Okay. It looks like my router is a version 1, not a version 2. When I tried to install OpenWRT for version 1, it suddenly worked perfectly (maybe v2 of the software runs sanity checking). When I I changed OpenWRT to a decent password, the summary screen said it had about 242 megs of memory. I found and installed the adblock package, added a couple of block lists (beyond the ones they "selected me" for, rebooted and then went to adblock-tester dot com. I scored 47 points out of 100.

Now, with the confusing info out there about how to determine whether I have version 1 versus version 2 of this router, well, I don't know what I'm going to say to this eBay seller. But if more blocklists interfere with each other, maybe I won't need the 1900 v2 with double the memory.

version is probably on the label - so people dont flash it with the wrong file

you dont need to reboot the router when adding stuff or changing firewall or addblock settings btw,
the pages for them have a button to restart the service on a running system.

It seems the WRT-1900 only has about 256 megs of RAM, so this router is the first version. Linksys does not always label version 1. It is as if they never realized they would make a second version later on. When I installed uBlock-Origin on Firefox for WIndows 7, and went to adblock-tester dot com, I blocked 100 percent of the things on their test web page. So the ad-blocking for OpenWRT as stj suggested, along with uBlock-Origin, and I don't actually NEED to install more hardware. But of course I'm going to.

(Very interesting, a "Pi-Hole" made with a raspberry pi can do this firewall / ad-blocking work easily. But all I remember (years ago) about raspberry hardware is that they NEVER had disk controllers. So I would have to get the bootup instructions from a different computer on my home network. And of course, I could never do that because I did not know about networking. And Louis Rossman was very much against me using those pre-made Raspberry firewalls anyway, because he could not do the sophisticated things he talks about with a Raspberry unit. I don't want to do those fancy things, and Raspberry units DO boot from microSD cards, so yes, I could have used a Raspberry. But I already have the 17cm by 17cm AM1/FM1 board [whatever it is], the AMD 5350, and the large passive heat sink, and since it is the MSI model, it can run from a laptop power adapter (and I own one of those also). So I'll boot from a cheap SSD and use the FM1 board with pfSense.)

I may be going into my attic in a few days. I am getting old, and I do NOT want to have to do this again. I moved the AT&T fiberoptic unit in my basement so it is closer to the spot where I can drop ethernet cable down through the walls. There are only two or three places in my house where I can do that.

If I replace the Cat5e cable in my walls with Cat6, is it really that much better?

i dont know about the latest Pi, but the older ones used an ethernet to usb controller and a usb hub, the main chip did everything over one usb port - so comms was slow.
if you want to use a compact computer then check on how they handle ports first.
maybe also check orange-pi / banana-pi
those where created to work around some weaknesses in the raspberry design like adding a sata controller

i think cat ratings are potentially a scam as long as your cables are copper and shielded (STP)
i recently did a load of cat7 for someone and other than the shielding it seemed to just be thicker insulation making it a bastard to work with.

DDWRT also has adblocks based on host lists. I use this one https://github.com/m-parashar/adblock

Thank you! I revisited the DD-WRT project and did not notice any capability like that. (EDIT: Until you posted that link.)

I finally got the Zyxel NWA50AX Pro a few minutes ago. The NWA90AX Pro just sold out everywhere, except for greedy people on eBay who want DOUBLE the price.

My 17cm by 17cm board has a "postage stamp" spot for a laptop wifi module. I own an RALink 3090 and a 5390. Both antenna terminals are attached to PCI-E brackets with sockets for the desktop "rubber ducky" antennas. Assuming I use the Intel X520-DA-2 network card (or the Intel i350) in my PCI-E slot, which RALink should I use in the "postage stamp" spot? Both seem to have the same capabilities (1x1:1 speed, 150 Mbps. 2.4 GHz radio only), so which is "better"? Does it matter?

The NWA50AX Pro does not have MAC authentication like the NWA90AX does (all MAC addresses I did not whitelist are denied access). Anyone who has the correct wifi password can connect. This does not affect me, since I do not worry about security like a corporation. And I think many wifi chips can spoof MAC addresses anyway.

It turns out pi-hole runs on Linux, and what else runs on Linux? KODI. Years ago I ran Kodi on one of my 17cm by 17cm boards, plugged into an HDMI port on my main television, but I dismantled it because I didn't use it very much. With lots of USB ports on the 17cm by 17cm board, I could bring Kodi back.

So as long as I keep the 50-foot ethernet cord plugged into the AT&T fiberoptic unit in my basement, I can reboot my Win7/Mint 18.3 KDE machine to find out what I did wrong. At some point, I can get the web interface working for pfSense Opnsense, or I can just go over to the keyboard and monitor on my 17cm by 17cm board and try to figure out what is going on. I could even put in an optical drive just long enough to install Ubuntu and Kodi.

So which "postage stamp" laptop wifi module should I use? The 3090 or the 5390? I heard that BSD works well with the 3090, shouldn't it also work fine with the 5390? What do you think?

no idea about the wifi chipsets - what are the specs?

Here they are:

http://techinfodepot.shoutwiki.com/w...ference_Design

http://techinfodepot.shoutwiki.com/w...ference_Design

Later on tonight I'll try to get everything working.

Okay, I got my equipment working. It was a most convoluted process, I gotta say.

First, plug the Windows 7 computer into the AT&T fiberoptic equipment (ethernet cable running across kitchen and down the basement stairs) and tell its DHCP server to assign devices an IP address in the 192.168.3.1 to 192.168.3.253. The wifi radios in the AT&T fiberoptic unit (both 2.4 GHz and 5 GHz) will never be used.

Second, disconnect the Win7 computer from the AT&T unit, and plug the AT&T unit into WRT-1900 I got from eBay (with custom OpenWRT firmware). Plug the Windows 7 computer into the WRT-1900. Log in to the WRT-1900, and tell the WRT-1900's DHCP server to give addresses in the 192.168.2.1 through 192.168.2.253 range.

Third, unpack the Zyxel NWA50AX Pro from the box, plug in the power brick, and plug the ethernet cord into the WRT-1900. Using Win7, log into the WRT-1900 and turn off the wireless radios and apply that change. Log into the NWA-50AX Pro and set up the wireless. Reboot the WRT-1900 and the NWA50AX Pro.

Fourth, remove Win7's ethernet connection from the WRT-1900 and try to reach the internet wirelessly through the Zyxel, which is still plugged into the WRT-1900.

Fifth, install and set up pfSense on the AMD 5350 system.

Sixth, plug the Win 7 computer's ethernet cable into the AMD 5350 system, and log into pfSense. Change the default password and write it down. Tell the DHCP server in the pfSense machine to hand out addresses between 192.168.2.1 and 192.168.2.253, exactly as the WRT-1900 did.

Seventh, shut down the Win7 computer and the AMD 5350 running pfSense. Take the ethernet cable between the Win7 machine and the pfSense machine and put it into storage. Plug an ethernet cable between the Zyxel and the pfSense machine.

If all goes well, the Zyxel NWA50AX Pro will take the 192.168.2.X address given to it by the AMD5350 machine (and the WRT-1900 before it), and give out addresses in the default 192.168.1.X range.

Eighth, log in to the pfSense machine, wirelessly, through the NWA50AX Pro, install pfBblocker NG, and follow Louis Rossman's directions to access and apply the DNS block lists. Do NOT click to use ALL of the feeds. A SENSIBLE number of block lists will go a long way.

NOTES:

First, the NWA50AX Pro uses WPA2-Personal with AES encryption instead of TKIP. Thankfully, Win7 can do that. I am using the same passphrase for 2.4 GHz and 5 GHz radios as always. So how did the ROKU device, Amazon Alexa and the Zapper Box ATSC 3.0 device know to switch to AES? We might never know.

Second, I have not run any speed tests yet. But I still have that 50-foot ethernet wire plugged into the AT&T unit, running up my stairs and across my kitchen. I can test my speed with AND without the pfSense hardware, and compare the speeds.

Third, I am not sure if pfSense recognized the "postage stamp" wifi card (RT3090 chip) in the AMD 5350 machine. I think it did not. And I don't think I can use the RT3090 OR the onboard LAN port on that 17cm by 17cm board. It kind of looks like pfSense wants ONE piece of hardware for LAN, and ONE for WAN. And that's all. And right now the 2-port Intel X520 PCI-E board is doing both.

Fourth, I'm not sure exactly how the "profiles" work on the NWA50AX Pro. It seems I can have up to EIGHT access points on this wireless access point, divided between the two radios. I can read the manual, then if I decide I need more profiles, I can plug both the NWA50AX Pro and the WIn7 machine into the WRT-1900, like the third step above, and use ethernet (and Firefox, of course) to access the NWA50AX Pro's setup screen to configure them, then put the WRT-1900 back into storage and use the pfSense machine again.

Fifth, the KASA smart light switch failed a week ago, and I had to reinstall the app on my smart phone to turn my lamp off. The KASA switch has now failed a second time, maybe I will have to reinstall the app again.

but i thought windows and SMART devices made life easier!

Okay, I did have pfSense working. Use 80x25 text mode to define which ethernet jack is for WAN and which is for LAN. After that, use the web interface (it will give you the address during setup, I think mine is currently 192.168.3.72), but then an adapter failed (SFP+ to RJ-45). So I shut down and put in the Intel I350 4-port PCI-e network card, and then reinstalled pfSense. Now I don't know what's going on.

When things did not work, I removed the pfSense SSD and installed a blank SSD and Linux Mint 18.3 KDE on the AMD 5350 machine. When I plug the ethernet jack from the Intel i350 board to the AT&T fiberoptic unit, and a separate ethernet cable from the Win7 machine to the AT&T fiberoptic unit, I can log in to the AT&T fiberoptic unit's web interface and clearly see that Linux Mint has requested an IP address.

But when I shut down, remove the Linux Mint SSD and put the pfSense SSD back in, the AT&T settings page shows pfSense did not obtain a DHCP lease. Do I need to log into the AT&T unit and static-assign 192.168.3.72 to the pfSense computer, then use the keyboard (80x25 text mode monitor is plugged into the AMD 5350 unit) and static-assign 192.168.3.72 as the WAN address, then reboot both the AT&T and the pfSense machines? I tried that, it didn't work.

Should I tell the pfSense machine to use DHCP for WAN? Why? I don't understand. Shouldn't pfSense petition the upstream AT&T unit for a DHCP lease in some standard "RFC" internet-approved way, and just take whatever address it is given? To me, "use DHCP for WAN" seems to suggest the pfSense/AMD 5350 unit is telling the upstream AT&T what address the AT&T unit must give. I do hope I am wrong.

Should I tell the pfSense machine to "use DHCP for WAN" but tell the AT&T unit to static-assign?

How can I FORCE the pfSense/AMD5350 to request for a DHCP lease from the AT&T unit, or verify that it did so? If I want to engage my engine and my tires, I know what to do. Put the car in gear and remove my foot from the clutch (whether car engine is running or not). But how to verify "engagement" to get a DHCP lease is not something I know how to do. I can use the "ping" command to verify. But why is the lease often not reflected in the AT&T unit's settings page?

I am tempted to just go ahead and buy the pfSense hardware from netgate dot com. Their technical support would get me up and running. But a forum post there suggests the eMMC storage in their compact ARM-powered devices does not last for many write-cycles.

Any idea what is going on here? When bits and bytes don't get where they need to go, how do I diagnose this?

Okay, I put the WRT-1200 in between the AT&T unit and the Zyxel wireless access point, and got it working. Then I removed the WRT-AC1200 and inserted the WRT-AC1900 and got that working. Then I removed the WRT-AC1900 and inserted the pfSense (AMD 5350) and got that working. I'm still not sure how I did it.

Do I really need to FORCE the AT&T unit to give a specific IP address to the MAC address of the WAN port on the pfSense (AMD 5350)? I'll probably never know.

My advice: Keep a list of settings (IP addresses, passwords, and maybe some other settings, for all possible combinations of equipment you have) on your local hard drive, a second copy on paper, and possibly a third copy on a USB stick.

I may need to reset my Amazon Alexa, and reset the TP-Link HS100 smart switch, to turn on the lamps in my front room, but I should be fixed now. I just hope I never, EVER have to go through this again !!!

As for madan1's suggestion about the DD-WRT ad blocking, I do appreciate it, thank you. But I did not see it. But maybe I was not looking diligently or in the right place.