

Tell HN: I want a managed router for my house - ShabbyDoo

It's rare for anyone to connect a broadband modem directly to a single computer anymore.  Almost everyone plugs his modem into a consumer-grade WiFi AP/Router device which costs &#60; $50.  The basic stuff works well enough, but it's fundamentally broken for many reasons:<p>A WiFi router connected to the 'net is both the riskiest and most important piece of my house's network security.  Does my firmware have an exploitable bug?  Is my firewall properly configured?  I'm a developer, and I'm not entirely certain that my own routers are configured properly.  What are my parents supposed to do?   Router manufacturers rarely update firmware to fix bugs or provide additional functionality, and there have been many cases where even publicly available security issues went un-resolved.  Must I buy a new router every few months?<p>More and more devices are competing for limited bandwidth.  I had to do a bunch of Googling to find a script to give a low QOS to backblaze.com traffic.  Had I not done this, initial back-up of my desktop computer would have taken WEEKS longer.  Grandma doesn't want to understand iptables.  When a router was used so two computers could be used to browse the web, little configuration was required.  But now...<p>Here's what I want....A router where maintenance, configuration, and continuous security are not afterthoughts.  I'm imagining a WiFi router that looks pretty much like any other consumer-grade router except that, instead of providing a crappy web interface for configuration, it phones "home" to StartupX's router management service.  I go to startupx.com and use the nice, helpful configuration utilities to tell my router what services it ought to be providing.  And, by service, I don't mean "forward UDP/TCP to port X locally" -- I mean "I use Skype from my desktop computer, so make it fast please."  Oh, and I use backblaze, so make it fast as long as it doesn't hinder anything else.  And, help me pick the right kinds of wireless security for the devices in my house.  Could the router also have a continuously-updated active firewall?  Could I teach it which device is my Droid just by pulling up a special web site when commanded by the management site?  Oh, and I use BitTorrent.....can you make sure I don't screw that up royally?<p>From a touchy-feely standpoint, I want to be confident that I'm not exposing myself to security risks I'm unaware of. And, I just want this problem to go away. I'm willing to pay not only for the device, but I'll pay per month for management, updates, and support.<p>I did some brief Googling and couldn't find anything like this for consumers.  Various ISPs are selling managed routers for businesses, but nobody is in the consumer space.  Am I off my rocker?  After spending a few hours over the holidays updating the routers in my house, I started thinking about alternatives.  I'm posting this here because this is something I want to buy, but it's not a business that I think I'm well-suited to start.<p>Edited shortly after initial posting.
======
noonespecial
We do this exactly for large companies with many small offices that they don't
want to manage individually. We limit the number of offices in a minimum order
to 10. This was a hard lesson. We started off dreamy-eyed with onesies and
twosies but were rapidly buried under a sea of _"and it also has to..."_.

We'll do smaller numbers if a customer really wants it but the price per month
of any number of units 10 and under is $950/month. (So we bill for 10, even if
they only use 2)

The shocking truth we discovered about this market is that it doesn't matter
if its one location or a thousand, one computer or 10k, each _customer_
requires about the same amount of work on a monthly basis. If you control the
router, you are the defacto first-call for any trouble in the office/home.
They've outsourced their IT, and its _you_.

For the curious, we deploy a custom baked read-only Centos distro on compact
flash running on Soekris boards. When more oomf is needed, we move up to
lanners. Wireless radios are 'CM9" A/B/G atheros.

If you want to make a go of it, you can fully kit out at
<http://www.netgate.com> (1)

Its not really a "startup" in our classical HN definition as it scales most
linearly and only works as well as your best engineer, but I'd be happy to
answer any questions from people who are interested in working this type of
angle, or even doing some development for your own particular flavor. (2)

(1) I don't have any affiliation with netgate beyond getting to know the guys
down there and _really_ appreciating all they did to help us get going.

(2) I've been kicking around the idea of a home version coupled with a
distributed VNC powered helpdesk for several years now but haven't found the
right group of people/motivations to make a go of it yet. The numbers are hard
( _very_ ), but the market would be limitless.

~~~
ismarc
Hearing you describe this had me envisioning the following shrink wrap
product:

buy "Secured home router"

plug in cables

turn on

launch web browser

captive portal configuration screen

configuration goes through common steps, advanced options buttons for those
who know what they're doing, one of which is an option for 1 month free
software upgrade/virus/malware/firewall administration, 3/6/9/12 month
subscription rates and sign-up process.

Actual functionality is: firewall provides reasonable QoS parameters for a
shared internet connection and prioritizing traffic in a manner that benefits
user-interactive applications (HTTP(S) over p2p, etc.), dns blackhole for
known malicious domain names, updating firewall rules for blocking known bad
IPs (stolen abandoned blocks, etc.), captive portal style page hijacking for
sites known for malicious content (with an ignore this warning button),
software updates, configuration backup to a central server.

The main issue I can think of is that the end user wants to feel like they're
completely uninhibited on the internet. The problem is that to protect against
most real threats, there's trade-offs and you'll have a 5-10% error rate for
blocking traffic the user really wanted. This means that support would be a
difficult cost to overcome, but I think a url on the system that resolves
locally to the router to provide a "what problem are you having yes/no" style
troubleshooter could help prevent a large number of complicated call ins.

All in all, this sounds like a really interesting problem with two sales
domains: target the consumers directly and target ISPs looking to have another
value-add to their internet products.

~~~
ShabbyDoo
Yeah. This is pretty much what I'm thinking about. The core feature is, "I get
to solve this 'want stuff to work in my house' problem and live my life
without learning how to configure QOS, etc"

>the end user wants to feel like they're completely uninhibited on the
internet.

People I know are more concerned that they're unsafe because of their set-ups.

"problem with two sales domains"

I hadn't thought much about the indirect sales model, and this might be where
the money is long-term. I'd also argue that hard-to-use routers are likely the
root cause of many telco consumer tech support calls. Perhaps the value in the
telco reselling such a solution would be to reduce its own costs.

------
whalesalad
Have you ever played around with DD-WRT? <http://www.dd-wrt.com/site/index>

Grab yourself a WRT54G (or WRT54GL, L for LINUX) and you won't regret the
combination :D

~~~
ShabbyDoo
I have a total of four DD-WRT routers in my house. One is the "main" router,
and the others exist to provide wireless distribution to devices lacking WiFi
(DishTV box, etc.). It works well enough, but it's way too hard to configure.
Just finding the right distro on the dd-wrt site is enough to prevent 99% of
the US population from using it. Would you like the version with Kaid? std,
min? Who knows?

------
mieses
OpenWRT is more configurable than DD-WRT.

you might also look at <http://www.fon.com/>. The Fonera 2.0 is close to the
service you describe. The Fonera routers are built with OpenWRT,
coincidentally.

~~~
ShabbyDoo
Upvoted for Fonera. These guys have added value to the router. I haven't
looked at their site enough to know if they have made security/configuration
easy.

------
macemoneta
You want one of the routers that can run a third party Linux router
distribution. Take a look at:

<http://www.myopenrouter.com/>

The Netgear WNR3500L with DD-WRT firmware is as close as you're going to get
for a reasonable price (about $100 USD).

Edit: The feature list for DD-WRT is here:

[http://www.dd-wrt.com/wiki/index.php/What_is_DD-
WRT%3F#Featu...](http://www.dd-wrt.com/wiki/index.php/What_is_DD-
WRT%3F#Features)

~~~
ShabbyDoo
I don't doubt that there are many solutions that are great feature-wise. What
I want is something easy that works. It's now mindless to connect a Windows
7/OSX/whatever computer to a WiFi network, but setting up such a network in
one's own home in a secure way is too much to ask of my relatives.

The innovation isn't in features, it's that you don't have to work in IT to
have enough knowledge to configure it. Home networking is not a problem most
people want to think about. They just want it to work.

We have a "dual fuel" HVAC system. It switches between electric and gas for
heat depending on the outside temperature (electrical heat is very efficient
in fall/winter given our relative fuel costs). The HVAC guys had all sorts of
suggestions on how to tweak out additional savings by adjusting various
parameters (temp for fuel cross-over, +/- range allowed in home, etc.) and
were very excited about the possibilities. I just wanted the control unit to
figure out what some reasonable settings were and to monitor performance.

------
wmf
This is similar to Meraki's remote management for wireless APs.
[http://meraki.com/products_services/cloud_controllers/enterp...](http://meraki.com/products_services/cloud_controllers/enterprise/)

~~~
ShabbyDoo
Yeah. This is the kind of thing I'm talking about except for consumers who
have a few devices in their homes.

------
patrickgzill
PfSense or m0n0wall for something basic, you supply the hardware.

There is untangle.com also, they may have something closer to what you are
looking for.

~~~
ShabbyDoo
Upvoted for untangle. This seems like a business version of what I envisioned.

The distros are nice, but my relatives aren't going to get past the homepage.
The product I want isn't for me so much as for the people whose routers I've
set-up/managed over the years.

------
CyberFonic
And how much would you like to pay per month???

~~~
ShabbyDoo
$5? $10? I'm not asking for hands-on support. All I want is a nice web
interface with a bunch of wizard-like, goal-oriented config tools.

------
oomkiller
Grab an old PC and go with PfSense, or you can use Vyatta. Both are open
source. What would be awesome is if we could all just get rid of NAT
completely with IPV6, and never have to worry about port forwarding or
anything like that again!

------
wendroid
A fanless EPIA 500 with OpenBSD on a CF card.

