Having got my Raspberry Pi for Christmas, I was finally able to enter the world of home labs and I'm slowly getting everything up and running.
That said, one thing I was super excited about but hasn't come to fruition was Pi-Hole. That's for two reasons, one my Pi isn't hardwired into the router and two my router kinda sucks (Virgin Media Hub 5).
So I came here to ask for recommendations for a router. One that would allow me to run vLANs and use my Pi for adblocking. Honestly the advice I got was like fire and I was like water.
I wanted a simple cheap solution and everyone was like just spend 🥺
Eventually though, my ignorance waned and I started looking into what the suggestions were, which was essentially buy an N100 Firewall Mini PC with 4 Ethernet Port, load up PFSense or OpenWRT, then buy an Access Point, connect it and profit.
So with my dreams of a £50 plug and play experience down the drain, can someone explain to me how it all works? Why is this the suggestion? My Pi is kinda set and leave. My NAS is set and leave, will a firewall PC be the same? Also why a firewall PC over a second Pi?
If you do go down the route of building your own (you should, that is homelabbing 101 !!!), any old NUC off eBay with 2 network ports will do (8GB ram +).
Also, since you are homelabbing, you should be looking at OPNSense not PFsense, or OpenWRT (but you'll probably quickly realise that you need OPNSense.) OpenWRT is more a drop in firmware for an existing router, think like you have an old Netgear R7000 and want to run open source and potentially add features.
When you say 2 Ethernet ports, I'm assuming because you're suggesting I get a network switch too?
You need physical separation. One NIC is for LAN, the other is for WAN.
After that, its up to you. You can Put the LAN to a switch for connection, fine.
But you must isolate the WAN and LAN so the firewall (like OPNSense) can direct traffic appropriately.
If you want to have a "DMZ" then you would need a third. (DMZ as in demilitarized zone, is an "untrusted" but available to WAN network, IE its not generally accessible to the LAN.
Thank you so much.