this post was submitted on 11 Aug 2023
6 points (100.0% liked)

networking

3055 readers
2 users here now

Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.

founded 2 years ago
MODERATORS
[email protected]
6
is a separate firewall required or does openwrt include that? (self.networking)
submitted 2 years ago* (last edited 2 years ago) by imaradio to c/[email protected]
20 comments fedilink hide all child comments
 

For a while I have been planning to switch from an all-in-one wifi router to having separate devices because that way they can be upgraded piece by piece instead of having to replace the whole thing.

I am confused about the role of the firewall.

If I have a router running OpenWRT, does it have a firewall included? Either by default or by installing certain packages?

Or is it required to have a separate firewall running opnsense/pfsense?

If not required, what would be the benefits that would lean in favour of separate firewall?

use case: small home network 2-3 users. some internal self hosting and maybe one day external self hosting.

ETA: The best internet I could subscribe to where I’m at is 1024 Mbps down, 50 Mbps up. So don’t worry about wasting fibre speeds. :(

My assembled components so far are: router, WAPs, switches, ethernet cable and cable modem.

Thanks for any advice.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 2 years ago* (last edited 2 years ago) (1 children)

The firewall is the gatekeeper that typically controls the traffic between the WAN and LAN. Most routers have at least a basic firewall built in. Whether you should have a separate router and firewall depends on a few things.

A common scenario is if you're routing a whole bunch of different subnets internally. This is often the case in an enterprise environment where thousands of devices are connected to the network. Routing can eat up a lot of horsepower and you don't want spikes in WAN traffic slowing down your internal routing. In that situation it makes sense to have separate firewall and router appliances.

If you're running you're entire LAN on one subnet, you're not typically going to have any internal issues with routing related to WAN traffic. It's also easier to troubleshoot one network appliance than multiple. I run a single Mikrotik as my main router and firewall. Don't make it any more complex than you need to unless you just want to see if you can.

[–] imaradio 1 points 2 years ago

I run a single Mikrotik as my main router and firewall.

Cool! I also have a mikrotik. I flashed over the stock firmware in favour of openwrt which I have some experience with. And is free software.

Don’t make it any more complex than you need to unless you just want to see if you can.

I do not. I don't really enjoy networking stuff tbh. I am willing to do it because I think in the end I will be happier with the result. It's like going to the gym though.

A lot of forum posts are from people who are motivated by the learning value or by making small optimizations. I just want "good enough".

Is there any specific information about setting up the openwrt firewall that you'd recommend? Or is it literally included in the default install?