Submitted 23 hours ago by socphoenix@lemmy.world to selfhosted@lemmy.world
I use a 2012 Mac Mini running OPNSense. I use the Apple Thunderbolt to Ethernet adapter in addition to the built in Ethernet. You could probably do the same for the MacBook Pro. I have a separate switch and access point. It works really well. And it was cheap.
make sure to remove the battery if you use the MacBook as a server. the battery blows up like a balloon… I’m assuming because the server install doesn’t/can’t manage the battery properly. I’ve had this happen twice.
I looked into to using a laptop as a router a while back and decided against it. From what I read, the chip is designed for bursts of processing and isn’t designed to be under constant load like a router would be. That means the fan will always be running an you risk overheating, fan failure, and high power draw.
That’s my non professional recollection so take it with a grain of salt.
At least for some laptops, you cannot just remove the battery. If the battery is removed, the performance may be throttled. This is true of very old MacBooks.
Opnsense any option for you instead of openwrt. I run an old hp with Intel Ethernet card and connected a unify AP to it. Works well since years
If I need to buy something off the shelf I’m looking at unifi.
I like my flint 2 router from GL.Inet. Uses openwrt on the back end but has a more normal interface in the frontend with the back end still accessible if you want it.
And you can install whatever firmware you want.
Only use network gear for wireless. The hardware in client devices is not designed to work well as a AP and will perform poorly.
I would just pickup some used equipment and flash openwrt. It is relatively straight forward and should work decently well.
Which hardware is recommended? Trying to search through their list a ton of it is already on old-stable and seemingly ready to be eol-d. I’m not really interested in spending on new routers playing whack a mole with security updates every 2 years. I’d rather have poor performance and a longer lifecycle versus unknown likely marginal support window.
Right now using a pfSense router, it’s been working well but I’ll eventually replace it with hardware to run OPNsense (pfSense fork) when the time comes.
If you’re mainly just worried about wireless I’d just look into something to run OpenWrt or maybe FreshTomato if you’re sticking to older hardware. I have an older Linksys wireless router that is compatible with FreshTomato firmware so it’s been running on that and works well for my own usage, nothing fancy.
I use pf as the firewall on my server, what is the difference/reason for the opnsense fork?
Many open source operating systems exist that can turn a computer with multiple NIC’s into a router or can be used in place of a hardware router OS. distrowatch.com/search.php?ostype=All&category=Fi… is a search on distrowatch.com that gives you a petty good list to get started.
I personally use OpnSense with a Supermicro motherboard a Xeon E3-1226 v3, and 16GB of RAM. It was all used server equipment bought on Ebay. I run Caddy, an ACME client, Intrusion Detection, Chrony, UnboundDNS, Wireguard as a VPN endpoint, and Wireguard as a client for IPv6 connectivity through Route64 because my ISP only has an IPv4 stack. For WiFi access I’m running a couple TP-Link Omada EAP-650’s with the OC200 controller using POE so I can place them in ideal locations.
Will a firewall prevent issues if the Asus devices have some sort of Spyware on them. It can but not by default. Generally firewalls are configured to stop anything coming in and let anything out. Since the RT-AX3000’s are on your internal network by default they can send data out. Something like Intrusion Detection can watch for bad things running on your network and help but you would have to set static IP’s on each one and null route them. You could also flash them to an open source firmware if you are worried but is a personal decision.
I avoid two things in networking, router modem combo devices and really cheap routers or access points. Honestly you should ask, “Why is this so cheap?” Then look at the reviews for those super cheap Chinese android tablets and computers and you should begin to understand my reasoning why.
Also used commercial grade hardware on Ebay is a great place to get a steal if you are building a homelab. Most of the time this stuff is pulled because it no longer is fast enough for a server farm and functionally obsolete. The firmware will generally be very stable and well tested. I’m running a 10Gbps fiber backbone for my network that connects my router, server, 48port ethernet switch (using 2 DAC cables), and desktop computer together.
I have a 1Gbps fiber connection and speedtest at 950Mbps while everything is up and running. The Ethernet connection at 1000Mbps is the limiting factor. A speedtest from my cell phone (S26) over WiFi I test at 680Mbps. My testing internally from my desktop to my server using openspeedtest runs around 8000Mbps.
Many open source operating systems exist that can turn a computer with multiple NIC’s into a router
Minor nitpick, but if you’re planning on sticking a NIC into a machine to make it a router, it’s probably more cost-effective to get a single NIC with multiple Ethernet ports than multiple NICs.
router modem combo devices and really cheap routers or access points.
I’ve always thought that combo devices are probably good for the average, casual internet user, but not high end, extreme users. I want the best (within reason of course) delivery mechanism that I can get to route the signal from the street to my devices. It’s worth the extra $$ to me.
I have a GL-AX1800 and I’ve been happy with it; going to get another for my mum.
I bough old FUJITSU Desktop (ESPRIMO D757/E90+) its ~2017 has 4 pcie. I bough cheap 3 ethernet NICs and 1 wi-fi on a maketplace/bazar and installed openWRT. Actually I installed proxmox and openWRT in a VM so that I can use that computer for other networking stuff like AdGuard, Tailscale, etc… Btw if you do this be careful which wifi you buy, not everything is easy to setup on OpenWRT.
Would the MacBook Pro or rpi4 with a second Ethernet nic running a firewall before the routers also fix the issue of not getting security updates?
No. For most routers, this provides no additional protection to the router. Your router should not be accepting connections from the WAN side that would be blocked by the firewall, but consumer routers almost always initiate connections to the WAN side, indistinguishable from normal client traffic to your firewall, and accept connections from the LAN side, invisible to your firewall. If the firewall blocks all incoming requests, it would create problems for UPNP, effectively giving you CGNAT, even if the firewall does not perform address translation.
Looking at using older hardware we have spare (a MacBook Pro 2012 or rpi4) seem to have a track record of underperforming
In what sense?
OpenWRT does support more recent hardware if you know what you are looking for
When I got whatever it was that I got new…I think an Asus device…that I used, I think that I had to order it online, and it sounds like OP was shopping brick-and-mortar. I dunno if he’d be able to find it brick-and-mortar.
I use Merlinwrt on my Asus router. They have a bit longer support and I think it’s open source. May be worth looking into.
They also list my current one as unsupported unfortunately, I think because of the Broadcom WiFi chip in it.
I was very excited about open firmware and ran FreshTomato for a while. Eventually I decided it wasn’t reliable though (2.4Ghz wasn’t actually running on one router, occasional speed issues).
I switched to Unify and have had a great experience. Great visibility into link speed, which device is on which AP, able to SSH into each device and run iperf3, WiFiMan is a great debugging tool (which you don’t need their ecosystem to try), notifies me when the ISP is slow/down. There’s a bewildering array of hardware and it’s not cheap or always in stock, but there are some good guides around.
So, I’d like FOSS to be the right answer, but in this case I’m glad I switched to Unifi.
I use OpnSense on a miniPC with an N100 processor. I got a decent one from HUNSN and added memory. I installed ProxMox and OpnSense runs in that along with a pihole instance and a few other services and it is really fast compared to any router I’ve had in the past.
I also use a RAM disk for OpnSense caching and logs, and anything I want to keep gets copied out to my NAS for permanent storage. That helps a lot with performance and SSD drive wear, but with memory so expensive from the LLM bubble, it might be more expensive now than a few years ago when I got mine.
This is what I was looking into recently. I just want to replace my shitty Spectrum router.
I was looking at Topton N150s on AliExpress, but $250+(tax/shipping) is terrible, with no RAM.
I saw people using the Lenovo m720q/m920q with a pcie 4 port, so I’m leaning towards that.
We’re about to get fiber in the next year or two, so I want to get something that can handle 1g up and down.
There’s a lot of options, none perfect, but none terrible.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| AP | WiFi Access Point |
| SSH | Secure Shell for remote terminal access |
| Unifi | Ubiquiti WiFi hardware brand |
[Thread #192 for this comm, first seen 25th Mar 2026, 15:50] [FAQ] [Full list] [Contact] [Source code]
femtek@lemmy.blahaj.zone 21 hours ago
I’m overkill and use ubiquity but you can also use their entry level devices, I’m a fan of hardwiring the wifi points to a switch or the router itself thru poe so you don’t have to use a wifi band for the mesh.
neidu3@sh.itjust.works 21 hours ago
Same. Got some leftover Fortinet from work that I’m using. Could be better, but my Fortigate 101E works miles better than my ISP default router. All I had to do was assign upstream wan to VLAN 10 and spoof the MAC address.