It is trivial to selectively route countries as you can use the same IPSET technique used for selectively routing specific domains such as Netflix.How I can route by VPN only abroad traffic, except home country traffic?
IPSET ViaWAN <- this IPSET group contains separate IPSETs e.g.
IPSET Bermuda <- this IPSET contains ALL of the Bermuda CIDR ranges
IPSET Bahamas <- this IPSET contains ALL of the Bahamas CIDR ranges
IPSET ViaVPN1 <- this IPSET group contains separate IPSETs e.g.
IPSET Japan <- this IPSET contains ALL of the Japan CIDR ranges
IPSET ViaVPN2 <- this IPSET group contains separate IPSETs e.g.
IPSET Australia <- this IPSET contains ALL of the Australia CIDR ranges
nslookup www.sony.co.jp
Name: www.sony.co.jp
Address 1: 2a02:26f0:ec:48b::2542 g2a02-26f0-00ec-048b-0000-0000-0000-2542.deploy.static.akamaitechnologies.com
Address 2: 184.87.184.111 a184-87-184-111.deploy.static.akamaitechnologies.com
wget -q -O - 'https://api.ipdata.co/184.87.184.111' | grep -E "country"
"country_name": "Netherlands",
"country_code": "NL",
@Adamm is using the ipdeny.com list for country blocking in Skynet, the Asus Firewall Addition.Each time an ipset is updated we check it against the MaxMind GeoLite2 country, the IPDeny.com country, the IP2Location.com Lite country and the IPIP.net country databases, to find the list's unique IPs per country.
If you are going to install this IP list as a blocklist / blacklist at a firewall, it is important to know which countries will be mainly affected, since you are going to block access from/to these IPs.
All lists suffer from false positives to some degree, so using this IP list at your firewall might block some of your users or customers.
@Martineau brings up a good point about list accuracy. From https://iplists.firehol.org/
@Adamm is using the ipdeny.com list for country blocking in Skynet, the Asus Firewall Addition.
RTFM ?
Finally, you should save the IPSETs at regular intervals (using a cru aka cron schedule), then you can restore the populated IPSETs from say firewall-start when the router is rebooted.
Please can you tell me how this would look?
I also have some ipset scripts that I need to update to make them more efficient, such as restoring at boot rather than performing a lookup on the domain names and loading into the ipset list at boot time.
To save ipset rules to other file
ipset save > /jffs/config/ipset.list
To restore ipset rules
ipset restore -! < /jffs/config/ipset.list
To clean up IPs, you could have a script that runs daily during off hours. The script will destroy the current list, then update the list by performing nslookup on the domain names. There are some code samples buried in this thread on looping thru the IPv4 addresses returned from an nslookup and loading into the list.
Here is some sample code that performs a restore of the ipset lists.
https://www.centos.org/forums/viewtopic.php?t=47247
ipset performance
https://blog.n0dy.radio/2013/05/19/faster-ipset-loading/
You can use the -! or -exist flag. From the ipset man page:thanks!
i've bought a usb flash drive to store the ipset.list, to avoid the constant writes to the router's flash.
what does the -! do in the restore?
did you have any issue with using the VPN's DNS servers with netflix? I read that adding server=/netflix.com/<your dns e.g. google> would be solve this? i tried with my Dyn DNS server but it didnt work.
NordVPN offers private IPs as a service, i might look at that if all else fails but it turns out that i have:You can use the -! or -exist flag. From the ipset man page:
-!, -exist
Ignore errors when exactly the same set is to be created or already added entry is added or missing entry is deleted.
Netflix does not care what DNS you use. They do block known VPN providers by detecting connections from the same source IP address. This flags the IP as a shared proxy or VPN server. You then get the proxy error in NF.
A service that offers a private streaming IP is the workaround. Please see my post here for more explanation. https://x3mtek.com/why-i-use-torguard-as-my-vpn-provider/
ip rule del prio 9990
ip rule add fwmark $TAG_MARK table main prio 9990
.....it turns out that i have:
which is wrong. I need a routing table that points to the WAN/ISP as the default gatewayCode:ip rule del prio 9990 ip rule add fwmark $TAG_MARK table main prio 9990
0x7000 - WAN
0x1000 - VPN Client #1
0x2000 - VPN Client #2
0x3000 - VPN Client #3
0x4000 - VPN Client #4
0x5000 - VPN Client #5
thank you for the explanation!
i wasnt joining up the selective routing with the policy rules, on the router.
My i ask how you know that the fwmark's are correct?
e.g. 0x7000 == wan etc. is it written somewhere?
Change the setting to route all traffic over the tunnel and try NF again. If you get the proxy error, then it will confirm that your provider does not work with NF.To be clear, I do want to route all traffic to the VPN, and only by exception route via WAN e.g. netflix/amazon.
It's sort of working. When VPN (Client #1) is enabled i can now browse to netflix.com and amazon.co.uk (prime) and can look at the film listings, but i cant play the films. It still says i'm using a proxy for netflix.com while Amazon.co.uk (UK prime) does work.
looks like netflix block for UK NordVPN address ranges
admin@RT-AC68U:/jffs/scripts# cat vpn-route-nat
#!/bin/sh
sleep 5
logger -t "($(basename $0))" $$ Starting vpn-route-nat..." $0${*:+ $*}."
# Uncomment the line below for debugging
set -xo
ipset create LAN_GW hash:net family inet hashsize 1024 maxelem 65536
# extract LAN ip addresses
ipset add LAN_GW $(nvram get lan_ipaddr)
# ipset VPNTEST is created outside and checked
# WAN ip rule
ip rule del fwmark 0x7000
ip rule add fwmark 0x7000 table 254 prio 9990
# VPN Client 2 ip rule
ip rule del fwmark 0x2000
ip rule add fwmark 0x2000 table ovpnc2 prio 9991
ip route flush cache
###########################################################
# LAN to WAN devices
iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set LAN_GW src,dst -j MARK --set-mark 0x7000/0x7000
iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set LAN_GW src,dst -j MARK --set-mark 0x7000/0x7000
# LAN to VPN Client 2 ip's
iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst,dst -j MARK --set-mark 0x2000/0x2000
iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst,dst -j MARK --set-mark 0x2000/0x2000
logger -t "($(basename $0))" $$ Ending vpn-route-nat..." $0${*:+ $*}."
ASUSWRT-Merlin RT-AC68U 384.7-0 Sun Oct 7 16:42:19 UTC 2018
admin@RT-AC68U:/jffs/scripts# ipset list VPNTEST
Name: VPNTEST
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 262144
Size in memory: 428
References: 0
Number of entries: 2
Members:
103.216.218.144
195.82.146.214
admin@RT-AC68U:/jffs/scripts# ipset test VPNTEST 103.216.218.144
103.216.218.144 is in set VPNTEST.
admin@RT-AC68U:/jffs/scripts# traceroute 103.216.218.144
traceroute to 103.216.218.144 (103.216.218.144), 30 hops max, 38 byte packets
1 msk-b21-m14.ti.ru (212.1.254.230) 6.324 ms 4.531 ms 13.241 ms
2^C
admin@RT-AC68U:/jffs/scripts# ip rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
admin@RT-AC68U:/jffs/scripts# ip route show table ovpnc2
admin@RT-AC68U:/jffs/scripts# iptables -t mangle -vnL PREROUTING
Chain PREROUTING (policy ACCEPT 4651K packets, 3407M bytes)
pkts bytes target prot opt in out source destination
admin@RT-AC68U:/jffs/scripts#
admin@RT-AC68U:/jffs/scripts# service start_vpnclient2
Done.
admin@RT-AC68U:/jffs/scripts# ifconfig tun12
tun12 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.2 P-t-P:10.8.0.2 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:100 errors:0 dropped:213 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:120468 (117.6 KiB)
admin@RT-AC68U:/jffs/scripts# ip route show table ovpnc2
107.173.80.33 via 95.220.192.1 dev eth0
95.220.192.1 dev eth0 proto kernel scope link
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1
10.8.0.0/24 dev tun12 proto kernel scope link src 10.8.0.2
95.220.192.0/19 dev eth0 proto kernel scope link src 95.220.207.238
127.0.0.0/8 dev lo scope link
0.0.0.0/1 via 10.8.0.1 dev tun12
128.0.0.0/1 via 10.8.0.1 dev tun12
default via 95.220.192.1 dev eth0
admin@RT-AC68U:/jffs/scripts# ip rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
admin@RT-AC68U:/jffs/scripts# traceroute 103.216.218.144
traceroute to 103.216.218.144 (103.216.218.144), 30 hops max, 38 byte packets
1 msk-b21-m14.ti.ru (212.1.254.230) 3.062 ms 5.708 ms 19.245 ms
2 *^C
admin@RT-AC68U:/jffs/scripts# ip route add 103.216.218.144 dev tun12
admin@RT-AC68U:/jffs/scripts# traceroute 103.216.218.144
traceroute to 103.216.218.144 (103.216.218.144), 30 hops max, 38 byte packets
1 10.8.0.1 (10.8.0.1) 138.710 ms 138.701 ms 138.344 ms
2 107-175-92-130-host.colocrossing.com (107.175.92.130) 138.450 ms 138.589 ms 140.468 ms
3 10.8.28.85 (10.8.28.85) 139.191 ms 10.8.21.101 (10.8.21.101) 139.137 ms 10.8.28.85 (10.8.28.85) 139.198 ms
4 10.8.12.33 (10.8.12.33) 138.868 ms 10.8.12.21 (10.8.12.21) 159.795 ms 10.8.12.33 (10.8.12.33) 170.771 ms
5 10.8.25.141 (10.8.25.141) 138.635 ms 10.8.24.73 (10.8.24.73) 138.914 ms 10.8.25.141 (10.8.25.141) 139.010 ms
6 78.152.61.30 (78.152.61.30) 138.974 ms^C
admin@RT-AC68U:/jffs/scripts# ip route del 103.216.218.144 dev tun12
admin@RT-AC68U:/jffs/scripts# traceroute 103.216.218.144
traceroute to 103.216.218.144 (103.216.218.144), 30 hops max, 38 byte packets
1 msk-b21-m14.ti.ru (212.1.254.230) 3.062 ms 5.708 ms 19.245 ms
2 *^C
admin@RT-AC68U:/jffs/scripts# ./vpn-route-nat
errexit off
noglob off
ignoreeof off
interactive off
monitor off
noexec off
stdin off
xtrace on
verbose off
noclobber off
allexport off
notify off
nounset off
vi off
pipefail off
+ ipset create LAN_GW hash:net family inet hashsize 1024 maxelem 65536
ipset v6.32: Set cannot be created: set with the same name already exists
+ nvram get lan_ipaddr
+ ipset add LAN_GW 192.168.1.1
ipset v6.32: Element cannot be added to the set: it's already added
+ ip rule del fwmark 0x7000
RTNETLINK answers: No such file or directory
+ ip rule add fwmark 0x7000 table 254 prio 9990
+ ip rule del fwmark 0x2000
RTNETLINK answers: No such file or directory
+ ip rule add fwmark 0x2000 table ovpnc2 prio 9991
+ ip route flush cache
+ iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set LAN_GW src,dst -j MARK --set-mark 0x7000/0x7000
iptables: No chain/target/match by that name.
+ iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set LAN_GW src,dst -j MARK --set-mark 0x7000/0x7000
+ iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst,dst -j MARK --set-mark 0x2000/0x2000
iptables: No chain/target/match by that name.
+ iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst,dst -j MARK --set-mark 0x2000/0x2000
+ basename ./vpn-route-nat
+ logger -t (vpn-route-nat) 25729 Ending vpn-route-nat... ./vpn-route-nat.
admin@RT-AC68U:/jffs/scripts# traceroute 103.216.218.144
traceroute to 103.216.218.144 (103.216.218.144), 30 hops max, 38 byte packets
1 msk-b21-m14.ti.ru (212.1.254.230) 1.185 ms 1.194 ms 1.230 ms
2^C
admin@RT-AC68U:/jffs/scripts# ip rule
0: from all lookup local
9990: from all fwmark 0x7000 lookup main
9991: from all fwmark 0x2000 lookup ovpnc2
32766: from all lookup main
32767: from all lookup default
admin@RT-AC68U:/jffs/scripts# iptables -t mangle -nvL PREROUTING
Chain PREROUTING (policy ACCEPT 477K packets, 344M bytes)
pkts bytes target prot opt in out source destination
0 0 MARK tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set LAN_GW src,dst MARK or 0x7000
0 0 MARK tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set VPNTEST dst,dst MARK or 0x2000
Hi, I've finally lost my hope to solve by myself the issue of my RT-AC68U with 384.7-0 onboard, and can't get ipset routing working.
Dear Masters of selective routing on WRT Merlin, any of your ideas would be very welcome. Thank you in advance!
# WAN ip rule
ip rule del fwmark 0x7000/0x7000
ip rule add fwmark 0x7000/0x7000 table 254 prio 9990
# VPN Client 2 ip rule
ip rule del fwmark 0x2000/0x2000
ip rule add fwmark 0x2000/0x2000 table ovpnc2 prio 9991
ip route flush cache
###########################################################
# LAN to WAN devices
iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set LAN_GW src,dst -j MARK --set-mark 0x7000/0x7000
iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set LAN_GW src,dst -j MARK --set-mark 0x7000/0x7000
# LAN to VPN Client 2 ip's
iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst,dst -j MARK --set-mark 0x2000/0x2000
iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst,dst -j MARK --set-mark 0x2000/0x2000
From a glance, I see you are missing the bitmask when creating the fwmark. Syntax is fwmark/bitmask e.g. 0x7000/0x7000
This should be of help to you. Two different selective routing methods are used on the GitHub repo: https://github.com/Xentrk/netflix-vpn-bypass
admin@RT-AC68U:/jffs/scripts# ./vpn-route-nat errexit off
noglob off
ignoreeof off
interactive off
monitor off
noexec off
stdin off
xtrace on
verbose off
noclobber off
allexport off
notify off
nounset off
vi off
pipefail off
+ ipset create LAN_GW hash:net family inet hashsize 1024 maxelem 65536
ipset v6.32: Set cannot be created: set with the same name already exists
+ nvram get lan_ipaddr
+ ipset add LAN_GW 192.168.1.1
ipset v6.32: Element cannot be added to the set: it's already added
+ ip rule del fwmark 0x7000/0x7000
RTNETLINK answers: No such file or directory
+ ip rule add fwmark 0x7000/0x7000 table 254 prio 9990
+ ip rule del fwmark 0x2000/0x2000
RTNETLINK answers: No such file or directory
+ ip rule add fwmark 0x2000/0x2000 table ovpnc2 prio 9991
+ ip route flush cache
+ iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set LAN_GW src,dst -j MARK --set-mark 0x7000/0x7000
iptables: No chain/target/match by that name.
+ iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set LAN_GW src,dst -j MARK --set-mark 0x7000/0x7000
+ iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst,dst -j MARK --set-mark 0x2000/0x2000
iptables: No chain/target/match by that name.
+ iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst,dst -j MARK --set-mark 0x2000/0x2000
+ basename ./vpn-route-nat
+ logger -t (vpn-route-nat) 5594 Ending vpn-route-nat... ./vpn-route-nat.
admin@RT-AC68U:/jffs/scripts# traceroute 103.216.218.144
traceroute to 103.216.218.144 (103.216.218.144), 30 hops max, 38 byte packets
1 msk-b21-m14.ti.ru (212.1.254.230) 1.597 ms 2.769 ms 2.246 ms
2 *^C
admin@RT-AC68U:/jffs/scripts# cat vpn-route-nat-v2
#!/bin/sh
sleep 5
logger -t "($(basename $0))" $$ Starting vpn-route-nat..." $0${*:+ $*}."
# Uncomment the line below for debugging
set -xo
# vpn-whitelist is extracted in firewall-start
# test VPNTEST to check routing is created
# VPN Client 2 ip rule
FWMARK_OVPNC2="0x2000/0x2000"
ip rule del fwmark "$FWMARK_OVPNC2"
ip rule add from 0/0 fwmark "$FWMARK_OVPNC2" table ovpnc2 prio 9991
ip route flush cache
# LAN to VPN Client 2 ip's
iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst -j MARK --set-mark "$FWMARK_OVPNC2"
iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst -j MARK --set-mark "$FWMARK_OVPNC2"
logger -t "($(basename $0))" $$ Ending vpn-route-nat..." $0${*:+ $*}."
admin@RT-AC68U:/jffs/scripts# ./vpn-route-nat-v2
errexit off
noglob off
ignoreeof off
interactive off
monitor off
noexec off
stdin off
xtrace on
verbose off
noclobber off
allexport off
notify off
nounset off
vi off
pipefail off
+ FWMARK_OVPNC2=0x2000/0x2000
+ ip rule del fwmark 0x2000/0x2000
RTNETLINK answers: No such file or directory
+ ip rule add from 0/0 fwmark 0x2000/0x2000 table ovpnc2 prio 9991
+ ip route flush cache
+ iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst -j MARK --set-mark 0x2000/0x2000
iptables: No chain/target/match by that name.
+ iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst -j MARK --set-mark 0x2000/0x2000
+ basename ./vpn-route-nat-v2
+ logger -t (vpn-route-nat-v2) 6809 Ending vpn-route-nat... ./vpn-route-nat-v2.
admin@RT-AC68U:/jffs/scripts# traceroute 103.216.218.144
traceroute to 103.216.218.144 (103.216.218.144), 30 hops max, 38 byte packets
1 msk-b21-m14.ti.ru (212.1.254.230) 1.368 ms 1.195 ms 1.202 ms
2 * *^C
I see the error message: iptables: No chain/target/match by that name.Xentrk, thank you for trying to help.
Change of fwmark doesn't help:
Code:admin@RT-AC68U:/jffs/scripts# ./vpn-route-nat errexit off noglob off ignoreeof off interactive off monitor off noexec off stdin off xtrace on verbose off noclobber off allexport off notify off nounset off vi off pipefail off + ipset create LAN_GW hash:net family inet hashsize 1024 maxelem 65536 ipset v6.32: Set cannot be created: set with the same name already exists + nvram get lan_ipaddr + ipset add LAN_GW 192.168.1.1 ipset v6.32: Element cannot be added to the set: it's already added + ip rule del fwmark 0x7000/0x7000 RTNETLINK answers: No such file or directory + ip rule add fwmark 0x7000/0x7000 table 254 prio 9990 + ip rule del fwmark 0x2000/0x2000 RTNETLINK answers: No such file or directory + ip rule add fwmark 0x2000/0x2000 table ovpnc2 prio 9991 + ip route flush cache + iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set LAN_GW src,dst -j MARK --set-mark 0x7000/0x7000 iptables: No chain/target/match by that name. + iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set LAN_GW src,dst -j MARK --set-mark 0x7000/0x7000 + iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst,dst -j MARK --set-mark 0x2000/0x2000 iptables: No chain/target/match by that name. + iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst,dst -j MARK --set-mark 0x2000/0x2000 + basename ./vpn-route-nat + logger -t (vpn-route-nat) 5594 Ending vpn-route-nat... ./vpn-route-nat. admin@RT-AC68U:/jffs/scripts# traceroute 103.216.218.144 traceroute to 103.216.218.144 (103.216.218.144), 30 hops max, 38 byte packets 1 msk-b21-m14.ti.ru (212.1.254.230) 1.597 ms 2.769 ms 2.246 ms 2 *^C
I didn't get what are 2 different methods, actually. But thank you for link, I understood that no need to have additional WAN rules if they are ok. So I've simplified the script:
Code:admin@RT-AC68U:/jffs/scripts# cat vpn-route-nat-v2 #!/bin/sh sleep 5 logger -t "($(basename $0))" $$ Starting vpn-route-nat..." $0${*:+ $*}." # Uncomment the line below for debugging set -xo # vpn-whitelist is extracted in firewall-start # test VPNTEST to check routing is created # VPN Client 2 ip rule FWMARK_OVPNC2="0x2000/0x2000" ip rule del fwmark "$FWMARK_OVPNC2" ip rule add from 0/0 fwmark "$FWMARK_OVPNC2" table ovpnc2 prio 9991 ip route flush cache # LAN to VPN Client 2 ip's iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst -j MARK --set-mark "$FWMARK_OVPNC2" iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst -j MARK --set-mark "$FWMARK_OVPNC2" logger -t "($(basename $0))" $$ Ending vpn-route-nat..." $0${*:+ $*}."
And you know what? Nothing has changed
Code:admin@RT-AC68U:/jffs/scripts# ./vpn-route-nat-v2 errexit off noglob off ignoreeof off interactive off monitor off noexec off stdin off xtrace on verbose off noclobber off allexport off notify off nounset off vi off pipefail off + FWMARK_OVPNC2=0x2000/0x2000 + ip rule del fwmark 0x2000/0x2000 RTNETLINK answers: No such file or directory + ip rule add from 0/0 fwmark 0x2000/0x2000 table ovpnc2 prio 9991 + ip route flush cache + iptables -t mangle -D PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst -j MARK --set-mark 0x2000/0x2000 iptables: No chain/target/match by that name. + iptables -t mangle -A PREROUTING -i br0 -p tcp -m set --match-set VPNTEST dst -j MARK --set-mark 0x2000/0x2000 + basename ./vpn-route-nat-v2 + logger -t (vpn-route-nat-v2) 6809 Ending vpn-route-nat... ./vpn-route-nat-v2. admin@RT-AC68U:/jffs/scripts# traceroute 103.216.218.144 traceroute to 103.216.218.144 (103.216.218.144), 30 hops max, 38 byte packets 1 msk-b21-m14.ti.ru (212.1.254.230) 1.368 ms 1.195 ms 1.202 ms 2 * *^C
I really can't get the source of the issue
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!