<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">On 7/10/2020 2:15 PM, Tom Mitchell
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAAMy4UTh2AFJwfe=qL3Ghi7mohixW5mhGyo3HDzqNkxfzeoxnw@mail.gmail.com">
<pre class="moz-quote-pre" wrap="">On Thu, Jul 9, 2020 at 3:17 PM Henry Baker <a class="moz-txt-link-rfc2396E" href="mailto:hbaker1@pipeline.com" moz-do-not-send="true"><hbaker1@pipeline.com></a> wrote:
</pre>
<blockquote type="cite" style="color: #000000;">
<pre class="moz-quote-pre" wrap="">(snip)
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">.......
</pre>
<blockquote type="cite" style="color: #000000;">
<pre class="moz-quote-pre" wrap="">So here's my suggestion:
* cable modem with 10-12 year-old never-updated Linux connected via Ethernet;
disable wifi HW on this device (or better: buy a cable modem w/o wifi at all)
* Raspberry Pi 4 acting as NAT/router/DoH DNS/... connected via Ethernet
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">I like the Pi-4 a lot.
For about the same money look at the
Ubiquiti Advanced Gigabit Ethernet Router -- MIPS based with some
hardware help for packet moving. Yes linux. Yes bug history.
Wifi transmitter and receivers can be sourced and upgraded on their
own time scale.
Those that can should have wired links in their home or office.
No solution is perfect. All require too much work to configure,
backup, audit and maintain.</pre>
</blockquote>
<p>Is there a build for the rasp Pi -- or any other hardware -- that
is specially tuned for this scenario?</p>
<p>There are some difficult issues there. The simplest way to do
back to back router with IPv4 is to do double NAT, which is fine
if you want to break peer-to-peer applications but not so great if
you want to have local servers, or make sure audio and video
conferences work, etc. Similarly, you want to be able to
distribute IPv6 addresses, and that requires either acquiring /64
subnets from the ISP router, or faking that with the IPv6
equivalent of proxy ARP. You also want to test and configure DNS
properly, without falling prey to the ISP's DNS, and also without
sending all your traffic logs to Google or Cloudflare over DoH.
Hence the need for a specific project. Is there one already?</p>
<p>-- Christian Huitema<br>
</p>
<p><br>
</p>
</body>
</html>