BootAble – FreeDOS boot testing freeware
To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.
GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.
The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.
You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.
(You may permanently close this reminder with the 'X' in the upper right.)
for the congestion, would it be better if two different wireless routers were on different channels?Having wireless devices both on your "secure" network and on your "insecure" IoT network would entail having two wireless routers. This will have you causing your own extra congestion... so ideally it would be better to keep your secure network wired only and put all devices, such as your cell phone on the IoT network. You could potentially achieve this with a personal VPN into your secure network, but boy that all starts to sound really complicated. It makes a lot of sense to put your phone on the IoT network if it's going to be running apps to control the IoT devices anyway.
If you can restrict yourself to just one wireless access point, then you just need simple wired only routers for the other two devices. (No you don't strictly need two use three routers, but the premise is a defense in depth... if one of the routers fails to block an attack, the other two should contain the damage.)
thanks, that is helpful to hear about that netgateIn the past, Steve has recommended pfSense running on a Netgate SG-1100. I would strongly recommend AGAINST using that device. I have one, and have found it so under powered to the point of being unusable. It takes 10s of seconds after entering the login and password into the gui to bring up the status screen, and similar time to save a configuration change or switch between screens. There is no native wifi hardware, and limited support for 3rd party hardware, so you will need a second router anyway.
I am looking around for an alternative, and am strongly leaning towards something the will run OpenWRT.
5GHz does not carry very far, and my experience has been that it is only every better than 2.4GHz if you are in the same room as the router. So not worth paying extra for.
Yes, but most modern routers can manage this on their own anyway, I believe. (Certainly the higher end/mesh ones do.) If you wanted to spend some money, and do some messing about/heavy learning, you could buy a single wireless system... something business class like Ubiquity and then you would have better control over which devices can see what other devices. (But then you might end up with a full time job of figuring things out too.)two different wireless routers were on different channels
The “3 dumb routers” is still as acceptable today as it was before. I wouldn’t go out and buy 3 dumb routers, but if you have them, go for it ASSUMING they are still being supported by their respective manufacturers. Otherwise, that could be a security issue. Also, don’t forget to turn off WiFi on the edge device to reduce congestion, and make sure the other 2 are on different channels and/or frequencies. In regards to an Edgerouter X, it will accomplish the same thing assuming you configure it correctly. If you are fairly savvy, pfsense would also be a great option providing you have a spare box and appropriate NICs.Apologies if these are dumb questions. If this type of question was answered earlier on this forum, searches didn't bring it up so if you have a good post here or elsewhere feel free to forward me to that one My current OnHub router (that I should've replaced a long time ago) is getting discontinued by Google and I will be replacing it of course. It is just for my personal use (IOT devices, laptops, computers, etc.), so nothing too complex is needed (and reasonably cheap is of course good).
In 2022, do you think hardware separation with the "three dumb router" idea still ideal, or do some of the routers (like the Edgerouter X and those with one or more Guest Wifi) actually offer sufficient network separation at a hardware level, to satisfy a somewhat paranoid / cautious individual?
If I go with the three dumb routers, I am currently in a subdivision so there is some wifi congestion. Some available routers that support DD-WRT or OpenWRT only have 2.4 GHz. Would you recommend I be sure to get routers that supports 5GHz?
Thanks!
Yeah, I found the ER-X is not as powerful as I had hoped. It would be nice if it was line speed, but it's definitely less. There is a setting you can enable to allow for hardware assist, but it affects availability of other features, so I haven't done that.limited to 300-450Mbps
I don't think the channels need to be identical, and that would theoretically cause the two devices to overlap each other, actually reducing your signal strength. On the other hand, it may prevent a device from holding on too long to an AP which is sub-optimally far away and using a weaker signal. It's clearly working for you, so without experimenting it's hard to know if changing channels on one would make things better or worse or make no difference at all.these access points to have the same channel frequencies
I've been tempted by the Synology routers. They seem like very good gear. Lots of security-minded features and good performance.First, I bought a Synology router which contains a packet inspection facility which inspects every packet against a threat database maintained by Google and IBM I believe. This is brilliant as even if there is a single pixel containing a malicious ‘advert’, it will block any ‘phoning home’.
Although it may work for you, as @PHolder suggests, this is the opposite of wifi best practice. Ideally your WAPs should xmit on channels that don't conflict with any nearby access points. And only use 1, 6, 11 for 2.4Ghz (because they're the only ones that don't overlap). Perhaps given your "stone" house, the WAPs never see the other APs. However, there is no need to use different channels to "seamlessly connect from one AP to another..." Just using the same SSID/passphrase does that. Cheers.I set each of these access points to have the same channel frequencies so we can walk around the house and our devices seamlessly connect to one or the other access point.
Sorry to have let this go so long. Was typing a reply last night and my ERL-3 crashed for the second time in 8-days. Then it crashed 3 more times after ~20 min each. Short version: power supply apparently bad, which seems to be happening to many people over the past year...Do you know if the ER-4 is capable of line speed throughput?
Bell Canada offers an option for 1.5G fibre, but they say you can only achieve maximum throughput by using their modem/router's WiFi as well as a wired link. (I don't think their router offers 2.5G or higher links.) Never the less, a slow firewall is not going to touch anything close to that.
Because the Pi doesn't have two Ethernet ports and because if you add one, it will be on the slower USB bus. I don't think the Pi is great at this particular task, depending on your bandwidth (it wouldn't work well for me, for example.) By the time you build out a Pi to the useful level, you're starting to hit one hundred or more dollars, and you might as well buy something like the smaller, purpose built, Ubiquity devices or pfSense focused devices, IMHO.I'd recommend trying the Pi as a router.
I confess that I ran out and bought one of these after hearing @Steve speak so highly of it. I read about how I could have the IOT network isolation of my dreams, home and work networks, self-hosted VPN, etc... And I wondered, could I VPN in from out of the country and access Xfinity content and/or my TiVo?!? I think the answer to that last question USED TO BE Yes. But I think any Xfinity/Comcast apps now detect VPN connections.Hi,
You might look into a using an Ubiquiti ER-X Router in conjunction with Ubiquiti's Access Point(s) for your needs.
This $60 router supports multiple VLANS (VLANS provide network segmentation / isolation), and has 5 built-in Ethernet ports.
The Access Point is the Wi-Fi portion. Typically priced less than $150, each AP supports four VLAN-separated (isolated) SSIDs.
So you can have four isolated networks, typically: Home Network, Guest Network, and IOT Network.
You can make more isolated networks, example work from home, if they are Ethernet wired only.
Steve (very favorably) mentioned my setup guide in SN podcasts #641 and #649.
The link to my guide is on his linkfarm page:
https://www.grc.com/linkfarm.htm
Ensure you use the live link and DON'T use Steve's cached link, as his cache is about 25 commits and 100 pages out of date.
Direct Link
https://github.com/mjp66/Ubiquiti
@sggrc It might be time for a new SN mention of this guide, since IOT segmentation is so important lately.
This setup should work very nicely at 300mpbs, router peak rates can be about 900mbps unidirectional.
The only trouble (right now) is finding these routers in stock, since we live in a post-pandemic supply-chain world.
Note1: ui.com's out-of-stock email-notification-system is broken.
Note2: Maybe try this: https://www.reddit.com/r/UbiquitiInStock/
-Mike
I've had a Synology RT2600ac since it was released in June 2017. I added a MR2200 mesh router the next year. I have good Wi-Fi coverage all over the house (over 3000 sq/ft.)I've been tempted by the Synology routers. They seem like very good gear. Lots of security-minded features and good performance.
Although it may work for you, as @PHolder suggests, this is the opposite of wifi best practice. Ideally your WAPs should xmit on channels that don't conflict with any nearby access points. And only use 1, 6, 11 for 2.4Ghz (because they're the only ones that don't overlap). Perhaps given your "stone" house, the WAPs never see the other APs. However, there is no need to use different channels to "seamlessly connect from one AP to another..." Just using the same SSID/passphrase does that. Cheers.
Not having done it either way before, just thinking about reboots as a user... Pro, it might help updates get installed and cache cleared. Con, it might interrupt usage. Or if it has issues and you had it reboot overnight when not used, might not be able to address issues for a while.I recently added a Synology router behind my cable modem. I am still learning about its security features which I like, and locked myself out of it a few times along the way. One of the (many) settings I have a question about is whether or not to enable reboots on a schedule. My initial thought is no, but I also recall from a past SN that a reboot can remove some types of malware. Another thing in the mix is I have a Raspberry Pi server hooked up to the Synology which is online 7x24. I have done manual reboots of the Synology and the Pi came back online, so I don't think that is an issue. Any ideas pro and con about scheduled reboots?
Up to date security is good news, but on the other hand, if you allow updates to cause reboots, then you may suffer the failure mode of a light bulb. (The old fashioned kind not necessarily the LED kind.) Most light bulbs fail when powering up. This is the point where they have the most work to do as they have to heat up to their operating temperature.Any ideas pro and con about scheduled reboots?