Best and most optimal settings (Voxel & Kamoj)

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

pege63

Very Senior Member
If ONE want to use the R7800 as the main router, instead of the one from the ISP.

How should the settings be set, to be the best and most optimal for the router?

If someone don't know much about how they should be or what they do for/in the router?

The most important things are - privacy and safety.

Have fiber optic line in with Internet, IPTV, VOIP, services.

The reason for this, is to gather all the data, scripts, codes in one place so a beginner/newbie does not have to look in a lot of other places/posts.
 
Last edited:

Sizzlechest

Regular Contributor
DNS can be configured to use DNS over HTTPS, but not from the GUI. The AdGuard servers have the best performance for me where I live, so those are the ones I use. I configure the router to use the filtered ones, which blocks ads (and hopefully scams and malware) for every device on the network. However, I want to be able to control from my browser what sites get adblocked. Therefore, I configure my browser (Firefox) to use the non-filtered AdGuard servers and use uBlock Origin to block ads instead. I assume Chrome has a similar setting since Edge has it.

I do have a Pi-Hole set to act like a real DNS, but I don't bother with it since the AdGuard servers don't retain your history (they say) and work as well as the blocking in a Pi-Hole.

To restore the DNS settings after an upgrade, you'll need a USB thumb drive with a post-mount.sh bash script to make the mods. Here's mine:

Bash:
#!/bin/sh

if [ ! -f "/root/firewall-start.sh" ]
then
  cp /tmp/mnt/$1/firewall-start.sh /root/.
fi

if [ ! -f "/root/.ssh/authorized_keys" ]
then
  mkdir -p /root/.ssh
  cp /tmp/mnt/$1/authorized_keys /root/.ssh/authorized_keys
fi


if [ ! -f "/overlay/etc/dnscrypt-proxy-2.toml " ]; then
  sed -i -r "s/^(server_names[[:space:]]*=[[:space:]]*).*/\1['adguard-dns-doh']/" /etc/dnscrypt-proxy-2.toml
fi

The first item in the script copies over an advanced firewall rule script that I need. The second is to restore my ssh keys so I can connect to the router without entering a password. The last one is what modifies the dnscrypt proxy to use AdGuard instead of the default ones.
 

HELLO_wORLD

Very Senior Member
On the router, disable anything you are not using (ReadyCloud, QoS, NG Downloader, Media Server, UPnP...)

As much as possible, use the router for routing and firewall only. Extra services (download, adblocking, media server, VPN, etc.) being set on dedicated external device (NAS, Odroid, Raspberry Pi or other).

For protection, only open ports (NAT) if you need it and for the services you host and should be accessible from WAN (like a webserver open to the public).
Also, if you feel comfortable with it, tweak and adapt your iptables rules; there are several threads here about that.
 

foo man

Occasional Visitor
On the router, disable anything you are not using (ReadyCloud, QoS, NG Downloader, Media Server, UPnP...)

As much as possible, use the router for routing and firewall only. Extra services (download, adblocking, media server, VPN, etc.) being set on dedicated external device (NAS, Odroid, Raspberry Pi or other).

For protection, only open ports (NAT) if you need it and for the services you host and should be accessible from WAN (like a webserver open to the public).
Also, if you feel comfortable with it, tweak and adapt your iptables rules; there are several threads here about that.

That's exactly how my R9000 is set up. Disabled everything i could, no open ports and I'm using a Raspberry Pi 4, w/pihole for ad-blocking, DHCP and unbound as recursive DNS server. Also a handful of iptables rules to force all traffic to the pihole.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top