers. Without VLAN, this would be much more complicated, and less secure.

Another common use is a so-called demilitarized zone (DMZ) for servers that should be open to the internet. For example, say you run a Minecraft server so that you and/or your children and grandchildren can play with each other, and you want it to be accessible from outside. With a DMZ-VLAN, it’s easy to do this in a reasonably secure way by setting the firewall to prevent the server from accessing the rest of the network.

Foundry

Getting started with VLAN

Setting up VLAN isn’t really super complicated, but how you do it differs greatly in different router operating systems and a step-by-step description would take up the rest of this article. My recommendation if you are interested is to search for guides to VLAN on the system you are using, for example on Youtube.

For Openwrt, this guide from Open Source is awesome, with both video and text.

If you want to use VLAN with gadgets that connect with an Ethernet cable, it’s a good idea to get a so-called managed switch, that is, a switch with a simple operating system and settings you can access over the network.

Ubiquiti’s Unifi is a popular product line among networking enthusiasts, and in addition to such switches, it also offers Wi-Fi access points that make it easy to create separate wireless networks for devices that will use different WLANs. It works like a more advanced form of guest networking, where you set the rules for how connected devices can communicate with the internet and other parts of the network.

In my home, I have three Wi-Fi networks, two of which are virtual, each connected to a different VLAN: one for the family’s various phones and computers, one for smart home gadgets and one for guests. I also have a couple of smart home hubs connected by cable to a managed switch. In the settings of the switch, I have set those particular connectors to use the same VLAN as the wireless smart home network.

As I said, the smart home devices usually have no access to the internet and are only allowed to communicate with the regular network via something called Multicast DNS (MDNS), which in my case is required to get updates via Apple’s Homekit, for example when someone rings the doorbell.

Foundry

4. Pi-Hole for advertising- and tracking-blocking across the network

On mobiles and computers, it’s relatively easy to install content blockers that stop advertising and especially web tracking. But on TVs and other gadgets, this is rarely possible. One way to effectively protect the entire home network including such devices is with Pi-Hole.

Pi-Hole is a local DNS server with blocking of malicious, inappropriate, or unwanted domains. You add one or more links to blocklists, and Pi-Hole takes care of the rest. There are specific lists for advertising, tracking, malware, pornography, and various others. The name comes from the Raspberry Pi, and with very low system requirements, it’s a great use case for an older model of the small computer.

Stop other DNS services

When you have your own DNS server like Pi-Hole, it can be a good idea to block devices in your home from connecting to other DNS servers. You can do this with the firewall in your router.

For a traditional firewall, it involves two rules. One that blocks all traffic over TCP and UDP on port 53 and one that allows the same traffic with destination Pi-Hole. Exactly how you do this differs between different manufacturers.

Foundry

On Asus routers, use the Network Services Filter tab under Firewall. Activate the function and make sure that the filter table is of type Allow List. Then fill in four rules as shown in the image below. Replace 192.168.0.99 with your Pi-Hole’s IP address. The slightly reversed rules will open all traffic except UDP on port 53 for all devices, and also port 53 for the Pi-Hole.

You should also set the router itself to use the Pi-Hole’s IP address as DNS under WAN, and as DNS server for devices connecting via DHCP under LAN > DCHP Server.

The catch with this solution is that devices with hardcoded DNS servers will not work properly, as the rules only block connections to other DNS servers and do not forward all DNS traffic to Pi-Hole. If you switch to the alternative software Asuswrt-Merlin (see above), you can use the LAN > DNS Filter function instead. Set Global Filter Mode to Router and add a rule to not filter traffic from Pi-Hole’s IP address.

Today, some devices and individual programs and apps bypass your regular DNS with the DNS over HTTPS (DoH) technique, making regular port 53 blocking ineffective. It can be partially stopped with a blocklist of known DoH servers (here is an example https://github.com/dibdot/DoH-IP-blocklists/blob/master/doh-domains.txt), but it is a cat-and-mouse game.

Foundry

5. Access your home from outside securely with a VPN server

Have you bought a NAS device or built a server of some kind, for example for gaming or media streaming? Then you may have wondered if it is possible to access these from outside, when you are not at home. Opening ports in the router to let yourself in is risky, as bots constantly scan the network for possible entry points.

A safer way is to run your own VPN server and only open one port for it. Some routers also come with a built-in VPN server that makes it easier to get started and provides secure access to services on the home network.

There are a bunch of different VPN protocols. In the past, PPTP and L2TP were common, but the former is insecure and newer technologies are better than the latter. Today, Openvpn and Wireguard are most common.

Newer Asus routers have a built-in VPN server with several different technologies to choose from. Here’s how to set up Wireguard so you can connect to devices on your home network, without sending all traffic through the tunnel.

Foundry

  1. Open the router settings and click VPN in the menu on the left.
  2. Click on Wireguard VPN.
  3. Click the plus button on the right on VPN Client in the bottom right.
  4. Enter a name for the user and click More Settings for Site to Site.
  5. You can leave the Address and Allowed IPs (Server) as they are, but if you only want to send traffic going to your local network at home over the VPN tunnel, change the Allowed IPs (Client) to your local network’s address range, for example 192.168.0.0/24 if all devices in your home have addresses starting with 192.168.0. If you have 192.168.1 addresses, it will be 192.168.1.0/24 and so on. Click Apply.

Foundry

It will now display a QR code that you can scan from the Wireguard app on your mobile phone to easily connect to your home. You can also export the settings to add the connection on devices that cannot scan QR codes.

If you prefer, you can leave Allowed IPs (Client) at 0.0.0.0/0 and all traffic from the device you connect with will be sent over the tunnel, and then your home will act much like a commercial VPN service. This can come in handy if you’re abroad but want to browse as if you’re at home, or if you have a Pi-Hole server that blocks adverts and other stuff and want to use it no matter where you are.

 

This articles is written by : Nermeen Nabil Khear Abdelmalak

All rights reserved to : USAGOLDMIES . www.usagoldmines.com

You can Enjoy surfing our website categories and read more content in many fields you may like .

Why USAGoldMines ?

USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.

Recent:

Dyson Airwrap's dreamy new colorways might finally tip me over into buying one | usagoldmines.com

How To Create and Assign Sales Territories in Dynamics CRM 365 With Azure Maps? Amit Shah | usagoldm...

Teamgroup X1 Max review: Killer USB drive convenience meets SSD speed | usagoldmines.com

Save your money! Most PC gamers don’t need a flagship CPU | usagoldmines.com

Apple's next iOS and macOS update will turn on Apple Intelligence if your iPhone or Mac can run it j...

Here Are Apple's Full Release Notes for iOS 18.3 Juli Clover | usagoldmines.com

Five ways Trump's new policies will impact electric vehicles in the US | usagoldmines.com

Instagram Reels Is Now Broadcasting Your Likes to Your Friends Jake Peterson | usagoldmines.com

The Best Strength Training Routine for Kids (and Maybe for You, Too) Beth Skwarecki | usagoldmines.c...

A possible Nvidia RTX 5090 prototype shows what might have been – an absolute monster with nearly 25...

Quordle today – my hints and answers for Wednesday, January 22 (game #1094) | usagoldmines.com

NYT Strands today — my hints, answers and spangram for Wednesday, January 22 (game #325) | usagoldm...

NYT Connections today — my hints and answers for Wednesday, January 22 (game #591) | usagoldmines.c...

Netflix’s latest price hike: Well, this is a first | usagoldmines.com

Netflix Raises Prices Again Kellen | usagoldmines.com

Bluesky and X Just Launched TikTok-Style Video Feeds Michelle Ehrhardt | usagoldmines.com

Is It Ever a Good Idea to Opt for an Adjustable Rate Mortgage? Meredith Dietz | usagoldmines.com

iOS 18.3 Tweaks Calculator App Functionality Juli Clover | usagoldmines.com

Bambu Lab pushes a “control system” for 3D printers, and boy, did it not go well Kevin Purdy | usago...

UK Announces Digital Wallet for IDs and Driver's Licenses Juli Clover | usagoldmines.com

Netflix Increases Prices Again Juli Clover | usagoldmines.com

OpenAI Operator leak suggests it's coming to the ChatGPT Mac app soon – here’s why it’s a big deal ...

Microsoft wants AI to make searching for files a more casual experience erichs211@gmail.com (Eric Ha...

New Netflix price hikes increase subscription fees by up to $2.50 a month Scharon Harding | usagoldm...

Microsoft begins testing its next-gen smart search on Windows | usagoldmines.com

Android 15 QPR2 Beta 3 Now Available for Pixels! Tim | usagoldmines.com

Eight Mental Health Podcasts to Help You Survive 2025 Lauren Passell | usagoldmines.com

My Favorite Amazon Deal of the Day: This TCL 65-Inch QLED TV Daniel Oropeza | usagoldmines.com

'iPhone 17 Air' With Rear Camera Bar Allegedly Shown in Leaked Photo Joe Rossignol | usagoldmines.co...

Apple Intelligence, previously opt-in by default, enabled automatically in iOS 18.3 Andrew Cunningha...

RIP EA’s Origin launcher: We knew ye all too well, unfortunately Samuel Axon | usagoldmines.com

14 Changes That Will Make Your Mac’s Finder App Way More Useful Khamosh Pathak | usagoldmines.com

These Jabra Elite 10 Earbuds Are at Their Lowest Price Ever Right Now Pradershika Sharma | usagoldmi...

macOS Sequoia 15.3 Launching Soon: Here Are the Release Notes Juli Clover | usagoldmines.com

AMD says Radeon 9070 GPUs are coming in March | usagoldmines.com

A better laptop battery percentage indicator is coming to Windows 11 | usagoldmines.com

Beware! MSI warns of counterfeit AMD 9800X3D CPUs | usagoldmines.com

Save $500 on this RTX-powered Asus gaming laptop right now | usagoldmines.com

Best VPNs for Android 2025: Our picks for phones and tablets | usagoldmines.com

Get a Samsung OLED ultrawide gaming monitor for almost 50% off | usagoldmines.com

Anker’s 5-port USB-C hub with 4K HDMI is just $19 right now | usagoldmines.com

Get this 27-inch 1440p Asus gaming monitor for just $199 | usagoldmines.com

GeForce Now game streaming is sold out for many | usagoldmines.com

These Matter smart shades use one cable for power and data | usagoldmines.com

Many VPNs are vulnerable to hackers and hijackers, study claims | usagoldmines.com

This new Windows feature offers gaming advice while you play | usagoldmines.com

EA Origin is shutting down. Here’s how to keep all your games safe | usagoldmines.com

This Arc Pulse for Pixel 9 Pro is My New Favorite Case Accessory Kellen | usagoldmines.com

The Roborock Saros 10 Is Great (but It's Not My Favorite Roborock) Amanda Blum | usagoldmines.com

The Current Status of the TikTok ‘Ban' Jake Peterson | usagoldmines.com

38 of the Best Queer Movies of the Past 100 Years Ross Johnson | usagoldmines.com

The Out-of-Touch Adults' Guide to Kid Culture: What RedNote Is Like Stephen Johnson | usagoldmines.c...

iOS 18.3 Adds New Visual Intelligence Features for iPhone 16 Juli Clover | usagoldmines.com

macOS Sequoia 15.3 and iOS 18.3 Enable Apple Intelligence Automatically Juli Clover | usagoldmines.c...

Small and mighty, this 2lbs Android tablet has a 10 inch display and can even be used in heavy rain ...

Trump issues executive order to make DOGE official, targets "software modernization" | usagoldmines...

Cutting-edge Chinese “reasoning” model rivals OpenAI o1—and it’s free to download Benj Edwards | usa...

The Roborock Saros 10 Is Great (but It's Not My Favorite Roborock) Amanda Blum | usagoldmines.com

Apple Seeds Release Candidate Versions of iOS 18.3 and iPadOS 18.3 Juli Clover | usagoldmines.com

Apple Seeds macOS Sequoia 15.3 Release Candidate to Developers Juli Clover | usagoldmines.com

Apple Seeds Release Candidate Versions of watchOS 11.3, tvOS 18.3 and visionOS 2.3 Juli Clover | usa...

Trump revokes AI risk regulation in day one executive order | usagoldmines.com

Trump orders government to terminate remote work arrangements, return to in-person work | usagoldmi...

This colorful inexpensive Bluetooth speaker could be your perfect lifestyle companion becky.scarrott...

The Night Agent season 2's first five minutes have been released early, and Gabriel Basso's Peter Su...

A Diablo 4 port is reportedly in development for Nintendo Switch 2 | usagoldmines.com

G.Skill DDR5 RAM is overclocked to a blazing 12,054MT/s with no liquid nitrogen needed – just air co...

Korg's new portable turntables make me want to hit the streets and rock some blocks | usagoldmines....

Asus Tarius VR headset could use the Meta Quest 3’s best feature to defeat it – and it already sound...

How to get a perfect salt ring deposit in your pasta pot Jennifer Ouellette | usagoldmines.com

Satellite firm bucks miniaturization trend, aims to build big for big rockets Eric Berger | usagoldm...

Teamgroup X1 Max review: Killer USB drive convenience meets SSD speed | usagoldmines.com

Google Adds T-Mobile Build to January’s Pixel Update for Pixel 9 Series Kellen | usagoldmines.com

Google’s Pixel 11 and Pixel 10a Codenames are Here Kellen | usagoldmines.com

This Game Helped Me Learn Skills I Couldn’t Get From Therapy Anna Lee Beyer | usagoldmines.com

Finally, an Easier Way to Change Your Default Browser on Mac Khamosh Pathak | usagoldmines.com

These Seven Countries Will Grant You a Passport Based on Ancestry Emily Long | usagoldmines.com

Spatchcocking Your Chicken Is Worth the Effort Allie Chanthorn Reinmann | usagoldmines.com

Trump issues flurry of orders on TikTok, DOGE, social media, AI, and energy Jon Brodkin | usagoldmin...

This Game Helped Me Learn Skills I Couldn’t Get From Therapy Anna Lee Beyer | usagoldmines.com

Apple's AirTag 4-Pack Available for Record Low $69.99 Price on Amazon Mitchel Broussard | usagoldmin...

Have RTX 5090 and 5080 stock rumors spooked PC gamers? Nvidia GeForce Now is facing high demand, wit...

Microsoft Teams abused in Russian email bombing ransomware campaign | usagoldmines.com

Sorry America! A VPN might not be a quick solution to your TikTok withdrawal after all chiara.castro...

Cloud repatriation – how to balance repatriation effectively and securely | usagoldmines.com

The Night Agent season 2 stars tease where season 3 of the hit Netflix spy show will go next and it ...

Ensuring SMBs don’t get left behind in the Gen AI wave | usagoldmines.com

Garmin unveils two stunning new golf watches and a GPS handheld with 'unlimited' battery life stephe...

eCommerce data breach exposes details on half a million users | usagoldmines.com

Sony's unannounced Horizon Zero Dawn MMO, codenamed 'Project H', has reportedly been scrapped | usa...

Southern California wildfires likely outpace ability of wildlife to adapt Liza Gross, Inside Climate...

How to Fully Customize Your iPhone Notifications David Nield | usagoldmines.com

Five Concrete Ways to Lower the Cost of a Home Renovation Jeff Somers | usagoldmines.com

New iPad Pro Reportedly Launching This Year Joe Rossignol | usagoldmines.com

Today’s best laptop deals: Save big on work, school, home use, and gaming | usagoldmines.com

Champurrado Is My New Favorite Hot Cocoa, and It Takes Just Four Ingredients to Make Allie Chanthorn...

The Shokz OpenRun Pro 2 Are the Best Bone Conduction Headphones I've Tried Daniel Oropeza | usagoldm...

Apple Falls to Third Place in China's Smartphone Market Amid Sales Decline Hartley Charlton | usagol...

New leak suggests another Xbox 'Cipher' controller will be announced this month | usagoldmines.com

One of the worst Resident Evil games could be getting another re-release according to new ESRB ratin...

Leave a Reply