powerMAC G4 as network router.

[powermi]

Hi, I'm moving to a new location and I'm gonna share WiFi with a neighbor that already has his ISP router and I wanna my traffic and my clients to be safe, as It's going trough my neighbor router.
I'm thinking about using one of my powerpc as router and always on for encapsulation of the traffic over VPN or TOR.

how would you approach to that situation?

cheers.

 

[velocityg4]

If it's a fast connection. You're Powermac may have a tough time keeping up and reduce your speed. Even modern $300 firewall/router like the Zyxel USG60 can only handle 180 mbps VPN throughput.

It will also use a lot more power than necessary. I'd say do something with a semi modern CPU perhaps. If you want speed and energy efficiency. Then make it a dedicated PFSense router. You could also run other VM's if you wanted to add more server rolls.

 

[1042686]

I found this thread which may be of help to you.

Turn Powermac G4 into Router

My router sucks. It really does. So do most of the consumer routers I've ever used. But instead of giving up and spending a huge chunk of cash on an industrial router, I have a better idea. I could turn my old PowerMac G4 into a router. The machine is a dual 867 MHz G4 "MDD" / "wind tunnel"...

forums.macrumors.com

 

[Project Alice]

I've actually done this, and I don't recommend it. I have a 400/20 connection, and I was doing a lot of trial and error with a router to replace my consumer router that wouldn't pull more than 100mbps though having all gigE ports.

I started out with Leopard Server 10.5.8 on dual 500Mhz Gigabit Ethernet (Mystic) G4, with the addition of a second GigE NIC out of an xserve. It worked. I was routing, everything was able to connect to the web through the G4. However, I was getting about ~6mbps through it, even with the GigE ports. I ended up just building a pfsense box.

Just for a test, I plugged a Dual 1.8Ghz G5 directly to the modem and ran a speed test. It got iirc around ~80mbps. Still well below the amount I should be getting. So not even a faster PPC mac could do it.
I get anywhere from 380-480mbps usually with my pfsense setup.

If you have any old x64 PCs lying around, I highly recommend pfsense. My current setup is an i5 Lenovo ThinkCentre SFF (gigabyte motherboard though, because PCIe whitelist) Before this, I just used a random AMD Athlon X2 PC I had sitting in a closet. It has an onboard Gig NIC, and it had a PCI Gig NIC in one of the PCI slots. It was perfect, and it handled the traffic no problem. I only upgraded to the Gigabyte/Lenovo because I wanted a smaller form factor with less power usage, and the addition of AES is a nice plus with the i5 in it.

 

[powermi]

Thanks for all the replies, I have a good fx6300 that I could use for it, or maybe just go with a commercial and cheap router, I wanted to use one of the powerG4 that I have around here, in fact my main machine is a dual 1gh and my always on file server is a dual 500mhz GE.
I also don't need to much speed, just reliability.

 

[hwojtek]

How exactly do you intend to have a reliable connection if you introduce more problems than solutions with double-nat and heavily increased latency?

 

[Project Alice]

How exactly do you intend to have a reliable connection if you introduce more problems than solutions with double-nat and heavily increased latency?

There wouldn’t be double nat if whatever box he uses as a router is the only thing routing. Consumer routers can be used as dumb switches/access points when put into bridge mode.

 

[hwojtek]

There wouldn’t be double nat if whatever box he uses as a router is the only thing routing. Consumer routers can be used as dumb switches/access points when put into bridge mode.

Wait, so what type of security does this approach introduce?
Or do you say a single connection can be shared by two households by hooking up two routers to a switch? This is not how it works.

The OP wants to "share wifi" with his neighbour. "Sharing wifi" is just connecting to someone's wifi using a password and forgetting about it, there is no point in trying to be "more secure". It's either tunnelling all the traffic through a VPN (a Raspberry would do nicely as a VPN gateway with wifi as the external and ethernet as internal interface) or just letting it go as is.

If the OP is concerned about his neighbour checking out the connections in real time or looking into DNS logs - well, just don't browse those sites. As long as there is SSL involved, though, the neighbour has zero insight into the traffic. Why bother?
If it's that "important" - get your own access, if your neighbour has it, it's technically feasible and you'll have your own service in days.
If the OP is concerned about security "as a whole" - shouldn't be using someone's wifi in the first place.

There is a couple of non-existing (or slightly exaggerated) problems in this thread, a couple of fundamental misconceptions and a couple of "solutions" that do not solve anything. With using a G4 as another router (this wouldn't solve anything, BTW) being just the first one.

 

[Project Alice]

Wait, so what type of security does this approach introduce?
Or do you say a single connection can be shared by two households by hooking up two routers to a switch? This is not how it works.

The OP wants to "share wifi" with his neighbour. "Sharing wifi" is just connecting to someone's wifi using a password and forgetting about it, there is no point in trying to be "more secure". It's either tunnelling all the traffic through a VPN (a Raspberry would do nicely as a VPN gateway with wifi as the external and ethernet as internal interface) or just letting it go as is.

If the OP is concerned about his neighbour checking out the connections in real time or looking into DNS logs - well, just don't browse those sites. As long as there is SSL involved, though, the neighbour has zero insight into the traffic. Why bother?
If it's that "important" - get your own access, if your neighbour has it, it's technically feasible and you'll have your own service in days.
If the OP is concerned about security "as a whole" - shouldn't be using someone's wifi in the first place.

There is a couple of non-existing (or slightly exaggerated) problems in this thread, a couple of fundamental misconceptions and a couple of "solutions" that do not solve anything. With using a G4 as another router (this wouldn't solve anything, BTW) being just the first one.

Look up pfsense. It is more than capable of all this. If you can imagine it, it can probably do it.
You’ll be able to answer all of that with their documentation. This isn’t a pfsense forum or thread.

pfsense is FreeBSD custom designed to act as a firewall and router, amongst other things.

 

[hwojtek]

You probably do not realise how misfit it is to this scenario, do you? What would you do with PFSense if you connected it to neighbours wifi?

There is no point in introducing PFSense into this setup. Also, if you claim it would do anything, please back it up; you called PFSense first and now it's "not this forum"? Ridiculous.

 

[Project Alice]

You probably do not realise how misfit it is to this scenario, do you? What would you do with PFSense if you connected it to neighbours wifi?

There is no point in introducing PFSense into this setup. Also, if you claim it would do anything, please back it up; you called PFSense first and now it's "not this forum"? Ridiculous.

Yeah ok dude I'm the one being ridiculous. Clearly you're too lazy to google.

Somehow I missed the part where OP said he's using neighbors modem and router, I thought it said that he wanted to share it with them. Nonetheless, setting up a pfsense box as his neighbors router would do this job nicely, as you can theoretically create as many networks with it as you want.

For future reference, you could not be as rude in your replies. You may receive nicer responses. I'm a firm believer in treating people nicely until they start not reciprocating.

Thanks for all the replies, I have a good fx6300 that I could use for it, or maybe just go with a commercial and cheap router, I wanted to use one of the powerG4 that I have around here, in fact my main machine is a dual 1gh and my always on file server is a dual 500mhz GE.
I also don't need to much speed, just reliability.

OP, just get a VPN. That's do the job you're really wanting and probably cheaper. As you see from my above comment I somehow misread your post as I thought YOU were the one wanting to share your internet, not the other way around. With a VPN, you can just connect to it on whatever device you're wanting to use.

 

[hwojtek]

Somehow I missed the part where OP said he's using neighbors modem and router, I thought it said that he wanted to share it with them. Nonetheless, setting up a pfsense box as his neighbors router would do this job nicely, as you can theoretically create as many networks with it as you want.

So you suggest that someone wanting to hook up to his neighbors wifi will start with changing the router to his own - essentially reversing the situation and making the neighbor and link owner a guest to his own service. I don't know if it's gonna work.

For future reference, you could not be as rude in your replies. You may receive nicer responses. I'm a firm believer in treating people nicely until they start not reciprocating.

I am a firm believer people come to forums to be informed, not to be thrown anything somebody read on the internet on them - in this case "get PFSense, it will work".
It takes at least basic understanding of circumstances and requirements, not "I have seen something that claims to work on the internet". In such case, if I see someone making mess of somebody elses problem, I will be harsh and stop them from giving ill advices. I assume there weren't many networks, VPNs, routers or, heck, even PFSenses you have ever configured?
I'll leave these "rude" accusations aside. I asked questions you didn't answer and now it turns out you didn't even read the actual post, but call me "rude". Sad. For future reference - make sure you understand the actual problem.

OP, just get a VPN.

(a Raspberry would do nicely as a VPN gateway with wifi as the external and ethernet as internal interface)

Yeah, thanks. Somehow you read this one.

 

[Project Alice]

So you suggest that someone wanting to hook up to his neighbors wifi will start with changing the router to his own - essentially reversing the situation and making the neighbor and link owner a guest to his own service. I don't know if it's gonna work.

I am a firm believer people come to forums to be informed, not to be thrown anything somebody read on the internet on them - in this case "get PFSense, it will work".
It takes at least basic understanding of circumstances and requirements, not "I have seen something that claims to work on the internet". In such case, if I see someone making mess of somebody elses problem, I will be harsh and stop them from giving ill advices. I assume there weren't many networks, VPNs, routers or, heck, even PFSenses you have ever configured?
I'll leave these "rude" accusations aside. I asked questions you didn't answer and now it turns out you didn't even read the actual post, but call me "rude". Sad. For future reference - make sure you understand the actual problem.




Yeah, thanks. Somehow you read this one.

At least I admit to the fact I misread the post. You continue being rude and unhelpful.

And everything I said regardless is still valid. Anyone willing to let someone else use their internet in this manner would more than likely not object to OP coming over and setting up something to separate their networks.

 

[hwojtek]

You continue being rude and unhelpful.

I'm sorry to inform you I was the first in this thread to suggest a VPN. Yet you shamelessly throw "rude" at someone who not only gave the one real solution, but who pointed out you misinform other people. Saying you give ill advices is not being "rude", snowflake. It's stating a fact that you can do more harm than help. Acting hurt because of it and turning it personal instead of saying "OK, I'm not a pro in this area" is being rude... Alice. This is not the first time you give advices of "there is something I have seen and maybe it will help or not, Google it". This is wasting other people's time.

And everything I said regardless is still valid. Anyone willing to let someone else use their internet in this manner would more than likely not object to OP coming over and setting up something to separate their networks.

PFSense will not by itself separate their networks. Setting up a VPN and routing all traffic through would. Setting up two subnetworks with separated processes for their respective DNS and DHCP daemons (which PFSense does not allow AFAIK) would. Which is a rather complicated process calling for something more than a G4 or a consumer router.

Again: VPN for the OP, client separation turned on in wifi on the host router. That's all.

 

[swamprock]

.

 

[1042686]

This thread is reminding me of this video for some reason.

If for no other reason, it's darn funny lol.

 

[Project Alice]

This thread is reminding me of this video for some reason.

If for no other reason, it's darn funny lol.

I do get a little pissy especially if I get on here after my 12 hour shift lol, Maybe one day I'll learn to ignore people... ?

 

[swamprock]

I do get a little pissy especially if I get on here after my 12 hour shift lol, Maybe one day I'll learn to ignore people... ?

It's simple. Just tell yourself it isn't worth it, then hover over their name and click ignore. This forum is unusually peaceful compared to the others on this site, and it'd be nice if it stayed free of those with misguided egoism and an overblown, delusional self-image.

 

[Project Alice]

It's simple. Just tell yourself it isn't worth it, then hover over their name and click ignore. This forum is unusually peaceful compared to the others on this site, and it'd be nice if it stayed free of those with misguided egoism and an overblown, delusional self-image.

Yeah, you're right. Plus we already have reddit for that ?

 

[1042686]

I do get a little pissy especially if I get on here after my 12 hour shift lol, Maybe one day I'll learn to ignore people... ?

No judgement from me, man. So you made a mistake, welcome to the human race. Your intent to help was absolutely in the right place. The art of delivering information in a positive way so it is received & understood is as important (if not more so) than the information itself. In short if you're a d*ck, I'm not going to listen to you and I won't care much if you're right because I think you're an ******. Furthermore, having the social maturity to make someone aware of their error in a positive way that doesn't belittle them or erode into a conflict is just as important - this is not at all an easy skill to grasp as is evidenced by nearly every social space you look at online lol and illustrates why this particular forum, as imperfect as we are at this, over all is so nice.

 

[swamprock]

Yeah, you're right. Plus we already have reddit for that ?

Yeah. I always love the "snowflake" comments that are made when someone gets called out for being a rude idiot. It's always spewed by weak-willed, simple people who have no shred of integrity, civility or intelligence.

Ok... no more from me. Back on topic...

 

[z970]

This thread is reminding me of this video for some reason.

If for no other reason, it's darn funny lol.

Printer videos are for suckas.

 

[Rikintosh]

Do you really want to use a computer that consumes more than 200w per hour, to do the service that a cheap router that consumes less than 20w would do?

 

[powermi]

At the end I used and WRT router, still keeping my G4 as file and music server, I'm considering moving to freeBSD from OSx but having TimeMachine backups is super convenient.

 

[bse5150]

Or do you say a single connection can be shared by two households by hooking up two routers to a switch? This is not how it works.

I have a single connection to a single ISP and I have two routers attached. The gateway/modem/router my ISP provides allows "IP Passthrough" on any of the four ports on it. Since my ISP allows you up to three IP addresses per account I just toggled IP Passthrough on port one of the gateway which gives my PFSense box its own IP address from my ISP. The ISP provided router handles all of my wifi and my PFSense box takes care of all my wired connections... And never the twain shall meet because that is the way I want it.

Perhaps by "single connection" you meant single IP address?
[automerge]1589662927[/automerge]

Do you really want to use a computer that consumes more than 200w per hour, to do the service that a cheap router that consumes less than 20w would do?

I use a $40.00 thin client for my pfsense box... consumes 20 or less watts of power and handles a gigabit internet connection just fine. I don't really have a lot of rules though: block all incoming connections unless they have state and allow all outgoing connections. Other than that, all it does is nat... dhcp and dns and even ntp are all handled by another thin client. I'm thin obsessed.