[ale] Complex QoS rules on network reorg.

Ted W. ted-lists at xy0.org
Sun May 22 18:59:32 EDT 2016 

I just finished a very similar migration at my house (with the 50/10 
business internet as well). For wifi, I purchased a Ubiquiti UniFi AP AC 
Lite. For the router, I went to Micro Center and bought a $99 
refurbished ThinkCenter with a Core2Duo, 3GB of RAM and a 100GB HDD. I 
then went on Amazon and picked up a 4 port Gbit PCI-E Intel NIC for $50. 
It's probably overkill but it runs PFSense like a champ.

I've been super happy with this setup so far. I haven't had a need to 
mess with it yet but PFSense does have some traffic shaping/QoS features 
built in that you could use to control Bandwidth per VLAN. The Ubiquiti 
AP also has the ability to turn on and off SSIDs on a schedule which, my 
father would have loved to have had for me growing up.

My only gripe is that you have to register the UniFi AP with a single 
computer to use the control panel and you can't just pull up a web 
management portal or some kind from any laptop.


On 05/22/2016 06:29 PM, Chris Fowler wrote:
> Wife ordered Xfinity business at 50/10.  This is given me an opportunity
> to rebuild my network.  I have daughters 13 and 11.  Every one, but me,
> complains about "streaming movies".  They are also out in a week and for
> my SSH sanity I need to lock everyone down.
>
> Here are my thoughts.
>
> 1.  DHCP provides address by MAC not much in a pool.
>
> 2.  192.168.1.0/24 is subdivided into subnets.
>       2.1.  "Enterprise".  Servers, my desktop, services, etc.
>       2.2.  Entertainment.  XboxOne, WiiU, etc.
>       2.3.  Each daughter gets their own cut of the 192.168.1.0/24.
>
> 3.  SSH needs TOP BILLING.  I type fast.  Followed by OpenVPN and Vtun.
>  All that will happen within 2.1, but SSH needs to defeat all Netflix
>
> I've just received a Ubiquiti AP.  This Is just an AP.  It will be the
> only AP.  I'll use my own cable modem and then Linux will route between
> the private and the public.
>
> Purpose of 2.3. is so that when punishment occurs we'll simply degrade
> service (I'm evil) or block their sub.  I'll have a web page the wife
> can log into to dish it out.
>
> I'm going to install squid to proxy for 2.3 and take the SSL as well.
>
> When they are out of school my SSH sessions go downhill fast.
>
> I can do much of this, but I don't have much experience with the complex
> QoS rules.  Should I start with a CentOS 7 install or a firewall distro?
>
> Chris
>
>
>
>
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>

More information about the Ale mailing list