I need a general home networking guide. I’ve looked in a lot of places.
What hardware do I need for networking?
I have the ISP modem, then a Netgear CM1200 Modem with a Linksys Wireless router.
How do I setup the network for safe secure inbound .onion traffic?
Can I use Cloudflare Tunnels? Set up your first tunnel · Cloudflare Zero Trust docs
Hopefully someone is able to offer some suggestions for a all encompassing guide, but I doubt there’ll be a perfect one since everyone has different needs. You’d need to break things down into parts.
Step 1 might be to get rid of that ISP modem and work on setting up something after market, something with perhaps openwrt and with at least all the functionality that would offer. I can’t tell you want to buy, because your needs might be different, but I’m fond of the basic Flint routers, and specifically cheap and powerful things like the GL.iNet GL-AX1800. Get that up and running, and that’s could be a step one.
Why is this a good step 1? Relying on your ISP modem means it could be riddled with all sorts of surveillance, plus they’re usually cheap and old, and often leased to you for a fee. Another good reason is that running a router one level up from that is huge pain because of the Double NAT issue. I’m not sure what your “wireless router” is, but again, same issue. This all needs to be one device.
Again… there’s no one size fits all. You’ll have to learn about each component based on your personal circumstances.
Your second question
How do I setup the network for safe secure inbound .onion traffic?
…doesn’t make any sense. Your TOR traffic is over TOR, not your local network.
Thank you.
To try to clarify, I have coax cable into a device the ISP gave me → Netgear CM1200 Modem → StartOs machine and another cable to my Linksys Wireless Router.
I’ve learned this definitely won’t work.
Once I get a real router, what settings do I need to add?
I didn’t describe “safe secure inbound” very well. I’m concerned about opening up my home network to outside hackers, etc. That’s where I was hoping a guide with hardware and setup would be created. I’ve been searching off and on for StartOs info on this, but haven’t found what I needed.
My goal is to host a Core lightning node
I’m still not clear on what’s meant by “safe secure inbound.” Your tor incoming connecting is a tunnel of sorts, that traverses NAT. This is because it’s actually an outbound connection to the tor network, that then allows incoming connections to your .onion addresses of your services, in order to function. An additional layer of tunneling would be only for some specific purpose. If you are concerned about your StartOS server getting compromised, and then attacking other devices on your LAN, you could put it on a separate VLAN, or subnet outside of you other machines. But then of course all your services would only be reachable over tor, which would be much slower than connecting over the LAN.
This is helpful information.
Yes, I want to be security sensitive about what things hackers could get to on my LAN. I have not learned a lot of network security (as my question is showing).
Are there best practices for home networking and StartOs?
Best practices would be specific to you, and not to StartOS, which is just an operating system.
From everything you’ve said so far, it looks like you need to replace that ISP router which is currently your biggest security hole. Coax cable I can’t help with though, I’m not sure what to do with that.
Any new router you set up would of course have a firewall, which would prevent random people in the wider world from having access to your LAN.