[Solved] IoT firewall/router to maximise connected clients?

IrvineHimself · 2022-11-04 05:57:49

I have been experimenting with IoT tech, and am looking to firewall my 'smart network'. In addition, currently, my internet connection is through a Tp-Link M7350 mobile dongle which only supports a maximum of 10 connected devices.

When funds are available, I will upgrade the router and convert an old laptop to a dedicated firewall, but, as an interim measure, (and proof of concept,) I am researching how to use my current laptop to both firewall the network and increase the connected device count.

I can see two possible ways of doing this:

Network Manager, a second, (USB,) WiFi dongle and the built in WiFi.
Use hostapd and/or the linux-wifi-hotspot package.

The big question is, With iw or other, how can I find the maximum number of devices I can connect to my laptop's built in WiFi when it is functioning in AP mode?

Irvine

Last edited by IrvineHimself (2022-11-06 03:58:39)

ewaller · 2022-11-04 15:28:00

My first crack would be to find a router that can use DD-WRT. You might find this link of use: https://dd-wrt.com/

I can think of 4 things that might limit the number of devices that can attach.

1. The class of network. Most home routers are set up for x.x.x.x/24 IPv4 addresses (previous known as class C). This permits, what, 254 addreeses?

2. Bandwidth of the network, This is not just the bits/sec which needs to be shared amongst n devices, But the devices also have to deal with collision detection and retry -- with a lot of devices on the bus the clients have a high likelihood of stepping on each other and may spend a lot of effort looking for an open slot in which to transmit.

3. A DHCP server run my the router may have a limited pool of addresses (this might be the limit on your current device if you wan to muck with that)

4. An artificial limit that the manufacturer imposes based upon their engineering judgement beyond which network performance falls apart.

DD-WRT should let you work around 1,3 and 4. As a point of reference, my network currently has 3 general purpose computers, 1 computer used as a server, 2 phones, 1 television, 1 Roku, 1 Printer, 1 Oscilloscope, 1 3d printer, 1 thermostat, 2 rasp-pis used to control irrigation, yard lights, fountain pumps, etc and one old router used as a bridge and a VPN server. I clearly blow through the limit of 10 devices and this network is very fast.(This laptop reports 960Mb/s currently) and never really see any delays while watching streaming video and using multiple remote desktops. So it is doable. In fairness, this network is split across 1 5G and two 2.4G radios. Most of the IoT is on a dedicated 2.4 radio where I can see them, but they cannot see me.

The one nice thing about IoT is they generally don't talk or consume much. If not, it is probably a flawed design (perhaps deliberately)

IrvineHimself · 2022-11-04 17:25:46

Thanks, that is very interesting and has given me ideas for further research. A few days ago, if someone had suggested that my network only supporting 254 clients was going to be a problem, I would have laughed in their face. Unfortunately, these things can quickly start to add up. Yesterday, I got a Nest-mini-speaker + Tp-link smart plug on special offer at half price, (£35,) and was shocked when I realized I was over the 10 client limit for my dongle.

For reference, I currently have:

Laptop (2 connections: my laptop network name and my laptops wlsp0)
Chromecast
Smart phone
Nest mini
3 mood lights in bedroom/library area
2 mood lights in office/living area
3 smart plugs for: heater, kettle, coffee machine

In addition, I will shortly be moving into sheltered retirement accommodation and have my eyes on a number of other dongles to do things like open curtains, windows, doors and generally aid in living with reduced mobility.

I have spent the afternoon reading router specs and generally googling related terms like 'access points' ... etc, and it's amazing how often available bandwidth is causing bottlenecks in small home networks. So, that is obviously another concern to which I hadn't given much thought.

The one nice thing about IoT is they generally don't talk or consume much. If not, it is probably a flawed design (perhaps deliberately)

An intentionally flawed design is one of my biggest concerns. Accepting that Google already knows me better than my mum, I have been rejecting a lot of third party tech because of the required permissions. When you take a close look, a lot of available tech, rather than providing the advertised service, is primarily acting as a data sponge. As a result, the IoT seems to be going the same way as the old internet, with big tech sacrificing basic security in order to facilitate the collection of valuable personal data.

Thanks for your input, it has given me a lot of thought for further area of research.
Irvine

ewaller · 2022-11-04 18:05:13

IrvineHimself wrote:

An intentionally flawed design is one of my biggest concerns. Accepting that Google already knows me better than my mum, I have been rejecting a lot of third party tech because of the required permissions. When you take a close look, a lot of available tech, rather than providing the advertised service, is primarily acting as a data sponge. As a result, the IoT seems to be going the same way as the old internet, with big tech sacrificing basic security in order to facilitate the collection of valuable personal data.

Amen, brother.

That is part of the reason I segregate IoT -- especially devices that provide no utility to me on my network, for example, my alarm system [I forgot about that one] and my thermostat. I can control the thermostat, but nit directly -- I have to go through the manufacturers' cloud interface. Same goes for the alarm. The Roku is a corner case -- by letting it inside my normal net I can cast to it.

IrvineHimself · 2022-11-04 18:33:00

I can control the thermostat, but nit directly -- I have to go through the manufacturers' cloud interface.

Hence the firewall. Okay, I am still working my way through the idea, but I believe if I choose the tech carefully, I can set up something like this on the secondary firewall/router:

incoming, deny all
incoming, allow manufacturers IP mask

This would be an additional second line defense to the Stateful Firewall provided by the main 4/5g router. Edit: I have also been studying subset masks to separate various groups of devices

Like I say, I am still working my way through it and their may be other factors I have not yet considered, but I believe the basic concept is sound.

Last edited by IrvineHimself (2022-11-04 18:43:03)

Lone_Wolf · 2022-11-05 12:18:24

incoming, deny all
incoming, allow manufacturers IP mask

Keep in mind that using those rules in that order will block the manufacturers IP mask.
deny all should be the last command in a firewall setup.

IrvineHimself · 2022-11-05 13:54:21

Thanks for pointing that out. I did warn everyone it is a basic plan with many which kinks which still need to be worked through

IrvineHimself · 2022-11-06 03:52:36

Okay, I have been doing some further research into DD-WRT, and it definitely appears to be what I am looking for. Due to a combination of available finances and steep learning curve it may take me a month or so to fully develop the system I have in mind, but, since this post is already coming up in my own google searches, here are some of main reasons this is the chosen solution compared with, for example, pFSense:

The goal is to use an old laptop as a firewall/router for a smart IoT network
In the betas download section, there is an X86_64 image for DD-WRT. (you obviously want the latest image.)
DD-WRT natively supports iptables
As proof of the concept of using DD-WRT to convert an old PC or Laptop into a firewall/router, there is this YouTube Video using a Windows PC. (When I actually get my hands on an old laptop, I myself will be going for a bare bones stock arch installation with Apparmor and, probably, no DE).

Finally, I am going to change the title slightly to better reflect the nature of the post.

Last edited by IrvineHimself (2022-11-06 04:14:06)

Arch Linux

#1 2022-11-04 05:57:49

[Solved] IoT firewall/router to maximise connected clients?

#2 2022-11-04 15:28:00

Re: [Solved] IoT firewall/router to maximise connected clients?

#3 2022-11-04 17:25:46

Re: [Solved] IoT firewall/router to maximise connected clients?

#4 2022-11-04 18:05:13

Re: [Solved] IoT firewall/router to maximise connected clients?

#5 2022-11-04 18:33:00

Re: [Solved] IoT firewall/router to maximise connected clients?

#6 2022-11-05 12:18:24

Re: [Solved] IoT firewall/router to maximise connected clients?

#7 2022-11-05 13:54:21

Re: [Solved] IoT firewall/router to maximise connected clients?

#8 2022-11-06 03:52:36

Re: [Solved] IoT firewall/router to maximise connected clients?

Board footer