Replacing Your Home Router

[Lost In Cyberia]

Hi everyone, as someone who has Verizon FiOS, I have Verizon's stock "Actiontec Wireless Modem/Router". While this router gives me a decent level of support and customization, I'd like to keep my options open.

So from my limited research there seem to be three options. You can either buy a new hardware device to replace your ISP provided one, wipe out the firmware/OS on the router you already have from your ISP, or buy an additional router/modem and put it 'downstream' of your current ISP provided router. (chaining them).

So my main question is which is more advantageous? Should you completely replace the ISP device that was given to you? Or if you're lucky enough, and firmware such as dd-wrt or tomato, run on your device, should you just put these open source images on the router you already have?

If replacing your router with a new device, do you have to call your ISP, and will they "see" something on their end that would alert them that a change was made?

Any pitfalls, or perils or warnings to doing any of these?

[cooper]

When I was in a similar situation, I opted for #3: put the router in bridging mode and have my own device downstream.

Main reason for this was that at the time I was already on cable and a cablemodem was very much a piece of *THEIR* network. It worked fine most of the time, but occasionally there would be a problem, you'd call them up, explain the situation, they'd "do something" which, from the things they said, seemed to be that they remotely accessed the device and twiddled the settings a bit, and then be off again. Problem there for me was that at no point did I have to do anything to make the device allow this. How do I know the internet at large wasn't doing the same? How do I know the ISP isn't going in there nilly willy and messing about on my network? There wasn't a lot of valuable data there, but I had some pretty spiffy hardware at my disposal and I wasn't going to sit around and risk some jackoff at the ISP just waltzing in and take over. Since then it's more a privacy/control thing for me.

Initially I put an OpenBSD box downstream and made that the real router but I've since moved away from OpenBSD because, well, I guess I'm just too stupid for it. If you can't monitor and control a box, you shouldn't have it police the entrance to your network. I'm pretty confident I can keep a Linux box afloat and report back to me when things go tits up so it's a Linux box these days.

Check out my Cheap low power Linux fileserver topic where I also describe the device I'm currently using - it's the other of the 2 Nano's. Since I'm moving from cable to fiber I going to have to upgrade the board to something with dual gigabit, so I've currently got a MinnowBoard Max on order.

For me, the option to replace the device's firmware simply didn't exist or at least didn't seem feasible. And there are only a handful of cable modems and, well, they all suck HARD. Spotty wifi, wonky setup options, you name it. Problem was that a few years back they introduced "Wifi Spots" where part of your bandwidth was made available to other subscribers of the same ISP, with the idea that if they had their credentials on their phone and they were near your modem, they could surf over Wifi using your bandwidth. To compensate you they upped your max speed a bit meaning that if nobody was around taking that cut, you basically had faster internet and since I'm high up in an apartment building that meant pretty much all the time. But you had to have your wifi turned on so putting it in bridged mode (=pass-through so no AP possible) would probably get noticed and result in a speed drop back to the original, so I just put my router down-stream as a regular device and set the transmission power of the wifi on the router as low as possible while still being 'on'. The wifi on my router is on a different channel, using a WAY better radio and antenna. No problems for me.

[digip]

I would use my own router to connect my devices to the internet whether on their modem or my own, even if they have nat setup on their all in one devices. call it my tinfoil hat paranoia but I want control of what sits at the edge of my network and locking it down with my own DNS settings while knowing it's not open to potential attacks from the web side. FiOS devices almost always have remote administration on with no way to disable them.

https://www.google.com/search?client=ms-opera-mobile&site=webhp&source=hp&ei=TfeBVf-LIojR-QGq94H4BA&q=disabke+fiis+remote+admin&oq=disabke+fiis+remote+admin&gs_l=mobile-gws-hp.12..30i10.225.9367.0.9843.25.24.0.1.1.0.355.3766.0j21j1j2.24.0....0...1c.1.64.mobile-gws-hp..2.23.3212.vzKfE_Y1ynM#q=verizon+fios+disable+remote+administration

[barry99705]

Yep. Always bridge mode the cable modem, put in your own router/firewall.

[Lost In Cyberia]

Thanks for the replies everyone! Sorry for the late reply myself. Okay so the general consensus is that it's best to just keep the ISP router that they provide for me in place. And "underneath" it.. or "down stream of it" hook up a router of my own choosing.

Now my questions are,

1. If I plug this 2nd router into my ISP's router, how do the two communicate? Will it be a PPP connection? Can I choose which method, or protocol of communication they use? I don't know the level of detail you can perform with cheapo home routers....

2. How will router two, know that router 1 is the "outward" facing router?

3.How will both handle DHCP? Surely one will have to deactiviate DHCP supplying.

4. Will the communication between the two routers be using Ethernet to communicate back and forth?

I'd love to have a second router as it seems to open up a bunch of possibilities of creating two 'tiers' of networks. One lan network attached to the ISP router and one lan network attached to the downstream router...

As always thanks everyone for the responses, and of course, a shout out to Cooper who I'm starting to suspect is a google robot... :D

[barry99705]

You'll need to have the isp put their router in bridge mode. Basically it will just hand your internet ip address to your personal router. All it's job to do in life is to make the connection to the internet. Dual nating will cause all kinds of problems.

[Lost In Cyberia]

 

You'll need to have the isp put their router in bridge mode. Basically it will just hand your internet ip address to your personal router. All it's job to do in life is to make the connection to the internet. Dual nating will cause all kinds of problems.

 

Wow, wait, I have to request the ISP to put the router in bridge mode? Isn't that something I can do from my router's management gui?

[cooper]

Depends on the router and your ISP's willingness. It's important for you to understand that this router is part of THEIR network. If you don't tell them you did this as a concious decision, there's a chance they might even reset it with the next firmware update or whatever.

[brianzimm]

If your FiOS install was Ethernet then you can just swap routers. But if you use their TV boxes you need to connect the FiOS router in to your router, so you can get TV guide updates.

[barry99705]

Depends on the router and your ISP's willingness. It's important for you to understand that this router is part of THEIR network. If you don't tell them you did this as a concious decision, there's a chance they might even reset it with the next firmware update or whatever.

It will reset on firmware updates no matter what. I have to call TWC at least once a year to get them to put my modem back in bridge mode.

Wow, wait, I have to request the ISP to put the router in bridge mode? Isn't that something I can do from my router's management gui?

Well once you hit the go button after you check the bridge mode box you lose access to it. It's usually best to let the provider do it. Edited June 23, 2015 by barry99705

[Lost In Cyberia]

I had no idea the ISP had such a 'hand in my cookie jar' so to speak...So if I put my outward facing ISP router into bridged mode, it will basically just turn into a Switch? passing the traffic to my own personal 'inside' router?

[barry99705]

I had no idea the ISP had such a 'hand in my cookie jar' so to speak...So if I put my outward facing ISP router into bridged mode, it will basically just turn into a Switch? passing the traffic to my own personal 'inside' router?

Pretty much.

[cooper]

Note that if your ISP router itself contains a switch, when it's in bridge mode only one port works and that one port gets ALL traffic. If your ISP router comes with built-in WIFI, that will cease to operate in bridge mode aswell. Both tasks should now get handled by your own router (or some other device you decide to operate yourself on your own network).

[barry99705]

Heh, speaking of home routers... My wife called me up yesterday afternoon and said the firewall won't boot. So I stop by and sure enough, no workie. Figured the power supply crapped out, so we run over to WorstBuy™ and pick up a new power supply. Put in the new power supply and holy shit fire!! I quickly unplugged the power cord and reveled in the burnt plastic smell. Figured what the hell was that, and plugged the power cord back in. No fire, yay! The computer fired(heh) back up and booted just fine. Looks like the front usb cable shorted somehow, don't really care, so I just unplugged it. Since we can't do the cool picture tag with https(someone should fix that), here's the link to the carnage.

https://goo.gl/photos/FcdtFxrpWyByUAVb8

[digip]

Heh, speaking of home routers... My wife called me up yesterday afternoon and said the firewall won't boot. So I stop by and sure enough, no workie. Figured the power supply crapped out, so we run over to WorstBuy™ and pick up a new power supply. Put in the new power supply and holy shit fire!! I quickly unplugged the power cord and reveled in the burnt plastic smell. Figured what the hell was that, and plugged the power cord back in. No fire, yay! The computer fired(heh) back up and booted just fine. Looks like the front usb cable shorted somehow, don't really care, so I just unplugged it. Since we can't do the cool picture tag with https(someone should fix that), here's the link to the carnage.

https://goo.gl/photos/FcdtFxrpWyByUAVb8

That sucks. Spare PC as firewall with multiple NICs though?

On my old PC, one of the little boards that connect to a USB thumb drive when you plug them in, snapped off. It still works, but I use a different port since the broken one doesn't support the weight of anything plugged in, and you have to hold something there to use it. I've also seen USB ports spark before, but still work afterwards, but I suspect it shorted yours thoroughly..lol.

As for https images, I've never had any issues. I think it's more that the forums won't files that don't have a mime type extension.

https://lh3.googleusercontent.com/fzlOnBm1yPnSQadQiEU4gjOCWK4AU5RdUe_bFp2CNrUS=w1294-h970-no doesn't end in jpg, png, gif, etc, so for security reasons, it's probably blocked since it doesn't check the file contents itself. To do so, means it would have to actually download the file before showing it, and I think all they do, is render it as an img tag using bb code, which is just showing external files within html, and not stored in the database or uploaded to the site. Try another HTTPS image link that ends in the proper extension, and it should work.

[barry99705]

That sucks. Spare PC as firewall with multiple NICs though?

On my old PC, one of the little boards that connect to a USB thumb drive when you plug them in, snapped off. It still works, but I use a different port since the broken one doesn't support the weight of anything plugged in, and you have to hold something there to use it. I've also seen USB ports spark before, but still work afterwards, but I suspect it shorted yours thoroughly..lol.

As for https images, I've never had any issues. I think it's more that the forums won't files that don't have a mime type extension.

https://lh3.googleusercontent.com/fzlOnBm1yPnSQadQiEU4gjOCWK4AU5RdUe_bFp2CNrUS=w1294-h970-no doesn't end in jpg, png, gif, etc, so for security reasons, it's probably blocked since it doesn't check the file contents itself. To do so, means it would have to actually download the file before showing it, and I think all they do, is render it as an img tag using bb code, which is just showing external files within html, and not stored in the database or uploaded to the site. Try another HTTPS image link that ends in the proper extension, and it should work.

Yea, it's an older hp desktop with three pcie network cards running pfsense. The links are Google images links. It's what you get when you do a shareable link. Think I'll stick with Picasa web albums.