Do you have a complete list of features for a budget router?
Do you have a complete list of features for a budget router?
Updated the setup. Installed the desktop and acquired another affordable NIC featuring a single GbE port intended for the AT&T gateway. After reviewing the pfatt documentation further, it directs traffic based on the interface context rather than fixed IP or MAC addresses. Therefore, I required a dedicated interface solely for the gateway, ensuring no bridging occurs with other connected devices—consistent with the guidance to maintain at least three physical interfaces and avoid placing the gateway on a switch. I inserted the NICs, installed pfSense, and configured the interfaces in the console. However, upon logging into webConfigurator at the default LAN IP (192.168.1.1), I encountered an issue: the address was unreachable from my laptop connected via a wired LAN link. Various troubleshooting steps were attempted—restarting PHP-FPM, restarting webConfigurator, enabling SSH, etc.—but the problem persisted, with the IP appearing unresponsive or slow. Possible causes included browser caching, incorrect interface IP assignments, or misconfigurations. I reset everything to factory settings and re-assigned the interfaces, planning further tests. For pfatt, I modified the pfatt.sh script in the repository, specifying the correct interfaces and gateway MAC address for netgraph reference. I’m ready to transfer it to root/bin after testing. Internet connectivity was needed recently, so I temporarily connected the AT&T gateway instead. I’ll keep an eye on the situation and reach out once more with clearer steps.
I don’t like PFsense on bare metal because it doesn’t match my hardware setup, especially with AHCI and NIC issues. It feels like a completely different animal in a VM where you can use a consistent hardware setup. Ubiquiti EdgeRouters are my top choice for value. These routers are surprisingly powerful for their low price. The main drawback is speed—Edgerouter Xs are affordable but struggle with high-speed needs. Newer models with faster chips are hard to get right now. Similar problems show up with other budget options, possibly limiting their performance for gigabit internet.
Managing 1Gb is definitely my top priority, especially since that’s what the ISP provides. If speed was the only goal, the AT&T gateway could handle it directly. However, this project focuses more on dependability and network customization than the restricted options of a fixed gateway. Regarding drivers, I didn’t encounter any issues with pfSense recognizing all the NICs, even the inexpensive Realtek model I bought last minute worked fine without extra setup. I verified the FreeBSD version pfSense 2.6 is installed and cross-checked the supported hardware list to confirm Realtek chipsets were included. Overall, I’m impressed with how much you can tweak in pfSense, though it can feel a bit daunting for someone new to networking. Plus, I’m also testing more advanced tasks like running a bridging script. I’m tackling things step by step and reading documentation thoroughly to improve my understanding.
I prefer running it directly without any software layer for the fastest response times. For top performance, using Intel NICs in bare-metal is ideal. Realtek NICs usually cap at around 910Mbit rather than Intel's 940Mbit, which isn't uncommon. I also dislike needing to restart the system just to maintain OS updates. Even custom appliances with 2.5Gbit speeds are affordable now, but I don't think extra complexity adds real value or reduces latency.
As discussed, I rely solely on the Realtek NIC for the gateway bridge. Netgraph handles traffic across an entire interface rather than targeting specific IPs or MAC addresses. It was the only NIC available locally, which allowed me to set up pfSense with the bridging script effectively. All other client traffic flows through the Intel NICs. The pfatt script even notes that a low-quality 100Mb USB Ethernet adapter works fine for this role, as it only sends a few packets occasionally for authentication. I was concerned about driver compatibility with FreeBSD, so I verified the hardware support list before purchasing the NIC at Micro Center. Although not ideal, the only connection to this setup is the gateway, which doesn’t handle NAT or firewall management.
Today I’ll tackle the webConfigurator problem. Switching to that and using SSH should simplify things. Then I can explore running SCP to copy the script to the root directory and ensure it starts automatically (maybe via a USB drive).
Another possible reason for the remoting issue is that you lack additional network connections. Connecting to the ONT or residential gateway without having the script configured on pfSense to forward EAP traffic might trigger concerns with your ISP. I’m also questioning whether a WAN connection is necessary for remote access via webConfigurator from another machine through the LAN. I’ll test from a different device with a physical RJ45 port, as the TP Link USB-C adapter on my XPS 15 has caused similar problems before. If that doesn’t resolve it, the issue might lie with the browser or certificate validity—though you usually get a clear error message instead of just “host unreachable.”
The arrangement seems complex because it blends different network roles in one space. It’s challenging to understand how TV and File Server operate together without disrupting other devices on the same network. The BGW appears to handle both broadcast and general traffic, which is unusual since WAN ports are meant for external connections only. This setup raises concerns about security and performance if similar services run alongside critical infrastructure.
I modified the diagram you referenced by using a different NIC that connects solely to the gateway. I noticed this problem in several posts as well and created a separate interface just for the BGW. Currently, I have four interfaces on the pfSense device. The script links WAN (ONT) with LAN (BGW), directing EAP traffic and tagging all other traffic with VLAN0 so it flows through the ONT smoothly. This setup ensures the LAN interface only processes authentication packets, while the rest of the traffic is handled via OPT1 and OPT2 interfaces, fully managed by pfSense.
Another update, I managed to connect remotely to the LAN interface and access webConfigurator to finish the setup. It turned out my laptop lacked an assigned IP address, so I configured a static IP on the Ethernet adapter in Windows. After logging in, I briefly linked the WAN to the switch on the BGW to install packages, mainly shellcmd. I modified the script file and transferred it via WinSCP to the /root/bin directory with executable permissions. After restarting, the script didn’t execute properly, so I plan to use a different text editor since Notepad might interfere with encoding. This could affect FreeBSD’s recognition of the file as executable. Once resolved, the script should prompt me to set up the bridged connection as WAN and forward traffic correctly. Edit: It actually ran the script now; I have a bridge interface named ngeth0 in my interfaces. The next challenge is logging into the web GUI from another interface, since the LAN will only connect to the AT&T gateway now, preventing me from using the laptop port directly and requiring me to assign WAN settings through the bridge for full functionality.
Upcoming update. Progress is being made; just need further tweaks in the web GUI so the LAN can reach the public Internet. I changed my interface assignments: WAN → ngeth0 (this bridge connects em2 and re0, forwarding traffic under VLAN0), LAN → em0 OPT1, em1 OPT2, re0 (AT&T gateway connection) now removed, and em1 now takes over the role. My two switches are now linked in a simple chain on the LAN port, keeping everything on the same subnet. The home network layout is now clearer. I confirmed the script runs as expected and netgraph displays correctly against the GitHub source. I checked #ngctl list, #ngctl show xxX, and everything aligns with the visual version. IP assignment via DHCP works on LAN, pfSense pulls public IP from ONT, and NAT rules auto-activate. Still missing internet access—gateway’s “Broadband” light stays red. It seems configuration isn’t syncing properly, possibly due to IP or DNS issues. I’m not using the repository’s $ONT_IF or $RG_IF interfaces since they’re never assigned; they’re just labeled em2 and re0 in my tests. My focus remains on IP settings or DNS. I also looked into WPA-SUPPLIANT, but it feels overly complex. I’m leaning toward a more direct fix—either gaining root access to decode certificates or physically inspecting the hardware via dumping. For now, I’ll keep troubleshooting while relying on the AT&T gateway for temporary connectivity.