somebody looking over my shoulder

I am slightly new at this Internet stuff but a find common sense kicks a lot of BS to the curb. Of course we know the rumour mill on the Internet is small. :) (sarc).
 
A friend that is very net savvy told me he was using a vpn service with a rotating random IP spoofer to download P2P movies. But then that was when it was worthwhile and cheap on-demand movie services didn't exist as much. 
 
I think there is originating IP information in the packets anyway. It would logically seem that, despite jumping around 99 lily pad redirectors the frog still has to know how to get back home. OTOH, personal routers do this, remembering where they got the request from, but everybody externally only gets the ask from your ISP address.....maybe?
 
I don't know. Can you trust anything when most information is based on somebody trying to sell you another expensive wall. :)
 
Where there's is a will, there's a way. 
 
Thinking this comes from a Proverb from the 1600's.

Relating to digital STBs - here used introductory FIOS - kept the STBs on router provided network (and DNS) and bridged one port on the combo box to another firewall and separate subnet.
 
I have pfsense running on a Qotom i5-based fanless PC and it's been quite reliable.  It also runs my in-bound VPN service, along with DNS.  Internal to that I have pi-hole running on a Debian VM to do DNS filtering/blocking.  The combination has been totally effective at cutting out a large majority of unwanted spam.  

I don't use an outbound VPN, but I could just as easily configure the pfsense router to do that.  Essentially keep an 'nailed up' VPN connection.  But, honestly, there's nothing I'm using the connection for that would demand that sort of added effort and delay to the traffic.
 
 
wkearney99 said:
I have pfsense running on a Qotom i5-based fanless PC and it's been quite reliable.  It also runs my in-bound VPN service, along with DNS.  Internal to that I have pi-hole running on a Debian VM to do DNS filtering/blocking.  The combination has been totally effective at cutting out a large majority of unwanted spam.  

I don't use an outbound VPN, but I could just as easily configure the pfsense router to do that.  Essentially keep an 'nailed up' VPN connection.  But, honestly, there's nothing I'm using the connection for that would demand that sort of added effort and delay to the traffic.
 
Sounds great but what does pfSense do for you that a simple router wouldn't do these days?
 
What do the advertising holes on the webpages show when you get 'less spam'?  They formerly showed blank spots where the adverts aren't.
 
With HTML 5 these days, the browser pages can have their own intelligence. Some  pages won't even display if the spam isn't downloaded first. I am not sure if they need to be displayed or HTML 5 script can tell that. I have tried a few adblockers and it seems  they have to download it first to know whether to display it or not. 
 
mikefamig said:
 
I can not change my dns because my isp uses it to deliver programming info to my iptv television set top box. When I cahnge the dns addresses my program listings stop working. I would need to set up my own router/firewall inside their router/firewall for my personal use. I may do that one day but haven't yet.
That's not how DNS works.  DNS only provides hostnames, not content or programming.  It is possible that your ISP (which is?) uses their DNS servers to host DNS records for services and only provide them to ISP-connected links.  As in, lookups your boxes use can only be resolved via the ISP servers.   Verizon's set top boxes on coax do some similar sort of stuff, but I refuse to use their boxes; preferring Tivo units instead.

To get around that would be pretty trivial for pfsense.  You'd just set up a DHCP lease that says the IP addresses assigned to your set top boxes would use the ISP DNS servers.  Everything else could go to wherever else you'd choose, be it on the router itself, or anything else internal/external.  
 
LarrylLix said:
Sounds great but what does pfSense do for you that a simple router wouldn't do these days?
 
What do the advertising holes on the webpages show when you get 'less spam'?  They formerly showed blank spots where the adverts aren't.
 
With HTML 5 these days, the browser pages can have their own intelligence. Some  pages won't even display if the spam isn't downloaded first. I am not sure if they need to be displayed or HTML 5 script can tell that. I have tried a few adblockers and it seems  they have to download it first to know whether to display it or not. 
 
Read up on pfsense if you want to learn more. 
 
Most SoHo 'simple' routers are woefully underpowered and lacking in anything more than basic functionality.

If a page doesn't work when blocking is active I move on.  There's plenty of other websites out there that don't require lifting the blocking.  And in the rare situation where I find one I 'have to' use it's trivial to tell pi-hole to temporarily stop and see if the site works.  If it does then it's likewise trivial to add that site to the whitelist.
 
PFSense free would be akin to a $20k Cisco ASA router on steroids and an easy to use managment GUI that runs on BSD.
 
Have a look here at just one of the free offered plugins for PFSense. 
 
IE: PFBlocker which uses a MaxMind base (well provided by the author of MaxMind.
 
PFBlocker.jpg
 
Most / Many SOHO combo routers still today have small CPUs and little memory (as Bill mentions above) and typically get constipated and you have cold boot them to get them to work properly after some time.
 
Installing a front line defense (PFSense) to your home network frees up most of the work done by whatever protection software you utilize on your LAN devices.
 
 
 
 
 
I went with the i5-based Qotom to make sure I had enough 'headroom' to be able to anything likely within the next few years.  Specifically, having enough CPU to handle encrypted VPN traffic without choking the CPU.  Being FreeBSD-based means the drivers are well-vetted and reliable.  What that doesn't mean is support for bleeding edge new stuff.  That's fine, a router doesn't really need that.  

Also note mine is a purely wired setup, no wifi on the router.  WiFi IS a situation are where bleeding edge is often desired.  I went with Ubiquiti units because I want coverage and reliability.  They're independent of the pfsense wired router.  Note, they require a 'controller' to get their best functionality.  I have it running on the same VM that runs my pi-hole DNS server.  Works great.

Eventually you learn, good, fast, cheap... pick two.  I spent and now I have a fast, reliable and capable network setup that's set-and-forget.
 
wkearney99 said:
That's not how DNS works.  DNS only provides hostnames, not content or programming.  It is possible that your ISP (which is?) uses their DNS servers to host DNS records for services and only provide them to ISP-connected links.  As in, lookups your boxes use can only be resolved via the ISP servers.   Verizon's set top boxes on coax do some similar sort of stuff, but I refuse to use their boxes; preferring Tivo units instead.

To get around that would be pretty trivial for pfsense.  You'd just set up a DHCP lease that says the IP addresses assigned to your set top boxes would use the ISP DNS servers.  Everything else could go to wherever else you'd choose, be it on the router itself, or anything else internal/external.  
 
I think you just said what I said but in a lot more words, the iptv is dependent on their dns tables. The ISP (Frontier Comm) has entries,services or whatever associated with their DNS server that provide critical info to their set top box. I am not a network tech. What I do know is that necessary functions of the stb stop working when I change the dns address on the router to google or other and start working again when I direct the router back  to the Frontier dns servers.
 
Mike.
 
I was reading the pfSense sales brag page, but other than it keeps referring me to the sales page to buy it for more than $1K I can't make out it does anything that my 2Ghz Dual core router does.
 
 Firewalls don't keep out spam, viruses, malware, or advertising. There is mention that there is an internal  DNS server that can be enabled, but no mention of why I would want to be using a another downstream DNS service.
 
I see lots of "it's wonderful" on the sales webpages, and it works on yet another free OS, but I have found  no actual benefits demonstrated or even claimed. This is why I was asking here.
The forums found, only seem to discuss the 2014 pfSense hardware they were selling back then. Hardware firewalls do make more sense...somewhat, but I am not interested in firewalls.  Again, a simple router does that completely and safely without fail.
 
Is there some good website with more information on this. You guys seem pretty enthused about it. :)
 
Run it on your own hardware.  They sell their own, but the software is open source and can be run on your own iron instead.  I went with the fanless setup to have a silent router with no moving parts to maintain.  For SoHo dedicated devices OpenWRT (and it's variants) is a popular option but then you're limited to the CPU and RAM of the consumer hardware. 

My i5 runs with 4gb RAM and a 32gb SSD.  My pfsense install uses just under 3gb.  Using a larger SSD helps avoid the housekeeping issues that SSDs develop over time.  Which is also a whole other conversation. 

As for the hows and whys of DNS, that's a much more involved conversation. 
 
The basic point is many ISP DNS servers are actively mining your DNS lookups and selling that data. 

Using one of your own, configured for direct resolving, does an end-run around that.  Taking it a step further and using blacklist services stops a lot of advertising and spam from even being resolved, stopped before it's even loaded in a browser.
 
Is there some good website with more information on this.
 
Right here on Cocoontech I have written a few blogs on building a PFSense Firewall, adding hardware and plugins.
 
and
 
also have written on Homeseer.
 
and
 
google PFSense and you will find many reviews and articles about it on internetlandia.
 
I don't think clearing cookies removes tracking like it used to. Other tokens can be used that aren't cleared.
 
Couple years ago I configured a new car online, using Tor. I sent the configuration via Proton email, new account, text only, to the local dealership with my proposed cost. The specific salesman who gave me a test drive 3 months before responded to my email request, out of about 20 different salesman. I didn't provide many details at all, to the salesman, about what I wanted. Coincidence possible, but less likely. Dealership accepted my offer, worked out fine, but it was still annoying.
 
Wife and I booked a cruise a few years ago and received confirmation with details in an email from the travel agent.
 
The cruise with dates, names, and details showed up in my wife's calendar on her mobile phone. Google scraped the email for content and deposited the information in her calendar.
All google services, very cool too,  but way too scary for me!
 
Just for fun, sign into google timeline and find out how many minutes you spent in each store, restaurant, and gas station for the last few years. You have to love that one. My guess is they can extrapolate who you were with, also. The trails you leave when travelling all over North America are really scary too.
 
Back
Top