Best router for gigabit WAN

sqm can run under systemd, so you might be able to install and run it under raspbian as well.

Sure, and for a number of use-cases that is a great idea! Just keep in mind that containers share one kernel and there, unfortunately, is some leakage of kernel data across containers (but also across VMs so a hypervisor will not guarantee complete safety here) can happen. Since the router container will be dealing with potentially hostile network data/traffic just make sure the other containers are not too sensible (exfiltration of data is unlikely, but not impossible).

1 Like

Right, if you're running PiHole and an asterisk server it's probably fine but if you're storing a high value cryptocoin wallet or something make it a separate box with just the high value app.

Here are the network files I put up for systemd:







You should probably make "requiredforonline" no because it will wait for your ISP before it lets you do things like log in to administer... so if your ISP isn't available you can't effectively reboot it and fix configs.





dnsmasq does the prefix delegation and dhcpv6, so we prevent systemd from getting involved

and in dnsmasq.conf:

# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
dhcp-range=fd5xxxxx::, ra-only

That's about it at the minimum, obviously you can improve things by customizing.


Is 4G ram a little bit over killed for a router?

not if you plan to run other services on it, maybe in containers, like asterisk or nextcloud or samba or an ldap directory or whatever. yes if it's dedicated just as a router. the 1Gig version should do fine for that.

It all depends on what you want to accomplish in the end. Both OPNsense and pfSense are both very nice distros with a lot of nice features integrated in the frontend which OpenWrt lacks however that's mainly because they're targetting different types of hardware however wireless support is by far better in Linux which favours OpenWrt in that regard. As far as docker goes you're probably better off with a Linux distro as Docker isn't really a thing in (Free)BSD, however you have both jails ( and bhyve ( which may be good alternatives. Whether you should run multiple services or not on a router/firewall is up to you to decide but I will warn you that some have very strong opinons about this approach. As for CPU a Celeron J4150 will be just if you don't do anything too crazy irregardless of OS/distro.

My personal choice of OS is highly dependant on hardware used (regarding networking):
MIPS/ARM: OpenWrt (if wireless is embedded into the device)
x86: Something designed for more powerful hardware and takes advantages of it, usually I personally end up with FreeBSD however there are multiple choices here which you may want to consider such as ClearOS and others including the ones mentioned earlier).

Wirless devices (only acting as AP or such): OpenWrt

Unless you can tolerate downtime etc I would personally avoid any kind of solution that requires USB NICs or such however that solution might be good enough for you. The amount of RAM need will be highly dependant on distro and what functionality you want to use. If you want to "plain" firewall 128Mb will be fine however if you start to adding logging and other functionality including wifi it quickly ramps up. Running OpenWrt 256Mbyte will most likely be find but it would be able to handle much more than basic firewalling and handling wireless. A firewall distro that targets x86 usually "expects" 1-2Gb (at least) to run decent but you may want to add more if you're planning to do IDS etc (you'll also need a beefier CPU).

1 Like

10 posts were split to a new topic: RPi4 installation

The nanopi r2s?

Seems interesting once it's available.

1 Like

Yeah, it's not as powerful as RPI4, but if the second LAN over USB port is more reliable than an external Ethernet adapter then it could be a good device.

Unfortunately it's second ethernet is from a USB 2 controller, which means it can only has up to 480Mbps throughput.

That's for the first iteration (R1S). The new one (R2S) is supposed to have Ethernet from USB 3 (and also RAM upgraded to 1 GB).

1 Like

That's very interesting. Nice to be aware of the news.

They claim 941Mbps on both ports.

Espressobin would also be worth a look. $79 including enclosure on Amazon.

It has 3 Gigabit ethernet ports but they are connected to a switch chip on the board, with only one Gigabit port on the CPU. So it can't route gigabit bidirectionally, but it has USB 3 so you can always fall back to an external NIC if it's not fast enough.

Also there's a mini-PCIe slot so you can add a WiFi card, though personally I would use an external access point instead.

1 Like

The CPU in the Espressobin supports

  • 2 x Gigabit Ethernet 1Gbps / 2.5Gbps

The switch chip is a Marvell Topaz 88E6341 which has

  • 4 integrated GE PHYs
  • 1 SerDes/SGMII supporting 2.5Gbps or 1Gbps

The SoC is connected with 2.5Gbit (full duplex) to the switch.

Another option is the GL-iNet GL-MV1000 Brume which has the same CPU and Switch, but has better heat management.

Maybe in the v7 but I don't think this is true in the v5.

Oh cool, I didn't realise the RGMII could be faster than 1Gbps. It's too bad they didn't use both the ports on the CPU anyway.

Tested the RPi 4B based router, it's not like what I expected though, the DSLreport test result is at the same level as D-Link DIR-860L B1, upload is slightly better than 860L, but the download is actually worse.

This is the result with RPi 4B.

Test results at however, is quite impressive with RPi 4B, it's over 900Mbps downloading.

My experience is that dslreports doesn't keep up with these kinds of high speeds. It has more to do with them than with you. Their intention is in part to test the speed "to the internet" which tests your ISP infrastructure more than it tests your router.

I've had more luck with the Ookla speedtest:

Which I'm quite sure is gamed by ATT (my ISP, as well as gamed by the other major players too). I'm pretty sure they partner with to put speed test servers directly on their infrastructure so they can maximize the speed... which as long as you realize what they're doing, it's quite useful for testing your router itself... but doesn't provide any bufferbloat stats...

you can run mtr while running the speedtest and get a decent idea of how the ping times are working anyway.


My line rate is 40 mbps, and my contract is 30 mbps. When I run Ooakla speedtest to my ISP server, I get something near my line rate, but if I choose a third party server (also in my city), it's limited to the contacts speed.

DSLReporrts gave me complete nonsense. I got something like 2 mbps! Yes, it was to a server that's over 3000 km away, but I tried a server on the same city on Ooakla speedtest and got 22 mbps.

You can manually select which speedtest server your tests run against, by default it pick one close by (so probably inside your ISP's network) and then the test does tell you about your access link's speed, but ignores the peering between your ISP and other networks (which you can try to work around by picking speedtest servers from othe ISPs like verizon in your case :wink: ).