1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A home network plan: seeking advice & suggestions

Discussion in 'Tomato Firmware' started by alexlau, May 23, 2013.

  1. alexlau

    alexlau LI Guru Member

    Dear friends,

    I'm planning to re-set my home network plan as follows, there are some doubts which I need your advice & suggestions. please do feel free to enlighten me and correct me about this, and hopefully can give a sample on what Tomato is capable of!:D Thank you!

    Proposal:
    • Both Asus & Linksys router are running Tomato firmware. (Of course!:cool:)
    • All wireless clients (laptops, wireless IP camera) connect to the primary Asus router, which is placed in the hall. These connections are on 2.4GHz channels.
    • Linksys router is placed in the study room and serves just as a receiver of wireless signal from Asus, and provide Internet connection to PC and NAS via wired cable. The Linksys router will connect to the Asus router on a 5GHz channel with a different SSID.
    • All equipment (both routers, all laptops, PC, NAS, IP camera, etc) are going to be set as fixed IP address.
    • The NAS and wireless IP camera has to provide remote access, i.e. accessible while I'm in my office.
    • The NAS will record the IP camera's video and store it.
    Questions:
    1. In this case, should the Linksys router be set as a AP or wireless client or wireless Ethernet bridge?
    2. Once set properly, what is the Linksys router's IP address? Can it be set as 192.168.1.4? or must be 192.168.2.x?
    3. Similarly, can the PC and NAS set to be 192.168.1.x as well?
    4. I need to setup VPN server, DDNS & port forwarding in Asus router and fix IP for the NAS so that I can view the NAS remotely. Is there anything that I should set in the Linksys router as well?
    5. If I want to reserve some bandwidth (say, at least 50Mbps) for the NAS or PC, should I set this Bandwidth limit in the Asus router or Linksys router? Do I have to set the bandwidth limit for the Linksys router as well?(since the traffic of NAS/PC comes through the Linksys router?)
    6. Since I'm setting all equipments to be fixed IP address(MAC & IP bundle), should this be done on the Asus router, including the NAS & PC? How about the IP for Linksys router?
    7. Wireless IP camera is connecting to Asus via 2.4GHz, NAS is connecting (through Linksys router) via 5GHz. How would this impact on the surveillance recording? and how would it impact other connections as well?
    8. Is there any better way to optimize this network? (assuming the way of connection could not be changed, i.e. wired to be wireless, wireless to be wired.)
    Questions (Part 2).
    • I have a relative working in China and I would like to setup a VPN server on the ASUS router, so that he would tap on my uncensored Internet connection. The questions are:
    (1) When he's connecting to the VPN server(ASUS router), he is using my upload bandwidth, right? Then he's connecting to other websites (say, Facebook), then he's using my download bandwidth, isn't he? I'm a bit confused on how the bandwidth is used.
    (2) How do I reserve certain bandwidth (maybe 10-20% of my total) for him? So that at least he could have a pleasant experience while my family is using the Internet heavily with torrent, streaming, etc.

    • How to limit the admin access to the ASUS router configuration pages to just the PC in the diagram, wirelessly? So that all the laptops could not touch the 192.168.1.1 at all?
      My understanding is that, from Tomato Administration --> Admin Access page, uncheck the "Allow wireless Access" would limit the access only to wired connection.
      But what if I want to limit it only to certain wireless client?
    Thank you for the upcoming suggestions! Awaiting for ideas~~~:p

    [​IMG]
     
  2. Xero5

    Xero5 Serious Server Member

    1) Wireless ethernet bridge. In this mode it will be as if there is an invisible ethernet cable connecting your Asus to your Linksys and the Linksys will act like a switch to hook your wired PC and wired NAS to. After, enter your wifi information.

    2) On the Linksys, turn off DHCP and UPNP on the Linksys. Set the IP to 192.168.1.4 on it. You have to do it manually. Of course, default gateway will be 192.168.1.1 and static DNS will be 192.168.1.1. In addition, go to Advanced --> Routing and change the Linksys from Gateway to Router mode. This will turn off NAT.

    3) Yes, everything will be as if you are on one big network all within the 192.168.1 subnet. Everything will talk to each other perfectly.

    4) Nope. No need to port forward or anything or do any setting changes on the Linksys. The Linksys will not act as a router at all. It will act as a wireless switch. It becomes something you can forget about.

    5) The Asus router.

    6) The Asus router. The Linksys becomes set it and forget it.

    7) You only have so much wifi bandwidth. It would be better to wire whatever you can.

    8) Given your requirements, you've done a good job.

    Hope you get your network setup the way you want. :)
     
    alexlau and philess like this.
  3. Monk E. Boy

    Monk E. Boy Network Guru Member

    If the wireless link between routers goes horribly wrong, or you want to expand your wireless coverage, etc. you may want to look into linking your routers together using powerline networking. The adapter basically plugs directly into a wall (not into a power strip, directly into a wall) and has an ethernet port on the back, and after easy (read: normal consumer) setup you can bridge two (or more) powerline networking adapters together so the power lines in your wall become (relatively slow) ethernet cables. I used 200Mb powerline networking back in the day, which was equivalent to 100Mb Ethernet, and it worked surprisingly well... although not as fast. Newer adapters are faster than the stuff I used.
     
    alexlau likes this.
  4. alexlau

    alexlau LI Guru Member

    Thank you both for the ideas and comments, really appreciate it! :)

    Xero5, thank you for the detailed answers. Really helped.

    Further on this, since I'm going to set fixed IP address for all clients, should I set the fixed IP for Linksys router (192.168.1.4) on the Asus router as well?


    Monk E. Boy, appreciate on the suggestion about powerline networking. However, I'm not sure the power socket next to Asus router and the one next to Linksys router are in the same wire circle (or do they link to DB separately). Is there any way to test it? Would this impact the powerline performance?

    Another thing is I don't quite understand how the network works with a powerline adapter. Does this powerline/homeplug occupy an IP address by itself? With 2 such adapters, will the Linksys router be assigned with the IP given in the diagram?

    The distance between the Asus router and Linksys router is about 6-7 meters with one wall only. I'm thinking if the 5GHz dedicated communication between Asus and Linksys could be able to reach the near theoretical 300M connection, would it be good enough comparing to the powerline? (Considering purchasing a pair of powerline adapter costs some extra $$$)
     
  5. philess

    philess Networkin' Nut Member

    Only one wall? Solution: Drill hole. Ethernet cable = best results (speed & reliability).
     
  6. alexlau

    alexlau LI Guru Member

    I wish too... the problem is cost for manpower of laying the cable and it's not easy to make it as aesthetic as possible....
     
  7. Monk E. Boy

    Monk E. Boy Network Guru Member

    300M is not throughput rate, it's the signaling rate. 100Mb ethernet signals at 110, but only transfers data at 100. Wireless is far more inefficient, on the order of 50% loss or more from signaling to transfer rates.

    Powerline networking adapters work at the layer 2 level. IP is at layer 3. They work in the physical layer. They're basically a bridge, transforming one media type (ethernet) into another (powerline). They have zero effect on the wires or power transmission, aside from the negligible power draw of the adapters (the ones I used were equivalent to plugging in a router). Depending on the age of the residence, your junction box (circuit breaker panel) may already be wired to bridge between circuits, at the time I had been living in a townhouse built about 10 years ago and it worked fine across circuits. YMMV of course, but I had to go from the basement to the 2nd floor and it was amazing how much of an improvement it was in every way over my previous wireless link.
     
    philess likes this.
  8. philess

    philess Networkin' Nut Member

    Manpower? Just do it like i did: Use your powerdrill to make a small hole, use normal ethernet cable, stick it thru. Also, drill hole in a corner of the room. I did mine behind the sofa. Often the simplest things are the best.
     
  9. Monk E. Boy

    Monk E. Boy Network Guru Member

    They also make grommets that can "finish" the hole around the ethernet cable so it looks almost professional. In addition, they make ethernet cables in a wide variety of colors these days, you probably could find one that's close to your wall color so it'd blend in.
     
    philess likes this.
  10. darkknight93

    darkknight93 Networkin' Nut Member

    Something like this: IMG-20130524-WA0001.jpg

    I hope that i will never have to remove or worse: add one... ;) black one is coax for rapidly blinking-like-mad cable Modem in the other room
     
    philess likes this.
  11. philess

    philess Networkin' Nut Member

    Exactly the same for me here.

    No way i would use wireless to connect two parts of my network if there is a way to use cable.
     
  12. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Running cable always best, but not always possible (e.g. Spousal Acceptance Factor).

    Some people have good results with powerline, often better throughput than wireless if your home electrical is good, but others complain about dropouts and variable latency as bad or worse than wireless. Unfortunately no way to know how your wiring will behave until you try it.

    Cheapest option if you already have the routers is to try the 5GHz bridge or WDS to see if it meets your needs before buying equipment or drilling holes. Be sure try both channel widths in both upper and lower bands before making a decision. Best to do the testing when your neighbors are generating maximum interference (microwaves, cordless phones, dishwashers, likely most active in the evening). If that doesn't work then start drilling!
     
  13. Xero5

    Xero5 Serious Server Member

    Are you doing "fixed IPs" as static DHCPs? Or are you manually entering a static IP in each device? Because the Linksys must use a static IP when acting as a client, there is no need to enter anything Either way, for the Linksys, there is no need to write anything.

    And as others here have posted, powerline adapters, like this one:
    http://www.amazon.com/Netgear-XAVB5...9413206&sr=8-1&keywords=Powerline+Nano500+Set

    Are a good alternative. Though it is very YMMV. The quality of your wiring and if you're going though a circuit break affects the speed. Just make sure you plug the powerline adapter directly into the outlet. It cannot go though any form of power strip. Otherwise, the speed degrades significantly.

    However, with a dedicate 5 GHz band that will broadcasted by the Asus that will only be used by the Linksys, you should have a good strong connection.

    Try to see how your current networking setup works. If you feel you are having issues, then give powerline a try.
     
  14. Monk E. Boy

    Monk E. Boy Network Guru Member

    I know a guy who ran an Ethernet cable between his living room and his basement by having both ends terminate (enter the room) behind the entertainment centers. His wife never even knew it was there. What's one more cable in a mass of cables?
     
    philess likes this.
  15. philess

    philess Networkin' Nut Member

    Ignore spousal acceptance factor (are you a man or not? ;P )

    Yes, i had decent results with Powerline tech too, but its extra $€ to spend, and the spend is far from cable.
    Also, depending on the electrical wiring in that house/apartment, its not even possible.

    If i had to chose tho, between WiFi and Powerline, i would pick Powerine. Its a cable, no interferences with
    others (mostly) and always the same (even if low) speed.

    That said, a ethernet cable is ALWAYS the best solution. In regards to reliability (for me, most important)
    and speed (100 MByte/s and above).

    Imho, its very simple:

    if ( $spousal_accept_factor > relative_cost_of_powerline ) then;
    selection = WiFi
    else
    selection = powerline
    if

    Life is simple.

    Edit: And high-five to Monk E. Boy
     
  16. alexlau

    alexlau LI Guru Member

    Thank you all guys on the ideas~

    philess, Monk E. Boy, darkknight93, thank you all for the input on cabling suggestion. Belive me guys, cable is the first thing I considered when I was planning to re-design the current layout. I don't want to go through the headache of setting wireless channels after InSSIDer survey either. Unfortunately, I'm living in a small apartment and with kids around, I could not afford to have cable lying on the floor. My fault here that I didn't describe clearly about the floor plan of the building, the two rooms (hall and study room) are not exactly next to each other, there is a corridor between them and a half height glass panel in between as well. I have considered all possible way to run the cable and talked to a few contractors on how to make things neat, well, didn't end up well. (unless we don't mind to have cable hanging around the ceiling:D)

    As for my other half, her understanding is that I only need to press the WDS button (well, at least she knows to press that:cool:) and everything will connect. Thumb up for Linksys advertisement!

    Lesson learned: lay cables to each room when doing the renovation.

    Thank you Marcel Tunks on the information about Powerline. I read in my local discussion forum about this, exactly as you mentioned, the results really vary: some can get very very good results, while others only achieve a fraction of it. I just wish that I could have the electrical wiring plan of my apartment but cannot find it....

    I shall try Xero5's suggestion to try out the proposal as shown first, hopefully the 5GHz linkage could provide an acceptable result. If it doesn't, I will definitely give powerline a try.

    Yes, I'll define all static DHCPs in my Asus router, manually entering the IP/MAC for each device. I'm thinking to define the Linksys' IP in the ASUS static DHCP page as well.

    My Asus router will come in 1 week's time. Let me try the configurations on Tomato pages and paste some settings later, just to seek reviews on whether I'm on the right track:p

    Thank you all~~
     
  17. Xero5

    Xero5 Serious Server Member

    The Linksys will be connected via static IP, so there is no need to enter the Linksys in the Asus static DHCP list. Static IPs are different than Static DHCP IPs.
     
  18. alexlau

    alexlau LI Guru Member

    My plan is to enter (and limit connection to the network only to) all my devices' MAC & IP in Asus' Tomato admin page (Basic-->Static DHCP), including the Linksys router's. So that every device will have a fixed local IP address when logging in to the network (and can use bandwidth limiter/Access control to limit/control as well).

    Would this conflict with the static IP setting on Linksys itself? (maybe a bit redundant, but is there any harm or will cause slowness in terms of connection and transmission?)

    This is the network setting in Linksys router, with some questions. Am I on the right track? Thank you~

    (I used Victek's online simulator for the screenshot, thank you Victek, again!)

    [​IMG]
     
  19. Xero5

    Xero5 Serious Server Member

    Entering the Linksys IP information into the list on the Asus shouldn't cause problems assuming you set them both to the same address.

    Now, to your questions. It looks like you are pretending this is your config page for your Linksys.

    1) The address of your Linksys. So in your case, 192.168.1.4.

    2) Put in 192.168.1.1. That's the pathway to your router.

    3) Yes. And it must match exactly otherwise it won't work.

    Also, notice you get something called "Use WAN port for LAN". This allows your WAN port to become a 5th ethernet port to hook an ethernet device into.
     
  20. alexlau

    alexlau LI Guru Member

    Yes, I'm pretending this is the configuration page for the Linksys router. :)

    so the Static DNS should be 192.168.1.1 as well, same as the Default Gateway?
     
  21. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Correct, that way you can control all your DNS options with your gateway router.
     
    alexlau likes this.
  22. alexlau

    alexlau LI Guru Member

    Thank you all guys~~

    I have some further questions while I'm trying to figure out more details. ;)

    Questions (Part 2).
    • I have a relative working in China and I would like to setup a VPN server on the ASUS router, so that he would tap on my uncensored Internet connection. The questions are:
    (1) When he's connecting to the VPN server(ASUS router), he is using my upload bandwidth, right? Then he's connecting to other websites (say, Facebook), then he's using my download bandwidth, isn't he? I'm a bit confused on how the bandwidth is used.
    (2) How do I reserve certain bandwidth (maybe 10-20% of my total) for him? So that at least he could have a pleasant experience while my family is using the Internet heavily with torrent, streaming, etc.

    • How to limit the admin access to the ASUS router configuration pages to just the PC in the diagram, wirelessly? So that all the laptops could not touch the 192.168.1.1 at all?
      My understanding is that, from Tomato Administration --> Admin Access page, uncheck the "Allow wireless Access" would limit the access only to wired connection.
      But what if I want to limit it only to certain wireless client?
     
  23. darkknight93

    darkknight93 Networkin' Nut Member

    to Part 1) be informed that the uncensored Internet can and will get you serious conflicts with current law and restrictions in China.
    (1) Due he will use your Internet Connection, he will use your upload to request Websites. With getting Response from webservers he will consume download on your router - the traffic will be routed through the VPN so it will also consume your upload. Means: up and download will be used the same amount due handling the requested ressources will eat your upload to get it through the VPN.

    (2) you can do that with Bandwith Limiter on Tomato. Just use a BW Limit for his ip/iprange of openvpn or the vpn Service you use. with starting a search in this Forum you will get nice descriptions and how-tos

    Part 2) you can drop all incoming requests on port ssh/http or easily all Services on your router for wireless Clients.
    just search for neccessarry iptables roules (which you paste in Admin -> Scripts -> Firewall).

    The easiest solution is to dissallow Access to ssh/http due other Services are not critical on your router (DNS, DHCP is ok)
    you can use a guide here:
    http://www.cyberciti.biz/faq/iptables-block-port/

    I'm sorry that i can't post the exact rules.
     
    Monk E. Boy and alexlau like this.
  24. alexlau

    alexlau LI Guru Member

    Thank you for the information!

    Thanks for alerting me on the possible conflicts when using VPN, maybe I should not mention the word "uncensored" in the first place. Basically he's mainly using YouTube & Facebook, so hopefully it wouldn't cause a big problem.

    Does it mean in this case, I have to set a static DHCP for his VPN connection, then limit the bandwidth of this address?

    I'm new to iptables, I may have to read up more on this.

    I'm not sure whether I described correctly in my previous post. What I want to achieve is that all wireless laptop can still access Internet freely, just that they are not able to touch the http://192.168.1.1 (router admin pages) at all. Only the PC connecting via Linksys router can access the router admin pages.

    I'm referring to these few posts at the moment, but they didn't specifically mentioned my scenario:
    http://www.overclock.net/t/489538/tutorial-secure-your-network-with-tomato
    http://www.justinmontgomery.com/securely-access-your-tomato-router-remotely
    http://www.linksysinfo.org/index.php?threads/which-remote-access-method-to-use.24862/
     
  25. Elfew

    Elfew Addicted to LI Member

    Ok, what about create br1 and br2 isolated networks, devices br1 has access to GUI of administration and others not?
     
    darkknight93 likes this.
  26. alexlau

    alexlau LI Guru Member

    Thank you Elfew for the idea! I never thought about it, but it's so obvious & brilliant~

    I'm not sure whether can set only br1 has access to admin GUI though, shall find out. Anyway this feature is just for thought, not so crucial in my case. My cousin is helping in some student charity thing, he actually needs this to "protect" the network.

    :)
     
  27. Monk E. Boy

    Monk E. Boy Network Guru Member

    It all depends on what he accesses, and who sees him accessing it. They don't call it the Great Firewall of China because it's lax. He could end up being interrogated by authorities for simply going around the restrictions, and such interrogations don't always end well in China. "Having some tea" ends up in a missing persons report way too often.

    Ideally to avoid tripping flags you would need something like an HTTPS VPN connection, which runs over HTTPS and for all intents and purposes looks like a normal https website to their firewall and traffic monitoring. I don't even know if this is possible with Tomato.
     
  28. Elfew

    Elfew Addicted to LI Member

    It is quite easy, I had same problem month ago and we found solution. Please check this forum or wait, I will be at home in 10hours, now I am on my smartphone in work.
     
  29. Malitiacurt

    Malitiacurt Networkin' Nut Member

  30. alexlau

    alexlau LI Guru Member

    Thank you guys~~~ :cool:

    Monk E. Boy, you make me scared:eek: haha, he's nobody, don't think the Gov has enough interest time on this kind of small matters. Actually he's planning to subscribe some VPN services but since I'm going to have a quite fast internet access, I'm just thinking maybe can save him some bucks/troubles while at the same time get my hands dirty with Tomato -- which I would love to;)

    Thanks Elfew and Malitiacurt for the details on the problem. No rush, I'm still at planning stage of the network setup. Equipments will only be up in 2 weeks time.
     

Share This Page