What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Advise on the benefit of a firewalled router

N

Notconnected

New Around Here
Hello everyone, am new here, have lots of questions.
I currently can only access the internet over my mobile phone
using it as a hotspot to wirelessly connect my laptop to the internet.
So given my ISP can see everything I do online, is there any point
in setting up an Opnsense box, connecting my laptop to it, and connecting the wan port to my phone.
What protection or security will this provide me with, or as I suspect my ISP will still have the same look into my browsing and online life.
I hope someone will take the time to explan what can and can not be gained from using a firewalled router between my laptop and my mobile phone.

Thanks in advance
 
You don’t use a firewall to prevent snooping by the ISP. You use a firewall to keep unwanted traffic entering or exiting your network. You encrypt traffic if you want privacy from snooping.

If your mobile phone is your only connection, what security does it offer today? I’ve never relied on a mobile phone as a hotspot. Can your internet addresses be pinged? Are they CGNAT addresses? Any IPv6?
 
dave14305 said:
You don’t use a firewall to prevent snooping by the ISP. You use a firewall to keep unwanted traffic entering or exiting your network. You encrypt traffic if you want privacy from snooping.

If your mobile phone is your only connection, what security does it offer today? I’ve never relied on a mobile phone as a hotspot. Can your internet addresses be pinged? Are they CGNAT addresses? Any IPv6?
Click to expand...
Thank you for posting.
I use my mobile phone because they will not provide land line never mind fiber where I am
out in the country.firewall.
I do not use my mobile phone for browsing, only to connect my laptop to the internet via my router /
I have Opnsense set up to use quad9 for DNS resolution via unbound.
What protection will this give me, will my ISP still see all my online browsing activity,
or will the connection from my firewall to quad9 circumvent my ISP's snooping.

UPDATE, I forgot to mention I use a managed switch before the router / firewall,
it can do VLAN's.
My main concern is my ISP's spying, nothing to hide, but am not happy to have someone
snooping around, or selling any information they get.
 
Last edited:
The only way to hide your online activity from your ISP is running a VPN on your computer. In this case you replace the physical ISP (the mobile network operator) with virtual one (the VPN service provider) and the latter can see your activity. Some people trust commercial VPN providers more based on aggressive (often false) advertisement. You don't need this additional OPNSense device. Your computer has firewall, the OS is monitoring for suspicious activity, modern browsers use Safe Browsing.
 
Tech9 said:
The only way to hide your online activity from your ISP is running a VPN on your computer. In this case you replace the physical ISP (the mobile network operator) with virtual one (the VPN service provider) and the latter can see your activity. Some people trust commercial VPN providers more based on aggressive (often false) advertisement. You don't need this additional OPNSense device. Your computer has firewall, the OS is monitoring for suspicious activity, modern browsers use Safe Browsing.
Click to expand...
Hi, thanks for posting.
I have a switch before the router so I can connect all my computing devices to it via ethernet, then ethernet cable to router.
I should say I also use a hotspot from the WAN on my router / firewall bridged to my phone, this bridge to my mobile phone is the
only wireless link in the chain.
I use linux on all my computing devices but did not want to set up firewalls on them all, so got a router / firewall.

Would setting up a VPN on the router / firewall be the same as setting up a VPN on all my devices.
 
If your ultimate goal is to hide your online activity - you can't. Someone will always be able to see what are you doing online regardless of your routers, connections, DNS settings and encryptions.
 
Tech9 said:
If your ultimate goal is to hide your online activity - you can't. Someone will always be able to see what are you doing online regardless of your routers, connections, DNS settings and encryptions.
Click to expand...
Well then there is no point in being online and hoping to not be categorised labelled and spied upon.
Thanks for the heads up.
 
You are in the middle of nowhere, no? Nothing to worry about. You may get some extra adds, eventually. Your bank, phone operator, Apple, Microsoft, Google, etc. (long list) combined already know more details about you than your closest relative.
 
Notconnected said:
Hello everyone, am new here, have lots of questions.
I currently can only access the internet over my mobile phone
using it as a hotspot to wirelessly connect my laptop to the internet.
So given my ISP can see everything I do online, is there any point
in setting up an Opnsense box, connecting my laptop to it, and connecting the wan port to my phone.
What protection or security will this provide me with, or as I suspect my ISP will still have the same look into my browsing and online life.
I hope someone will take the time to explan what can and can not be gained from using a firewalled router between my laptop and my mobile phone.

Thanks in advance
Click to expand...
A few recommendations for your privacy:
1. If you don't trust your ISP, you can use any commercial VPN provider you find more trustworthy. But there's probably no need for that unless you live in a country with political censorship or mass surveillance (which is more common in developing or authoritarian states).
2. If you're an Apple user, you use Safari, and you decide you don't need a traditional commercial VPN, I recommend enabling iCloud Private Relay. This feature replaces your IP address with generic ones from Cloudflare. It's like a VPN, but without changing your location. Also, there's a similar service for other platforms called Cloudflare WARP. Unlike Private Relay, it explicitly mentions that it collects some information about you to improve its services, but maybe you will find it more trustworthy than your ISP.
3. Consider automatically connecting to a VPN when you use public Wi-Fi networks (it's really easy to do on iOS because it natively supports such triggers, and many apps like WireGuard or Passepartout support them; also, there are third-party workarounds available for Android), or don't use them at all. Even though they generally don't know what's inside your traffic because of HTTPS, they can still collect some basic info about your online behavior.
4. What I would definitely recommend is using an encrypted DNS provider like NextDNS or a similar self-hosted solution like AdGuard Home. Enable a moderately aggressive tracking blocking list like Hagezi Multi PRO++. Configure it on a router level and on your mobile devices, so you're protected when you use your cellular network as well. Also, use a good ad blocker for your browser like AdGuard, and enable tracking protection filters. All this will greatly reduce the amount of so-called "analytics" and "telemetry" that spy on you online.
5. It's a big one, but consider using an OS that is better for privacy: Linux > macOS > Windows; iOS > Android (except for some very nerdy custom ROMs). If you use Windows and don't want to change it, you can use apps like O&O ShutUp10++ that disable at least some of the tracking features.
6. Consider using a better browser for privacy: Firefox > Safari > Chrome.
7. Opt out of all "telemetry," "usage data collection," "customer experience programs," "personalized ads," and similar features in the software you use. These options send data about how you use the software back to the vendor, even if they claim it's anonymized.
8. Avoid internet-connected devices from manufacturers with poor privacy practices, especially low-cost brands from mainland China. These often include hardcoded backdoors, lack software updates, and tend to "phone home" without user consent.
9. Don't forget to use up-to-date software with automatic updates. While it's not directly related to privacy, vulnerabilities in old software can lead to your device being hacked and your data exposed to hackers.
10. Protect your online accounts to avoid being hacked. Always use strong passwords, and always enable MFA and passkeys if they are available. A good password manager is a must-have.

Regarding OPNsense, it's mostly not related to privacy, and it won't help you. You need to focus on the devices you actually use on your LAN and their software.

You can't completely hide from online tracking. But you can still have much better privacy. It's all up to you.
 
Last edited:
You must log in or register to reply here.

Similar threads

B
Maximum number of concurrent DNS queries reached (max: 150)
Replies
5
Views
2K
heysoundude
heysoundude
S
VPN: if "Tunnel activated" ->internet on mobile phone is laggy, all the rest clients work fine
Replies
3
Views
974
StefMug
S
W
I need some help with a new router and network card
Replies
12
Views
720
wtfnub
W
Tom K.
CakeQOS Problem with Zoom sent video quality (Cake QoS is a solution, but why?)
Replies
8
Views
1K
DJones
D
Jencathen
Need help with better wifi coverage in a large home
Replies
9
Views
1K
Tech9
Tech9

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 763 (members: 25, guests: 738)
Back
Top