I’m trying to make my first server (Immich + Navidrome + Nextcloud running on Debian, will use WireguardVPN for remote access), but my crappy XFinity router (XB7) just won’t port forward at all to my server machine. I’ve tried so many things to make it work, so the best thing I can do now is buy my own router so that I can just use the Xfinity router as a bridge. Do you guys have recommendations for a secure, customizable enough, and long-distance router good for 6 people?
I use very popular router by Gl.Inet called Flint 2 (GL-MT6000). Goes on special for about $125 USD. Great specs, solid device.
Fully supported by OpenWRT, and I recommend flashing to that so that you have completely FOSS software with no possibly hijinks from the manufacturer’s OEM OS.
You’ll need to read some guides or watch some vids to get you set up on OpenWRT, bit of a learning curve, but it has everything you could possibly need. Check it out.
If your router works for everything but that, I would recommend looking into Tailscale instead of a Wireguard VPN or run a Cloudflare tunnel as a service on the Debian host. Tailscale is free for personal use and is Wireguard under the hood with an orchestrator bolted on. I have done just about everything here has said at some point. I’m running a 10Gbps capable OPNSense firewall. For services outside my network I have several LXC containers with Cloudflare tunnels (broken out by service type) and I have Tailscale installed on one of my physical Debian hosts as an exit node.
If you just want access to everything while your out, Tailscale for your devices. If you want friends to be able to access, then Cloudflare tunnel. Neither require buying anything new.
keep in mind it may not be your router’s fault you can’t accept incoming connections, you may be behind cgnat. if you are, you need a reverse proxy like cloudflare tunnels
Cloudflare tunnels is more than just a reverse proxy, but agreed. That might be the better option regardless. If you’re Cloudflare-averse, you can use Tailscale funnels, or spin up your own rproxy+tunnel solution (there are plenty out there, such as Rathole, Zrok, or frp).
I think rathole is unmaintained. It hasn’t been updated in forever and basic features like proxy protocol are just sitting there waiting for a new release to make them available. I ended up replacing rathole with gost and I actually like it better. I can run an identical setup to rathole with straightforward command line parameters instead of a config file (though a config file can also be used).
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters LXC Linux Containers PoE Power over Ethernet SSD Solid State Drive mass storage VPN Virtual Private Network
4 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.
[Thread #276 for this comm, first seen 6th May 2026, 20:40] [FAQ] [Full list] [Contact] [Source code]
Used SFF PC: $40
Pcie 10gbe network card: $30
OPNsense: free
Done.
Where can I get SSF PC for $40? What am I looking for in particular?
eBay, FB marketplace, craigslist. Basically any dell, hp, or Lenovo workstation big enough to have a pcie slot.
Intel is usually the most prevalent. 6th or 7th Gen i3 or better. 4 to 8G ram, at least a 64G SSD.
Here’s one that’s a little overkill on the ram. But you’ll need a cheap small SSD if you get it.
OpenWRT gets a lot of love around here, incorrectly.
If you are willing to flash custom software to a router you bought for that purpose, you may as well just pick the better option and put pfSense or (better) OPNsense on a mini PC with two Ethernet ports.
The router running OpenWRT will usually be a lot less power hungry than a mini PC, ethernet switch and access point.
That really depends. And whether or not it matters at all depends on the cost of electricity where OP is.
Its high everywhere.
It is absolutely not.
I think the added benefit of an OpenWRT router is, you get 3 more ports (for your TV, Playstation and PC), plus a Wifi network. And it’s really hard to break it. But a MiniPC with OPNsense, of course will be more powerful. And some more advanced things have been notoriously difficult to set up in OpenWRT, maybe OPNsense does it a bit better.
if you have an uplink of 1 Gbit/s or less, you can easily solve the problem of ports by purchasing a switch for $3. By the way, there is a mini PC with 4/6/8 ports and even with optical fiber.
and in general, if topic starter build own server, he can just build a router out of it too. the set of programs is not very large: kea-dhcp, radvd, iptables. that’s all. for WiFi, you will need a compatible card in the server or a separate access point like ubiquity.
Yup, it’s when you want to get above the 1Gbps speeds that the switches tend to get expensive. That and whether they are managed with VLAN’s or not.
