Symfony Profiler

null

Proxies\__CG__\App\Entity\Entry {#1691
  +user: Proxies\__CG__\App\Entity\User {#2411 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#2013 …}
  +slug: "Feedback-on-Design-and-Firewall-Options"
  +title: "Feedback on Design and Firewall Options"
  +url: null
  +body: """
    All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
    \n
    Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
    \n
    I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
    \n
    This is a sketch of what I think I want to achieve:\n
    \n
    ![](https://lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)\n
    \n
    ### Connections\n
    \n
    - The Consoles will connect only to the internet\n
    - The Home Devices (printers) will connect only to the Home WKS\n
    - There will be a NAS device hosting VMs with services accessible only from the home network: \n
        - The Home Automation will connect to IoT\n
        - The Recipes will connect to Home Wks\n
        - The Data Archive will connect to Home Wks\n
        - Jellybean will connect to: \n
            - Home Wks\n
            - TV\n
        - *arr Stack will connect to: \n
            - The Internet\n
            - the NAS (presumably Jellybean)\n
    - The Home WKS connect to pretty much anything\n
    \n
    ### Available Hardware\n
    \n
    - OpenWRT compatible Router\n
    - 2.5gbs Unmaged Switch\n
    - 1gbs Unmaged Switch\n
    - QNAS with 2x2.5gbs NIC, running TrueNas\n
    - A few Rpis of different specs\n
    \n
    Questions\n
    =========\n
    \n
    #### Firewall\n
    \n
    My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
    \n
    - What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
    - What do you think of Netgear 1100?\n
    - I like this device since 3ports would allow me to create a physically separate DMZ\n
    - Should I consider other firewalls?\n
    \n
    #### NAS\n
    \n
    For Bonus Points, some questions regarding the NAS:\n
    \n
    - With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
    - Should i locate the entire NAS in the DMZ?\n
    - My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
    \n
    Thanks for your time!
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 7
  +favouriteCount: 22
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1728288680 {#2133
    date: 2024-10-07 10:11:20.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2040 …}
  +votes: Doctrine\ORM\PersistentCollection {#2349 …}
  +reports: Doctrine\ORM\PersistentCollection {#2141 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2164 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2314 …}
  +badges: Doctrine\ORM\PersistentCollection {#2328 …}
  +children: [
    App\Entity\EntryComment {#1692
      +user: App\Entity\User {#265 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1691 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1686 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1689 …}
      +body: """
        I’ll make a note here that a firewall is useful for internal traffic, too. Those IoT devices can get pretty annoying, so you’d want to e.g. drop your cheap webcams into a VLAN and disallow them from talking to enjoying but their cloud, and especially the other VLANs, or isolate Alexa capable device so it won’t try to figure what else you got there in your house over mDNS (it will).\n
        \n
        A managed switch would do nicely. Having isolated ports on the switch (and the wifi AP) is also great if you want to make sure the specific device will only talk to the gateway and not its peers.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1706098966 {#1705
        date: 2024-01-24 13:22:46.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@OpenTheSeaLegs@lemmyf.uk"
        "@atzanteol@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1680 …}
      +nested: Doctrine\ORM\PersistentCollection {#1683 …}
      +votes: Doctrine\ORM\PersistentCollection {#1702 …}
      +reports: Doctrine\ORM\PersistentCollection {#1596 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1613 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1621 …}
      -id: 336487
      -bodyTs: "'alexa':53 'also':92 'annoy':22 'ap':90 'capabl':54 'cheap':31 'cloud':45 'd':25 'devic':18,55,102 'disallow':37 'drop':29 'e.g':28 'els':64 'enjoy':42 'especi':47 'figur':62 'firewal':9 'gateway':108 'get':20 'got':66 'great':93 'hous':70 'intern':13 'iot':17 'isol':52,82 'll':2 'make':3,98 'manag':76 'mdns':72 'nice':80 'note':5 'peer':112 'port':83 'pretti':21 'specif':101 'sure':99 'switch':77,86 'talk':40,105 'traffic':14 'tri':60 'use':11 'vlan':35,50 'want':26,96 'webcam':32 'wifi':89 'won':58 'would':78"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://fstab.sh/comment/1504370"
      +editedAt: null
      +createdAt: DateTimeImmutable @1706098966 {#1795
        date: 2024-01-24 13:22:46.0 +01:00
      }
      +"title": 336487
    }
  ]
  -id: 32551
  -titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
  -bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1706084419
  +visibility: "visible             "
  +apId: "https://lemmyf.uk/post/4971341"
  +editedAt: null
  +createdAt: DateTimeImmutable @1705999419 {#1737
    date: 2024-01-23 09:43:39.0 +01:00
  }
  +__isInitialized__: true
   …2
}

Proxies\__CG__\App\Entity\Entry {#1691
  +user: Proxies\__CG__\App\Entity\User {#2411 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#2013 …}
  +slug: "Feedback-on-Design-and-Firewall-Options"
  +title: "Feedback on Design and Firewall Options"
  +url: null
  +body: """
    All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
    \n
    Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
    \n
    I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
    \n
    This is a sketch of what I think I want to achieve:\n
    \n
    ![](https://lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)\n
    \n
    ### Connections\n
    \n
    - The Consoles will connect only to the internet\n
    - The Home Devices (printers) will connect only to the Home WKS\n
    - There will be a NAS device hosting VMs with services accessible only from the home network: \n
        - The Home Automation will connect to IoT\n
        - The Recipes will connect to Home Wks\n
        - The Data Archive will connect to Home Wks\n
        - Jellybean will connect to: \n
            - Home Wks\n
            - TV\n
        - *arr Stack will connect to: \n
            - The Internet\n
            - the NAS (presumably Jellybean)\n
    - The Home WKS connect to pretty much anything\n
    \n
    ### Available Hardware\n
    \n
    - OpenWRT compatible Router\n
    - 2.5gbs Unmaged Switch\n
    - 1gbs Unmaged Switch\n
    - QNAS with 2x2.5gbs NIC, running TrueNas\n
    - A few Rpis of different specs\n
    \n
    Questions\n
    =========\n
    \n
    #### Firewall\n
    \n
    My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
    \n
    - What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
    - What do you think of Netgear 1100?\n
    - I like this device since 3ports would allow me to create a physically separate DMZ\n
    - Should I consider other firewalls?\n
    \n
    #### NAS\n
    \n
    For Bonus Points, some questions regarding the NAS:\n
    \n
    - With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
    - Should i locate the entire NAS in the DMZ?\n
    - My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
    \n
    Thanks for your time!
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 7
  +favouriteCount: 22
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1728288680 {#2133
    date: 2024-10-07 10:11:20.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2040 …}
  +votes: Doctrine\ORM\PersistentCollection {#2349 …}
  +reports: Doctrine\ORM\PersistentCollection {#2141 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2164 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2314 …}
  +badges: Doctrine\ORM\PersistentCollection {#2328 …}
  +children: [
    App\Entity\EntryComment {#1692
      +user: App\Entity\User {#265 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1691 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1686 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1689 …}
      +body: """
        I’ll make a note here that a firewall is useful for internal traffic, too. Those IoT devices can get pretty annoying, so you’d want to e.g. drop your cheap webcams into a VLAN and disallow them from talking to enjoying but their cloud, and especially the other VLANs, or isolate Alexa capable device so it won’t try to figure what else you got there in your house over mDNS (it will).\n
        \n
        A managed switch would do nicely. Having isolated ports on the switch (and the wifi AP) is also great if you want to make sure the specific device will only talk to the gateway and not its peers.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1706098966 {#1705
        date: 2024-01-24 13:22:46.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@OpenTheSeaLegs@lemmyf.uk"
        "@atzanteol@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1680 …}
      +nested: Doctrine\ORM\PersistentCollection {#1683 …}
      +votes: Doctrine\ORM\PersistentCollection {#1702 …}
      +reports: Doctrine\ORM\PersistentCollection {#1596 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1613 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1621 …}
      -id: 336487
      -bodyTs: "'alexa':53 'also':92 'annoy':22 'ap':90 'capabl':54 'cheap':31 'cloud':45 'd':25 'devic':18,55,102 'disallow':37 'drop':29 'e.g':28 'els':64 'enjoy':42 'especi':47 'figur':62 'firewal':9 'gateway':108 'get':20 'got':66 'great':93 'hous':70 'intern':13 'iot':17 'isol':52,82 'll':2 'make':3,98 'manag':76 'mdns':72 'nice':80 'note':5 'peer':112 'port':83 'pretti':21 'specif':101 'sure':99 'switch':77,86 'talk':40,105 'traffic':14 'tri':60 'use':11 'vlan':35,50 'want':26,96 'webcam':32 'wifi':89 'won':58 'would':78"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://fstab.sh/comment/1504370"
      +editedAt: null
      +createdAt: DateTimeImmutable @1706098966 {#1795
        date: 2024-01-24 13:22:46.0 +01:00
      }
      +"title": 336487
    }
  ]
  -id: 32551
  -titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
  -bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1706084419
  +visibility: "visible             "
  +apId: "https://lemmyf.uk/post/4971341"
  +editedAt: null
  +createdAt: DateTimeImmutable @1705999419 {#1737
    date: 2024-01-23 09:43:39.0 +01:00
  }
  +__isInitialized__: true
   …2
}

Proxies\__CG__\App\Entity\Entry {#1691
  +user: Proxies\__CG__\App\Entity\User {#2411 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#2013 …}
  +slug: "Feedback-on-Design-and-Firewall-Options"
  +title: "Feedback on Design and Firewall Options"
  +url: null
  +body: """
    All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
    \n
    Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
    \n
    I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
    \n
    This is a sketch of what I think I want to achieve:\n
    \n
    ![](https://lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)\n
    \n
    ### Connections\n
    \n
    - The Consoles will connect only to the internet\n
    - The Home Devices (printers) will connect only to the Home WKS\n
    - There will be a NAS device hosting VMs with services accessible only from the home network: \n
        - The Home Automation will connect to IoT\n
        - The Recipes will connect to Home Wks\n
        - The Data Archive will connect to Home Wks\n
        - Jellybean will connect to: \n
            - Home Wks\n
            - TV\n
        - *arr Stack will connect to: \n
            - The Internet\n
            - the NAS (presumably Jellybean)\n
    - The Home WKS connect to pretty much anything\n
    \n
    ### Available Hardware\n
    \n
    - OpenWRT compatible Router\n
    - 2.5gbs Unmaged Switch\n
    - 1gbs Unmaged Switch\n
    - QNAS with 2x2.5gbs NIC, running TrueNas\n
    - A few Rpis of different specs\n
    \n
    Questions\n
    =========\n
    \n
    #### Firewall\n
    \n
    My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
    \n
    - What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
    - What do you think of Netgear 1100?\n
    - I like this device since 3ports would allow me to create a physically separate DMZ\n
    - Should I consider other firewalls?\n
    \n
    #### NAS\n
    \n
    For Bonus Points, some questions regarding the NAS:\n
    \n
    - With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
    - Should i locate the entire NAS in the DMZ?\n
    - My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
    \n
    Thanks for your time!
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 7
  +favouriteCount: 22
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1728288680 {#2133
    date: 2024-10-07 10:11:20.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2040 …}
  +votes: Doctrine\ORM\PersistentCollection {#2349 …}
  +reports: Doctrine\ORM\PersistentCollection {#2141 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2164 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2314 …}
  +badges: Doctrine\ORM\PersistentCollection {#2328 …}
  +children: [
    App\Entity\EntryComment {#1692
      +user: App\Entity\User {#265 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1691 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1686 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1689 …}
      +body: """
        I’ll make a note here that a firewall is useful for internal traffic, too. Those IoT devices can get pretty annoying, so you’d want to e.g. drop your cheap webcams into a VLAN and disallow them from talking to enjoying but their cloud, and especially the other VLANs, or isolate Alexa capable device so it won’t try to figure what else you got there in your house over mDNS (it will).\n
        \n
        A managed switch would do nicely. Having isolated ports on the switch (and the wifi AP) is also great if you want to make sure the specific device will only talk to the gateway and not its peers.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1706098966 {#1705
        date: 2024-01-24 13:22:46.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@OpenTheSeaLegs@lemmyf.uk"
        "@atzanteol@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1680 …}
      +nested: Doctrine\ORM\PersistentCollection {#1683 …}
      +votes: Doctrine\ORM\PersistentCollection {#1702 …}
      +reports: Doctrine\ORM\PersistentCollection {#1596 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1613 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1621 …}
      -id: 336487
      -bodyTs: "'alexa':53 'also':92 'annoy':22 'ap':90 'capabl':54 'cheap':31 'cloud':45 'd':25 'devic':18,55,102 'disallow':37 'drop':29 'e.g':28 'els':64 'enjoy':42 'especi':47 'figur':62 'firewal':9 'gateway':108 'get':20 'got':66 'great':93 'hous':70 'intern':13 'iot':17 'isol':52,82 'll':2 'make':3,98 'manag':76 'mdns':72 'nice':80 'note':5 'peer':112 'port':83 'pretti':21 'specif':101 'sure':99 'switch':77,86 'talk':40,105 'traffic':14 'tri':60 'use':11 'vlan':35,50 'want':26,96 'webcam':32 'wifi':89 'won':58 'would':78"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://fstab.sh/comment/1504370"
      +editedAt: null
      +createdAt: DateTimeImmutable @1706098966 {#1795
        date: 2024-01-24 13:22:46.0 +01:00
      }
      +"title": 336487
    }
  ]
  -id: 32551
  -titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
  -bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1706084419
  +visibility: "visible             "
  +apId: "https://lemmyf.uk/post/4971341"
  +editedAt: null
  +createdAt: DateTimeImmutable @1705999419 {#1737
    date: 2024-01-23 09:43:39.0 +01:00
  }
  +__isInitialized__: true
   …2
}

null

App\Entity\EntryComment {#1692
  +user: App\Entity\User {#265 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1691
    +user: Proxies\__CG__\App\Entity\User {#2411 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#2013 …}
    +slug: "Feedback-on-Design-and-Firewall-Options"
    +title: "Feedback on Design and Firewall Options"
    +url: null
    +body: """
      All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
      \n
      Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
      \n
      I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
      \n
      This is a sketch of what I think I want to achieve:\n
      \n
      ![](https://lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)\n
      \n
      ### Connections\n
      \n
      - The Consoles will connect only to the internet\n
      - The Home Devices (printers) will connect only to the Home WKS\n
      - There will be a NAS device hosting VMs with services accessible only from the home network: \n
          - The Home Automation will connect to IoT\n
          - The Recipes will connect to Home Wks\n
          - The Data Archive will connect to Home Wks\n
          - Jellybean will connect to: \n
              - Home Wks\n
              - TV\n
          - *arr Stack will connect to: \n
              - The Internet\n
              - the NAS (presumably Jellybean)\n
      - The Home WKS connect to pretty much anything\n
      \n
      ### Available Hardware\n
      \n
      - OpenWRT compatible Router\n
      - 2.5gbs Unmaged Switch\n
      - 1gbs Unmaged Switch\n
      - QNAS with 2x2.5gbs NIC, running TrueNas\n
      - A few Rpis of different specs\n
      \n
      Questions\n
      =========\n
      \n
      #### Firewall\n
      \n
      My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
      \n
      - What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
      - What do you think of Netgear 1100?\n
      - I like this device since 3ports would allow me to create a physically separate DMZ\n
      - Should I consider other firewalls?\n
      \n
      #### NAS\n
      \n
      For Bonus Points, some questions regarding the NAS:\n
      \n
      - With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
      - Should i locate the entire NAS in the DMZ?\n
      - My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
      \n
      Thanks for your time!
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 7
    +favouriteCount: 22
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1728288680 {#2133
      date: 2024-10-07 10:11:20.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2040 …}
    +votes: Doctrine\ORM\PersistentCollection {#2349 …}
    +reports: Doctrine\ORM\PersistentCollection {#2141 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2164 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2314 …}
    +badges: Doctrine\ORM\PersistentCollection {#2328 …}
    +children: [
      App\Entity\EntryComment {#1692}
    ]
    -id: 32551
    -titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
    -bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1706084419
    +visibility: "visible             "
    +apId: "https://lemmyf.uk/post/4971341"
    +editedAt: null
    +createdAt: DateTimeImmutable @1705999419 {#1737
      date: 2024-01-23 09:43:39.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1686 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1689 …}
  +body: """
    I’ll make a note here that a firewall is useful for internal traffic, too. Those IoT devices can get pretty annoying, so you’d want to e.g. drop your cheap webcams into a VLAN and disallow them from talking to enjoying but their cloud, and especially the other VLANs, or isolate Alexa capable device so it won’t try to figure what else you got there in your house over mDNS (it will).\n
    \n
    A managed switch would do nicely. Having isolated ports on the switch (and the wifi AP) is also great if you want to make sure the specific device will only talk to the gateway and not its peers.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1706098966 {#1705
    date: 2024-01-24 13:22:46.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@OpenTheSeaLegs@lemmyf.uk"
    "@atzanteol@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1680 …}
  +nested: Doctrine\ORM\PersistentCollection {#1683 …}
  +votes: Doctrine\ORM\PersistentCollection {#1702 …}
  +reports: Doctrine\ORM\PersistentCollection {#1596 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1613 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1621 …}
  -id: 336487
  -bodyTs: "'alexa':53 'also':92 'annoy':22 'ap':90 'capabl':54 'cheap':31 'cloud':45 'd':25 'devic':18,55,102 'disallow':37 'drop':29 'e.g':28 'els':64 'enjoy':42 'especi':47 'figur':62 'firewal':9 'gateway':108 'get':20 'got':66 'great':93 'hous':70 'intern':13 'iot':17 'isol':52,82 'll':2 'make':3,98 'manag':76 'mdns':72 'nice':80 'note':5 'peer':112 'port':83 'pretti':21 'specif':101 'sure':99 'switch':77,86 'talk':40,105 'traffic':14 'tri':60 'use':11 'vlan':35,50 'want':26,96 'webcam':32 'wifi':89 'won':58 'would':78"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://fstab.sh/comment/1504370"
  +editedAt: null
  +createdAt: DateTimeImmutable @1706098966 {#1795
    date: 2024-01-24 13:22:46.0 +01:00
  }
  +"title": 336487
}

App\Entity\EntryComment {#1692
  +user: App\Entity\User {#265 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1691
    +user: Proxies\__CG__\App\Entity\User {#2411 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#2013 …}
    +slug: "Feedback-on-Design-and-Firewall-Options"
    +title: "Feedback on Design and Firewall Options"
    +url: null
    +body: """
      All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
      \n
      Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
      \n
      I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
      \n
      This is a sketch of what I think I want to achieve:\n
      \n
      ![](https://lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)\n
      \n
      ### Connections\n
      \n
      - The Consoles will connect only to the internet\n
      - The Home Devices (printers) will connect only to the Home WKS\n
      - There will be a NAS device hosting VMs with services accessible only from the home network: \n
          - The Home Automation will connect to IoT\n
          - The Recipes will connect to Home Wks\n
          - The Data Archive will connect to Home Wks\n
          - Jellybean will connect to: \n
              - Home Wks\n
              - TV\n
          - *arr Stack will connect to: \n
              - The Internet\n
              - the NAS (presumably Jellybean)\n
      - The Home WKS connect to pretty much anything\n
      \n
      ### Available Hardware\n
      \n
      - OpenWRT compatible Router\n
      - 2.5gbs Unmaged Switch\n
      - 1gbs Unmaged Switch\n
      - QNAS with 2x2.5gbs NIC, running TrueNas\n
      - A few Rpis of different specs\n
      \n
      Questions\n
      =========\n
      \n
      #### Firewall\n
      \n
      My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
      \n
      - What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
      - What do you think of Netgear 1100?\n
      - I like this device since 3ports would allow me to create a physically separate DMZ\n
      - Should I consider other firewalls?\n
      \n
      #### NAS\n
      \n
      For Bonus Points, some questions regarding the NAS:\n
      \n
      - With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
      - Should i locate the entire NAS in the DMZ?\n
      - My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
      \n
      Thanks for your time!
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 7
    +favouriteCount: 22
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1728288680 {#2133
      date: 2024-10-07 10:11:20.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2040 …}
    +votes: Doctrine\ORM\PersistentCollection {#2349 …}
    +reports: Doctrine\ORM\PersistentCollection {#2141 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2164 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2314 …}
    +badges: Doctrine\ORM\PersistentCollection {#2328 …}
    +children: [
      App\Entity\EntryComment {#1692}
    ]
    -id: 32551
    -titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
    -bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1706084419
    +visibility: "visible             "
    +apId: "https://lemmyf.uk/post/4971341"
    +editedAt: null
    +createdAt: DateTimeImmutable @1705999419 {#1737
      date: 2024-01-23 09:43:39.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1686 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1689 …}
  +body: """
    I’ll make a note here that a firewall is useful for internal traffic, too. Those IoT devices can get pretty annoying, so you’d want to e.g. drop your cheap webcams into a VLAN and disallow them from talking to enjoying but their cloud, and especially the other VLANs, or isolate Alexa capable device so it won’t try to figure what else you got there in your house over mDNS (it will).\n
    \n
    A managed switch would do nicely. Having isolated ports on the switch (and the wifi AP) is also great if you want to make sure the specific device will only talk to the gateway and not its peers.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1706098966 {#1705
    date: 2024-01-24 13:22:46.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@OpenTheSeaLegs@lemmyf.uk"
    "@atzanteol@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1680 …}
  +nested: Doctrine\ORM\PersistentCollection {#1683 …}
  +votes: Doctrine\ORM\PersistentCollection {#1702 …}
  +reports: Doctrine\ORM\PersistentCollection {#1596 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1613 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1621 …}
  -id: 336487
  -bodyTs: "'alexa':53 'also':92 'annoy':22 'ap':90 'capabl':54 'cheap':31 'cloud':45 'd':25 'devic':18,55,102 'disallow':37 'drop':29 'e.g':28 'els':64 'enjoy':42 'especi':47 'figur':62 'firewal':9 'gateway':108 'get':20 'got':66 'great':93 'hous':70 'intern':13 'iot':17 'isol':52,82 'll':2 'make':3,98 'manag':76 'mdns':72 'nice':80 'note':5 'peer':112 'port':83 'pretti':21 'specif':101 'sure':99 'switch':77,86 'talk':40,105 'traffic':14 'tri':60 'use':11 'vlan':35,50 'want':26,96 'webcam':32 'wifi':89 'won':58 'would':78"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://fstab.sh/comment/1504370"
  +editedAt: null
  +createdAt: DateTimeImmutable @1706098966 {#1795
    date: 2024-01-24 13:22:46.0 +01:00
  }
  +"title": 336487
}

App\Entity\EntryComment {#1692
  +user: App\Entity\User {#265 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1691
    +user: Proxies\__CG__\App\Entity\User {#2411 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#2013 …}
    +slug: "Feedback-on-Design-and-Firewall-Options"
    +title: "Feedback on Design and Firewall Options"
    +url: null
    +body: """
      All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
      \n
      Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
      \n
      I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
      \n
      This is a sketch of what I think I want to achieve:\n
      \n
      ![](https://lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)\n
      \n
      ### Connections\n
      \n
      - The Consoles will connect only to the internet\n
      - The Home Devices (printers) will connect only to the Home WKS\n
      - There will be a NAS device hosting VMs with services accessible only from the home network: \n
          - The Home Automation will connect to IoT\n
          - The Recipes will connect to Home Wks\n
          - The Data Archive will connect to Home Wks\n
          - Jellybean will connect to: \n
              - Home Wks\n
              - TV\n
          - *arr Stack will connect to: \n
              - The Internet\n
              - the NAS (presumably Jellybean)\n
      - The Home WKS connect to pretty much anything\n
      \n
      ### Available Hardware\n
      \n
      - OpenWRT compatible Router\n
      - 2.5gbs Unmaged Switch\n
      - 1gbs Unmaged Switch\n
      - QNAS with 2x2.5gbs NIC, running TrueNas\n
      - A few Rpis of different specs\n
      \n
      Questions\n
      =========\n
      \n
      #### Firewall\n
      \n
      My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
      \n
      - What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
      - What do you think of Netgear 1100?\n
      - I like this device since 3ports would allow me to create a physically separate DMZ\n
      - Should I consider other firewalls?\n
      \n
      #### NAS\n
      \n
      For Bonus Points, some questions regarding the NAS:\n
      \n
      - With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
      - Should i locate the entire NAS in the DMZ?\n
      - My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
      \n
      Thanks for your time!
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 7
    +favouriteCount: 22
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1728288680 {#2133
      date: 2024-10-07 10:11:20.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2040 …}
    +votes: Doctrine\ORM\PersistentCollection {#2349 …}
    +reports: Doctrine\ORM\PersistentCollection {#2141 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2164 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2314 …}
    +badges: Doctrine\ORM\PersistentCollection {#2328 …}
    +children: [
      App\Entity\EntryComment {#1692}
    ]
    -id: 32551
    -titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
    -bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1706084419
    +visibility: "visible             "
    +apId: "https://lemmyf.uk/post/4971341"
    +editedAt: null
    +createdAt: DateTimeImmutable @1705999419 {#1737
      date: 2024-01-23 09:43:39.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1686 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1689 …}
  +body: """
    I’ll make a note here that a firewall is useful for internal traffic, too. Those IoT devices can get pretty annoying, so you’d want to e.g. drop your cheap webcams into a VLAN and disallow them from talking to enjoying but their cloud, and especially the other VLANs, or isolate Alexa capable device so it won’t try to figure what else you got there in your house over mDNS (it will).\n
    \n
    A managed switch would do nicely. Having isolated ports on the switch (and the wifi AP) is also great if you want to make sure the specific device will only talk to the gateway and not its peers.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1706098966 {#1705
    date: 2024-01-24 13:22:46.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@OpenTheSeaLegs@lemmyf.uk"
    "@atzanteol@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1680 …}
  +nested: Doctrine\ORM\PersistentCollection {#1683 …}
  +votes: Doctrine\ORM\PersistentCollection {#1702 …}
  +reports: Doctrine\ORM\PersistentCollection {#1596 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1613 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1621 …}
  -id: 336487
  -bodyTs: "'alexa':53 'also':92 'annoy':22 'ap':90 'capabl':54 'cheap':31 'cloud':45 'd':25 'devic':18,55,102 'disallow':37 'drop':29 'e.g':28 'els':64 'enjoy':42 'especi':47 'figur':62 'firewal':9 'gateway':108 'get':20 'got':66 'great':93 'hous':70 'intern':13 'iot':17 'isol':52,82 'll':2 'make':3,98 'manag':76 'mdns':72 'nice':80 'note':5 'peer':112 'port':83 'pretti':21 'specif':101 'sure':99 'switch':77,86 'talk':40,105 'traffic':14 'tri':60 'use':11 'vlan':35,50 'want':26,96 'webcam':32 'wifi':89 'won':58 'would':78"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://fstab.sh/comment/1504370"
  +editedAt: null
  +createdAt: DateTimeImmutable @1706098966 {#1795
    date: 2024-01-24 13:22:46.0 +01:00
  }
  +"title": 336487
}

null

Proxies\__CG__\App\Entity\Entry {#1551
  +user: Proxies\__CG__\App\Entity\User {#2378 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#2013 …}
  +slug: "Should-I-use-a-dedicated-DHCP-DNS-server-hardware"
  +title: "Should I use a dedicated DHCP/DNS server hardware"
  +url: null
  +body: """
    My current setup has my DHCP + DNS on my Unifi USG. However, as I have all my apps hosted on a different server (unifi, plex, home assistant, NAS, etc.) I’ve ran into issues trying to get things set up.\n
    \n
    Basically, Unifi needs to know where the unifi server is, but it’s assigning the IP address to it.\n
    \n
    Should I put DHCP+DNS onto it’s own system? Should I put it on my current server? And any non-Pi recommendations for systems? (I’ve had the PI filesystem clobber itself too many times)\n
    \n
    Edit: I’m starting to think that the real problem is having UNIFI on the same system as the server, as it prevents me reconfiguring any of the server routing information without also disconnecting unifi…\n
    \n
    Edit 2: I’m going to try switching the server from a static DHCP lease to a static IP. If that’s doesn’t work, then I think I’ll move the unifi server onto it’s own system. Thanks!
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 21
  +favouriteCount: 33
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1723661197 {#1557
    date: 2024-08-14 20:46:37.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2020 …}
  +votes: Doctrine\ORM\PersistentCollection {#2029 …}
  +reports: Doctrine\ORM\PersistentCollection {#2033 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2087 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2064 …}
  +badges: Doctrine\ORM\PersistentCollection {#2132 …}
  +children: [
    1 => App\Entity\EntryComment {#1565
      +user: App\Entity\User {#265 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1551 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1731 …}
      +root: App\Entity\EntryComment {#1560
        +user: App\Entity\User {#265 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1551 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
        +image: null
        +parent: null
        +root: null
        +body: """
          Unifi is specific about expecting the controller address to not change. You have several options: There’s the “override controller address” setting, which you can use to point the devices at a dns name, instead of an ip address. The dns can then track your controller. It doesn’t exactly solve your issue, though, as USG doesn’t assign dns names to dynamic allocations.\n
          \n
          Another option is to give the controller a static IP allocation. This way, in case you reboot everything, USG will come up with the latest good config, then will (eventually) allocate the IP for controller, and adopt itself.\n
          \n
          Finally, the most bulletproof option is to just have a static IP address on the controller. It’s a special case, so it’s reasonable to do so. Just like you can only send NetFlow to a specific address and have to keep your collector in one place, basically.\n
          \n
          I’d advise against moving dhcp and dns off unifi unless you have a better reason to do so, because then you lose a good chunk of what unifi provides in terms of the network management. USG is surprisingly robust in that regard (unlike UDMs), and can even run a nextdns forwarding resolver locally.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1723661197 {#1672
          date: 2024-08-14 20:46:37.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Ecclestoned@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1585 …}
        +nested: Doctrine\ORM\PersistentCollection {#1526 …}
        +votes: Doctrine\ORM\PersistentCollection {#1527 …}
        +reports: Doctrine\ORM\PersistentCollection {#1525 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1550 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1548 …}
        -id: 298442
        -bodyTs: "'address':8,21,39,115,141 'adopt':101 'advis':154 'alloc':64,75,95 'anoth':65 'assign':59 'basic':151 'better':166 'bulletproof':106 'case':79,123 'chang':11 'chunk':177 'collector':147 'come':85 'config':91 'control':7,20,46,71,99,118 'd':153 'devic':30 'dhcp':157 'dns':33,41,60,159 'doesn':48,57 'dynam':63 'even':199 'eventu':94 'everyth':82 'exact':50 'expect':5 'final':103 'forward':203 'give':69 'good':90,176 'instead':35 'ip':38,74,97,114 'issu':53 'keep':145 'latest':89 'like':132 'local':205 'lose':174 'manag':187 'move':156 'name':34,61 'netflow':137 'network':186 'nextdn':202 'one':149 'option':15,66,107 'overrid':19 'place':150 'point':28 'provid':181 'reason':127,167 'reboot':81 'regard':194 'resolv':204 'robust':191 'run':200 'send':136 'set':22 'sever':14 'solv':51 'special':122 'specif':3,140 'static':73,113 'surpris':190 'term':183 'though':54 'track':44 'udm':196 'unifi':1,161,180 'unless':162 'unlik':195 'use':26 'usg':56,83,188 'way':77"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://fstab.sh/comment/1435645"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704956356 {#1549
          date: 2024-01-11 07:59:16.0 +01:00
        }
        +"title": 298442
      }
      +body: """
        Here’s how it works: unifi devices need to communicate with the controller over tcp/8080 to maintain their provisioned state. By default, the controller adopts the device with `http://controller-ip:8080/inform`, which means that if you ever change the controller IP, you’ll must adopt your devices again.\n
        \n
        There are [several other ways](https://help.ui.com/hc/en-us/articles/204909754-UniFi-Network-Remote-Adoption-Layer-3-) to adopt the device, most notably using the DHCP option 43 and using DNS. Of those, setting up DNS is generally easier. You’d provision the DNS to point at your controller and then update the inform address on all your devices (including the USG).\n
        \n
        Now, there’s still a problem of keeping your controller IP and DNS address in sync. Unifi, generally, doesn’t do DNS names for its DHCP leases, and devices can’t use mDNS, so you’ll have to figure a solution for that. Or, you can just cut it short and make sure the controller has a static IP―not a static DHCP lease, but literally, a static address. It allows your controller to function autonomously from USG, as long as your devices don’t reach to it across VLANs.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1705132134 {#1566
        date: 2024-01-13 08:48:54.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Ecclestoned@lemmy.world"
        "@farcaller@fstab.sh"
        "@Ecclestoned@lemmy.world"
        "@farcaller@fstab.sh"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1617 …}
      +nested: Doctrine\ORM\PersistentCollection {#1618 …}
      +votes: Doctrine\ORM\PersistentCollection {#1626 …}
      +reports: Doctrine\ORM\PersistentCollection {#1629 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1598 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1616 …}
      -id: 304561
      -bodyTs: "'/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':57 '43':68 '8080/inform':32 'across':191 'address':95,116,171 'adopt':25,46,59 'allow':173 'autonom':178 'chang':39 'communic':10 'control':13,24,30,41,89,112,157,175 'controller-ip':29 'cut':150 'd':81 'default':22 'devic':7,27,48,61,99,131,185 'dhcp':66,128,165 'dns':71,76,84,115,124 'doesn':121 'easier':79 'ever':38 'figur':141 'function':177 'general':78,120 'help.ui.com':56 'help.ui.com/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':55 'includ':100 'inform':94 'ip':31,42,113,161 'keep':110 'leas':129,166 'liter':168 'll':44,138 'long':182 'maintain':17 'make':154 'mdns':135 'mean':34 'must':45 'name':125 'need':8 'notabl':63 'option':67 'point':86 'problem':108 'provis':19,82 'reach':188 'set':74 'sever':52 'short':152 'solut':143 'state':20 'static':160,164,170 'still':106 'sure':155 'sync':118 'tcp/8080':15 'unifi':6,119 'updat':92 'use':64,70,134 'usg':102,180 'vlan':192 'way':54 'work':5"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://fstab.sh/comment/1446049"
      +editedAt: DateTimeImmutable @1723808274 {#1563
        date: 2024-08-16 13:37:54.0 +02:00
      }
      +createdAt: DateTimeImmutable @1705132134 {#1562
        date: 2024-01-13 08:48:54.0 +01:00
      }
      +"title": 304561
    }
    0 => App\Entity\EntryComment {#1560}
  ]
  -id: 28891
  -titleTs: "'dedic':5 'dhcp/dns':6 'hardwar':8 'server':7 'use':3"
  -bodyTs: "'2':133 'address':57 'also':129 'app':18 'assign':54 'assist':27 'basic':41 'clobber':92 'current':2,76 'dhcp':6,63,145 'differ':22 'disconnect':130 'dns':7,64 'doesn':154 'edit':97,132 'etc':29 'filesystem':91 'get':37 'go':136 'home':26 'host':19 'howev':12 'inform':127 'ip':56,150 'issu':34 'know':45 'leas':146 'll':161 'm':99,135 'mani':95 'move':162 'nas':28 'need':43 'non':81 'non-pi':80 'onto':65,166 'pi':82,90 'plex':25 'prevent':119 'problem':106 'put':62,72 'ran':32 'real':105 'recommend':83 'reconfigur':121 'rout':126 'server':23,49,77,116,125,141,165 'set':39 'setup':3 'start':100 'static':144,149 'switch':139 'system':69,85,113,170 'thank':171 'thing':38 'think':102,159 'time':96 'tri':35,138 'unifi':10,24,42,48,109,131,164 'usg':11 've':31,87 'without':128 'work':156"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1705041019
  +visibility: "visible             "
  +apId: "https://lemmy.world/post/10565049"
  +editedAt: DateTimeImmutable @1723662953 {#2389
    date: 2024-08-14 21:15:53.0 +02:00
  }
  +createdAt: DateTimeImmutable @1704954619 {#1716
    date: 2024-01-11 07:30:19.0 +01:00
  }
  +__isInitialized__: true
   …2
}

Proxies\__CG__\App\Entity\Entry {#1551
  +user: Proxies\__CG__\App\Entity\User {#2378 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#2013 …}
  +slug: "Should-I-use-a-dedicated-DHCP-DNS-server-hardware"
  +title: "Should I use a dedicated DHCP/DNS server hardware"
  +url: null
  +body: """
    My current setup has my DHCP + DNS on my Unifi USG. However, as I have all my apps hosted on a different server (unifi, plex, home assistant, NAS, etc.) I’ve ran into issues trying to get things set up.\n
    \n
    Basically, Unifi needs to know where the unifi server is, but it’s assigning the IP address to it.\n
    \n
    Should I put DHCP+DNS onto it’s own system? Should I put it on my current server? And any non-Pi recommendations for systems? (I’ve had the PI filesystem clobber itself too many times)\n
    \n
    Edit: I’m starting to think that the real problem is having UNIFI on the same system as the server, as it prevents me reconfiguring any of the server routing information without also disconnecting unifi…\n
    \n
    Edit 2: I’m going to try switching the server from a static DHCP lease to a static IP. If that’s doesn’t work, then I think I’ll move the unifi server onto it’s own system. Thanks!
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 21
  +favouriteCount: 33
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1723661197 {#1557
    date: 2024-08-14 20:46:37.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2020 …}
  +votes: Doctrine\ORM\PersistentCollection {#2029 …}
  +reports: Doctrine\ORM\PersistentCollection {#2033 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2087 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2064 …}
  +badges: Doctrine\ORM\PersistentCollection {#2132 …}
  +children: [
    1 => App\Entity\EntryComment {#1565
      +user: App\Entity\User {#265 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1551 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1731 …}
      +root: App\Entity\EntryComment {#1560
        +user: App\Entity\User {#265 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1551 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
        +image: null
        +parent: null
        +root: null
        +body: """
          Unifi is specific about expecting the controller address to not change. You have several options: There’s the “override controller address” setting, which you can use to point the devices at a dns name, instead of an ip address. The dns can then track your controller. It doesn’t exactly solve your issue, though, as USG doesn’t assign dns names to dynamic allocations.\n
          \n
          Another option is to give the controller a static IP allocation. This way, in case you reboot everything, USG will come up with the latest good config, then will (eventually) allocate the IP for controller, and adopt itself.\n
          \n
          Finally, the most bulletproof option is to just have a static IP address on the controller. It’s a special case, so it’s reasonable to do so. Just like you can only send NetFlow to a specific address and have to keep your collector in one place, basically.\n
          \n
          I’d advise against moving dhcp and dns off unifi unless you have a better reason to do so, because then you lose a good chunk of what unifi provides in terms of the network management. USG is surprisingly robust in that regard (unlike UDMs), and can even run a nextdns forwarding resolver locally.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1723661197 {#1672
          date: 2024-08-14 20:46:37.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Ecclestoned@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1585 …}
        +nested: Doctrine\ORM\PersistentCollection {#1526 …}
        +votes: Doctrine\ORM\PersistentCollection {#1527 …}
        +reports: Doctrine\ORM\PersistentCollection {#1525 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1550 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1548 …}
        -id: 298442
        -bodyTs: "'address':8,21,39,115,141 'adopt':101 'advis':154 'alloc':64,75,95 'anoth':65 'assign':59 'basic':151 'better':166 'bulletproof':106 'case':79,123 'chang':11 'chunk':177 'collector':147 'come':85 'config':91 'control':7,20,46,71,99,118 'd':153 'devic':30 'dhcp':157 'dns':33,41,60,159 'doesn':48,57 'dynam':63 'even':199 'eventu':94 'everyth':82 'exact':50 'expect':5 'final':103 'forward':203 'give':69 'good':90,176 'instead':35 'ip':38,74,97,114 'issu':53 'keep':145 'latest':89 'like':132 'local':205 'lose':174 'manag':187 'move':156 'name':34,61 'netflow':137 'network':186 'nextdn':202 'one':149 'option':15,66,107 'overrid':19 'place':150 'point':28 'provid':181 'reason':127,167 'reboot':81 'regard':194 'resolv':204 'robust':191 'run':200 'send':136 'set':22 'sever':14 'solv':51 'special':122 'specif':3,140 'static':73,113 'surpris':190 'term':183 'though':54 'track':44 'udm':196 'unifi':1,161,180 'unless':162 'unlik':195 'use':26 'usg':56,83,188 'way':77"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://fstab.sh/comment/1435645"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704956356 {#1549
          date: 2024-01-11 07:59:16.0 +01:00
        }
        +"title": 298442
      }
      +body: """
        Here’s how it works: unifi devices need to communicate with the controller over tcp/8080 to maintain their provisioned state. By default, the controller adopts the device with `http://controller-ip:8080/inform`, which means that if you ever change the controller IP, you’ll must adopt your devices again.\n
        \n
        There are [several other ways](https://help.ui.com/hc/en-us/articles/204909754-UniFi-Network-Remote-Adoption-Layer-3-) to adopt the device, most notably using the DHCP option 43 and using DNS. Of those, setting up DNS is generally easier. You’d provision the DNS to point at your controller and then update the inform address on all your devices (including the USG).\n
        \n
        Now, there’s still a problem of keeping your controller IP and DNS address in sync. Unifi, generally, doesn’t do DNS names for its DHCP leases, and devices can’t use mDNS, so you’ll have to figure a solution for that. Or, you can just cut it short and make sure the controller has a static IP―not a static DHCP lease, but literally, a static address. It allows your controller to function autonomously from USG, as long as your devices don’t reach to it across VLANs.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1705132134 {#1566
        date: 2024-01-13 08:48:54.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Ecclestoned@lemmy.world"
        "@farcaller@fstab.sh"
        "@Ecclestoned@lemmy.world"
        "@farcaller@fstab.sh"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1617 …}
      +nested: Doctrine\ORM\PersistentCollection {#1618 …}
      +votes: Doctrine\ORM\PersistentCollection {#1626 …}
      +reports: Doctrine\ORM\PersistentCollection {#1629 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1598 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1616 …}
      -id: 304561
      -bodyTs: "'/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':57 '43':68 '8080/inform':32 'across':191 'address':95,116,171 'adopt':25,46,59 'allow':173 'autonom':178 'chang':39 'communic':10 'control':13,24,30,41,89,112,157,175 'controller-ip':29 'cut':150 'd':81 'default':22 'devic':7,27,48,61,99,131,185 'dhcp':66,128,165 'dns':71,76,84,115,124 'doesn':121 'easier':79 'ever':38 'figur':141 'function':177 'general':78,120 'help.ui.com':56 'help.ui.com/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':55 'includ':100 'inform':94 'ip':31,42,113,161 'keep':110 'leas':129,166 'liter':168 'll':44,138 'long':182 'maintain':17 'make':154 'mdns':135 'mean':34 'must':45 'name':125 'need':8 'notabl':63 'option':67 'point':86 'problem':108 'provis':19,82 'reach':188 'set':74 'sever':52 'short':152 'solut':143 'state':20 'static':160,164,170 'still':106 'sure':155 'sync':118 'tcp/8080':15 'unifi':6,119 'updat':92 'use':64,70,134 'usg':102,180 'vlan':192 'way':54 'work':5"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://fstab.sh/comment/1446049"
      +editedAt: DateTimeImmutable @1723808274 {#1563
        date: 2024-08-16 13:37:54.0 +02:00
      }
      +createdAt: DateTimeImmutable @1705132134 {#1562
        date: 2024-01-13 08:48:54.0 +01:00
      }
      +"title": 304561
    }
    0 => App\Entity\EntryComment {#1560}
  ]
  -id: 28891
  -titleTs: "'dedic':5 'dhcp/dns':6 'hardwar':8 'server':7 'use':3"
  -bodyTs: "'2':133 'address':57 'also':129 'app':18 'assign':54 'assist':27 'basic':41 'clobber':92 'current':2,76 'dhcp':6,63,145 'differ':22 'disconnect':130 'dns':7,64 'doesn':154 'edit':97,132 'etc':29 'filesystem':91 'get':37 'go':136 'home':26 'host':19 'howev':12 'inform':127 'ip':56,150 'issu':34 'know':45 'leas':146 'll':161 'm':99,135 'mani':95 'move':162 'nas':28 'need':43 'non':81 'non-pi':80 'onto':65,166 'pi':82,90 'plex':25 'prevent':119 'problem':106 'put':62,72 'ran':32 'real':105 'recommend':83 'reconfigur':121 'rout':126 'server':23,49,77,116,125,141,165 'set':39 'setup':3 'start':100 'static':144,149 'switch':139 'system':69,85,113,170 'thank':171 'thing':38 'think':102,159 'time':96 'tri':35,138 'unifi':10,24,42,48,109,131,164 'usg':11 've':31,87 'without':128 'work':156"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1705041019
  +visibility: "visible             "
  +apId: "https://lemmy.world/post/10565049"
  +editedAt: DateTimeImmutable @1723662953 {#2389
    date: 2024-08-14 21:15:53.0 +02:00
  }
  +createdAt: DateTimeImmutable @1704954619 {#1716
    date: 2024-01-11 07:30:19.0 +01:00
  }
  +__isInitialized__: true
   …2
}

Proxies\__CG__\App\Entity\Entry {#1551
  +user: Proxies\__CG__\App\Entity\User {#2378 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#2013 …}
  +slug: "Should-I-use-a-dedicated-DHCP-DNS-server-hardware"
  +title: "Should I use a dedicated DHCP/DNS server hardware"
  +url: null
  +body: """
    My current setup has my DHCP + DNS on my Unifi USG. However, as I have all my apps hosted on a different server (unifi, plex, home assistant, NAS, etc.) I’ve ran into issues trying to get things set up.\n
    \n
    Basically, Unifi needs to know where the unifi server is, but it’s assigning the IP address to it.\n
    \n
    Should I put DHCP+DNS onto it’s own system? Should I put it on my current server? And any non-Pi recommendations for systems? (I’ve had the PI filesystem clobber itself too many times)\n
    \n
    Edit: I’m starting to think that the real problem is having UNIFI on the same system as the server, as it prevents me reconfiguring any of the server routing information without also disconnecting unifi…\n
    \n
    Edit 2: I’m going to try switching the server from a static DHCP lease to a static IP. If that’s doesn’t work, then I think I’ll move the unifi server onto it’s own system. Thanks!
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 21
  +favouriteCount: 33
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1723661197 {#1557
    date: 2024-08-14 20:46:37.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2020 …}
  +votes: Doctrine\ORM\PersistentCollection {#2029 …}
  +reports: Doctrine\ORM\PersistentCollection {#2033 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2087 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2064 …}
  +badges: Doctrine\ORM\PersistentCollection {#2132 …}
  +children: [
    1 => App\Entity\EntryComment {#1565
      +user: App\Entity\User {#265 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1551 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1731 …}
      +root: App\Entity\EntryComment {#1560
        +user: App\Entity\User {#265 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1551 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
        +image: null
        +parent: null
        +root: null
        +body: """
          Unifi is specific about expecting the controller address to not change. You have several options: There’s the “override controller address” setting, which you can use to point the devices at a dns name, instead of an ip address. The dns can then track your controller. It doesn’t exactly solve your issue, though, as USG doesn’t assign dns names to dynamic allocations.\n
          \n
          Another option is to give the controller a static IP allocation. This way, in case you reboot everything, USG will come up with the latest good config, then will (eventually) allocate the IP for controller, and adopt itself.\n
          \n
          Finally, the most bulletproof option is to just have a static IP address on the controller. It’s a special case, so it’s reasonable to do so. Just like you can only send NetFlow to a specific address and have to keep your collector in one place, basically.\n
          \n
          I’d advise against moving dhcp and dns off unifi unless you have a better reason to do so, because then you lose a good chunk of what unifi provides in terms of the network management. USG is surprisingly robust in that regard (unlike UDMs), and can even run a nextdns forwarding resolver locally.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1723661197 {#1672
          date: 2024-08-14 20:46:37.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Ecclestoned@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1585 …}
        +nested: Doctrine\ORM\PersistentCollection {#1526 …}
        +votes: Doctrine\ORM\PersistentCollection {#1527 …}
        +reports: Doctrine\ORM\PersistentCollection {#1525 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1550 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1548 …}
        -id: 298442
        -bodyTs: "'address':8,21,39,115,141 'adopt':101 'advis':154 'alloc':64,75,95 'anoth':65 'assign':59 'basic':151 'better':166 'bulletproof':106 'case':79,123 'chang':11 'chunk':177 'collector':147 'come':85 'config':91 'control':7,20,46,71,99,118 'd':153 'devic':30 'dhcp':157 'dns':33,41,60,159 'doesn':48,57 'dynam':63 'even':199 'eventu':94 'everyth':82 'exact':50 'expect':5 'final':103 'forward':203 'give':69 'good':90,176 'instead':35 'ip':38,74,97,114 'issu':53 'keep':145 'latest':89 'like':132 'local':205 'lose':174 'manag':187 'move':156 'name':34,61 'netflow':137 'network':186 'nextdn':202 'one':149 'option':15,66,107 'overrid':19 'place':150 'point':28 'provid':181 'reason':127,167 'reboot':81 'regard':194 'resolv':204 'robust':191 'run':200 'send':136 'set':22 'sever':14 'solv':51 'special':122 'specif':3,140 'static':73,113 'surpris':190 'term':183 'though':54 'track':44 'udm':196 'unifi':1,161,180 'unless':162 'unlik':195 'use':26 'usg':56,83,188 'way':77"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://fstab.sh/comment/1435645"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704956356 {#1549
          date: 2024-01-11 07:59:16.0 +01:00
        }
        +"title": 298442
      }
      +body: """
        Here’s how it works: unifi devices need to communicate with the controller over tcp/8080 to maintain their provisioned state. By default, the controller adopts the device with `http://controller-ip:8080/inform`, which means that if you ever change the controller IP, you’ll must adopt your devices again.\n
        \n
        There are [several other ways](https://help.ui.com/hc/en-us/articles/204909754-UniFi-Network-Remote-Adoption-Layer-3-) to adopt the device, most notably using the DHCP option 43 and using DNS. Of those, setting up DNS is generally easier. You’d provision the DNS to point at your controller and then update the inform address on all your devices (including the USG).\n
        \n
        Now, there’s still a problem of keeping your controller IP and DNS address in sync. Unifi, generally, doesn’t do DNS names for its DHCP leases, and devices can’t use mDNS, so you’ll have to figure a solution for that. Or, you can just cut it short and make sure the controller has a static IP―not a static DHCP lease, but literally, a static address. It allows your controller to function autonomously from USG, as long as your devices don’t reach to it across VLANs.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1705132134 {#1566
        date: 2024-01-13 08:48:54.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Ecclestoned@lemmy.world"
        "@farcaller@fstab.sh"
        "@Ecclestoned@lemmy.world"
        "@farcaller@fstab.sh"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1617 …}
      +nested: Doctrine\ORM\PersistentCollection {#1618 …}
      +votes: Doctrine\ORM\PersistentCollection {#1626 …}
      +reports: Doctrine\ORM\PersistentCollection {#1629 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1598 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1616 …}
      -id: 304561
      -bodyTs: "'/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':57 '43':68 '8080/inform':32 'across':191 'address':95,116,171 'adopt':25,46,59 'allow':173 'autonom':178 'chang':39 'communic':10 'control':13,24,30,41,89,112,157,175 'controller-ip':29 'cut':150 'd':81 'default':22 'devic':7,27,48,61,99,131,185 'dhcp':66,128,165 'dns':71,76,84,115,124 'doesn':121 'easier':79 'ever':38 'figur':141 'function':177 'general':78,120 'help.ui.com':56 'help.ui.com/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':55 'includ':100 'inform':94 'ip':31,42,113,161 'keep':110 'leas':129,166 'liter':168 'll':44,138 'long':182 'maintain':17 'make':154 'mdns':135 'mean':34 'must':45 'name':125 'need':8 'notabl':63 'option':67 'point':86 'problem':108 'provis':19,82 'reach':188 'set':74 'sever':52 'short':152 'solut':143 'state':20 'static':160,164,170 'still':106 'sure':155 'sync':118 'tcp/8080':15 'unifi':6,119 'updat':92 'use':64,70,134 'usg':102,180 'vlan':192 'way':54 'work':5"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://fstab.sh/comment/1446049"
      +editedAt: DateTimeImmutable @1723808274 {#1563
        date: 2024-08-16 13:37:54.0 +02:00
      }
      +createdAt: DateTimeImmutable @1705132134 {#1562
        date: 2024-01-13 08:48:54.0 +01:00
      }
      +"title": 304561
    }
    0 => App\Entity\EntryComment {#1560}
  ]
  -id: 28891
  -titleTs: "'dedic':5 'dhcp/dns':6 'hardwar':8 'server':7 'use':3"
  -bodyTs: "'2':133 'address':57 'also':129 'app':18 'assign':54 'assist':27 'basic':41 'clobber':92 'current':2,76 'dhcp':6,63,145 'differ':22 'disconnect':130 'dns':7,64 'doesn':154 'edit':97,132 'etc':29 'filesystem':91 'get':37 'go':136 'home':26 'host':19 'howev':12 'inform':127 'ip':56,150 'issu':34 'know':45 'leas':146 'll':161 'm':99,135 'mani':95 'move':162 'nas':28 'need':43 'non':81 'non-pi':80 'onto':65,166 'pi':82,90 'plex':25 'prevent':119 'problem':106 'put':62,72 'ran':32 'real':105 'recommend':83 'reconfigur':121 'rout':126 'server':23,49,77,116,125,141,165 'set':39 'setup':3 'start':100 'static':144,149 'switch':139 'system':69,85,113,170 'thank':171 'thing':38 'think':102,159 'time':96 'tri':35,138 'unifi':10,24,42,48,109,131,164 'usg':11 've':31,87 'without':128 'work':156"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1705041019
  +visibility: "visible             "
  +apId: "https://lemmy.world/post/10565049"
  +editedAt: DateTimeImmutable @1723662953 {#2389
    date: 2024-08-14 21:15:53.0 +02:00
  }
  +createdAt: DateTimeImmutable @1704954619 {#1716
    date: 2024-01-11 07:30:19.0 +01:00
  }
  +__isInitialized__: true
   …2
}

null

App\Entity\EntryComment {#1565
  +user: App\Entity\User {#265 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1551
    +user: Proxies\__CG__\App\Entity\User {#2378 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#2013 …}
    +slug: "Should-I-use-a-dedicated-DHCP-DNS-server-hardware"
    +title: "Should I use a dedicated DHCP/DNS server hardware"
    +url: null
    +body: """
      My current setup has my DHCP + DNS on my Unifi USG. However, as I have all my apps hosted on a different server (unifi, plex, home assistant, NAS, etc.) I’ve ran into issues trying to get things set up.\n
      \n
      Basically, Unifi needs to know where the unifi server is, but it’s assigning the IP address to it.\n
      \n
      Should I put DHCP+DNS onto it’s own system? Should I put it on my current server? And any non-Pi recommendations for systems? (I’ve had the PI filesystem clobber itself too many times)\n
      \n
      Edit: I’m starting to think that the real problem is having UNIFI on the same system as the server, as it prevents me reconfiguring any of the server routing information without also disconnecting unifi…\n
      \n
      Edit 2: I’m going to try switching the server from a static DHCP lease to a static IP. If that’s doesn’t work, then I think I’ll move the unifi server onto it’s own system. Thanks!
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 21
    +favouriteCount: 33
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1723661197 {#1557
      date: 2024-08-14 20:46:37.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2020 …}
    +votes: Doctrine\ORM\PersistentCollection {#2029 …}
    +reports: Doctrine\ORM\PersistentCollection {#2033 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2087 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2064 …}
    +badges: Doctrine\ORM\PersistentCollection {#2132 …}
    +children: [
      1 => App\Entity\EntryComment {#1565}
      0 => App\Entity\EntryComment {#1560
        +user: App\Entity\User {#265 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1551 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
        +image: null
        +parent: null
        +root: null
        +body: """
          Unifi is specific about expecting the controller address to not change. You have several options: There’s the “override controller address” setting, which you can use to point the devices at a dns name, instead of an ip address. The dns can then track your controller. It doesn’t exactly solve your issue, though, as USG doesn’t assign dns names to dynamic allocations.\n
          \n
          Another option is to give the controller a static IP allocation. This way, in case you reboot everything, USG will come up with the latest good config, then will (eventually) allocate the IP for controller, and adopt itself.\n
          \n
          Finally, the most bulletproof option is to just have a static IP address on the controller. It’s a special case, so it’s reasonable to do so. Just like you can only send NetFlow to a specific address and have to keep your collector in one place, basically.\n
          \n
          I’d advise against moving dhcp and dns off unifi unless you have a better reason to do so, because then you lose a good chunk of what unifi provides in terms of the network management. USG is surprisingly robust in that regard (unlike UDMs), and can even run a nextdns forwarding resolver locally.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1723661197 {#1672
          date: 2024-08-14 20:46:37.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Ecclestoned@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1585 …}
        +nested: Doctrine\ORM\PersistentCollection {#1526 …}
        +votes: Doctrine\ORM\PersistentCollection {#1527 …}
        +reports: Doctrine\ORM\PersistentCollection {#1525 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1550 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1548 …}
        -id: 298442
        -bodyTs: "'address':8,21,39,115,141 'adopt':101 'advis':154 'alloc':64,75,95 'anoth':65 'assign':59 'basic':151 'better':166 'bulletproof':106 'case':79,123 'chang':11 'chunk':177 'collector':147 'come':85 'config':91 'control':7,20,46,71,99,118 'd':153 'devic':30 'dhcp':157 'dns':33,41,60,159 'doesn':48,57 'dynam':63 'even':199 'eventu':94 'everyth':82 'exact':50 'expect':5 'final':103 'forward':203 'give':69 'good':90,176 'instead':35 'ip':38,74,97,114 'issu':53 'keep':145 'latest':89 'like':132 'local':205 'lose':174 'manag':187 'move':156 'name':34,61 'netflow':137 'network':186 'nextdn':202 'one':149 'option':15,66,107 'overrid':19 'place':150 'point':28 'provid':181 'reason':127,167 'reboot':81 'regard':194 'resolv':204 'robust':191 'run':200 'send':136 'set':22 'sever':14 'solv':51 'special':122 'specif':3,140 'static':73,113 'surpris':190 'term':183 'though':54 'track':44 'udm':196 'unifi':1,161,180 'unless':162 'unlik':195 'use':26 'usg':56,83,188 'way':77"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://fstab.sh/comment/1435645"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704956356 {#1549
          date: 2024-01-11 07:59:16.0 +01:00
        }
        +"title": 298442
      }
    ]
    -id: 28891
    -titleTs: "'dedic':5 'dhcp/dns':6 'hardwar':8 'server':7 'use':3"
    -bodyTs: "'2':133 'address':57 'also':129 'app':18 'assign':54 'assist':27 'basic':41 'clobber':92 'current':2,76 'dhcp':6,63,145 'differ':22 'disconnect':130 'dns':7,64 'doesn':154 'edit':97,132 'etc':29 'filesystem':91 'get':37 'go':136 'home':26 'host':19 'howev':12 'inform':127 'ip':56,150 'issu':34 'know':45 'leas':146 'll':161 'm':99,135 'mani':95 'move':162 'nas':28 'need':43 'non':81 'non-pi':80 'onto':65,166 'pi':82,90 'plex':25 'prevent':119 'problem':106 'put':62,72 'ran':32 'real':105 'recommend':83 'reconfigur':121 'rout':126 'server':23,49,77,116,125,141,165 'set':39 'setup':3 'start':100 'static':144,149 'switch':139 'system':69,85,113,170 'thank':171 'thing':38 'think':102,159 'time':96 'tri':35,138 'unifi':10,24,42,48,109,131,164 'usg':11 've':31,87 'without':128 'work':156"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1705041019
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10565049"
    +editedAt: DateTimeImmutable @1723662953 {#2389
      date: 2024-08-14 21:15:53.0 +02:00
    }
    +createdAt: DateTimeImmutable @1704954619 {#1716
      date: 2024-01-11 07:30:19.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1731 …}
  +root: App\Entity\EntryComment {#1560}
  +body: """
    Here’s how it works: unifi devices need to communicate with the controller over tcp/8080 to maintain their provisioned state. By default, the controller adopts the device with `http://controller-ip:8080/inform`, which means that if you ever change the controller IP, you’ll must adopt your devices again.\n
    \n
    There are [several other ways](https://help.ui.com/hc/en-us/articles/204909754-UniFi-Network-Remote-Adoption-Layer-3-) to adopt the device, most notably using the DHCP option 43 and using DNS. Of those, setting up DNS is generally easier. You’d provision the DNS to point at your controller and then update the inform address on all your devices (including the USG).\n
    \n
    Now, there’s still a problem of keeping your controller IP and DNS address in sync. Unifi, generally, doesn’t do DNS names for its DHCP leases, and devices can’t use mDNS, so you’ll have to figure a solution for that. Or, you can just cut it short and make sure the controller has a static IP―not a static DHCP lease, but literally, a static address. It allows your controller to function autonomously from USG, as long as your devices don’t reach to it across VLANs.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1705132134 {#1566
    date: 2024-01-13 08:48:54.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Ecclestoned@lemmy.world"
    "@farcaller@fstab.sh"
    "@Ecclestoned@lemmy.world"
    "@farcaller@fstab.sh"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1617 …}
  +nested: Doctrine\ORM\PersistentCollection {#1618 …}
  +votes: Doctrine\ORM\PersistentCollection {#1626 …}
  +reports: Doctrine\ORM\PersistentCollection {#1629 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1598 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1616 …}
  -id: 304561
  -bodyTs: "'/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':57 '43':68 '8080/inform':32 'across':191 'address':95,116,171 'adopt':25,46,59 'allow':173 'autonom':178 'chang':39 'communic':10 'control':13,24,30,41,89,112,157,175 'controller-ip':29 'cut':150 'd':81 'default':22 'devic':7,27,48,61,99,131,185 'dhcp':66,128,165 'dns':71,76,84,115,124 'doesn':121 'easier':79 'ever':38 'figur':141 'function':177 'general':78,120 'help.ui.com':56 'help.ui.com/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':55 'includ':100 'inform':94 'ip':31,42,113,161 'keep':110 'leas':129,166 'liter':168 'll':44,138 'long':182 'maintain':17 'make':154 'mdns':135 'mean':34 'must':45 'name':125 'need':8 'notabl':63 'option':67 'point':86 'problem':108 'provis':19,82 'reach':188 'set':74 'sever':52 'short':152 'solut':143 'state':20 'static':160,164,170 'still':106 'sure':155 'sync':118 'tcp/8080':15 'unifi':6,119 'updat':92 'use':64,70,134 'usg':102,180 'vlan':192 'way':54 'work':5"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://fstab.sh/comment/1446049"
  +editedAt: DateTimeImmutable @1723808274 {#1563
    date: 2024-08-16 13:37:54.0 +02:00
  }
  +createdAt: DateTimeImmutable @1705132134 {#1562
    date: 2024-01-13 08:48:54.0 +01:00
  }
  +"title": 304561
}

App\Entity\EntryComment {#1565
  +user: App\Entity\User {#265 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1551
    +user: Proxies\__CG__\App\Entity\User {#2378 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#2013 …}
    +slug: "Should-I-use-a-dedicated-DHCP-DNS-server-hardware"
    +title: "Should I use a dedicated DHCP/DNS server hardware"
    +url: null
    +body: """
      My current setup has my DHCP + DNS on my Unifi USG. However, as I have all my apps hosted on a different server (unifi, plex, home assistant, NAS, etc.) I’ve ran into issues trying to get things set up.\n
      \n
      Basically, Unifi needs to know where the unifi server is, but it’s assigning the IP address to it.\n
      \n
      Should I put DHCP+DNS onto it’s own system? Should I put it on my current server? And any non-Pi recommendations for systems? (I’ve had the PI filesystem clobber itself too many times)\n
      \n
      Edit: I’m starting to think that the real problem is having UNIFI on the same system as the server, as it prevents me reconfiguring any of the server routing information without also disconnecting unifi…\n
      \n
      Edit 2: I’m going to try switching the server from a static DHCP lease to a static IP. If that’s doesn’t work, then I think I’ll move the unifi server onto it’s own system. Thanks!
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 21
    +favouriteCount: 33
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1723661197 {#1557
      date: 2024-08-14 20:46:37.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2020 …}
    +votes: Doctrine\ORM\PersistentCollection {#2029 …}
    +reports: Doctrine\ORM\PersistentCollection {#2033 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2087 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2064 …}
    +badges: Doctrine\ORM\PersistentCollection {#2132 …}
    +children: [
      1 => App\Entity\EntryComment {#1565}
      0 => App\Entity\EntryComment {#1560
        +user: App\Entity\User {#265 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1551 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
        +image: null
        +parent: null
        +root: null
        +body: """
          Unifi is specific about expecting the controller address to not change. You have several options: There’s the “override controller address” setting, which you can use to point the devices at a dns name, instead of an ip address. The dns can then track your controller. It doesn’t exactly solve your issue, though, as USG doesn’t assign dns names to dynamic allocations.\n
          \n
          Another option is to give the controller a static IP allocation. This way, in case you reboot everything, USG will come up with the latest good config, then will (eventually) allocate the IP for controller, and adopt itself.\n
          \n
          Finally, the most bulletproof option is to just have a static IP address on the controller. It’s a special case, so it’s reasonable to do so. Just like you can only send NetFlow to a specific address and have to keep your collector in one place, basically.\n
          \n
          I’d advise against moving dhcp and dns off unifi unless you have a better reason to do so, because then you lose a good chunk of what unifi provides in terms of the network management. USG is surprisingly robust in that regard (unlike UDMs), and can even run a nextdns forwarding resolver locally.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1723661197 {#1672
          date: 2024-08-14 20:46:37.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Ecclestoned@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1585 …}
        +nested: Doctrine\ORM\PersistentCollection {#1526 …}
        +votes: Doctrine\ORM\PersistentCollection {#1527 …}
        +reports: Doctrine\ORM\PersistentCollection {#1525 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1550 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1548 …}
        -id: 298442
        -bodyTs: "'address':8,21,39,115,141 'adopt':101 'advis':154 'alloc':64,75,95 'anoth':65 'assign':59 'basic':151 'better':166 'bulletproof':106 'case':79,123 'chang':11 'chunk':177 'collector':147 'come':85 'config':91 'control':7,20,46,71,99,118 'd':153 'devic':30 'dhcp':157 'dns':33,41,60,159 'doesn':48,57 'dynam':63 'even':199 'eventu':94 'everyth':82 'exact':50 'expect':5 'final':103 'forward':203 'give':69 'good':90,176 'instead':35 'ip':38,74,97,114 'issu':53 'keep':145 'latest':89 'like':132 'local':205 'lose':174 'manag':187 'move':156 'name':34,61 'netflow':137 'network':186 'nextdn':202 'one':149 'option':15,66,107 'overrid':19 'place':150 'point':28 'provid':181 'reason':127,167 'reboot':81 'regard':194 'resolv':204 'robust':191 'run':200 'send':136 'set':22 'sever':14 'solv':51 'special':122 'specif':3,140 'static':73,113 'surpris':190 'term':183 'though':54 'track':44 'udm':196 'unifi':1,161,180 'unless':162 'unlik':195 'use':26 'usg':56,83,188 'way':77"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://fstab.sh/comment/1435645"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704956356 {#1549
          date: 2024-01-11 07:59:16.0 +01:00
        }
        +"title": 298442
      }
    ]
    -id: 28891
    -titleTs: "'dedic':5 'dhcp/dns':6 'hardwar':8 'server':7 'use':3"
    -bodyTs: "'2':133 'address':57 'also':129 'app':18 'assign':54 'assist':27 'basic':41 'clobber':92 'current':2,76 'dhcp':6,63,145 'differ':22 'disconnect':130 'dns':7,64 'doesn':154 'edit':97,132 'etc':29 'filesystem':91 'get':37 'go':136 'home':26 'host':19 'howev':12 'inform':127 'ip':56,150 'issu':34 'know':45 'leas':146 'll':161 'm':99,135 'mani':95 'move':162 'nas':28 'need':43 'non':81 'non-pi':80 'onto':65,166 'pi':82,90 'plex':25 'prevent':119 'problem':106 'put':62,72 'ran':32 'real':105 'recommend':83 'reconfigur':121 'rout':126 'server':23,49,77,116,125,141,165 'set':39 'setup':3 'start':100 'static':144,149 'switch':139 'system':69,85,113,170 'thank':171 'thing':38 'think':102,159 'time':96 'tri':35,138 'unifi':10,24,42,48,109,131,164 'usg':11 've':31,87 'without':128 'work':156"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1705041019
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10565049"
    +editedAt: DateTimeImmutable @1723662953 {#2389
      date: 2024-08-14 21:15:53.0 +02:00
    }
    +createdAt: DateTimeImmutable @1704954619 {#1716
      date: 2024-01-11 07:30:19.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1731 …}
  +root: App\Entity\EntryComment {#1560}
  +body: """
    Here’s how it works: unifi devices need to communicate with the controller over tcp/8080 to maintain their provisioned state. By default, the controller adopts the device with `http://controller-ip:8080/inform`, which means that if you ever change the controller IP, you’ll must adopt your devices again.\n
    \n
    There are [several other ways](https://help.ui.com/hc/en-us/articles/204909754-UniFi-Network-Remote-Adoption-Layer-3-) to adopt the device, most notably using the DHCP option 43 and using DNS. Of those, setting up DNS is generally easier. You’d provision the DNS to point at your controller and then update the inform address on all your devices (including the USG).\n
    \n
    Now, there’s still a problem of keeping your controller IP and DNS address in sync. Unifi, generally, doesn’t do DNS names for its DHCP leases, and devices can’t use mDNS, so you’ll have to figure a solution for that. Or, you can just cut it short and make sure the controller has a static IP―not a static DHCP lease, but literally, a static address. It allows your controller to function autonomously from USG, as long as your devices don’t reach to it across VLANs.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1705132134 {#1566
    date: 2024-01-13 08:48:54.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Ecclestoned@lemmy.world"
    "@farcaller@fstab.sh"
    "@Ecclestoned@lemmy.world"
    "@farcaller@fstab.sh"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1617 …}
  +nested: Doctrine\ORM\PersistentCollection {#1618 …}
  +votes: Doctrine\ORM\PersistentCollection {#1626 …}
  +reports: Doctrine\ORM\PersistentCollection {#1629 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1598 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1616 …}
  -id: 304561
  -bodyTs: "'/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':57 '43':68 '8080/inform':32 'across':191 'address':95,116,171 'adopt':25,46,59 'allow':173 'autonom':178 'chang':39 'communic':10 'control':13,24,30,41,89,112,157,175 'controller-ip':29 'cut':150 'd':81 'default':22 'devic':7,27,48,61,99,131,185 'dhcp':66,128,165 'dns':71,76,84,115,124 'doesn':121 'easier':79 'ever':38 'figur':141 'function':177 'general':78,120 'help.ui.com':56 'help.ui.com/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':55 'includ':100 'inform':94 'ip':31,42,113,161 'keep':110 'leas':129,166 'liter':168 'll':44,138 'long':182 'maintain':17 'make':154 'mdns':135 'mean':34 'must':45 'name':125 'need':8 'notabl':63 'option':67 'point':86 'problem':108 'provis':19,82 'reach':188 'set':74 'sever':52 'short':152 'solut':143 'state':20 'static':160,164,170 'still':106 'sure':155 'sync':118 'tcp/8080':15 'unifi':6,119 'updat':92 'use':64,70,134 'usg':102,180 'vlan':192 'way':54 'work':5"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://fstab.sh/comment/1446049"
  +editedAt: DateTimeImmutable @1723808274 {#1563
    date: 2024-08-16 13:37:54.0 +02:00
  }
  +createdAt: DateTimeImmutable @1705132134 {#1562
    date: 2024-01-13 08:48:54.0 +01:00
  }
  +"title": 304561
}

App\Entity\EntryComment {#1565
  +user: App\Entity\User {#265 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1551
    +user: Proxies\__CG__\App\Entity\User {#2378 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#2013 …}
    +slug: "Should-I-use-a-dedicated-DHCP-DNS-server-hardware"
    +title: "Should I use a dedicated DHCP/DNS server hardware"
    +url: null
    +body: """
      My current setup has my DHCP + DNS on my Unifi USG. However, as I have all my apps hosted on a different server (unifi, plex, home assistant, NAS, etc.) I’ve ran into issues trying to get things set up.\n
      \n
      Basically, Unifi needs to know where the unifi server is, but it’s assigning the IP address to it.\n
      \n
      Should I put DHCP+DNS onto it’s own system? Should I put it on my current server? And any non-Pi recommendations for systems? (I’ve had the PI filesystem clobber itself too many times)\n
      \n
      Edit: I’m starting to think that the real problem is having UNIFI on the same system as the server, as it prevents me reconfiguring any of the server routing information without also disconnecting unifi…\n
      \n
      Edit 2: I’m going to try switching the server from a static DHCP lease to a static IP. If that’s doesn’t work, then I think I’ll move the unifi server onto it’s own system. Thanks!
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 21
    +favouriteCount: 33
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1723661197 {#1557
      date: 2024-08-14 20:46:37.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2020 …}
    +votes: Doctrine\ORM\PersistentCollection {#2029 …}
    +reports: Doctrine\ORM\PersistentCollection {#2033 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2087 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2064 …}
    +badges: Doctrine\ORM\PersistentCollection {#2132 …}
    +children: [
      1 => App\Entity\EntryComment {#1565}
      0 => App\Entity\EntryComment {#1560
        +user: App\Entity\User {#265 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1551 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
        +image: null
        +parent: null
        +root: null
        +body: """
          Unifi is specific about expecting the controller address to not change. You have several options: There’s the “override controller address” setting, which you can use to point the devices at a dns name, instead of an ip address. The dns can then track your controller. It doesn’t exactly solve your issue, though, as USG doesn’t assign dns names to dynamic allocations.\n
          \n
          Another option is to give the controller a static IP allocation. This way, in case you reboot everything, USG will come up with the latest good config, then will (eventually) allocate the IP for controller, and adopt itself.\n
          \n
          Finally, the most bulletproof option is to just have a static IP address on the controller. It’s a special case, so it’s reasonable to do so. Just like you can only send NetFlow to a specific address and have to keep your collector in one place, basically.\n
          \n
          I’d advise against moving dhcp and dns off unifi unless you have a better reason to do so, because then you lose a good chunk of what unifi provides in terms of the network management. USG is surprisingly robust in that regard (unlike UDMs), and can even run a nextdns forwarding resolver locally.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1723661197 {#1672
          date: 2024-08-14 20:46:37.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Ecclestoned@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1585 …}
        +nested: Doctrine\ORM\PersistentCollection {#1526 …}
        +votes: Doctrine\ORM\PersistentCollection {#1527 …}
        +reports: Doctrine\ORM\PersistentCollection {#1525 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1550 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1548 …}
        -id: 298442
        -bodyTs: "'address':8,21,39,115,141 'adopt':101 'advis':154 'alloc':64,75,95 'anoth':65 'assign':59 'basic':151 'better':166 'bulletproof':106 'case':79,123 'chang':11 'chunk':177 'collector':147 'come':85 'config':91 'control':7,20,46,71,99,118 'd':153 'devic':30 'dhcp':157 'dns':33,41,60,159 'doesn':48,57 'dynam':63 'even':199 'eventu':94 'everyth':82 'exact':50 'expect':5 'final':103 'forward':203 'give':69 'good':90,176 'instead':35 'ip':38,74,97,114 'issu':53 'keep':145 'latest':89 'like':132 'local':205 'lose':174 'manag':187 'move':156 'name':34,61 'netflow':137 'network':186 'nextdn':202 'one':149 'option':15,66,107 'overrid':19 'place':150 'point':28 'provid':181 'reason':127,167 'reboot':81 'regard':194 'resolv':204 'robust':191 'run':200 'send':136 'set':22 'sever':14 'solv':51 'special':122 'specif':3,140 'static':73,113 'surpris':190 'term':183 'though':54 'track':44 'udm':196 'unifi':1,161,180 'unless':162 'unlik':195 'use':26 'usg':56,83,188 'way':77"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://fstab.sh/comment/1435645"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704956356 {#1549
          date: 2024-01-11 07:59:16.0 +01:00
        }
        +"title": 298442
      }
    ]
    -id: 28891
    -titleTs: "'dedic':5 'dhcp/dns':6 'hardwar':8 'server':7 'use':3"
    -bodyTs: "'2':133 'address':57 'also':129 'app':18 'assign':54 'assist':27 'basic':41 'clobber':92 'current':2,76 'dhcp':6,63,145 'differ':22 'disconnect':130 'dns':7,64 'doesn':154 'edit':97,132 'etc':29 'filesystem':91 'get':37 'go':136 'home':26 'host':19 'howev':12 'inform':127 'ip':56,150 'issu':34 'know':45 'leas':146 'll':161 'm':99,135 'mani':95 'move':162 'nas':28 'need':43 'non':81 'non-pi':80 'onto':65,166 'pi':82,90 'plex':25 'prevent':119 'problem':106 'put':62,72 'ran':32 'real':105 'recommend':83 'reconfigur':121 'rout':126 'server':23,49,77,116,125,141,165 'set':39 'setup':3 'start':100 'static':144,149 'switch':139 'system':69,85,113,170 'thank':171 'thing':38 'think':102,159 'time':96 'tri':35,138 'unifi':10,24,42,48,109,131,164 'usg':11 've':31,87 'without':128 'work':156"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1705041019
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10565049"
    +editedAt: DateTimeImmutable @1723662953 {#2389
      date: 2024-08-14 21:15:53.0 +02:00
    }
    +createdAt: DateTimeImmutable @1704954619 {#1716
      date: 2024-01-11 07:30:19.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1731 …}
  +root: App\Entity\EntryComment {#1560}
  +body: """
    Here’s how it works: unifi devices need to communicate with the controller over tcp/8080 to maintain their provisioned state. By default, the controller adopts the device with `http://controller-ip:8080/inform`, which means that if you ever change the controller IP, you’ll must adopt your devices again.\n
    \n
    There are [several other ways](https://help.ui.com/hc/en-us/articles/204909754-UniFi-Network-Remote-Adoption-Layer-3-) to adopt the device, most notably using the DHCP option 43 and using DNS. Of those, setting up DNS is generally easier. You’d provision the DNS to point at your controller and then update the inform address on all your devices (including the USG).\n
    \n
    Now, there’s still a problem of keeping your controller IP and DNS address in sync. Unifi, generally, doesn’t do DNS names for its DHCP leases, and devices can’t use mDNS, so you’ll have to figure a solution for that. Or, you can just cut it short and make sure the controller has a static IP―not a static DHCP lease, but literally, a static address. It allows your controller to function autonomously from USG, as long as your devices don’t reach to it across VLANs.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1705132134 {#1566
    date: 2024-01-13 08:48:54.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Ecclestoned@lemmy.world"
    "@farcaller@fstab.sh"
    "@Ecclestoned@lemmy.world"
    "@farcaller@fstab.sh"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1617 …}
  +nested: Doctrine\ORM\PersistentCollection {#1618 …}
  +votes: Doctrine\ORM\PersistentCollection {#1626 …}
  +reports: Doctrine\ORM\PersistentCollection {#1629 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1598 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1616 …}
  -id: 304561
  -bodyTs: "'/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':57 '43':68 '8080/inform':32 'across':191 'address':95,116,171 'adopt':25,46,59 'allow':173 'autonom':178 'chang':39 'communic':10 'control':13,24,30,41,89,112,157,175 'controller-ip':29 'cut':150 'd':81 'default':22 'devic':7,27,48,61,99,131,185 'dhcp':66,128,165 'dns':71,76,84,115,124 'doesn':121 'easier':79 'ever':38 'figur':141 'function':177 'general':78,120 'help.ui.com':56 'help.ui.com/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':55 'includ':100 'inform':94 'ip':31,42,113,161 'keep':110 'leas':129,166 'liter':168 'll':44,138 'long':182 'maintain':17 'make':154 'mdns':135 'mean':34 'must':45 'name':125 'need':8 'notabl':63 'option':67 'point':86 'problem':108 'provis':19,82 'reach':188 'set':74 'sever':52 'short':152 'solut':143 'state':20 'static':160,164,170 'still':106 'sure':155 'sync':118 'tcp/8080':15 'unifi':6,119 'updat':92 'use':64,70,134 'usg':102,180 'vlan':192 'way':54 'work':5"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://fstab.sh/comment/1446049"
  +editedAt: DateTimeImmutable @1723808274 {#1563
    date: 2024-08-16 13:37:54.0 +02:00
  }
  +createdAt: DateTimeImmutable @1705132134 {#1562
    date: 2024-01-13 08:48:54.0 +01:00
  }
  +"title": 304561
}

null

App\Entity\EntryComment {#1560
  +user: App\Entity\User {#265 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1551
    +user: Proxies\__CG__\App\Entity\User {#2378 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#2013 …}
    +slug: "Should-I-use-a-dedicated-DHCP-DNS-server-hardware"
    +title: "Should I use a dedicated DHCP/DNS server hardware"
    +url: null
    +body: """
      My current setup has my DHCP + DNS on my Unifi USG. However, as I have all my apps hosted on a different server (unifi, plex, home assistant, NAS, etc.) I’ve ran into issues trying to get things set up.\n
      \n
      Basically, Unifi needs to know where the unifi server is, but it’s assigning the IP address to it.\n
      \n
      Should I put DHCP+DNS onto it’s own system? Should I put it on my current server? And any non-Pi recommendations for systems? (I’ve had the PI filesystem clobber itself too many times)\n
      \n
      Edit: I’m starting to think that the real problem is having UNIFI on the same system as the server, as it prevents me reconfiguring any of the server routing information without also disconnecting unifi…\n
      \n
      Edit 2: I’m going to try switching the server from a static DHCP lease to a static IP. If that’s doesn’t work, then I think I’ll move the unifi server onto it’s own system. Thanks!
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 21
    +favouriteCount: 33
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1723661197 {#1557
      date: 2024-08-14 20:46:37.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2020 …}
    +votes: Doctrine\ORM\PersistentCollection {#2029 …}
    +reports: Doctrine\ORM\PersistentCollection {#2033 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2087 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2064 …}
    +badges: Doctrine\ORM\PersistentCollection {#2132 …}
    +children: [
      1 => App\Entity\EntryComment {#1565
        +user: App\Entity\User {#265 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1551 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1731 …}
        +root: App\Entity\EntryComment {#1560}
        +body: """
          Here’s how it works: unifi devices need to communicate with the controller over tcp/8080 to maintain their provisioned state. By default, the controller adopts the device with `http://controller-ip:8080/inform`, which means that if you ever change the controller IP, you’ll must adopt your devices again.\n
          \n
          There are [several other ways](https://help.ui.com/hc/en-us/articles/204909754-UniFi-Network-Remote-Adoption-Layer-3-) to adopt the device, most notably using the DHCP option 43 and using DNS. Of those, setting up DNS is generally easier. You’d provision the DNS to point at your controller and then update the inform address on all your devices (including the USG).\n
          \n
          Now, there’s still a problem of keeping your controller IP and DNS address in sync. Unifi, generally, doesn’t do DNS names for its DHCP leases, and devices can’t use mDNS, so you’ll have to figure a solution for that. Or, you can just cut it short and make sure the controller has a static IP―not a static DHCP lease, but literally, a static address. It allows your controller to function autonomously from USG, as long as your devices don’t reach to it across VLANs.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1705132134 {#1566
          date: 2024-01-13 08:48:54.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Ecclestoned@lemmy.world"
          "@farcaller@fstab.sh"
          "@Ecclestoned@lemmy.world"
          "@farcaller@fstab.sh"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1617 …}
        +nested: Doctrine\ORM\PersistentCollection {#1618 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1629 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1598 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1616 …}
        -id: 304561
        -bodyTs: "'/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':57 '43':68 '8080/inform':32 'across':191 'address':95,116,171 'adopt':25,46,59 'allow':173 'autonom':178 'chang':39 'communic':10 'control':13,24,30,41,89,112,157,175 'controller-ip':29 'cut':150 'd':81 'default':22 'devic':7,27,48,61,99,131,185 'dhcp':66,128,165 'dns':71,76,84,115,124 'doesn':121 'easier':79 'ever':38 'figur':141 'function':177 'general':78,120 'help.ui.com':56 'help.ui.com/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':55 'includ':100 'inform':94 'ip':31,42,113,161 'keep':110 'leas':129,166 'liter':168 'll':44,138 'long':182 'maintain':17 'make':154 'mdns':135 'mean':34 'must':45 'name':125 'need':8 'notabl':63 'option':67 'point':86 'problem':108 'provis':19,82 'reach':188 'set':74 'sever':52 'short':152 'solut':143 'state':20 'static':160,164,170 'still':106 'sure':155 'sync':118 'tcp/8080':15 'unifi':6,119 'updat':92 'use':64,70,134 'usg':102,180 'vlan':192 'way':54 'work':5"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://fstab.sh/comment/1446049"
        +editedAt: DateTimeImmutable @1723808274 {#1563
          date: 2024-08-16 13:37:54.0 +02:00
        }
        +createdAt: DateTimeImmutable @1705132134 {#1562
          date: 2024-01-13 08:48:54.0 +01:00
        }
        +"title": 304561
      }
      0 => App\Entity\EntryComment {#1560}
    ]
    -id: 28891
    -titleTs: "'dedic':5 'dhcp/dns':6 'hardwar':8 'server':7 'use':3"
    -bodyTs: "'2':133 'address':57 'also':129 'app':18 'assign':54 'assist':27 'basic':41 'clobber':92 'current':2,76 'dhcp':6,63,145 'differ':22 'disconnect':130 'dns':7,64 'doesn':154 'edit':97,132 'etc':29 'filesystem':91 'get':37 'go':136 'home':26 'host':19 'howev':12 'inform':127 'ip':56,150 'issu':34 'know':45 'leas':146 'll':161 'm':99,135 'mani':95 'move':162 'nas':28 'need':43 'non':81 'non-pi':80 'onto':65,166 'pi':82,90 'plex':25 'prevent':119 'problem':106 'put':62,72 'ran':32 'real':105 'recommend':83 'reconfigur':121 'rout':126 'server':23,49,77,116,125,141,165 'set':39 'setup':3 'start':100 'static':144,149 'switch':139 'system':69,85,113,170 'thank':171 'thing':38 'think':102,159 'time':96 'tri':35,138 'unifi':10,24,42,48,109,131,164 'usg':11 've':31,87 'without':128 'work':156"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1705041019
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10565049"
    +editedAt: DateTimeImmutable @1723662953 {#2389
      date: 2024-08-14 21:15:53.0 +02:00
    }
    +createdAt: DateTimeImmutable @1704954619 {#1716
      date: 2024-01-11 07:30:19.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
  +image: null
  +parent: null
  +root: null
  +body: """
    Unifi is specific about expecting the controller address to not change. You have several options: There’s the “override controller address” setting, which you can use to point the devices at a dns name, instead of an ip address. The dns can then track your controller. It doesn’t exactly solve your issue, though, as USG doesn’t assign dns names to dynamic allocations.\n
    \n
    Another option is to give the controller a static IP allocation. This way, in case you reboot everything, USG will come up with the latest good config, then will (eventually) allocate the IP for controller, and adopt itself.\n
    \n
    Finally, the most bulletproof option is to just have a static IP address on the controller. It’s a special case, so it’s reasonable to do so. Just like you can only send NetFlow to a specific address and have to keep your collector in one place, basically.\n
    \n
    I’d advise against moving dhcp and dns off unifi unless you have a better reason to do so, because then you lose a good chunk of what unifi provides in terms of the network management. USG is surprisingly robust in that regard (unlike UDMs), and can even run a nextdns forwarding resolver locally.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1723661197 {#1672
    date: 2024-08-14 20:46:37.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Ecclestoned@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1585 …}
  +nested: Doctrine\ORM\PersistentCollection {#1526 …}
  +votes: Doctrine\ORM\PersistentCollection {#1527 …}
  +reports: Doctrine\ORM\PersistentCollection {#1525 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1550 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1548 …}
  -id: 298442
  -bodyTs: "'address':8,21,39,115,141 'adopt':101 'advis':154 'alloc':64,75,95 'anoth':65 'assign':59 'basic':151 'better':166 'bulletproof':106 'case':79,123 'chang':11 'chunk':177 'collector':147 'come':85 'config':91 'control':7,20,46,71,99,118 'd':153 'devic':30 'dhcp':157 'dns':33,41,60,159 'doesn':48,57 'dynam':63 'even':199 'eventu':94 'everyth':82 'exact':50 'expect':5 'final':103 'forward':203 'give':69 'good':90,176 'instead':35 'ip':38,74,97,114 'issu':53 'keep':145 'latest':89 'like':132 'local':205 'lose':174 'manag':187 'move':156 'name':34,61 'netflow':137 'network':186 'nextdn':202 'one':149 'option':15,66,107 'overrid':19 'place':150 'point':28 'provid':181 'reason':127,167 'reboot':81 'regard':194 'resolv':204 'robust':191 'run':200 'send':136 'set':22 'sever':14 'solv':51 'special':122 'specif':3,140 'static':73,113 'surpris':190 'term':183 'though':54 'track':44 'udm':196 'unifi':1,161,180 'unless':162 'unlik':195 'use':26 'usg':56,83,188 'way':77"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://fstab.sh/comment/1435645"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704956356 {#1549
    date: 2024-01-11 07:59:16.0 +01:00
  }
  +"title": 298442
}

App\Entity\EntryComment {#1560
  +user: App\Entity\User {#265 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1551
    +user: Proxies\__CG__\App\Entity\User {#2378 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#2013 …}
    +slug: "Should-I-use-a-dedicated-DHCP-DNS-server-hardware"
    +title: "Should I use a dedicated DHCP/DNS server hardware"
    +url: null
    +body: """
      My current setup has my DHCP + DNS on my Unifi USG. However, as I have all my apps hosted on a different server (unifi, plex, home assistant, NAS, etc.) I’ve ran into issues trying to get things set up.\n
      \n
      Basically, Unifi needs to know where the unifi server is, but it’s assigning the IP address to it.\n
      \n
      Should I put DHCP+DNS onto it’s own system? Should I put it on my current server? And any non-Pi recommendations for systems? (I’ve had the PI filesystem clobber itself too many times)\n
      \n
      Edit: I’m starting to think that the real problem is having UNIFI on the same system as the server, as it prevents me reconfiguring any of the server routing information without also disconnecting unifi…\n
      \n
      Edit 2: I’m going to try switching the server from a static DHCP lease to a static IP. If that’s doesn’t work, then I think I’ll move the unifi server onto it’s own system. Thanks!
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 21
    +favouriteCount: 33
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1723661197 {#1557
      date: 2024-08-14 20:46:37.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2020 …}
    +votes: Doctrine\ORM\PersistentCollection {#2029 …}
    +reports: Doctrine\ORM\PersistentCollection {#2033 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2087 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2064 …}
    +badges: Doctrine\ORM\PersistentCollection {#2132 …}
    +children: [
      1 => App\Entity\EntryComment {#1565
        +user: App\Entity\User {#265 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1551 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1731 …}
        +root: App\Entity\EntryComment {#1560}
        +body: """
          Here’s how it works: unifi devices need to communicate with the controller over tcp/8080 to maintain their provisioned state. By default, the controller adopts the device with `http://controller-ip:8080/inform`, which means that if you ever change the controller IP, you’ll must adopt your devices again.\n
          \n
          There are [several other ways](https://help.ui.com/hc/en-us/articles/204909754-UniFi-Network-Remote-Adoption-Layer-3-) to adopt the device, most notably using the DHCP option 43 and using DNS. Of those, setting up DNS is generally easier. You’d provision the DNS to point at your controller and then update the inform address on all your devices (including the USG).\n
          \n
          Now, there’s still a problem of keeping your controller IP and DNS address in sync. Unifi, generally, doesn’t do DNS names for its DHCP leases, and devices can’t use mDNS, so you’ll have to figure a solution for that. Or, you can just cut it short and make sure the controller has a static IP―not a static DHCP lease, but literally, a static address. It allows your controller to function autonomously from USG, as long as your devices don’t reach to it across VLANs.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1705132134 {#1566
          date: 2024-01-13 08:48:54.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Ecclestoned@lemmy.world"
          "@farcaller@fstab.sh"
          "@Ecclestoned@lemmy.world"
          "@farcaller@fstab.sh"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1617 …}
        +nested: Doctrine\ORM\PersistentCollection {#1618 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1629 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1598 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1616 …}
        -id: 304561
        -bodyTs: "'/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':57 '43':68 '8080/inform':32 'across':191 'address':95,116,171 'adopt':25,46,59 'allow':173 'autonom':178 'chang':39 'communic':10 'control':13,24,30,41,89,112,157,175 'controller-ip':29 'cut':150 'd':81 'default':22 'devic':7,27,48,61,99,131,185 'dhcp':66,128,165 'dns':71,76,84,115,124 'doesn':121 'easier':79 'ever':38 'figur':141 'function':177 'general':78,120 'help.ui.com':56 'help.ui.com/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':55 'includ':100 'inform':94 'ip':31,42,113,161 'keep':110 'leas':129,166 'liter':168 'll':44,138 'long':182 'maintain':17 'make':154 'mdns':135 'mean':34 'must':45 'name':125 'need':8 'notabl':63 'option':67 'point':86 'problem':108 'provis':19,82 'reach':188 'set':74 'sever':52 'short':152 'solut':143 'state':20 'static':160,164,170 'still':106 'sure':155 'sync':118 'tcp/8080':15 'unifi':6,119 'updat':92 'use':64,70,134 'usg':102,180 'vlan':192 'way':54 'work':5"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://fstab.sh/comment/1446049"
        +editedAt: DateTimeImmutable @1723808274 {#1563
          date: 2024-08-16 13:37:54.0 +02:00
        }
        +createdAt: DateTimeImmutable @1705132134 {#1562
          date: 2024-01-13 08:48:54.0 +01:00
        }
        +"title": 304561
      }
      0 => App\Entity\EntryComment {#1560}
    ]
    -id: 28891
    -titleTs: "'dedic':5 'dhcp/dns':6 'hardwar':8 'server':7 'use':3"
    -bodyTs: "'2':133 'address':57 'also':129 'app':18 'assign':54 'assist':27 'basic':41 'clobber':92 'current':2,76 'dhcp':6,63,145 'differ':22 'disconnect':130 'dns':7,64 'doesn':154 'edit':97,132 'etc':29 'filesystem':91 'get':37 'go':136 'home':26 'host':19 'howev':12 'inform':127 'ip':56,150 'issu':34 'know':45 'leas':146 'll':161 'm':99,135 'mani':95 'move':162 'nas':28 'need':43 'non':81 'non-pi':80 'onto':65,166 'pi':82,90 'plex':25 'prevent':119 'problem':106 'put':62,72 'ran':32 'real':105 'recommend':83 'reconfigur':121 'rout':126 'server':23,49,77,116,125,141,165 'set':39 'setup':3 'start':100 'static':144,149 'switch':139 'system':69,85,113,170 'thank':171 'thing':38 'think':102,159 'time':96 'tri':35,138 'unifi':10,24,42,48,109,131,164 'usg':11 've':31,87 'without':128 'work':156"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1705041019
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10565049"
    +editedAt: DateTimeImmutable @1723662953 {#2389
      date: 2024-08-14 21:15:53.0 +02:00
    }
    +createdAt: DateTimeImmutable @1704954619 {#1716
      date: 2024-01-11 07:30:19.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
  +image: null
  +parent: null
  +root: null
  +body: """
    Unifi is specific about expecting the controller address to not change. You have several options: There’s the “override controller address” setting, which you can use to point the devices at a dns name, instead of an ip address. The dns can then track your controller. It doesn’t exactly solve your issue, though, as USG doesn’t assign dns names to dynamic allocations.\n
    \n
    Another option is to give the controller a static IP allocation. This way, in case you reboot everything, USG will come up with the latest good config, then will (eventually) allocate the IP for controller, and adopt itself.\n
    \n
    Finally, the most bulletproof option is to just have a static IP address on the controller. It’s a special case, so it’s reasonable to do so. Just like you can only send NetFlow to a specific address and have to keep your collector in one place, basically.\n
    \n
    I’d advise against moving dhcp and dns off unifi unless you have a better reason to do so, because then you lose a good chunk of what unifi provides in terms of the network management. USG is surprisingly robust in that regard (unlike UDMs), and can even run a nextdns forwarding resolver locally.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1723661197 {#1672
    date: 2024-08-14 20:46:37.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Ecclestoned@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1585 …}
  +nested: Doctrine\ORM\PersistentCollection {#1526 …}
  +votes: Doctrine\ORM\PersistentCollection {#1527 …}
  +reports: Doctrine\ORM\PersistentCollection {#1525 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1550 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1548 …}
  -id: 298442
  -bodyTs: "'address':8,21,39,115,141 'adopt':101 'advis':154 'alloc':64,75,95 'anoth':65 'assign':59 'basic':151 'better':166 'bulletproof':106 'case':79,123 'chang':11 'chunk':177 'collector':147 'come':85 'config':91 'control':7,20,46,71,99,118 'd':153 'devic':30 'dhcp':157 'dns':33,41,60,159 'doesn':48,57 'dynam':63 'even':199 'eventu':94 'everyth':82 'exact':50 'expect':5 'final':103 'forward':203 'give':69 'good':90,176 'instead':35 'ip':38,74,97,114 'issu':53 'keep':145 'latest':89 'like':132 'local':205 'lose':174 'manag':187 'move':156 'name':34,61 'netflow':137 'network':186 'nextdn':202 'one':149 'option':15,66,107 'overrid':19 'place':150 'point':28 'provid':181 'reason':127,167 'reboot':81 'regard':194 'resolv':204 'robust':191 'run':200 'send':136 'set':22 'sever':14 'solv':51 'special':122 'specif':3,140 'static':73,113 'surpris':190 'term':183 'though':54 'track':44 'udm':196 'unifi':1,161,180 'unless':162 'unlik':195 'use':26 'usg':56,83,188 'way':77"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://fstab.sh/comment/1435645"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704956356 {#1549
    date: 2024-01-11 07:59:16.0 +01:00
  }
  +"title": 298442
}

App\Entity\EntryComment {#1560
  +user: App\Entity\User {#265 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1551
    +user: Proxies\__CG__\App\Entity\User {#2378 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#2013 …}
    +slug: "Should-I-use-a-dedicated-DHCP-DNS-server-hardware"
    +title: "Should I use a dedicated DHCP/DNS server hardware"
    +url: null
    +body: """
      My current setup has my DHCP + DNS on my Unifi USG. However, as I have all my apps hosted on a different server (unifi, plex, home assistant, NAS, etc.) I’ve ran into issues trying to get things set up.\n
      \n
      Basically, Unifi needs to know where the unifi server is, but it’s assigning the IP address to it.\n
      \n
      Should I put DHCP+DNS onto it’s own system? Should I put it on my current server? And any non-Pi recommendations for systems? (I’ve had the PI filesystem clobber itself too many times)\n
      \n
      Edit: I’m starting to think that the real problem is having UNIFI on the same system as the server, as it prevents me reconfiguring any of the server routing information without also disconnecting unifi…\n
      \n
      Edit 2: I’m going to try switching the server from a static DHCP lease to a static IP. If that’s doesn’t work, then I think I’ll move the unifi server onto it’s own system. Thanks!
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 21
    +favouriteCount: 33
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1723661197 {#1557
      date: 2024-08-14 20:46:37.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2020 …}
    +votes: Doctrine\ORM\PersistentCollection {#2029 …}
    +reports: Doctrine\ORM\PersistentCollection {#2033 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2087 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2064 …}
    +badges: Doctrine\ORM\PersistentCollection {#2132 …}
    +children: [
      1 => App\Entity\EntryComment {#1565
        +user: App\Entity\User {#265 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1551 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1731 …}
        +root: App\Entity\EntryComment {#1560}
        +body: """
          Here’s how it works: unifi devices need to communicate with the controller over tcp/8080 to maintain their provisioned state. By default, the controller adopts the device with `http://controller-ip:8080/inform`, which means that if you ever change the controller IP, you’ll must adopt your devices again.\n
          \n
          There are [several other ways](https://help.ui.com/hc/en-us/articles/204909754-UniFi-Network-Remote-Adoption-Layer-3-) to adopt the device, most notably using the DHCP option 43 and using DNS. Of those, setting up DNS is generally easier. You’d provision the DNS to point at your controller and then update the inform address on all your devices (including the USG).\n
          \n
          Now, there’s still a problem of keeping your controller IP and DNS address in sync. Unifi, generally, doesn’t do DNS names for its DHCP leases, and devices can’t use mDNS, so you’ll have to figure a solution for that. Or, you can just cut it short and make sure the controller has a static IP―not a static DHCP lease, but literally, a static address. It allows your controller to function autonomously from USG, as long as your devices don’t reach to it across VLANs.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1705132134 {#1566
          date: 2024-01-13 08:48:54.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Ecclestoned@lemmy.world"
          "@farcaller@fstab.sh"
          "@Ecclestoned@lemmy.world"
          "@farcaller@fstab.sh"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1617 …}
        +nested: Doctrine\ORM\PersistentCollection {#1618 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1629 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1598 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1616 …}
        -id: 304561
        -bodyTs: "'/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':57 '43':68 '8080/inform':32 'across':191 'address':95,116,171 'adopt':25,46,59 'allow':173 'autonom':178 'chang':39 'communic':10 'control':13,24,30,41,89,112,157,175 'controller-ip':29 'cut':150 'd':81 'default':22 'devic':7,27,48,61,99,131,185 'dhcp':66,128,165 'dns':71,76,84,115,124 'doesn':121 'easier':79 'ever':38 'figur':141 'function':177 'general':78,120 'help.ui.com':56 'help.ui.com/hc/en-us/articles/204909754-unifi-network-remote-adoption-layer-3-)':55 'includ':100 'inform':94 'ip':31,42,113,161 'keep':110 'leas':129,166 'liter':168 'll':44,138 'long':182 'maintain':17 'make':154 'mdns':135 'mean':34 'must':45 'name':125 'need':8 'notabl':63 'option':67 'point':86 'problem':108 'provis':19,82 'reach':188 'set':74 'sever':52 'short':152 'solut':143 'state':20 'static':160,164,170 'still':106 'sure':155 'sync':118 'tcp/8080':15 'unifi':6,119 'updat':92 'use':64,70,134 'usg':102,180 'vlan':192 'way':54 'work':5"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://fstab.sh/comment/1446049"
        +editedAt: DateTimeImmutable @1723808274 {#1563
          date: 2024-08-16 13:37:54.0 +02:00
        }
        +createdAt: DateTimeImmutable @1705132134 {#1562
          date: 2024-01-13 08:48:54.0 +01:00
        }
        +"title": 304561
      }
      0 => App\Entity\EntryComment {#1560}
    ]
    -id: 28891
    -titleTs: "'dedic':5 'dhcp/dns':6 'hardwar':8 'server':7 'use':3"
    -bodyTs: "'2':133 'address':57 'also':129 'app':18 'assign':54 'assist':27 'basic':41 'clobber':92 'current':2,76 'dhcp':6,63,145 'differ':22 'disconnect':130 'dns':7,64 'doesn':154 'edit':97,132 'etc':29 'filesystem':91 'get':37 'go':136 'home':26 'host':19 'howev':12 'inform':127 'ip':56,150 'issu':34 'know':45 'leas':146 'll':161 'm':99,135 'mani':95 'move':162 'nas':28 'need':43 'non':81 'non-pi':80 'onto':65,166 'pi':82,90 'plex':25 'prevent':119 'problem':106 'put':62,72 'ran':32 'real':105 'recommend':83 'reconfigur':121 'rout':126 'server':23,49,77,116,125,141,165 'set':39 'setup':3 'start':100 'static':144,149 'switch':139 'system':69,85,113,170 'thank':171 'thing':38 'think':102,159 'time':96 'tri':35,138 'unifi':10,24,42,48,109,131,164 'usg':11 've':31,87 'without':128 'work':156"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1705041019
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10565049"
    +editedAt: DateTimeImmutable @1723662953 {#2389
      date: 2024-08-14 21:15:53.0 +02:00
    }
    +createdAt: DateTimeImmutable @1704954619 {#1716
      date: 2024-01-11 07:30:19.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1573 …}
  +image: null
  +parent: null
  +root: null
  +body: """
    Unifi is specific about expecting the controller address to not change. You have several options: There’s the “override controller address” setting, which you can use to point the devices at a dns name, instead of an ip address. The dns can then track your controller. It doesn’t exactly solve your issue, though, as USG doesn’t assign dns names to dynamic allocations.\n
    \n
    Another option is to give the controller a static IP allocation. This way, in case you reboot everything, USG will come up with the latest good config, then will (eventually) allocate the IP for controller, and adopt itself.\n
    \n
    Finally, the most bulletproof option is to just have a static IP address on the controller. It’s a special case, so it’s reasonable to do so. Just like you can only send NetFlow to a specific address and have to keep your collector in one place, basically.\n
    \n
    I’d advise against moving dhcp and dns off unifi unless you have a better reason to do so, because then you lose a good chunk of what unifi provides in terms of the network management. USG is surprisingly robust in that regard (unlike UDMs), and can even run a nextdns forwarding resolver locally.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1723661197 {#1672
    date: 2024-08-14 20:46:37.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Ecclestoned@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1585 …}
  +nested: Doctrine\ORM\PersistentCollection {#1526 …}
  +votes: Doctrine\ORM\PersistentCollection {#1527 …}
  +reports: Doctrine\ORM\PersistentCollection {#1525 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1550 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1548 …}
  -id: 298442
  -bodyTs: "'address':8,21,39,115,141 'adopt':101 'advis':154 'alloc':64,75,95 'anoth':65 'assign':59 'basic':151 'better':166 'bulletproof':106 'case':79,123 'chang':11 'chunk':177 'collector':147 'come':85 'config':91 'control':7,20,46,71,99,118 'd':153 'devic':30 'dhcp':157 'dns':33,41,60,159 'doesn':48,57 'dynam':63 'even':199 'eventu':94 'everyth':82 'exact':50 'expect':5 'final':103 'forward':203 'give':69 'good':90,176 'instead':35 'ip':38,74,97,114 'issu':53 'keep':145 'latest':89 'like':132 'local':205 'lose':174 'manag':187 'move':156 'name':34,61 'netflow':137 'network':186 'nextdn':202 'one':149 'option':15,66,107 'overrid':19 'place':150 'point':28 'provid':181 'reason':127,167 'reboot':81 'regard':194 'resolv':204 'robust':191 'run':200 'send':136 'set':22 'sever':14 'solv':51 'special':122 'specif':3,140 'static':73,113 'surpris':190 'term':183 'though':54 'track':44 'udm':196 'unifi':1,161,180 'unless':162 'unlik':195 'use':26 'usg':56,83,188 'way':77"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://fstab.sh/comment/1435645"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704956356 {#1549
    date: 2024-01-11 07:59:16.0 +01:00
  }
  +"title": 298442
}