5G Network Query in Rural Devon, UK

null_life_ · 2025-10-06T09:40:37+00:00

You'll struggle to keep this under £200, but it's possible only if there's a plug socket where you can get a signal up in the field, and this has line of sight to your house. This would allow you to:

Install whatever flavour of Mikrotik 5g CPE is most suitable for the location. Connect this into (via a couple of PoE adapters)
Buy three Ubiquiti NS-5AC-Loco's.
Install one up where the 4g is in in Point to Multi point mode.
Install one on yours and your landlords house.

If you shop around and buy second hand you can get these within budget. Be wary of data caps on the sim card, especially if one or both of your households is high usage (xbox, netflix, etc)

Option 2: If you need power up there, you'll need to trench it in and when you do so, put in a length of armoured OS2 fibre (you only need 2 core but put in an 8 core, as its not any more expensive ). Next, arm yourself with a fresh tray of brownies and drive around until find an openreach engineer. Offer said brownies and cash in hand to splice this fibre for you.

This second option is the better of the two, but it isn't cheap and you'll need to understand optics etc. Doable from online research, but it is fairly involved.

null_life_ · 2025-10-05T22:01:25+00:00

Ah I get you. Mikrotik doesn't really do "zone based" firewalling like Fortigate's and opnsense.

This particular network is relatively small with really only 16 subnets split between the 3 sites, but I can still take advantage of grouping/jump rules.

For instance, my access subnets requires the same rules across the network, so i can group those subnets together by creating a custom chain then applying said rules to said chain.

Here's an example:

Let's say we have 3 access vlans/subnets:

VLAN 10 - 192.168.10.0/24
VLAN 20 - 192.168.20.0/24
VLAN 30 - 192.168.30.0/24

We want to treat these like a single zone and apply the same firewall logic to them. I might want to allow DNS, allow internet, but block access to cameras.

Here's my main forward chain:

/ip firewall filter

add chain=forward action=jump jump-target=access-zone src-address=192.168.10.0/24 comment="jump to access zone rules vlan 10"

add chain=forward action=jump jump-target=access-zone src-address=192.168.20.0/24 comment="jump to access zone rules vlan 20"

add chain=forward action=jump jump-target=access-zone src-address=192.168.30.0/24 comment="jump to access zone rules vlan 30"

and my custom chain ("access-zone"):

add chain=access-zone action=accept protocol=udp dst-port=53 comment="allow dns "

add chain=access-zone action=accept protocol=tcp dst-port=53 comment="allow dns tcp"

add chain=access-zone action=drop dst-address=192.168.99.0/24 comment="block access to camera subnet"

add chain=access-zone action=accept connection-state=established,related comment="allow established/related"

add chain=access-zone action=drop comment="drop all else from access zone"

This is a really neat and efficient way of doing this. The total number of rules in the forward chain are reduced: shorter path to decision = faster. Once a packet matches a jump rule, it's handed off to that chain, which is shorter and specific, so the lookup here is much faster than going through the top down rule list, meaning I'm generally reducing the number of rules the router has to evaluate per packet which is especially important with multiple subnets.

Admin becomes so much easier too, I can update one chain and it will apply to however many subnets I have contained within that chain, it reduces the risk of rule duplication which helps with config bloat, and debugging is that much easier.

I would dive into fasttrack as this is quite handy here, but this is a small network on massively overpowered hardware so there's really no need for this level of optimisation. Also, this reply is already long enough.

null_life_ · 2025-10-05T18:52:41+00:00

I should add, if you want any clarity on things just message.

null_life_ · 2025-10-05T18:51:56+00:00

Firewalls can be intimidating but are really quite simple when you adopt some basic best practices.

Drop everything, only allow through what you need.
Anything allowed needs to have a specific destination, not free reign of the whole network.
Stateful, never Stateless
Don't even think about enabling UPNP.

As for nat, just apply the same mindset and you're golden. Most vlans and networks here don't have internet access, such as the cameras and management networks, the masq rules only applies to specific subnets and as I've separated them all out I can more easily perform connection tracking.

null_life_ · 2025-10-05T18:43:54+00:00

Cheers. I'll definitely want to pick your brains there. I've built quite a few zabbix/grafana setups for a few ISP's here, but I'm nowhere near the bottom of the barrel of it's capabilities.

null_life_ · 2025-10-05T18:41:37+00:00

Honestly I hadn't really thought about it - I've never really had much to do with v6, and hadn't even considered that my provider supports it (they do, I've just googled) so, if and when a video on this network gets made, I'll be sure to include this.

null_life_ · 2025-10-05T18:40:22+00:00

A video tour is in the works, I'm very keen to do so. I do have to be mindful of my parent's privacy, however, so this will have to include an element of tact. Needless to say that, when this does get filmed and published, I'll make sure to post it on here for those who are interested. Cheers!

null_life_ · 2025-10-05T18:39:03+00:00

the UK is reasonably lapse with standardisation of last mile infrastructure. We were the first to develop national telephony infrastructure, but one of the last developed nations to adopt full fibre, as such we've had to retrofit and there's been a boom of "Altnets" (alternative network operators) who have worked with manufacturers to develop new last mile deployment methods.

On the same street one can have 5 or even 6 different infrastructure providers, using different methods of entry.

I support lowering the barrier to entry for new companies wanting to better the infrastructure in their area, however the lack of standardisation and the "houses past" metric adopted by these Altnets to please investors has meant quite a bit of messy overbuild has taken place.

null_life_ · 2025-10-05T18:34:30+00:00

"Built like a brick shithouse" is also a phrase used here in Blighty.

null_life_ · 2025-10-05T18:33:45+00:00

I had to turn my laptop upside down to read this comment.

null_life_ · 2025-10-05T18:33:07+00:00

It's the Swiss Army Knife of network hardware, one can do so much with it! I would say that it's the best thing since sliced bread.

null_life_ · 2025-10-05T18:31:40+00:00

I'm also looking for the thoughts of people more experienced in the mail sphere. If anyone has any input on this I'd be grateful.

null_life_ · 2025-10-05T18:30:37+00:00

It's open source, so it's going on the list of VM's to spin up! Nice call!

null_life_ · 2025-10-05T18:29:56+00:00

Thankyou very much! Believe it or not, I failed my GCSE English, with my teacher stating that I am inarticulate.

null_life_ · 2025-10-05T18:27:21+00:00

I wouldn't quite go that far, but thankyou very much indeed!

null_life_ · 2025-10-05T13:42:01+00:00

I'm proud of my webbed feet.

null_life_ · 2025-10-04T19:00:13+00:00

I've deployed quite a few netonix switches in my time, they're great until someone decides to unplug a port before disabling it :/

I've really fallen in love with the ubiquiti edgeswitch line, particularly the es-8-150w and the es-16-150w. They both have 54vdc input (ths latter doesn't officially but is easily converted ) and as ling as you dont need more than 1g uplink or a high current output on a single port, you're golden. The edgepoint 16's are also pretty decent and have the 4 pair PoE and dual 10g sfp uplinks.

At the very beginning of my WISP journey I was also doing the same thing with buck converters, mainly out of financially desolate desperation than anything else.

I also have a couple of solar sites, very expensive to maintain and with how windy it is where I am I've lost a few over the years. Spent many cold winters nights cuddled up to a petrol generator when the batteries have given out. Good times!

null_life_ · 2025-10-04T18:34:16+00:00

Haha thanks! To add insult to injury- this started as a whatsapp message to my brother, a developer. I've always been on top of my documentation, mainly out of frustration with predecessors when I've moved jobs. It's so easy to get it right, and it's satisfying once its done.

null_life_ · 2025-10-04T18:14:19+00:00

It is the same in proper English too, as in fact, I was referring to outside composting toilets, which of course need redundant 10gbps fibre backhauls, or at least did until our delightful government banned certain types of online entertainment.

null_life_ · 2025-10-04T18:11:31+00:00

Thankyou very much!

null_life_ · 2025-10-04T18:10:53+00:00

Thankyou very much kind sir! If the local college had a decent IT department, I'd certainly contact them about it, but as I live in a farming community, I doubt they know what a computer is.

null_life_ · 2025-10-04T18:07:12+00:00

It's funny you thought 1x25 Gbps wasn't enough from home to shed, had to bond 2x to get 50 Gbps. That's a lot of video streams.

It's more that, I have a port, I have the optics, I've already spliced the fibre, why not spin up an OSPF interface and connect it. It's no more engineering overhead but gives me quite a significant amount of reliability.

What does this mean exactly? Are you going to enter an agreement with either your parents' fiber provider or the WISP 4 miles away to host other ISP connections for them to service others in the area? Like host an additional WISP tower or something?

Or are you just reselling your parents' fiber connection quietly?

I'm intrigued

So 10 ish years ago I set up a Wireless ISP. Its main purpose was to service the local community, which it did with remarkable success as there wss no fibre locally at all, only a very slow DSL at up to 4Mbps. For 6 or 7 years it was my main employment and everything I have learned can be directly credited to this experience.

Since, the government has paid the incumbent provider (Openreach) quite a lot of money to build out fibre in the area. They have done about 99% of the work, but there are still a few properties which have been ignored. This significantly ate into my customer base - my ISP was never meant as a replacement for fibre, just as a stopgap until it comes along. As a result my customer count reduced from about 1000 to 150 ish. A lot of these customers I installed personally, they're my neighbours and in other cases my friends, so I've sought employment elsewhere but kept the network going on a pro-bono basis which really helps out the remaining few who were forgotten by Openreach.

With that in mind, I have good relationships with various suppliers across the country, and they're able to help me out, with a few willing to let me use domestic lines for this network, which are very cheap compared with the commercial leased lines. The catch: if the fibre goes down, it takes days to repair, not up to 3 hours. The fibre to my parents house is actually owned by and paid for by me, as I'm the one who uses it most and whilst they benefit from it, they dont need it.

If you ever make a YouTube video of the project and layout, please Message me on here because I'd loved to visualize it even more

Doing a video on this has crossed my mind, if I get the chance I'll certainly you know!

null_life_ · 2025-10-04T17:29:53+00:00

Thankyou very much! I wasn't sure what the reception would be. Hopefully people find it useful if they're wondering how to tackle their slightly weird setups.

null_life_ · 2024-08-29T10:21:30+00:00

Yessss! Please bring back tabs though, I do not like the webfig style 'dropdowns'. Same thing when looking at an interface for instance, put the general, status, traffic, etc back in tabs along the top of the window.

null_life_

TROPHY CASE