Comcast is the root of all evil in the world.
2 Likes
Well, Xfinity hasn't made any strides on upload out here in the sticks where they have an agreement with our county for a monopoly.
You should not need DOCSIS 4 for balanced upload. DOCSIS 3.1 should be able to handle up to a gig.
2 Likes
Look at starlink at out cottage we were paying 130 a month for.slow 20 meg dsl. Now we have starlink at 110i a month..albeit high startup for the equipment. But it is actually underpriced. The dish moves and heats to avoid snow. Abg 90-150 meg.
2 Likes
Who's your provider nice..
2.5, 5 or 10g switches?
AT&T. They kind of quietly started offering multi-gig services a few months back.
This is 2.5g -> Switch -> 10g -> Switch -> 10g -> Unifi UDM Pro -> 5g SFP -> AT&T gateway
1 Like
How much
not avail here. or id go for the 5.. nice.. wonder if my firewall on the public access/ip side could keep up with inspecting packets at that speed.
guess not only a 1g port.. guess i will need to upgrade soon to something with a 10g port. its gonna cost a bundle.
Geez thats so cheap!
ya unforntunately with public ips you need something with enough horsepower to inspect every packet in your firewall.. i had to upgrade when i got 1g download.. crap netgear and others could not keep up once the firewall was brought up.. i have about 1000 lines in my firewall file.
and have rules that reference address lists
for example have lists of all chinese ch, russian , khazekstan and brazilian ips ranges. which were the bulk that were trying to hack into my router..
i load them.. convert the name to foreign and have one rule that blocks all these ie.
/put "get Foreign lists"
/put "get china list"
/tool fetch url=http://www.iwik.org/ipcountry/mikrotik/CN
/import file-name=CN
/put "get russia list"
/tool fetch url=http://www.iwik.org/ipcountry/mikrotik/RU
/import file-name=RU
/put "get kz list"
/tool fetch url=http://www.iwik.org/ipcountry/mikrotik/KZ
/import file-name=KZ
/put "get br list"
/tool fetch url=http://www.iwik.org/ipcountry/mikrotik/BR
/import file-name=BR
/put "delete duplicates in KZ and other foreign"
/ip firewall address-list remove [find where list="KZ" && address="93.157.176.0/21"]
/ip firewall address-list remove [find where list="KZ" && address="91.246.96.0/21"]
/ip firewall address-list remove [find where list="RU" && address="193.151.224.0/20"]
/ip firewall address-list remove [find where list="RU" && address="91.246.80.0/20"]
/ip firewall address-list remove [find where list="RU" && address="185.234.24.0/22"]
/ip firewall address-list remove [find where list="RU" && address="81.91.184.0/22"]
/ip firewall address-list remove [find where list="RU" && address="81.91.188.0/24"]
/ip firewall address-list remove [find where list="RU" && address="94.141.224.0/19"]
/ip firewall address-list remove [find where list="RU" && address="188.124.244.0/22"]
/put "delete bad ru rule 212.122 that blocks tesla or amazon aws"
/ip firewall address-list remove [find where list="RU" && address="212.122.0.0/19"]
/put "combine lists for those we block"
/put "combining CN"
/ip firewall address-list
set list=Foreign [find list=CN]
/put "combining KZ"
/ip firewall address-list
set list=Foreign [find list=KZ]
/put "combining BR"
/ip firewall address-list
set list=Foreign [find list=BR]
/put "combining RU"
/ip firewall address-list
set list=Foreign [find list=RU]
/put "combine lists for those we block v6 - ignore RU for now it has its own rule"
/ipv6 firewall address-list
set list=Foreign [find list=CN]
set list=Foreign [find list=KZ]
set list=Foreign [find list=BR]
set list=Foreign [find list=RU]
and this rule
/put "Blacklist"
add chain=forward action=drop src-address-list=Blacklist comment="Block Blacklist"
/put "Foreign"
add chain=forward action=drop src-address-list=Foreign comment="Block Foreign IPs"
/put "Foreign RU"
add chain=forward action=drop src-address-list=RU comment="Block RU IPs"
its actually even more complicated because comcast gives your default gateway on the same subnet as your ip range so the router cannot actually route.. it needs to bridge and you need a firewall on your bridge.. most off the shelf routers cannot do a bridging firewall.. i had dd-wrt with modifications previously which could..
unless you want to do 1-1 nat which defeats the purpose really of having public ips.
Yes but that doesnt do bridging firewalls and doesnt work without nat on.
That must be a region specific offer. I'm in MA, and I can't find that!
1 Like
Firewalla Gold just came out with a 2.5 G Firewall/Router. (Firewalla Gold Plus). It isn't shipping yet. But they are taking preorders. Right now, I have everything on my network monitored and still pulling ~900 out of my 1.2 G connection. The Gold is limited by the 1G port on the WAN.
2 Likes
Ugg having to manually enter that and maintain it would drive me nuts (hellooooooo cisco pix..how I loathe you) I mainly use Watchguard for most clients and myself. Pretty easy to block specific regions. Also gives a nice live graph of what's trying to hit you and go out at the same time...
Note: This isn't mine for obvious reasons.
Awesome thread. I have Centrylink Fiber and it's 900mbps up/down for $65 flat, which I think is a very good price from what I'm seeing here.
3 Likes
For sure! I'm paying the same price for 250/10 from Cox. Still hoping that AT&T will expand to my neighborhood in the next year or two. They're been literally half way down my street for the last 15 months or so.
2 Likes
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
