| 1 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 2 |
DENIED
|
moderate
|
App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
} |
|
Show voter details
|
| 3 |
DENIED
|
edit
|
App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
} |
|
Show voter details
|
| 4 |
DENIED
|
moderate
|
App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
} |
|
Show voter details
|
| 5 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 6 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4252
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
This is way overcomplicated.\n
\n
Internet -> router/firewall -> your network with all devices\n
\n
No DMZ needed or wanted.\n
\n
You will want a dhcp server which will likely be the router/firewall. It will tell all your internal systems to use it as a “gateway” for Internet traffic. The router then allows outbound for everybody and does NAT - basically it makes requests on that systems behalf and sends the results back. If your want external access to a system you configure port-forwarding on the router (again it acts as the middleman between external and internal systems).\n
\n
Edited to add: I love that you provided a diagram though! Makes it much easier to discuss.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1728288680 {#4262
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4250 …}
+nested: Doctrine\ORM\PersistentCollection {#4248 …}
+votes: Doctrine\ORM\PersistentCollection {#4246 …}
+reports: Doctrine\ORM\PersistentCollection {#4244 …}
+favourites: Doctrine\ORM\PersistentCollection {#4212 …}
+notifications: Doctrine\ORM\PersistentCollection {#4216 …}
-id: 334158
-bodyTs: "'access':72 'act':86 'add':97 'allow':48 'back':67 'basic':55 'behalf':62 'configur':77 'devic':11 'dhcp':21 'diagram':104 'discuss':111 'dmz':13 'easier':109 'edit':95 'everybodi':51 'extern':71,91 'forward':80 'gateway':41 'intern':34,93 'internet':5,43 'like':25 'love':99 'make':57,106 'middleman':89 'much':108 'nat':54 'need':14 'network':8 'outbound':49 'overcompl':4 'port':79 'port-forward':78 'provid':102 'request':58 'result':66 'router':46,83 'router/firewall':6,28 'send':64 'server':22 'system':35,61,75,94 'tell':31 'though':105 'traffic':44 'use':37 'want':16,19,70 'way':3"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7942270"
+editedAt: DateTimeImmutable @1727963788 {#4198
date: 2024-10-03 15:56:28.0 +02:00
}
+createdAt: DateTimeImmutable @1706019875 {#4261
date: 2024-01-23 15:24:35.0 +01:00
}
} |
|
Show voter details
|
| 7 |
DENIED
|
edit
|
App\Entity\EntryComment {#4252
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
This is way overcomplicated.\n
\n
Internet -> router/firewall -> your network with all devices\n
\n
No DMZ needed or wanted.\n
\n
You will want a dhcp server which will likely be the router/firewall. It will tell all your internal systems to use it as a “gateway” for Internet traffic. The router then allows outbound for everybody and does NAT - basically it makes requests on that systems behalf and sends the results back. If your want external access to a system you configure port-forwarding on the router (again it acts as the middleman between external and internal systems).\n
\n
Edited to add: I love that you provided a diagram though! Makes it much easier to discuss.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1728288680 {#4262
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4250 …}
+nested: Doctrine\ORM\PersistentCollection {#4248 …}
+votes: Doctrine\ORM\PersistentCollection {#4246 …}
+reports: Doctrine\ORM\PersistentCollection {#4244 …}
+favourites: Doctrine\ORM\PersistentCollection {#4212 …}
+notifications: Doctrine\ORM\PersistentCollection {#4216 …}
-id: 334158
-bodyTs: "'access':72 'act':86 'add':97 'allow':48 'back':67 'basic':55 'behalf':62 'configur':77 'devic':11 'dhcp':21 'diagram':104 'discuss':111 'dmz':13 'easier':109 'edit':95 'everybodi':51 'extern':71,91 'forward':80 'gateway':41 'intern':34,93 'internet':5,43 'like':25 'love':99 'make':57,106 'middleman':89 'much':108 'nat':54 'need':14 'network':8 'outbound':49 'overcompl':4 'port':79 'port-forward':78 'provid':102 'request':58 'result':66 'router':46,83 'router/firewall':6,28 'send':64 'server':22 'system':35,61,75,94 'tell':31 'though':105 'traffic':44 'use':37 'want':16,19,70 'way':3"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7942270"
+editedAt: DateTimeImmutable @1727963788 {#4198
date: 2024-10-03 15:56:28.0 +02:00
}
+createdAt: DateTimeImmutable @1706019875 {#4261
date: 2024-01-23 15:24:35.0 +01:00
}
} |
|
Show voter details
|
| 8 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4252
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
This is way overcomplicated.\n
\n
Internet -> router/firewall -> your network with all devices\n
\n
No DMZ needed or wanted.\n
\n
You will want a dhcp server which will likely be the router/firewall. It will tell all your internal systems to use it as a “gateway” for Internet traffic. The router then allows outbound for everybody and does NAT - basically it makes requests on that systems behalf and sends the results back. If your want external access to a system you configure port-forwarding on the router (again it acts as the middleman between external and internal systems).\n
\n
Edited to add: I love that you provided a diagram though! Makes it much easier to discuss.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1728288680 {#4262
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4250 …}
+nested: Doctrine\ORM\PersistentCollection {#4248 …}
+votes: Doctrine\ORM\PersistentCollection {#4246 …}
+reports: Doctrine\ORM\PersistentCollection {#4244 …}
+favourites: Doctrine\ORM\PersistentCollection {#4212 …}
+notifications: Doctrine\ORM\PersistentCollection {#4216 …}
-id: 334158
-bodyTs: "'access':72 'act':86 'add':97 'allow':48 'back':67 'basic':55 'behalf':62 'configur':77 'devic':11 'dhcp':21 'diagram':104 'discuss':111 'dmz':13 'easier':109 'edit':95 'everybodi':51 'extern':71,91 'forward':80 'gateway':41 'intern':34,93 'internet':5,43 'like':25 'love':99 'make':57,106 'middleman':89 'much':108 'nat':54 'need':14 'network':8 'outbound':49 'overcompl':4 'port':79 'port-forward':78 'provid':102 'request':58 'result':66 'router':46,83 'router/firewall':6,28 'send':64 'server':22 'system':35,61,75,94 'tell':31 'though':105 'traffic':44 'use':37 'want':16,19,70 'way':3"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7942270"
+editedAt: DateTimeImmutable @1727963788 {#4198
date: 2024-10-03 15:56:28.0 +02:00
}
+createdAt: DateTimeImmutable @1706019875 {#4261
date: 2024-01-23 15:24:35.0 +01:00
}
} |
|
Show voter details
|
| 9 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 10 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4415
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4252
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
This is way overcomplicated.\n
\n
Internet -> router/firewall -> your network with all devices\n
\n
No DMZ needed or wanted.\n
\n
You will want a dhcp server which will likely be the router/firewall. It will tell all your internal systems to use it as a “gateway” for Internet traffic. The router then allows outbound for everybody and does NAT - basically it makes requests on that systems behalf and sends the results back. If your want external access to a system you configure port-forwarding on the router (again it acts as the middleman between external and internal systems).\n
\n
Edited to add: I love that you provided a diagram though! Makes it much easier to discuss.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1728288680 {#4262
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4250 …}
+nested: Doctrine\ORM\PersistentCollection {#4248 …}
+votes: Doctrine\ORM\PersistentCollection {#4246 …}
+reports: Doctrine\ORM\PersistentCollection {#4244 …}
+favourites: Doctrine\ORM\PersistentCollection {#4212 …}
+notifications: Doctrine\ORM\PersistentCollection {#4216 …}
-id: 334158
-bodyTs: "'access':72 'act':86 'add':97 'allow':48 'back':67 'basic':55 'behalf':62 'configur':77 'devic':11 'dhcp':21 'diagram':104 'discuss':111 'dmz':13 'easier':109 'edit':95 'everybodi':51 'extern':71,91 'forward':80 'gateway':41 'intern':34,93 'internet':5,43 'like':25 'love':99 'make':57,106 'middleman':89 'much':108 'nat':54 'need':14 'network':8 'outbound':49 'overcompl':4 'port':79 'port-forward':78 'provid':102 'request':58 'result':66 'router':46,83 'router/firewall':6,28 'send':64 'server':22 'system':35,61,75,94 'tell':31 'though':105 'traffic':44 'use':37 'want':16,19,70 'way':3"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7942270"
+editedAt: DateTimeImmutable @1727963788 {#4198
date: 2024-10-03 15:56:28.0 +02:00
}
+createdAt: DateTimeImmutable @1706019875 {#4261
date: 2024-01-23 15:24:35.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
I do tend to overcomplicate things 😆\n
\n
It seems, based on your comments and others in the post, that my next step is to flash OpenWRT and do a deep dive on its firewall functions. Thanks for taking the time to educate me!
"""
+lang: "en"
+isAdult: false
+favouriteCount: 0
+score: 0
+lastActive: DateTime @1706045907 {#4413
date: 2024-01-23 22:38:27.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4416 …}
+nested: Doctrine\ORM\PersistentCollection {#4418 …}
+votes: Doctrine\ORM\PersistentCollection {#4420 …}
+reports: Doctrine\ORM\PersistentCollection {#4422 …}
+favourites: Doctrine\ORM\PersistentCollection {#4424 …}
+notifications: Doctrine\ORM\PersistentCollection {#4426 …}
-id: 335220
-bodyTs: "'base':9 'comment':12 'deep':29 'dive':30 'educ':41 'firewal':33 'flash':24 'function':34 'next':20 'openwrt':25 'other':14 'overcompl':5 'post':17 'seem':8 'step':21 'take':37 'tend':3 'thank':35 'thing':6 'time':39"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmyf.uk/comment/5151008"
+editedAt: null
+createdAt: DateTimeImmutable @1706045907 {#4414
date: 2024-01-23 22:38:27.0 +01:00
}
} |
|
Show voter details
|
| 11 |
DENIED
|
edit
|
App\Entity\EntryComment {#4415
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4252
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
This is way overcomplicated.\n
\n
Internet -> router/firewall -> your network with all devices\n
\n
No DMZ needed or wanted.\n
\n
You will want a dhcp server which will likely be the router/firewall. It will tell all your internal systems to use it as a “gateway” for Internet traffic. The router then allows outbound for everybody and does NAT - basically it makes requests on that systems behalf and sends the results back. If your want external access to a system you configure port-forwarding on the router (again it acts as the middleman between external and internal systems).\n
\n
Edited to add: I love that you provided a diagram though! Makes it much easier to discuss.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1728288680 {#4262
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4250 …}
+nested: Doctrine\ORM\PersistentCollection {#4248 …}
+votes: Doctrine\ORM\PersistentCollection {#4246 …}
+reports: Doctrine\ORM\PersistentCollection {#4244 …}
+favourites: Doctrine\ORM\PersistentCollection {#4212 …}
+notifications: Doctrine\ORM\PersistentCollection {#4216 …}
-id: 334158
-bodyTs: "'access':72 'act':86 'add':97 'allow':48 'back':67 'basic':55 'behalf':62 'configur':77 'devic':11 'dhcp':21 'diagram':104 'discuss':111 'dmz':13 'easier':109 'edit':95 'everybodi':51 'extern':71,91 'forward':80 'gateway':41 'intern':34,93 'internet':5,43 'like':25 'love':99 'make':57,106 'middleman':89 'much':108 'nat':54 'need':14 'network':8 'outbound':49 'overcompl':4 'port':79 'port-forward':78 'provid':102 'request':58 'result':66 'router':46,83 'router/firewall':6,28 'send':64 'server':22 'system':35,61,75,94 'tell':31 'though':105 'traffic':44 'use':37 'want':16,19,70 'way':3"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7942270"
+editedAt: DateTimeImmutable @1727963788 {#4198
date: 2024-10-03 15:56:28.0 +02:00
}
+createdAt: DateTimeImmutable @1706019875 {#4261
date: 2024-01-23 15:24:35.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
I do tend to overcomplicate things 😆\n
\n
It seems, based on your comments and others in the post, that my next step is to flash OpenWRT and do a deep dive on its firewall functions. Thanks for taking the time to educate me!
"""
+lang: "en"
+isAdult: false
+favouriteCount: 0
+score: 0
+lastActive: DateTime @1706045907 {#4413
date: 2024-01-23 22:38:27.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4416 …}
+nested: Doctrine\ORM\PersistentCollection {#4418 …}
+votes: Doctrine\ORM\PersistentCollection {#4420 …}
+reports: Doctrine\ORM\PersistentCollection {#4422 …}
+favourites: Doctrine\ORM\PersistentCollection {#4424 …}
+notifications: Doctrine\ORM\PersistentCollection {#4426 …}
-id: 335220
-bodyTs: "'base':9 'comment':12 'deep':29 'dive':30 'educ':41 'firewal':33 'flash':24 'function':34 'next':20 'openwrt':25 'other':14 'overcompl':5 'post':17 'seem':8 'step':21 'take':37 'tend':3 'thank':35 'thing':6 'time':39"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmyf.uk/comment/5151008"
+editedAt: null
+createdAt: DateTimeImmutable @1706045907 {#4414
date: 2024-01-23 22:38:27.0 +01:00
}
} |
|
Show voter details
|
| 12 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4415
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4252
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
This is way overcomplicated.\n
\n
Internet -> router/firewall -> your network with all devices\n
\n
No DMZ needed or wanted.\n
\n
You will want a dhcp server which will likely be the router/firewall. It will tell all your internal systems to use it as a “gateway” for Internet traffic. The router then allows outbound for everybody and does NAT - basically it makes requests on that systems behalf and sends the results back. If your want external access to a system you configure port-forwarding on the router (again it acts as the middleman between external and internal systems).\n
\n
Edited to add: I love that you provided a diagram though! Makes it much easier to discuss.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1728288680 {#4262
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4250 …}
+nested: Doctrine\ORM\PersistentCollection {#4248 …}
+votes: Doctrine\ORM\PersistentCollection {#4246 …}
+reports: Doctrine\ORM\PersistentCollection {#4244 …}
+favourites: Doctrine\ORM\PersistentCollection {#4212 …}
+notifications: Doctrine\ORM\PersistentCollection {#4216 …}
-id: 334158
-bodyTs: "'access':72 'act':86 'add':97 'allow':48 'back':67 'basic':55 'behalf':62 'configur':77 'devic':11 'dhcp':21 'diagram':104 'discuss':111 'dmz':13 'easier':109 'edit':95 'everybodi':51 'extern':71,91 'forward':80 'gateway':41 'intern':34,93 'internet':5,43 'like':25 'love':99 'make':57,106 'middleman':89 'much':108 'nat':54 'need':14 'network':8 'outbound':49 'overcompl':4 'port':79 'port-forward':78 'provid':102 'request':58 'result':66 'router':46,83 'router/firewall':6,28 'send':64 'server':22 'system':35,61,75,94 'tell':31 'though':105 'traffic':44 'use':37 'want':16,19,70 'way':3"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7942270"
+editedAt: DateTimeImmutable @1727963788 {#4198
date: 2024-10-03 15:56:28.0 +02:00
}
+createdAt: DateTimeImmutable @1706019875 {#4261
date: 2024-01-23 15:24:35.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
I do tend to overcomplicate things 😆\n
\n
It seems, based on your comments and others in the post, that my next step is to flash OpenWRT and do a deep dive on its firewall functions. Thanks for taking the time to educate me!
"""
+lang: "en"
+isAdult: false
+favouriteCount: 0
+score: 0
+lastActive: DateTime @1706045907 {#4413
date: 2024-01-23 22:38:27.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4416 …}
+nested: Doctrine\ORM\PersistentCollection {#4418 …}
+votes: Doctrine\ORM\PersistentCollection {#4420 …}
+reports: Doctrine\ORM\PersistentCollection {#4422 …}
+favourites: Doctrine\ORM\PersistentCollection {#4424 …}
+notifications: Doctrine\ORM\PersistentCollection {#4426 …}
-id: 335220
-bodyTs: "'base':9 'comment':12 'deep':29 'dive':30 'educ':41 'firewal':33 'flash':24 'function':34 'next':20 'openwrt':25 'other':14 'overcompl':5 'post':17 'seem':8 'step':21 'take':37 'tend':3 'thank':35 'thing':6 'time':39"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmyf.uk/comment/5151008"
+editedAt: null
+createdAt: DateTimeImmutable @1706045907 {#4414
date: 2024-01-23 22:38:27.0 +01:00
}
} |
|
Show voter details
|
| 13 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 14 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4438
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4415
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4252
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
This is way overcomplicated.\n
\n
Internet -> router/firewall -> your network with all devices\n
\n
No DMZ needed or wanted.\n
\n
You will want a dhcp server which will likely be the router/firewall. It will tell all your internal systems to use it as a “gateway” for Internet traffic. The router then allows outbound for everybody and does NAT - basically it makes requests on that systems behalf and sends the results back. If your want external access to a system you configure port-forwarding on the router (again it acts as the middleman between external and internal systems).\n
\n
Edited to add: I love that you provided a diagram though! Makes it much easier to discuss.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1728288680 {#4262
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4250 …}
+nested: Doctrine\ORM\PersistentCollection {#4248 …}
+votes: Doctrine\ORM\PersistentCollection {#4246 …}
+reports: Doctrine\ORM\PersistentCollection {#4244 …}
+favourites: Doctrine\ORM\PersistentCollection {#4212 …}
+notifications: Doctrine\ORM\PersistentCollection {#4216 …}
-id: 334158
-bodyTs: "'access':72 'act':86 'add':97 'allow':48 'back':67 'basic':55 'behalf':62 'configur':77 'devic':11 'dhcp':21 'diagram':104 'discuss':111 'dmz':13 'easier':109 'edit':95 'everybodi':51 'extern':71,91 'forward':80 'gateway':41 'intern':34,93 'internet':5,43 'like':25 'love':99 'make':57,106 'middleman':89 'much':108 'nat':54 'need':14 'network':8 'outbound':49 'overcompl':4 'port':79 'port-forward':78 'provid':102 'request':58 'result':66 'router':46,83 'router/firewall':6,28 'send':64 'server':22 'system':35,61,75,94 'tell':31 'though':105 'traffic':44 'use':37 'want':16,19,70 'way':3"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7942270"
+editedAt: DateTimeImmutable @1727963788 {#4198
date: 2024-10-03 15:56:28.0 +02:00
}
+createdAt: DateTimeImmutable @1706019875 {#4261
date: 2024-01-23 15:24:35.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
I do tend to overcomplicate things 😆\n
\n
It seems, based on your comments and others in the post, that my next step is to flash OpenWRT and do a deep dive on its firewall functions. Thanks for taking the time to educate me!
"""
+lang: "en"
+isAdult: false
+favouriteCount: 0
+score: 0
+lastActive: DateTime @1706045907 {#4413
date: 2024-01-23 22:38:27.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4416 …}
+nested: Doctrine\ORM\PersistentCollection {#4418 …}
+votes: Doctrine\ORM\PersistentCollection {#4420 …}
+reports: Doctrine\ORM\PersistentCollection {#4422 …}
+favourites: Doctrine\ORM\PersistentCollection {#4424 …}
+notifications: Doctrine\ORM\PersistentCollection {#4426 …}
-id: 335220
-bodyTs: "'base':9 'comment':12 'deep':29 'dive':30 'educ':41 'firewal':33 'flash':24 'function':34 'next':20 'openwrt':25 'other':14 'overcompl':5 'post':17 'seem':8 'step':21 'take':37 'tend':3 'thank':35 'thing':6 'time':39"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmyf.uk/comment/5151008"
+editedAt: null
+createdAt: DateTimeImmutable @1706045907 {#4414
date: 2024-01-23 22:38:27.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
Yeah - basic home-networking is typically pretty straight-forward. You’ll want to figure out your basic services (DHCP, DNS, and routing) but after that it’s pretty simple. OpenWRT should handle the DHCP and routing. I’m not sure about DNS though.\n
\n
DHCP will tell systems "here is your IP, here is the [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) of the network you are on, here is the router that handles traffic for things NOT on that network (e.g. the internet), and here are the DNS servers you should use for name resolution.\n
\n
With DHCP you can also hand out “static leases” to give systems reliable IP addresses based on their MAC addresses. Then you can setup a DNS server that does internal name resolution if you want to be able to reference systems by name. This DNS server doesn’t need to be publicly available (and indeed should not be).\n
\n
The Firewall is typically only for things coming into your network from the internet. You can restrict outbound traffic as well if you want but that’s less common. By default things on the internet will NOT be able to get to your internal systems because of [NAT](https://en.wikipedia.org/wiki/Network_address_translation). So to allow things “out there” to access a service running on an internal system you’ll need to do [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) on your firewall. This will a) open a port on the internet side and b) send all traffic to that port to a port on an internal system. The router will handle all of the network-to-network and traffic handling stuff.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1706047750 {#4439
date: 2024-01-23 23:09:10.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4435 …}
+nested: Doctrine\ORM\PersistentCollection {#4431 …}
+votes: Doctrine\ORM\PersistentCollection {#4429 …}
+reports: Doctrine\ORM\PersistentCollection {#4444 …}
+favourites: Doctrine\ORM\PersistentCollection {#4446 …}
+notifications: Doctrine\ORM\PersistentCollection {#4448 …}
-id: 335290
-bodyTs: "'/wiki/classless_inter-domain_routing)':60 '/wiki/network_address_translation).':203 '/wiki/port_forwarding)':228 'abl':132,191 'access':211 'address':109,114 'allow':206 'also':99 'avail':147 'b':243 'base':110 'basic':2,19 'cidr':57 'come':160 'common':181 'default':183 'dhcp':21,36,46,96 'dns':22,44,87,120,139 'doesn':141 'e.g':80 'en.wikipedia.org':59,202,227 'en.wikipedia.org/wiki/classless_inter-domain_routing)':58 'en.wikipedia.org/wiki/network_address_translation).':201 'en.wikipedia.org/wiki/port_forwarding)':226 'figur':16 'firewal':154,231 'forward':11,225 'get':193 'give':105 'hand':100 'handl':34,72,260,270 'home':4 'home-network':3 'inde':149 'intern':124,196,217,255 'internet':82,166,187,240 'ip':53,108 'leas':103 'less':180 'll':13,220 'm':40 'mac':113 'name':93,125,137 'nat':200 'need':143,221 'network':5,63,79,163,265,267 'network-to-network':264 'open':235 'openwrt':32 'outbound':170 'port':224,237,249,252 'pretti':8,30 'public':146 'refer':134 'reliabl':107 'resolut':94,126 'restrict':169 'rout':24,38 'router':70,258 'run':214 'send':244 'server':88,121,140 'servic':20,213 'setup':118 'side':241 'simpl':31 'static':102 'straight':10 'straight-forward':9 'stuff':271 'sure':42 'system':49,106,135,197,218,256 'tell':48 'thing':75,159,184,207 'though':45 'traffic':73,171,246,269 'typic':7,156 'use':91 'want':14,129,176 'well':173 'yeah':1"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7954265"
+editedAt: null
+createdAt: DateTimeImmutable @1706047750 {#4442
date: 2024-01-23 23:09:10.0 +01:00
}
} |
|
Show voter details
|
| 15 |
DENIED
|
edit
|
App\Entity\EntryComment {#4438
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4415
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4252
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
This is way overcomplicated.\n
\n
Internet -> router/firewall -> your network with all devices\n
\n
No DMZ needed or wanted.\n
\n
You will want a dhcp server which will likely be the router/firewall. It will tell all your internal systems to use it as a “gateway” for Internet traffic. The router then allows outbound for everybody and does NAT - basically it makes requests on that systems behalf and sends the results back. If your want external access to a system you configure port-forwarding on the router (again it acts as the middleman between external and internal systems).\n
\n
Edited to add: I love that you provided a diagram though! Makes it much easier to discuss.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1728288680 {#4262
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4250 …}
+nested: Doctrine\ORM\PersistentCollection {#4248 …}
+votes: Doctrine\ORM\PersistentCollection {#4246 …}
+reports: Doctrine\ORM\PersistentCollection {#4244 …}
+favourites: Doctrine\ORM\PersistentCollection {#4212 …}
+notifications: Doctrine\ORM\PersistentCollection {#4216 …}
-id: 334158
-bodyTs: "'access':72 'act':86 'add':97 'allow':48 'back':67 'basic':55 'behalf':62 'configur':77 'devic':11 'dhcp':21 'diagram':104 'discuss':111 'dmz':13 'easier':109 'edit':95 'everybodi':51 'extern':71,91 'forward':80 'gateway':41 'intern':34,93 'internet':5,43 'like':25 'love':99 'make':57,106 'middleman':89 'much':108 'nat':54 'need':14 'network':8 'outbound':49 'overcompl':4 'port':79 'port-forward':78 'provid':102 'request':58 'result':66 'router':46,83 'router/firewall':6,28 'send':64 'server':22 'system':35,61,75,94 'tell':31 'though':105 'traffic':44 'use':37 'want':16,19,70 'way':3"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7942270"
+editedAt: DateTimeImmutable @1727963788 {#4198
date: 2024-10-03 15:56:28.0 +02:00
}
+createdAt: DateTimeImmutable @1706019875 {#4261
date: 2024-01-23 15:24:35.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
I do tend to overcomplicate things 😆\n
\n
It seems, based on your comments and others in the post, that my next step is to flash OpenWRT and do a deep dive on its firewall functions. Thanks for taking the time to educate me!
"""
+lang: "en"
+isAdult: false
+favouriteCount: 0
+score: 0
+lastActive: DateTime @1706045907 {#4413
date: 2024-01-23 22:38:27.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4416 …}
+nested: Doctrine\ORM\PersistentCollection {#4418 …}
+votes: Doctrine\ORM\PersistentCollection {#4420 …}
+reports: Doctrine\ORM\PersistentCollection {#4422 …}
+favourites: Doctrine\ORM\PersistentCollection {#4424 …}
+notifications: Doctrine\ORM\PersistentCollection {#4426 …}
-id: 335220
-bodyTs: "'base':9 'comment':12 'deep':29 'dive':30 'educ':41 'firewal':33 'flash':24 'function':34 'next':20 'openwrt':25 'other':14 'overcompl':5 'post':17 'seem':8 'step':21 'take':37 'tend':3 'thank':35 'thing':6 'time':39"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmyf.uk/comment/5151008"
+editedAt: null
+createdAt: DateTimeImmutable @1706045907 {#4414
date: 2024-01-23 22:38:27.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
Yeah - basic home-networking is typically pretty straight-forward. You’ll want to figure out your basic services (DHCP, DNS, and routing) but after that it’s pretty simple. OpenWRT should handle the DHCP and routing. I’m not sure about DNS though.\n
\n
DHCP will tell systems "here is your IP, here is the [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) of the network you are on, here is the router that handles traffic for things NOT on that network (e.g. the internet), and here are the DNS servers you should use for name resolution.\n
\n
With DHCP you can also hand out “static leases” to give systems reliable IP addresses based on their MAC addresses. Then you can setup a DNS server that does internal name resolution if you want to be able to reference systems by name. This DNS server doesn’t need to be publicly available (and indeed should not be).\n
\n
The Firewall is typically only for things coming into your network from the internet. You can restrict outbound traffic as well if you want but that’s less common. By default things on the internet will NOT be able to get to your internal systems because of [NAT](https://en.wikipedia.org/wiki/Network_address_translation). So to allow things “out there” to access a service running on an internal system you’ll need to do [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) on your firewall. This will a) open a port on the internet side and b) send all traffic to that port to a port on an internal system. The router will handle all of the network-to-network and traffic handling stuff.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1706047750 {#4439
date: 2024-01-23 23:09:10.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4435 …}
+nested: Doctrine\ORM\PersistentCollection {#4431 …}
+votes: Doctrine\ORM\PersistentCollection {#4429 …}
+reports: Doctrine\ORM\PersistentCollection {#4444 …}
+favourites: Doctrine\ORM\PersistentCollection {#4446 …}
+notifications: Doctrine\ORM\PersistentCollection {#4448 …}
-id: 335290
-bodyTs: "'/wiki/classless_inter-domain_routing)':60 '/wiki/network_address_translation).':203 '/wiki/port_forwarding)':228 'abl':132,191 'access':211 'address':109,114 'allow':206 'also':99 'avail':147 'b':243 'base':110 'basic':2,19 'cidr':57 'come':160 'common':181 'default':183 'dhcp':21,36,46,96 'dns':22,44,87,120,139 'doesn':141 'e.g':80 'en.wikipedia.org':59,202,227 'en.wikipedia.org/wiki/classless_inter-domain_routing)':58 'en.wikipedia.org/wiki/network_address_translation).':201 'en.wikipedia.org/wiki/port_forwarding)':226 'figur':16 'firewal':154,231 'forward':11,225 'get':193 'give':105 'hand':100 'handl':34,72,260,270 'home':4 'home-network':3 'inde':149 'intern':124,196,217,255 'internet':82,166,187,240 'ip':53,108 'leas':103 'less':180 'll':13,220 'm':40 'mac':113 'name':93,125,137 'nat':200 'need':143,221 'network':5,63,79,163,265,267 'network-to-network':264 'open':235 'openwrt':32 'outbound':170 'port':224,237,249,252 'pretti':8,30 'public':146 'refer':134 'reliabl':107 'resolut':94,126 'restrict':169 'rout':24,38 'router':70,258 'run':214 'send':244 'server':88,121,140 'servic':20,213 'setup':118 'side':241 'simpl':31 'static':102 'straight':10 'straight-forward':9 'stuff':271 'sure':42 'system':49,106,135,197,218,256 'tell':48 'thing':75,159,184,207 'though':45 'traffic':73,171,246,269 'typic':7,156 'use':91 'want':14,129,176 'well':173 'yeah':1"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7954265"
+editedAt: null
+createdAt: DateTimeImmutable @1706047750 {#4442
date: 2024-01-23 23:09:10.0 +01:00
}
} |
|
Show voter details
|
| 16 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4438
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4415
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4252
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
This is way overcomplicated.\n
\n
Internet -> router/firewall -> your network with all devices\n
\n
No DMZ needed or wanted.\n
\n
You will want a dhcp server which will likely be the router/firewall. It will tell all your internal systems to use it as a “gateway” for Internet traffic. The router then allows outbound for everybody and does NAT - basically it makes requests on that systems behalf and sends the results back. If your want external access to a system you configure port-forwarding on the router (again it acts as the middleman between external and internal systems).\n
\n
Edited to add: I love that you provided a diagram though! Makes it much easier to discuss.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1728288680 {#4262
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4250 …}
+nested: Doctrine\ORM\PersistentCollection {#4248 …}
+votes: Doctrine\ORM\PersistentCollection {#4246 …}
+reports: Doctrine\ORM\PersistentCollection {#4244 …}
+favourites: Doctrine\ORM\PersistentCollection {#4212 …}
+notifications: Doctrine\ORM\PersistentCollection {#4216 …}
-id: 334158
-bodyTs: "'access':72 'act':86 'add':97 'allow':48 'back':67 'basic':55 'behalf':62 'configur':77 'devic':11 'dhcp':21 'diagram':104 'discuss':111 'dmz':13 'easier':109 'edit':95 'everybodi':51 'extern':71,91 'forward':80 'gateway':41 'intern':34,93 'internet':5,43 'like':25 'love':99 'make':57,106 'middleman':89 'much':108 'nat':54 'need':14 'network':8 'outbound':49 'overcompl':4 'port':79 'port-forward':78 'provid':102 'request':58 'result':66 'router':46,83 'router/firewall':6,28 'send':64 'server':22 'system':35,61,75,94 'tell':31 'though':105 'traffic':44 'use':37 'want':16,19,70 'way':3"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7942270"
+editedAt: DateTimeImmutable @1727963788 {#4198
date: 2024-10-03 15:56:28.0 +02:00
}
+createdAt: DateTimeImmutable @1706019875 {#4261
date: 2024-01-23 15:24:35.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
I do tend to overcomplicate things 😆\n
\n
It seems, based on your comments and others in the post, that my next step is to flash OpenWRT and do a deep dive on its firewall functions. Thanks for taking the time to educate me!
"""
+lang: "en"
+isAdult: false
+favouriteCount: 0
+score: 0
+lastActive: DateTime @1706045907 {#4413
date: 2024-01-23 22:38:27.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4416 …}
+nested: Doctrine\ORM\PersistentCollection {#4418 …}
+votes: Doctrine\ORM\PersistentCollection {#4420 …}
+reports: Doctrine\ORM\PersistentCollection {#4422 …}
+favourites: Doctrine\ORM\PersistentCollection {#4424 …}
+notifications: Doctrine\ORM\PersistentCollection {#4426 …}
-id: 335220
-bodyTs: "'base':9 'comment':12 'deep':29 'dive':30 'educ':41 'firewal':33 'flash':24 'function':34 'next':20 'openwrt':25 'other':14 'overcompl':5 'post':17 'seem':8 'step':21 'take':37 'tend':3 'thank':35 'thing':6 'time':39"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmyf.uk/comment/5151008"
+editedAt: null
+createdAt: DateTimeImmutable @1706045907 {#4414
date: 2024-01-23 22:38:27.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
Yeah - basic home-networking is typically pretty straight-forward. You’ll want to figure out your basic services (DHCP, DNS, and routing) but after that it’s pretty simple. OpenWRT should handle the DHCP and routing. I’m not sure about DNS though.\n
\n
DHCP will tell systems "here is your IP, here is the [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) of the network you are on, here is the router that handles traffic for things NOT on that network (e.g. the internet), and here are the DNS servers you should use for name resolution.\n
\n
With DHCP you can also hand out “static leases” to give systems reliable IP addresses based on their MAC addresses. Then you can setup a DNS server that does internal name resolution if you want to be able to reference systems by name. This DNS server doesn’t need to be publicly available (and indeed should not be).\n
\n
The Firewall is typically only for things coming into your network from the internet. You can restrict outbound traffic as well if you want but that’s less common. By default things on the internet will NOT be able to get to your internal systems because of [NAT](https://en.wikipedia.org/wiki/Network_address_translation). So to allow things “out there” to access a service running on an internal system you’ll need to do [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) on your firewall. This will a) open a port on the internet side and b) send all traffic to that port to a port on an internal system. The router will handle all of the network-to-network and traffic handling stuff.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1706047750 {#4439
date: 2024-01-23 23:09:10.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4435 …}
+nested: Doctrine\ORM\PersistentCollection {#4431 …}
+votes: Doctrine\ORM\PersistentCollection {#4429 …}
+reports: Doctrine\ORM\PersistentCollection {#4444 …}
+favourites: Doctrine\ORM\PersistentCollection {#4446 …}
+notifications: Doctrine\ORM\PersistentCollection {#4448 …}
-id: 335290
-bodyTs: "'/wiki/classless_inter-domain_routing)':60 '/wiki/network_address_translation).':203 '/wiki/port_forwarding)':228 'abl':132,191 'access':211 'address':109,114 'allow':206 'also':99 'avail':147 'b':243 'base':110 'basic':2,19 'cidr':57 'come':160 'common':181 'default':183 'dhcp':21,36,46,96 'dns':22,44,87,120,139 'doesn':141 'e.g':80 'en.wikipedia.org':59,202,227 'en.wikipedia.org/wiki/classless_inter-domain_routing)':58 'en.wikipedia.org/wiki/network_address_translation).':201 'en.wikipedia.org/wiki/port_forwarding)':226 'figur':16 'firewal':154,231 'forward':11,225 'get':193 'give':105 'hand':100 'handl':34,72,260,270 'home':4 'home-network':3 'inde':149 'intern':124,196,217,255 'internet':82,166,187,240 'ip':53,108 'leas':103 'less':180 'll':13,220 'm':40 'mac':113 'name':93,125,137 'nat':200 'need':143,221 'network':5,63,79,163,265,267 'network-to-network':264 'open':235 'openwrt':32 'outbound':170 'port':224,237,249,252 'pretti':8,30 'public':146 'refer':134 'reliabl':107 'resolut':94,126 'restrict':169 'rout':24,38 'router':70,258 'run':214 'send':244 'server':88,121,140 'servic':20,213 'setup':118 'side':241 'simpl':31 'static':102 'straight':10 'straight-forward':9 'stuff':271 'sure':42 'system':49,106,135,197,218,256 'tell':48 'thing':75,159,184,207 'though':45 'traffic':73,171,246,269 'typic':7,156 'use':91 'want':14,129,176 'well':173 'yeah':1"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7954265"
+editedAt: null
+createdAt: DateTimeImmutable @1706047750 {#4442
date: 2024-01-23 23:09:10.0 +01:00
}
} |
|
Show voter details
|
| 17 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 18 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4465
+user: Proxies\__CG__\App\Entity\User {#4457 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4438
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4415
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4252
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
This is way overcomplicated.\n
\n
Internet -> router/firewall -> your network with all devices\n
\n
No DMZ needed or wanted.\n
\n
You will want a dhcp server which will likely be the router/firewall. It will tell all your internal systems to use it as a “gateway” for Internet traffic. The router then allows outbound for everybody and does NAT - basically it makes requests on that systems behalf and sends the results back. If your want external access to a system you configure port-forwarding on the router (again it acts as the middleman between external and internal systems).\n
\n
Edited to add: I love that you provided a diagram though! Makes it much easier to discuss.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1728288680 {#4262
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4250 …}
+nested: Doctrine\ORM\PersistentCollection {#4248 …}
+votes: Doctrine\ORM\PersistentCollection {#4246 …}
+reports: Doctrine\ORM\PersistentCollection {#4244 …}
+favourites: Doctrine\ORM\PersistentCollection {#4212 …}
+notifications: Doctrine\ORM\PersistentCollection {#4216 …}
-id: 334158
-bodyTs: "'access':72 'act':86 'add':97 'allow':48 'back':67 'basic':55 'behalf':62 'configur':77 'devic':11 'dhcp':21 'diagram':104 'discuss':111 'dmz':13 'easier':109 'edit':95 'everybodi':51 'extern':71,91 'forward':80 'gateway':41 'intern':34,93 'internet':5,43 'like':25 'love':99 'make':57,106 'middleman':89 'much':108 'nat':54 'need':14 'network':8 'outbound':49 'overcompl':4 'port':79 'port-forward':78 'provid':102 'request':58 'result':66 'router':46,83 'router/firewall':6,28 'send':64 'server':22 'system':35,61,75,94 'tell':31 'though':105 'traffic':44 'use':37 'want':16,19,70 'way':3"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7942270"
+editedAt: DateTimeImmutable @1727963788 {#4198
date: 2024-10-03 15:56:28.0 +02:00
}
+createdAt: DateTimeImmutable @1706019875 {#4261
date: 2024-01-23 15:24:35.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
I do tend to overcomplicate things 😆\n
\n
It seems, based on your comments and others in the post, that my next step is to flash OpenWRT and do a deep dive on its firewall functions. Thanks for taking the time to educate me!
"""
+lang: "en"
+isAdult: false
+favouriteCount: 0
+score: 0
+lastActive: DateTime @1706045907 {#4413
date: 2024-01-23 22:38:27.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4416 …}
+nested: Doctrine\ORM\PersistentCollection {#4418 …}
+votes: Doctrine\ORM\PersistentCollection {#4420 …}
+reports: Doctrine\ORM\PersistentCollection {#4422 …}
+favourites: Doctrine\ORM\PersistentCollection {#4424 …}
+notifications: Doctrine\ORM\PersistentCollection {#4426 …}
-id: 335220
-bodyTs: "'base':9 'comment':12 'deep':29 'dive':30 'educ':41 'firewal':33 'flash':24 'function':34 'next':20 'openwrt':25 'other':14 'overcompl':5 'post':17 'seem':8 'step':21 'take':37 'tend':3 'thank':35 'thing':6 'time':39"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmyf.uk/comment/5151008"
+editedAt: null
+createdAt: DateTimeImmutable @1706045907 {#4414
date: 2024-01-23 22:38:27.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
Yeah - basic home-networking is typically pretty straight-forward. You’ll want to figure out your basic services (DHCP, DNS, and routing) but after that it’s pretty simple. OpenWRT should handle the DHCP and routing. I’m not sure about DNS though.\n
\n
DHCP will tell systems "here is your IP, here is the [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) of the network you are on, here is the router that handles traffic for things NOT on that network (e.g. the internet), and here are the DNS servers you should use for name resolution.\n
\n
With DHCP you can also hand out “static leases” to give systems reliable IP addresses based on their MAC addresses. Then you can setup a DNS server that does internal name resolution if you want to be able to reference systems by name. This DNS server doesn’t need to be publicly available (and indeed should not be).\n
\n
The Firewall is typically only for things coming into your network from the internet. You can restrict outbound traffic as well if you want but that’s less common. By default things on the internet will NOT be able to get to your internal systems because of [NAT](https://en.wikipedia.org/wiki/Network_address_translation). So to allow things “out there” to access a service running on an internal system you’ll need to do [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) on your firewall. This will a) open a port on the internet side and b) send all traffic to that port to a port on an internal system. The router will handle all of the network-to-network and traffic handling stuff.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1706047750 {#4439
date: 2024-01-23 23:09:10.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4435 …}
+nested: Doctrine\ORM\PersistentCollection {#4431 …}
+votes: Doctrine\ORM\PersistentCollection {#4429 …}
+reports: Doctrine\ORM\PersistentCollection {#4444 …}
+favourites: Doctrine\ORM\PersistentCollection {#4446 …}
+notifications: Doctrine\ORM\PersistentCollection {#4448 …}
-id: 335290
-bodyTs: "'/wiki/classless_inter-domain_routing)':60 '/wiki/network_address_translation).':203 '/wiki/port_forwarding)':228 'abl':132,191 'access':211 'address':109,114 'allow':206 'also':99 'avail':147 'b':243 'base':110 'basic':2,19 'cidr':57 'come':160 'common':181 'default':183 'dhcp':21,36,46,96 'dns':22,44,87,120,139 'doesn':141 'e.g':80 'en.wikipedia.org':59,202,227 'en.wikipedia.org/wiki/classless_inter-domain_routing)':58 'en.wikipedia.org/wiki/network_address_translation).':201 'en.wikipedia.org/wiki/port_forwarding)':226 'figur':16 'firewal':154,231 'forward':11,225 'get':193 'give':105 'hand':100 'handl':34,72,260,270 'home':4 'home-network':3 'inde':149 'intern':124,196,217,255 'internet':82,166,187,240 'ip':53,108 'leas':103 'less':180 'll':13,220 'm':40 'mac':113 'name':93,125,137 'nat':200 'need':143,221 'network':5,63,79,163,265,267 'network-to-network':264 'open':235 'openwrt':32 'outbound':170 'port':224,237,249,252 'pretti':8,30 'public':146 'refer':134 'reliabl':107 'resolut':94,126 'restrict':169 'rout':24,38 'router':70,258 'run':214 'send':244 'server':88,121,140 'servic':20,213 'setup':118 'side':241 'simpl':31 'static':102 'straight':10 'straight-forward':9 'stuff':271 'sure':42 'system':49,106,135,197,218,256 'tell':48 'thing':75,159,184,207 'though':45 'traffic':73,171,246,269 'typic':7,156 'use':91 'want':14,129,176 'well':173 'yeah':1"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7954265"
+editedAt: null
+createdAt: DateTimeImmutable @1706047750 {#4442
date: 2024-01-23 23:09:10.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
I’ll make a note here that a firewall is useful for internal traffic, too. Those IoT devices can get pretty annoying, so you’d want to e.g. drop your cheap webcams into a VLAN and disallow them from talking to enjoying but their cloud, and especially the other VLANs, or isolate Alexa capable device so it won’t try to figure what else you got there in your house over mDNS (it will).\n
\n
A managed switch would do nicely. Having isolated ports on the switch (and the wifi AP) is also great if you want to make sure the specific device will only talk to the gateway and not its peers.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 0
+score: 0
+lastActive: DateTime @1706098966 {#4460
date: 2024-01-24 13:22:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4455 …}
+nested: Doctrine\ORM\PersistentCollection {#4453 …}
+votes: Doctrine\ORM\PersistentCollection {#4451 …}
+reports: Doctrine\ORM\PersistentCollection {#4467 …}
+favourites: Doctrine\ORM\PersistentCollection {#4469 …}
+notifications: Doctrine\ORM\PersistentCollection {#4471 …}
-id: 336487
-bodyTs: "'alexa':53 'also':92 'annoy':22 'ap':90 'capabl':54 'cheap':31 'cloud':45 'd':25 'devic':18,55,102 'disallow':37 'drop':29 'e.g':28 'els':64 'enjoy':42 'especi':47 'figur':62 'firewal':9 'gateway':108 'get':20 'got':66 'great':93 'hous':70 'intern':13 'iot':17 'isol':52,82 'll':2 'make':3,98 'manag':76 'mdns':72 'nice':80 'note':5 'peer':112 'port':83 'pretti':21 'specif':101 'sure':99 'switch':77,86 'talk':40,105 'traffic':14 'tri':60 'use':11 'vlan':35,50 'want':26,96 'webcam':32 'wifi':89 'won':58 'would':78"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://fstab.sh/comment/1504370"
+editedAt: null
+createdAt: DateTimeImmutable @1706098966 {#4463
date: 2024-01-24 13:22:46.0 +01:00
}
} |
|
Show voter details
|
| 19 |
DENIED
|
edit
|
App\Entity\EntryComment {#4465
+user: Proxies\__CG__\App\Entity\User {#4457 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4438
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4415
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4252
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
This is way overcomplicated.\n
\n
Internet -> router/firewall -> your network with all devices\n
\n
No DMZ needed or wanted.\n
\n
You will want a dhcp server which will likely be the router/firewall. It will tell all your internal systems to use it as a “gateway” for Internet traffic. The router then allows outbound for everybody and does NAT - basically it makes requests on that systems behalf and sends the results back. If your want external access to a system you configure port-forwarding on the router (again it acts as the middleman between external and internal systems).\n
\n
Edited to add: I love that you provided a diagram though! Makes it much easier to discuss.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1728288680 {#4262
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4250 …}
+nested: Doctrine\ORM\PersistentCollection {#4248 …}
+votes: Doctrine\ORM\PersistentCollection {#4246 …}
+reports: Doctrine\ORM\PersistentCollection {#4244 …}
+favourites: Doctrine\ORM\PersistentCollection {#4212 …}
+notifications: Doctrine\ORM\PersistentCollection {#4216 …}
-id: 334158
-bodyTs: "'access':72 'act':86 'add':97 'allow':48 'back':67 'basic':55 'behalf':62 'configur':77 'devic':11 'dhcp':21 'diagram':104 'discuss':111 'dmz':13 'easier':109 'edit':95 'everybodi':51 'extern':71,91 'forward':80 'gateway':41 'intern':34,93 'internet':5,43 'like':25 'love':99 'make':57,106 'middleman':89 'much':108 'nat':54 'need':14 'network':8 'outbound':49 'overcompl':4 'port':79 'port-forward':78 'provid':102 'request':58 'result':66 'router':46,83 'router/firewall':6,28 'send':64 'server':22 'system':35,61,75,94 'tell':31 'though':105 'traffic':44 'use':37 'want':16,19,70 'way':3"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7942270"
+editedAt: DateTimeImmutable @1727963788 {#4198
date: 2024-10-03 15:56:28.0 +02:00
}
+createdAt: DateTimeImmutable @1706019875 {#4261
date: 2024-01-23 15:24:35.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
I do tend to overcomplicate things 😆\n
\n
It seems, based on your comments and others in the post, that my next step is to flash OpenWRT and do a deep dive on its firewall functions. Thanks for taking the time to educate me!
"""
+lang: "en"
+isAdult: false
+favouriteCount: 0
+score: 0
+lastActive: DateTime @1706045907 {#4413
date: 2024-01-23 22:38:27.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4416 …}
+nested: Doctrine\ORM\PersistentCollection {#4418 …}
+votes: Doctrine\ORM\PersistentCollection {#4420 …}
+reports: Doctrine\ORM\PersistentCollection {#4422 …}
+favourites: Doctrine\ORM\PersistentCollection {#4424 …}
+notifications: Doctrine\ORM\PersistentCollection {#4426 …}
-id: 335220
-bodyTs: "'base':9 'comment':12 'deep':29 'dive':30 'educ':41 'firewal':33 'flash':24 'function':34 'next':20 'openwrt':25 'other':14 'overcompl':5 'post':17 'seem':8 'step':21 'take':37 'tend':3 'thank':35 'thing':6 'time':39"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmyf.uk/comment/5151008"
+editedAt: null
+createdAt: DateTimeImmutable @1706045907 {#4414
date: 2024-01-23 22:38:27.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
Yeah - basic home-networking is typically pretty straight-forward. You’ll want to figure out your basic services (DHCP, DNS, and routing) but after that it’s pretty simple. OpenWRT should handle the DHCP and routing. I’m not sure about DNS though.\n
\n
DHCP will tell systems "here is your IP, here is the [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) of the network you are on, here is the router that handles traffic for things NOT on that network (e.g. the internet), and here are the DNS servers you should use for name resolution.\n
\n
With DHCP you can also hand out “static leases” to give systems reliable IP addresses based on their MAC addresses. Then you can setup a DNS server that does internal name resolution if you want to be able to reference systems by name. This DNS server doesn’t need to be publicly available (and indeed should not be).\n
\n
The Firewall is typically only for things coming into your network from the internet. You can restrict outbound traffic as well if you want but that’s less common. By default things on the internet will NOT be able to get to your internal systems because of [NAT](https://en.wikipedia.org/wiki/Network_address_translation). So to allow things “out there” to access a service running on an internal system you’ll need to do [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) on your firewall. This will a) open a port on the internet side and b) send all traffic to that port to a port on an internal system. The router will handle all of the network-to-network and traffic handling stuff.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1706047750 {#4439
date: 2024-01-23 23:09:10.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4435 …}
+nested: Doctrine\ORM\PersistentCollection {#4431 …}
+votes: Doctrine\ORM\PersistentCollection {#4429 …}
+reports: Doctrine\ORM\PersistentCollection {#4444 …}
+favourites: Doctrine\ORM\PersistentCollection {#4446 …}
+notifications: Doctrine\ORM\PersistentCollection {#4448 …}
-id: 335290
-bodyTs: "'/wiki/classless_inter-domain_routing)':60 '/wiki/network_address_translation).':203 '/wiki/port_forwarding)':228 'abl':132,191 'access':211 'address':109,114 'allow':206 'also':99 'avail':147 'b':243 'base':110 'basic':2,19 'cidr':57 'come':160 'common':181 'default':183 'dhcp':21,36,46,96 'dns':22,44,87,120,139 'doesn':141 'e.g':80 'en.wikipedia.org':59,202,227 'en.wikipedia.org/wiki/classless_inter-domain_routing)':58 'en.wikipedia.org/wiki/network_address_translation).':201 'en.wikipedia.org/wiki/port_forwarding)':226 'figur':16 'firewal':154,231 'forward':11,225 'get':193 'give':105 'hand':100 'handl':34,72,260,270 'home':4 'home-network':3 'inde':149 'intern':124,196,217,255 'internet':82,166,187,240 'ip':53,108 'leas':103 'less':180 'll':13,220 'm':40 'mac':113 'name':93,125,137 'nat':200 'need':143,221 'network':5,63,79,163,265,267 'network-to-network':264 'open':235 'openwrt':32 'outbound':170 'port':224,237,249,252 'pretti':8,30 'public':146 'refer':134 'reliabl':107 'resolut':94,126 'restrict':169 'rout':24,38 'router':70,258 'run':214 'send':244 'server':88,121,140 'servic':20,213 'setup':118 'side':241 'simpl':31 'static':102 'straight':10 'straight-forward':9 'stuff':271 'sure':42 'system':49,106,135,197,218,256 'tell':48 'thing':75,159,184,207 'though':45 'traffic':73,171,246,269 'typic':7,156 'use':91 'want':14,129,176 'well':173 'yeah':1"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7954265"
+editedAt: null
+createdAt: DateTimeImmutable @1706047750 {#4442
date: 2024-01-23 23:09:10.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
I’ll make a note here that a firewall is useful for internal traffic, too. Those IoT devices can get pretty annoying, so you’d want to e.g. drop your cheap webcams into a VLAN and disallow them from talking to enjoying but their cloud, and especially the other VLANs, or isolate Alexa capable device so it won’t try to figure what else you got there in your house over mDNS (it will).\n
\n
A managed switch would do nicely. Having isolated ports on the switch (and the wifi AP) is also great if you want to make sure the specific device will only talk to the gateway and not its peers.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 0
+score: 0
+lastActive: DateTime @1706098966 {#4460
date: 2024-01-24 13:22:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4455 …}
+nested: Doctrine\ORM\PersistentCollection {#4453 …}
+votes: Doctrine\ORM\PersistentCollection {#4451 …}
+reports: Doctrine\ORM\PersistentCollection {#4467 …}
+favourites: Doctrine\ORM\PersistentCollection {#4469 …}
+notifications: Doctrine\ORM\PersistentCollection {#4471 …}
-id: 336487
-bodyTs: "'alexa':53 'also':92 'annoy':22 'ap':90 'capabl':54 'cheap':31 'cloud':45 'd':25 'devic':18,55,102 'disallow':37 'drop':29 'e.g':28 'els':64 'enjoy':42 'especi':47 'figur':62 'firewal':9 'gateway':108 'get':20 'got':66 'great':93 'hous':70 'intern':13 'iot':17 'isol':52,82 'll':2 'make':3,98 'manag':76 'mdns':72 'nice':80 'note':5 'peer':112 'port':83 'pretti':21 'specif':101 'sure':99 'switch':77,86 'talk':40,105 'traffic':14 'tri':60 'use':11 'vlan':35,50 'want':26,96 'webcam':32 'wifi':89 'won':58 'would':78"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://fstab.sh/comment/1504370"
+editedAt: null
+createdAt: DateTimeImmutable @1706098966 {#4463
date: 2024-01-24 13:22:46.0 +01:00
}
} |
|
Show voter details
|
| 20 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4465
+user: Proxies\__CG__\App\Entity\User {#4457 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4438
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4415
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4252
+user: App\Entity\User {#4200 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
This is way overcomplicated.\n
\n
Internet -> router/firewall -> your network with all devices\n
\n
No DMZ needed or wanted.\n
\n
You will want a dhcp server which will likely be the router/firewall. It will tell all your internal systems to use it as a “gateway” for Internet traffic. The router then allows outbound for everybody and does NAT - basically it makes requests on that systems behalf and sends the results back. If your want external access to a system you configure port-forwarding on the router (again it acts as the middleman between external and internal systems).\n
\n
Edited to add: I love that you provided a diagram though! Makes it much easier to discuss.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1728288680 {#4262
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4250 …}
+nested: Doctrine\ORM\PersistentCollection {#4248 …}
+votes: Doctrine\ORM\PersistentCollection {#4246 …}
+reports: Doctrine\ORM\PersistentCollection {#4244 …}
+favourites: Doctrine\ORM\PersistentCollection {#4212 …}
+notifications: Doctrine\ORM\PersistentCollection {#4216 …}
-id: 334158
-bodyTs: "'access':72 'act':86 'add':97 'allow':48 'back':67 'basic':55 'behalf':62 'configur':77 'devic':11 'dhcp':21 'diagram':104 'discuss':111 'dmz':13 'easier':109 'edit':95 'everybodi':51 'extern':71,91 'forward':80 'gateway':41 'intern':34,93 'internet':5,43 'like':25 'love':99 'make':57,106 'middleman':89 'much':108 'nat':54 'need':14 'network':8 'outbound':49 'overcompl':4 'port':79 'port-forward':78 'provid':102 'request':58 'result':66 'router':46,83 'router/firewall':6,28 'send':64 'server':22 'system':35,61,75,94 'tell':31 'though':105 'traffic':44 'use':37 'want':16,19,70 'way':3"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7942270"
+editedAt: DateTimeImmutable @1727963788 {#4198
date: 2024-10-03 15:56:28.0 +02:00
}
+createdAt: DateTimeImmutable @1706019875 {#4261
date: 2024-01-23 15:24:35.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
I do tend to overcomplicate things 😆\n
\n
It seems, based on your comments and others in the post, that my next step is to flash OpenWRT and do a deep dive on its firewall functions. Thanks for taking the time to educate me!
"""
+lang: "en"
+isAdult: false
+favouriteCount: 0
+score: 0
+lastActive: DateTime @1706045907 {#4413
date: 2024-01-23 22:38:27.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4416 …}
+nested: Doctrine\ORM\PersistentCollection {#4418 …}
+votes: Doctrine\ORM\PersistentCollection {#4420 …}
+reports: Doctrine\ORM\PersistentCollection {#4422 …}
+favourites: Doctrine\ORM\PersistentCollection {#4424 …}
+notifications: Doctrine\ORM\PersistentCollection {#4426 …}
-id: 335220
-bodyTs: "'base':9 'comment':12 'deep':29 'dive':30 'educ':41 'firewal':33 'flash':24 'function':34 'next':20 'openwrt':25 'other':14 'overcompl':5 'post':17 'seem':8 'step':21 'take':37 'tend':3 'thank':35 'thing':6 'time':39"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmyf.uk/comment/5151008"
+editedAt: null
+createdAt: DateTimeImmutable @1706045907 {#4414
date: 2024-01-23 22:38:27.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
Yeah - basic home-networking is typically pretty straight-forward. You’ll want to figure out your basic services (DHCP, DNS, and routing) but after that it’s pretty simple. OpenWRT should handle the DHCP and routing. I’m not sure about DNS though.\n
\n
DHCP will tell systems "here is your IP, here is the [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) of the network you are on, here is the router that handles traffic for things NOT on that network (e.g. the internet), and here are the DNS servers you should use for name resolution.\n
\n
With DHCP you can also hand out “static leases” to give systems reliable IP addresses based on their MAC addresses. Then you can setup a DNS server that does internal name resolution if you want to be able to reference systems by name. This DNS server doesn’t need to be publicly available (and indeed should not be).\n
\n
The Firewall is typically only for things coming into your network from the internet. You can restrict outbound traffic as well if you want but that’s less common. By default things on the internet will NOT be able to get to your internal systems because of [NAT](https://en.wikipedia.org/wiki/Network_address_translation). So to allow things “out there” to access a service running on an internal system you’ll need to do [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) on your firewall. This will a) open a port on the internet side and b) send all traffic to that port to a port on an internal system. The router will handle all of the network-to-network and traffic handling stuff.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1706047750 {#4439
date: 2024-01-23 23:09:10.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4435 …}
+nested: Doctrine\ORM\PersistentCollection {#4431 …}
+votes: Doctrine\ORM\PersistentCollection {#4429 …}
+reports: Doctrine\ORM\PersistentCollection {#4444 …}
+favourites: Doctrine\ORM\PersistentCollection {#4446 …}
+notifications: Doctrine\ORM\PersistentCollection {#4448 …}
-id: 335290
-bodyTs: "'/wiki/classless_inter-domain_routing)':60 '/wiki/network_address_translation).':203 '/wiki/port_forwarding)':228 'abl':132,191 'access':211 'address':109,114 'allow':206 'also':99 'avail':147 'b':243 'base':110 'basic':2,19 'cidr':57 'come':160 'common':181 'default':183 'dhcp':21,36,46,96 'dns':22,44,87,120,139 'doesn':141 'e.g':80 'en.wikipedia.org':59,202,227 'en.wikipedia.org/wiki/classless_inter-domain_routing)':58 'en.wikipedia.org/wiki/network_address_translation).':201 'en.wikipedia.org/wiki/port_forwarding)':226 'figur':16 'firewal':154,231 'forward':11,225 'get':193 'give':105 'hand':100 'handl':34,72,260,270 'home':4 'home-network':3 'inde':149 'intern':124,196,217,255 'internet':82,166,187,240 'ip':53,108 'leas':103 'less':180 'll':13,220 'm':40 'mac':113 'name':93,125,137 'nat':200 'need':143,221 'network':5,63,79,163,265,267 'network-to-network':264 'open':235 'openwrt':32 'outbound':170 'port':224,237,249,252 'pretti':8,30 'public':146 'refer':134 'reliabl':107 'resolut':94,126 'restrict':169 'rout':24,38 'router':70,258 'run':214 'send':244 'server':88,121,140 'servic':20,213 'setup':118 'side':241 'simpl':31 'static':102 'straight':10 'straight-forward':9 'stuff':271 'sure':42 'system':49,106,135,197,218,256 'tell':48 'thing':75,159,184,207 'though':45 'traffic':73,171,246,269 'typic':7,156 'use':91 'want':14,129,176 'well':173 'yeah':1"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://sh.itjust.works/comment/7954265"
+editedAt: null
+createdAt: DateTimeImmutable @1706047750 {#4442
date: 2024-01-23 23:09:10.0 +01:00
}
}
+root: App\Entity\EntryComment {#4252}
+body: """
I’ll make a note here that a firewall is useful for internal traffic, too. Those IoT devices can get pretty annoying, so you’d want to e.g. drop your cheap webcams into a VLAN and disallow them from talking to enjoying but their cloud, and especially the other VLANs, or isolate Alexa capable device so it won’t try to figure what else you got there in your house over mDNS (it will).\n
\n
A managed switch would do nicely. Having isolated ports on the switch (and the wifi AP) is also great if you want to make sure the specific device will only talk to the gateway and not its peers.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 0
+score: 0
+lastActive: DateTime @1706098966 {#4460
date: 2024-01-24 13:22:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@atzanteol@sh.itjust.works"
]
+children: Doctrine\ORM\PersistentCollection {#4455 …}
+nested: Doctrine\ORM\PersistentCollection {#4453 …}
+votes: Doctrine\ORM\PersistentCollection {#4451 …}
+reports: Doctrine\ORM\PersistentCollection {#4467 …}
+favourites: Doctrine\ORM\PersistentCollection {#4469 …}
+notifications: Doctrine\ORM\PersistentCollection {#4471 …}
-id: 336487
-bodyTs: "'alexa':53 'also':92 'annoy':22 'ap':90 'capabl':54 'cheap':31 'cloud':45 'd':25 'devic':18,55,102 'disallow':37 'drop':29 'e.g':28 'els':64 'enjoy':42 'especi':47 'figur':62 'firewal':9 'gateway':108 'get':20 'got':66 'great':93 'hous':70 'intern':13 'iot':17 'isol':52,82 'll':2 'make':3,98 'manag':76 'mdns':72 'nice':80 'note':5 'peer':112 'port':83 'pretti':21 'specif':101 'sure':99 'switch':77,86 'talk':40,105 'traffic':14 'tri':60 'use':11 'vlan':35,50 'want':26,96 'webcam':32 'wifi':89 'won':58 'would':78"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://fstab.sh/comment/1504370"
+editedAt: null
+createdAt: DateTimeImmutable @1706098966 {#4463
date: 2024-01-24 13:22:46.0 +01:00
}
} |
|
Show voter details
|
| 21 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 22 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4288
+user: App\Entity\User {#4272 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
If you’ve an OpenWRT compatible router why are you thinking about pfsense? There isn’t much to gain there, your OpenWRT will do NAT and also has a firewall.\n
\n
> I like this device since 3ports would allow me to create a physically separate DMZ\n
\n
OpenWRT can do this as well. What are your plans with the DMZ tho?\n
\n
Be careful with the use of the acronym DMZ as in the context of typical routers and ISPs it has a different meaning of what you’re implying here. DMZ usually is used in the context for a single host that is “outside” the ISP router’s firewall and all requests coming into the ISP router will be forward to that device.\n
\n
> With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet.\n
\n
You NAS will never “receive updates” it will *ask* for updates. Maybe add a firewall rule that allows traffic from the NAS to the internet but not the other way around (this is usually the default state of any router, it will allow local devices to go to the internet but not incoming connections to those devices).\n
\n
> My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
You can, but is it really worth it? If someone hacks the device they’ll access the rest of the network. Same applies to your computers and cames consoles, they can be used to jump to the other side and vice versa.\n
\n
Frankly I don’t see the usefulness of your setup as you’ll end up with weak points somewhere. Just get a single OpenWRT router and throw everything into the same network. Apply firewall restrictions as needed.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 6
+score: 0
+lastActive: DateTime @1728070903 {#4296
date: 2024-10-04 21:41:43.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4289 …}
+nested: Doctrine\ORM\PersistentCollection {#4280 …}
+votes: Doctrine\ORM\PersistentCollection {#4283 …}
+reports: Doctrine\ORM\PersistentCollection {#4278 …}
+favourites: Doctrine\ORM\PersistentCollection {#4276 …}
+notifications: Doctrine\ORM\PersistentCollection {#4274 …}
-id: 333951
-bodyTs: "'2x2.5gb':202 '3ports':36 'access':233 'acronym':67 'add':154 'allow':38,159,184 'also':27 'appli':240,292 'around':172 'ask':150 'benefit':217 'came':245 'care':61 'come':111 'compat':6 'comput':243 'connect':195,206 'consol':246 'context':72,95 'creat':41 'current':124 'default':177 'devic':34,121,186,198,230 'diagram':125 'differ':81,211 'dmz':45,58,68,89 'end':273 'everyth':287 'firewal':30,107,156,293 'forward':118 'frank':260 'gain':19 'get':280 'go':188 'hack':228 'host':99 'impli':87 'incom':194 'internet':141,166,191 'isn':15 'isp':77,104,114 'jump':252 'like':32,128 'll':232,272 'local':185 'mayb':153 'mean':82 'much':17 'nas':135,143,163 'nat':25 'need':296 'network':212,238,291 'never':145 'nic':208 'openwrt':5,22,46,283 'outsid':102 'pfsens':13 'physic':43 'plan':55 'point':277 'port':203 'possibl':132 're':86 'realli':223 'receiv':137,146 'request':110 'rest':235 'restrict':294 'router':7,75,105,115,181,284 'rule':157 'see':264 'seem':127 'separ':44 'setup':269 'side':256 'sinc':35 'singl':98,282 'someon':227 'somewher':278 'state':178 'think':11 'tho':59 'throw':286 'traffic':160 'truena':200 'typic':74 'updat':138,147,152 'use':64,92,250,266 'usual':90,175 've':3 'versa':259 'vice':258 'way':171 'weak':276 'well':51 'worth':224 'would':37,213"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6941746"
+editedAt: DateTimeImmutable @1727946517 {#4294
date: 2024-10-03 11:08:37.0 +02:00
}
+createdAt: DateTimeImmutable @1706012206 {#4295
date: 2024-01-23 13:16:46.0 +01:00
}
} |
|
Show voter details
|
| 23 |
DENIED
|
edit
|
App\Entity\EntryComment {#4288
+user: App\Entity\User {#4272 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
If you’ve an OpenWRT compatible router why are you thinking about pfsense? There isn’t much to gain there, your OpenWRT will do NAT and also has a firewall.\n
\n
> I like this device since 3ports would allow me to create a physically separate DMZ\n
\n
OpenWRT can do this as well. What are your plans with the DMZ tho?\n
\n
Be careful with the use of the acronym DMZ as in the context of typical routers and ISPs it has a different meaning of what you’re implying here. DMZ usually is used in the context for a single host that is “outside” the ISP router’s firewall and all requests coming into the ISP router will be forward to that device.\n
\n
> With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet.\n
\n
You NAS will never “receive updates” it will *ask* for updates. Maybe add a firewall rule that allows traffic from the NAS to the internet but not the other way around (this is usually the default state of any router, it will allow local devices to go to the internet but not incoming connections to those devices).\n
\n
> My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
You can, but is it really worth it? If someone hacks the device they’ll access the rest of the network. Same applies to your computers and cames consoles, they can be used to jump to the other side and vice versa.\n
\n
Frankly I don’t see the usefulness of your setup as you’ll end up with weak points somewhere. Just get a single OpenWRT router and throw everything into the same network. Apply firewall restrictions as needed.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 6
+score: 0
+lastActive: DateTime @1728070903 {#4296
date: 2024-10-04 21:41:43.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4289 …}
+nested: Doctrine\ORM\PersistentCollection {#4280 …}
+votes: Doctrine\ORM\PersistentCollection {#4283 …}
+reports: Doctrine\ORM\PersistentCollection {#4278 …}
+favourites: Doctrine\ORM\PersistentCollection {#4276 …}
+notifications: Doctrine\ORM\PersistentCollection {#4274 …}
-id: 333951
-bodyTs: "'2x2.5gb':202 '3ports':36 'access':233 'acronym':67 'add':154 'allow':38,159,184 'also':27 'appli':240,292 'around':172 'ask':150 'benefit':217 'came':245 'care':61 'come':111 'compat':6 'comput':243 'connect':195,206 'consol':246 'context':72,95 'creat':41 'current':124 'default':177 'devic':34,121,186,198,230 'diagram':125 'differ':81,211 'dmz':45,58,68,89 'end':273 'everyth':287 'firewal':30,107,156,293 'forward':118 'frank':260 'gain':19 'get':280 'go':188 'hack':228 'host':99 'impli':87 'incom':194 'internet':141,166,191 'isn':15 'isp':77,104,114 'jump':252 'like':32,128 'll':232,272 'local':185 'mayb':153 'mean':82 'much':17 'nas':135,143,163 'nat':25 'need':296 'network':212,238,291 'never':145 'nic':208 'openwrt':5,22,46,283 'outsid':102 'pfsens':13 'physic':43 'plan':55 'point':277 'port':203 'possibl':132 're':86 'realli':223 'receiv':137,146 'request':110 'rest':235 'restrict':294 'router':7,75,105,115,181,284 'rule':157 'see':264 'seem':127 'separ':44 'setup':269 'side':256 'sinc':35 'singl':98,282 'someon':227 'somewher':278 'state':178 'think':11 'tho':59 'throw':286 'traffic':160 'truena':200 'typic':74 'updat':138,147,152 'use':64,92,250,266 'usual':90,175 've':3 'versa':259 'vice':258 'way':171 'weak':276 'well':51 'worth':224 'would':37,213"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6941746"
+editedAt: DateTimeImmutable @1727946517 {#4294
date: 2024-10-03 11:08:37.0 +02:00
}
+createdAt: DateTimeImmutable @1706012206 {#4295
date: 2024-01-23 13:16:46.0 +01:00
}
} |
|
Show voter details
|
| 24 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4288
+user: App\Entity\User {#4272 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
If you’ve an OpenWRT compatible router why are you thinking about pfsense? There isn’t much to gain there, your OpenWRT will do NAT and also has a firewall.\n
\n
> I like this device since 3ports would allow me to create a physically separate DMZ\n
\n
OpenWRT can do this as well. What are your plans with the DMZ tho?\n
\n
Be careful with the use of the acronym DMZ as in the context of typical routers and ISPs it has a different meaning of what you’re implying here. DMZ usually is used in the context for a single host that is “outside” the ISP router’s firewall and all requests coming into the ISP router will be forward to that device.\n
\n
> With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet.\n
\n
You NAS will never “receive updates” it will *ask* for updates. Maybe add a firewall rule that allows traffic from the NAS to the internet but not the other way around (this is usually the default state of any router, it will allow local devices to go to the internet but not incoming connections to those devices).\n
\n
> My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
You can, but is it really worth it? If someone hacks the device they’ll access the rest of the network. Same applies to your computers and cames consoles, they can be used to jump to the other side and vice versa.\n
\n
Frankly I don’t see the usefulness of your setup as you’ll end up with weak points somewhere. Just get a single OpenWRT router and throw everything into the same network. Apply firewall restrictions as needed.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 6
+score: 0
+lastActive: DateTime @1728070903 {#4296
date: 2024-10-04 21:41:43.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4289 …}
+nested: Doctrine\ORM\PersistentCollection {#4280 …}
+votes: Doctrine\ORM\PersistentCollection {#4283 …}
+reports: Doctrine\ORM\PersistentCollection {#4278 …}
+favourites: Doctrine\ORM\PersistentCollection {#4276 …}
+notifications: Doctrine\ORM\PersistentCollection {#4274 …}
-id: 333951
-bodyTs: "'2x2.5gb':202 '3ports':36 'access':233 'acronym':67 'add':154 'allow':38,159,184 'also':27 'appli':240,292 'around':172 'ask':150 'benefit':217 'came':245 'care':61 'come':111 'compat':6 'comput':243 'connect':195,206 'consol':246 'context':72,95 'creat':41 'current':124 'default':177 'devic':34,121,186,198,230 'diagram':125 'differ':81,211 'dmz':45,58,68,89 'end':273 'everyth':287 'firewal':30,107,156,293 'forward':118 'frank':260 'gain':19 'get':280 'go':188 'hack':228 'host':99 'impli':87 'incom':194 'internet':141,166,191 'isn':15 'isp':77,104,114 'jump':252 'like':32,128 'll':232,272 'local':185 'mayb':153 'mean':82 'much':17 'nas':135,143,163 'nat':25 'need':296 'network':212,238,291 'never':145 'nic':208 'openwrt':5,22,46,283 'outsid':102 'pfsens':13 'physic':43 'plan':55 'point':277 'port':203 'possibl':132 're':86 'realli':223 'receiv':137,146 'request':110 'rest':235 'restrict':294 'router':7,75,105,115,181,284 'rule':157 'see':264 'seem':127 'separ':44 'setup':269 'side':256 'sinc':35 'singl':98,282 'someon':227 'somewher':278 'state':178 'think':11 'tho':59 'throw':286 'traffic':160 'truena':200 'typic':74 'updat':138,147,152 'use':64,92,250,266 'usual':90,175 've':3 'versa':259 'vice':258 'way':171 'weak':276 'well':51 'worth':224 'would':37,213"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6941746"
+editedAt: DateTimeImmutable @1727946517 {#4294
date: 2024-10-03 11:08:37.0 +02:00
}
+createdAt: DateTimeImmutable @1706012206 {#4295
date: 2024-01-23 13:16:46.0 +01:00
}
} |
|
Show voter details
|
| 25 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 26 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4376
+user: Proxies\__CG__\App\Entity\User {#4384 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4288
+user: App\Entity\User {#4272 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
If you’ve an OpenWRT compatible router why are you thinking about pfsense? There isn’t much to gain there, your OpenWRT will do NAT and also has a firewall.\n
\n
> I like this device since 3ports would allow me to create a physically separate DMZ\n
\n
OpenWRT can do this as well. What are your plans with the DMZ tho?\n
\n
Be careful with the use of the acronym DMZ as in the context of typical routers and ISPs it has a different meaning of what you’re implying here. DMZ usually is used in the context for a single host that is “outside” the ISP router’s firewall and all requests coming into the ISP router will be forward to that device.\n
\n
> With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet.\n
\n
You NAS will never “receive updates” it will *ask* for updates. Maybe add a firewall rule that allows traffic from the NAS to the internet but not the other way around (this is usually the default state of any router, it will allow local devices to go to the internet but not incoming connections to those devices).\n
\n
> My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
You can, but is it really worth it? If someone hacks the device they’ll access the rest of the network. Same applies to your computers and cames consoles, they can be used to jump to the other side and vice versa.\n
\n
Frankly I don’t see the usefulness of your setup as you’ll end up with weak points somewhere. Just get a single OpenWRT router and throw everything into the same network. Apply firewall restrictions as needed.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 6
+score: 0
+lastActive: DateTime @1728070903 {#4296
date: 2024-10-04 21:41:43.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4289 …}
+nested: Doctrine\ORM\PersistentCollection {#4280 …}
+votes: Doctrine\ORM\PersistentCollection {#4283 …}
+reports: Doctrine\ORM\PersistentCollection {#4278 …}
+favourites: Doctrine\ORM\PersistentCollection {#4276 …}
+notifications: Doctrine\ORM\PersistentCollection {#4274 …}
-id: 333951
-bodyTs: "'2x2.5gb':202 '3ports':36 'access':233 'acronym':67 'add':154 'allow':38,159,184 'also':27 'appli':240,292 'around':172 'ask':150 'benefit':217 'came':245 'care':61 'come':111 'compat':6 'comput':243 'connect':195,206 'consol':246 'context':72,95 'creat':41 'current':124 'default':177 'devic':34,121,186,198,230 'diagram':125 'differ':81,211 'dmz':45,58,68,89 'end':273 'everyth':287 'firewal':30,107,156,293 'forward':118 'frank':260 'gain':19 'get':280 'go':188 'hack':228 'host':99 'impli':87 'incom':194 'internet':141,166,191 'isn':15 'isp':77,104,114 'jump':252 'like':32,128 'll':232,272 'local':185 'mayb':153 'mean':82 'much':17 'nas':135,143,163 'nat':25 'need':296 'network':212,238,291 'never':145 'nic':208 'openwrt':5,22,46,283 'outsid':102 'pfsens':13 'physic':43 'plan':55 'point':277 'port':203 'possibl':132 're':86 'realli':223 'receiv':137,146 'request':110 'rest':235 'restrict':294 'router':7,75,105,115,181,284 'rule':157 'see':264 'seem':127 'separ':44 'setup':269 'side':256 'sinc':35 'singl':98,282 'someon':227 'somewher':278 'state':178 'think':11 'tho':59 'throw':286 'traffic':160 'truena':200 'typic':74 'updat':138,147,152 'use':64,92,250,266 'usual':90,175 've':3 'versa':259 'vice':258 'way':171 'weak':276 'well':51 'worth':224 'would':37,213"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6941746"
+editedAt: DateTimeImmutable @1727946517 {#4294
date: 2024-10-03 11:08:37.0 +02:00
}
+createdAt: DateTimeImmutable @1706012206 {#4295
date: 2024-01-23 13:16:46.0 +01:00
}
}
+root: App\Entity\EntryComment {#4288}
+body: """
Great read thank you !\n
\n
One technical question if you don’t mind.\n
\n
> Maybe add a firewall rule that allows traffic from the NAS to the internet but not the other way around.\n
\n
How does that work¿ I mean if the internet traffic isn’t allowed to the NAS, how can the NAS get updates than?
"""
+lang: "en"
+isAdult: false
+favouriteCount: 1
+score: 0
+lastActive: DateTime @1706013826 {#4381
date: 2024-01-23 13:43:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@TCB13@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4387 …}
+nested: Doctrine\ORM\PersistentCollection {#4389 …}
+votes: Doctrine\ORM\PersistentCollection {#4385 …}
+reports: Doctrine\ORM\PersistentCollection {#4392 …}
+favourites: Doctrine\ORM\PersistentCollection {#4394 …}
+notifications: Doctrine\ORM\PersistentCollection {#4396 …}
-id: 333978
-bodyTs: "'add':14 'allow':19,45 'around':32 'firewal':16 'get':53 'great':1 'internet':26,41 'isn':43 'mayb':13 'mean':38 'mind':12 'nas':23,48,52 'one':5 'question':7 'read':2 'rule':17 'technic':6 'thank':3 'traffic':20,42 'updat':54 'way':31 'work':36"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.ml/comment/7650323"
+editedAt: null
+createdAt: DateTimeImmutable @1706013826 {#4378
date: 2024-01-23 13:43:46.0 +01:00
}
} |
|
Show voter details
|
| 27 |
DENIED
|
edit
|
App\Entity\EntryComment {#4376
+user: Proxies\__CG__\App\Entity\User {#4384 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4288
+user: App\Entity\User {#4272 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
If you’ve an OpenWRT compatible router why are you thinking about pfsense? There isn’t much to gain there, your OpenWRT will do NAT and also has a firewall.\n
\n
> I like this device since 3ports would allow me to create a physically separate DMZ\n
\n
OpenWRT can do this as well. What are your plans with the DMZ tho?\n
\n
Be careful with the use of the acronym DMZ as in the context of typical routers and ISPs it has a different meaning of what you’re implying here. DMZ usually is used in the context for a single host that is “outside” the ISP router’s firewall and all requests coming into the ISP router will be forward to that device.\n
\n
> With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet.\n
\n
You NAS will never “receive updates” it will *ask* for updates. Maybe add a firewall rule that allows traffic from the NAS to the internet but not the other way around (this is usually the default state of any router, it will allow local devices to go to the internet but not incoming connections to those devices).\n
\n
> My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
You can, but is it really worth it? If someone hacks the device they’ll access the rest of the network. Same applies to your computers and cames consoles, they can be used to jump to the other side and vice versa.\n
\n
Frankly I don’t see the usefulness of your setup as you’ll end up with weak points somewhere. Just get a single OpenWRT router and throw everything into the same network. Apply firewall restrictions as needed.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 6
+score: 0
+lastActive: DateTime @1728070903 {#4296
date: 2024-10-04 21:41:43.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4289 …}
+nested: Doctrine\ORM\PersistentCollection {#4280 …}
+votes: Doctrine\ORM\PersistentCollection {#4283 …}
+reports: Doctrine\ORM\PersistentCollection {#4278 …}
+favourites: Doctrine\ORM\PersistentCollection {#4276 …}
+notifications: Doctrine\ORM\PersistentCollection {#4274 …}
-id: 333951
-bodyTs: "'2x2.5gb':202 '3ports':36 'access':233 'acronym':67 'add':154 'allow':38,159,184 'also':27 'appli':240,292 'around':172 'ask':150 'benefit':217 'came':245 'care':61 'come':111 'compat':6 'comput':243 'connect':195,206 'consol':246 'context':72,95 'creat':41 'current':124 'default':177 'devic':34,121,186,198,230 'diagram':125 'differ':81,211 'dmz':45,58,68,89 'end':273 'everyth':287 'firewal':30,107,156,293 'forward':118 'frank':260 'gain':19 'get':280 'go':188 'hack':228 'host':99 'impli':87 'incom':194 'internet':141,166,191 'isn':15 'isp':77,104,114 'jump':252 'like':32,128 'll':232,272 'local':185 'mayb':153 'mean':82 'much':17 'nas':135,143,163 'nat':25 'need':296 'network':212,238,291 'never':145 'nic':208 'openwrt':5,22,46,283 'outsid':102 'pfsens':13 'physic':43 'plan':55 'point':277 'port':203 'possibl':132 're':86 'realli':223 'receiv':137,146 'request':110 'rest':235 'restrict':294 'router':7,75,105,115,181,284 'rule':157 'see':264 'seem':127 'separ':44 'setup':269 'side':256 'sinc':35 'singl':98,282 'someon':227 'somewher':278 'state':178 'think':11 'tho':59 'throw':286 'traffic':160 'truena':200 'typic':74 'updat':138,147,152 'use':64,92,250,266 'usual':90,175 've':3 'versa':259 'vice':258 'way':171 'weak':276 'well':51 'worth':224 'would':37,213"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6941746"
+editedAt: DateTimeImmutable @1727946517 {#4294
date: 2024-10-03 11:08:37.0 +02:00
}
+createdAt: DateTimeImmutable @1706012206 {#4295
date: 2024-01-23 13:16:46.0 +01:00
}
}
+root: App\Entity\EntryComment {#4288}
+body: """
Great read thank you !\n
\n
One technical question if you don’t mind.\n
\n
> Maybe add a firewall rule that allows traffic from the NAS to the internet but not the other way around.\n
\n
How does that work¿ I mean if the internet traffic isn’t allowed to the NAS, how can the NAS get updates than?
"""
+lang: "en"
+isAdult: false
+favouriteCount: 1
+score: 0
+lastActive: DateTime @1706013826 {#4381
date: 2024-01-23 13:43:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@TCB13@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4387 …}
+nested: Doctrine\ORM\PersistentCollection {#4389 …}
+votes: Doctrine\ORM\PersistentCollection {#4385 …}
+reports: Doctrine\ORM\PersistentCollection {#4392 …}
+favourites: Doctrine\ORM\PersistentCollection {#4394 …}
+notifications: Doctrine\ORM\PersistentCollection {#4396 …}
-id: 333978
-bodyTs: "'add':14 'allow':19,45 'around':32 'firewal':16 'get':53 'great':1 'internet':26,41 'isn':43 'mayb':13 'mean':38 'mind':12 'nas':23,48,52 'one':5 'question':7 'read':2 'rule':17 'technic':6 'thank':3 'traffic':20,42 'updat':54 'way':31 'work':36"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.ml/comment/7650323"
+editedAt: null
+createdAt: DateTimeImmutable @1706013826 {#4378
date: 2024-01-23 13:43:46.0 +01:00
}
} |
|
Show voter details
|
| 28 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4376
+user: Proxies\__CG__\App\Entity\User {#4384 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4288
+user: App\Entity\User {#4272 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
If you’ve an OpenWRT compatible router why are you thinking about pfsense? There isn’t much to gain there, your OpenWRT will do NAT and also has a firewall.\n
\n
> I like this device since 3ports would allow me to create a physically separate DMZ\n
\n
OpenWRT can do this as well. What are your plans with the DMZ tho?\n
\n
Be careful with the use of the acronym DMZ as in the context of typical routers and ISPs it has a different meaning of what you’re implying here. DMZ usually is used in the context for a single host that is “outside” the ISP router’s firewall and all requests coming into the ISP router will be forward to that device.\n
\n
> With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet.\n
\n
You NAS will never “receive updates” it will *ask* for updates. Maybe add a firewall rule that allows traffic from the NAS to the internet but not the other way around (this is usually the default state of any router, it will allow local devices to go to the internet but not incoming connections to those devices).\n
\n
> My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
You can, but is it really worth it? If someone hacks the device they’ll access the rest of the network. Same applies to your computers and cames consoles, they can be used to jump to the other side and vice versa.\n
\n
Frankly I don’t see the usefulness of your setup as you’ll end up with weak points somewhere. Just get a single OpenWRT router and throw everything into the same network. Apply firewall restrictions as needed.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 6
+score: 0
+lastActive: DateTime @1728070903 {#4296
date: 2024-10-04 21:41:43.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4289 …}
+nested: Doctrine\ORM\PersistentCollection {#4280 …}
+votes: Doctrine\ORM\PersistentCollection {#4283 …}
+reports: Doctrine\ORM\PersistentCollection {#4278 …}
+favourites: Doctrine\ORM\PersistentCollection {#4276 …}
+notifications: Doctrine\ORM\PersistentCollection {#4274 …}
-id: 333951
-bodyTs: "'2x2.5gb':202 '3ports':36 'access':233 'acronym':67 'add':154 'allow':38,159,184 'also':27 'appli':240,292 'around':172 'ask':150 'benefit':217 'came':245 'care':61 'come':111 'compat':6 'comput':243 'connect':195,206 'consol':246 'context':72,95 'creat':41 'current':124 'default':177 'devic':34,121,186,198,230 'diagram':125 'differ':81,211 'dmz':45,58,68,89 'end':273 'everyth':287 'firewal':30,107,156,293 'forward':118 'frank':260 'gain':19 'get':280 'go':188 'hack':228 'host':99 'impli':87 'incom':194 'internet':141,166,191 'isn':15 'isp':77,104,114 'jump':252 'like':32,128 'll':232,272 'local':185 'mayb':153 'mean':82 'much':17 'nas':135,143,163 'nat':25 'need':296 'network':212,238,291 'never':145 'nic':208 'openwrt':5,22,46,283 'outsid':102 'pfsens':13 'physic':43 'plan':55 'point':277 'port':203 'possibl':132 're':86 'realli':223 'receiv':137,146 'request':110 'rest':235 'restrict':294 'router':7,75,105,115,181,284 'rule':157 'see':264 'seem':127 'separ':44 'setup':269 'side':256 'sinc':35 'singl':98,282 'someon':227 'somewher':278 'state':178 'think':11 'tho':59 'throw':286 'traffic':160 'truena':200 'typic':74 'updat':138,147,152 'use':64,92,250,266 'usual':90,175 've':3 'versa':259 'vice':258 'way':171 'weak':276 'well':51 'worth':224 'would':37,213"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6941746"
+editedAt: DateTimeImmutable @1727946517 {#4294
date: 2024-10-03 11:08:37.0 +02:00
}
+createdAt: DateTimeImmutable @1706012206 {#4295
date: 2024-01-23 13:16:46.0 +01:00
}
}
+root: App\Entity\EntryComment {#4288}
+body: """
Great read thank you !\n
\n
One technical question if you don’t mind.\n
\n
> Maybe add a firewall rule that allows traffic from the NAS to the internet but not the other way around.\n
\n
How does that work¿ I mean if the internet traffic isn’t allowed to the NAS, how can the NAS get updates than?
"""
+lang: "en"
+isAdult: false
+favouriteCount: 1
+score: 0
+lastActive: DateTime @1706013826 {#4381
date: 2024-01-23 13:43:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@TCB13@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4387 …}
+nested: Doctrine\ORM\PersistentCollection {#4389 …}
+votes: Doctrine\ORM\PersistentCollection {#4385 …}
+reports: Doctrine\ORM\PersistentCollection {#4392 …}
+favourites: Doctrine\ORM\PersistentCollection {#4394 …}
+notifications: Doctrine\ORM\PersistentCollection {#4396 …}
-id: 333978
-bodyTs: "'add':14 'allow':19,45 'around':32 'firewal':16 'get':53 'great':1 'internet':26,41 'isn':43 'mayb':13 'mean':38 'mind':12 'nas':23,48,52 'one':5 'question':7 'read':2 'rule':17 'technic':6 'thank':3 'traffic':20,42 'updat':54 'way':31 'work':36"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.ml/comment/7650323"
+editedAt: null
+createdAt: DateTimeImmutable @1706013826 {#4378
date: 2024-01-23 13:43:46.0 +01:00
}
} |
|
Show voter details
|
| 29 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 30 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4400
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4288
+user: App\Entity\User {#4272 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
If you’ve an OpenWRT compatible router why are you thinking about pfsense? There isn’t much to gain there, your OpenWRT will do NAT and also has a firewall.\n
\n
> I like this device since 3ports would allow me to create a physically separate DMZ\n
\n
OpenWRT can do this as well. What are your plans with the DMZ tho?\n
\n
Be careful with the use of the acronym DMZ as in the context of typical routers and ISPs it has a different meaning of what you’re implying here. DMZ usually is used in the context for a single host that is “outside” the ISP router’s firewall and all requests coming into the ISP router will be forward to that device.\n
\n
> With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet.\n
\n
You NAS will never “receive updates” it will *ask* for updates. Maybe add a firewall rule that allows traffic from the NAS to the internet but not the other way around (this is usually the default state of any router, it will allow local devices to go to the internet but not incoming connections to those devices).\n
\n
> My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
You can, but is it really worth it? If someone hacks the device they’ll access the rest of the network. Same applies to your computers and cames consoles, they can be used to jump to the other side and vice versa.\n
\n
Frankly I don’t see the usefulness of your setup as you’ll end up with weak points somewhere. Just get a single OpenWRT router and throw everything into the same network. Apply firewall restrictions as needed.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 6
+score: 0
+lastActive: DateTime @1728070903 {#4296
date: 2024-10-04 21:41:43.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4289 …}
+nested: Doctrine\ORM\PersistentCollection {#4280 …}
+votes: Doctrine\ORM\PersistentCollection {#4283 …}
+reports: Doctrine\ORM\PersistentCollection {#4278 …}
+favourites: Doctrine\ORM\PersistentCollection {#4276 …}
+notifications: Doctrine\ORM\PersistentCollection {#4274 …}
-id: 333951
-bodyTs: "'2x2.5gb':202 '3ports':36 'access':233 'acronym':67 'add':154 'allow':38,159,184 'also':27 'appli':240,292 'around':172 'ask':150 'benefit':217 'came':245 'care':61 'come':111 'compat':6 'comput':243 'connect':195,206 'consol':246 'context':72,95 'creat':41 'current':124 'default':177 'devic':34,121,186,198,230 'diagram':125 'differ':81,211 'dmz':45,58,68,89 'end':273 'everyth':287 'firewal':30,107,156,293 'forward':118 'frank':260 'gain':19 'get':280 'go':188 'hack':228 'host':99 'impli':87 'incom':194 'internet':141,166,191 'isn':15 'isp':77,104,114 'jump':252 'like':32,128 'll':232,272 'local':185 'mayb':153 'mean':82 'much':17 'nas':135,143,163 'nat':25 'need':296 'network':212,238,291 'never':145 'nic':208 'openwrt':5,22,46,283 'outsid':102 'pfsens':13 'physic':43 'plan':55 'point':277 'port':203 'possibl':132 're':86 'realli':223 'receiv':137,146 'request':110 'rest':235 'restrict':294 'router':7,75,105,115,181,284 'rule':157 'see':264 'seem':127 'separ':44 'setup':269 'side':256 'sinc':35 'singl':98,282 'someon':227 'somewher':278 'state':178 'think':11 'tho':59 'throw':286 'traffic':160 'truena':200 'typic':74 'updat':138,147,152 'use':64,92,250,266 'usual':90,175 've':3 'versa':259 'vice':258 'way':171 'weak':276 'well':51 'worth':224 'would':37,213"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6941746"
+editedAt: DateTimeImmutable @1727946517 {#4294
date: 2024-10-03 11:08:37.0 +02:00
}
+createdAt: DateTimeImmutable @1706012206 {#4295
date: 2024-01-23 13:16:46.0 +01:00
}
}
+root: App\Entity\EntryComment {#4288}
+body: """
Thanks for all the info!\n
\n
At the time, I wasn’t sure why i bought OpenWRT compatible router, only that the community seemed to love it. Now I’m glad I got it!\n
\n
Time to get OpenWRT working!
"""
+lang: "en"
+isAdult: false
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1706045772 {#4398
date: 2024-01-23 22:36:12.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@TCB13@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4401 …}
+nested: Doctrine\ORM\PersistentCollection {#4403 …}
+votes: Doctrine\ORM\PersistentCollection {#4405 …}
+reports: Doctrine\ORM\PersistentCollection {#4407 …}
+favourites: Doctrine\ORM\PersistentCollection {#4409 …}
+notifications: Doctrine\ORM\PersistentCollection {#4411 …}
-id: 335212
-bodyTs: "'bought':15 'communiti':22 'compat':17 'get':36 'glad':30 'got':32 'info':5 'love':25 'm':29 'openwrt':16,37 'router':18 'seem':23 'sure':12 'thank':1 'time':8,34 'wasn':10 'work':38"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmyf.uk/comment/5150969"
+editedAt: null
+createdAt: DateTimeImmutable @1706045772 {#4399
date: 2024-01-23 22:36:12.0 +01:00
}
} |
|
Show voter details
|
| 31 |
DENIED
|
edit
|
App\Entity\EntryComment {#4400
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4288
+user: App\Entity\User {#4272 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
If you’ve an OpenWRT compatible router why are you thinking about pfsense? There isn’t much to gain there, your OpenWRT will do NAT and also has a firewall.\n
\n
> I like this device since 3ports would allow me to create a physically separate DMZ\n
\n
OpenWRT can do this as well. What are your plans with the DMZ tho?\n
\n
Be careful with the use of the acronym DMZ as in the context of typical routers and ISPs it has a different meaning of what you’re implying here. DMZ usually is used in the context for a single host that is “outside” the ISP router’s firewall and all requests coming into the ISP router will be forward to that device.\n
\n
> With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet.\n
\n
You NAS will never “receive updates” it will *ask* for updates. Maybe add a firewall rule that allows traffic from the NAS to the internet but not the other way around (this is usually the default state of any router, it will allow local devices to go to the internet but not incoming connections to those devices).\n
\n
> My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
You can, but is it really worth it? If someone hacks the device they’ll access the rest of the network. Same applies to your computers and cames consoles, they can be used to jump to the other side and vice versa.\n
\n
Frankly I don’t see the usefulness of your setup as you’ll end up with weak points somewhere. Just get a single OpenWRT router and throw everything into the same network. Apply firewall restrictions as needed.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 6
+score: 0
+lastActive: DateTime @1728070903 {#4296
date: 2024-10-04 21:41:43.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4289 …}
+nested: Doctrine\ORM\PersistentCollection {#4280 …}
+votes: Doctrine\ORM\PersistentCollection {#4283 …}
+reports: Doctrine\ORM\PersistentCollection {#4278 …}
+favourites: Doctrine\ORM\PersistentCollection {#4276 …}
+notifications: Doctrine\ORM\PersistentCollection {#4274 …}
-id: 333951
-bodyTs: "'2x2.5gb':202 '3ports':36 'access':233 'acronym':67 'add':154 'allow':38,159,184 'also':27 'appli':240,292 'around':172 'ask':150 'benefit':217 'came':245 'care':61 'come':111 'compat':6 'comput':243 'connect':195,206 'consol':246 'context':72,95 'creat':41 'current':124 'default':177 'devic':34,121,186,198,230 'diagram':125 'differ':81,211 'dmz':45,58,68,89 'end':273 'everyth':287 'firewal':30,107,156,293 'forward':118 'frank':260 'gain':19 'get':280 'go':188 'hack':228 'host':99 'impli':87 'incom':194 'internet':141,166,191 'isn':15 'isp':77,104,114 'jump':252 'like':32,128 'll':232,272 'local':185 'mayb':153 'mean':82 'much':17 'nas':135,143,163 'nat':25 'need':296 'network':212,238,291 'never':145 'nic':208 'openwrt':5,22,46,283 'outsid':102 'pfsens':13 'physic':43 'plan':55 'point':277 'port':203 'possibl':132 're':86 'realli':223 'receiv':137,146 'request':110 'rest':235 'restrict':294 'router':7,75,105,115,181,284 'rule':157 'see':264 'seem':127 'separ':44 'setup':269 'side':256 'sinc':35 'singl':98,282 'someon':227 'somewher':278 'state':178 'think':11 'tho':59 'throw':286 'traffic':160 'truena':200 'typic':74 'updat':138,147,152 'use':64,92,250,266 'usual':90,175 've':3 'versa':259 'vice':258 'way':171 'weak':276 'well':51 'worth':224 'would':37,213"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6941746"
+editedAt: DateTimeImmutable @1727946517 {#4294
date: 2024-10-03 11:08:37.0 +02:00
}
+createdAt: DateTimeImmutable @1706012206 {#4295
date: 2024-01-23 13:16:46.0 +01:00
}
}
+root: App\Entity\EntryComment {#4288}
+body: """
Thanks for all the info!\n
\n
At the time, I wasn’t sure why i bought OpenWRT compatible router, only that the community seemed to love it. Now I’m glad I got it!\n
\n
Time to get OpenWRT working!
"""
+lang: "en"
+isAdult: false
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1706045772 {#4398
date: 2024-01-23 22:36:12.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@TCB13@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4401 …}
+nested: Doctrine\ORM\PersistentCollection {#4403 …}
+votes: Doctrine\ORM\PersistentCollection {#4405 …}
+reports: Doctrine\ORM\PersistentCollection {#4407 …}
+favourites: Doctrine\ORM\PersistentCollection {#4409 …}
+notifications: Doctrine\ORM\PersistentCollection {#4411 …}
-id: 335212
-bodyTs: "'bought':15 'communiti':22 'compat':17 'get':36 'glad':30 'got':32 'info':5 'love':25 'm':29 'openwrt':16,37 'router':18 'seem':23 'sure':12 'thank':1 'time':8,34 'wasn':10 'work':38"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmyf.uk/comment/5150969"
+editedAt: null
+createdAt: DateTimeImmutable @1706045772 {#4399
date: 2024-01-23 22:36:12.0 +01:00
}
} |
|
Show voter details
|
| 32 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4400
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+entry: App\Entity\Entry {#2419
+user: Proxies\__CG__\App\Entity\User {#1970 …}
+magazine: App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
+slug: "Feedback-on-Design-and-Firewall-Options"
+title: "Feedback on Design and Firewall Options"
+url: null
+body: """
All the cool projects I see while lurking around here have thrown me into the world of Self-Hosting! Some months ago I got myself a NAS, flashed it with TrueNAS and started playing. Today, I am ready to face the creation of my first homelab.\n
\n
Since I got the basic data storage working, I decided to continue with the Firewall setup. I’d like to have my security figured out before I start spinning up machines, playing with their configs and unwittingly opening all kind of arcane doors to the unknown. So I turn to the Fediverse!\n
\n
I’d like to create the standard network with a DMZ. Within the network, I plan to use VLANS to manage traffic between devices, and the firewall to limit internet access.\n
\n
This is a sketch of what I think I want to achieve:\n
\n
\n
\n
### Connections\n
\n
- The Consoles will connect only to the internet\n
- The Home Devices (printers) will connect only to the Home WKS\n
- There will be a NAS device hosting VMs with services accessible only from the home network: \n
- The Home Automation will connect to IoT\n
- The Recipes will connect to Home Wks\n
- The Data Archive will connect to Home Wks\n
- Jellybean will connect to: \n
- Home Wks\n
- TV\n
- *arr Stack will connect to: \n
- The Internet\n
- the NAS (presumably Jellybean)\n
- The Home WKS connect to pretty much anything\n
\n
### Available Hardware\n
\n
- OpenWRT compatible Router\n
- 2.5gbs Unmaged Switch\n
- 1gbs Unmaged Switch\n
- QNAS with 2x2.5gbs NIC, running TrueNas\n
- A few Rpis of different specs\n
\n
Questions\n
=========\n
\n
#### Firewall\n
\n
My Main questions relate to the Firewall. It seems that pfsense is the way to go for a SW Firewall:\n
\n
- What HW should i use? would a Raspberry pi 4, 4GB RAM work?\n
- What do you think of Netgear 1100?\n
- I like this device since 3ports would allow me to create a physically separate DMZ\n
- Should I consider other firewalls?\n
\n
#### NAS\n
\n
For Bonus Points, some questions regarding the NAS:\n
\n
- With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet. The obvious change is to place the NAS within the DMZ, but I’d like to keep the Data Archive as far from the net as possible\n
- Should i locate the entire NAS in the DMZ?\n
- My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
Thanks for your time!
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 7
+favouriteCount: 22
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1728288680 {#2414
date: 2024-10-07 10:11:20.0 +02:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1884 …}
+votes: Doctrine\ORM\PersistentCollection {#1973 …}
+reports: Doctrine\ORM\PersistentCollection {#1959 …}
+favourites: Doctrine\ORM\PersistentCollection {#1927 …}
+notifications: Doctrine\ORM\PersistentCollection {#2442 …}
+badges: Doctrine\ORM\PersistentCollection {#2440 …}
+children: []
-id: 32551
-titleTs: "'design':3 'feedback':1 'firewal':5 'option':6"
-bodyTs: "'/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':145 '1100':295 '1gbs':239 '2.5':235 '2x2.5gb':384 '2x2.5gbs':244 '3ports':301 '4':285 '4gb':286 'access':130,176 'achiev':142 'ago':23 'allow':303 'anyth':229 'arcan':89 'archiv':198,364 'around':9 'arr':211 'autom':184 'avail':230 'basic':52 'benefit':399 'bonus':318 'chang':347 'compat':233 'config':82 'connect':146,150,160,186,192,200,206,214,225,388 'consid':313 'consol':148 'continu':59 'cool':3 'creat':104,306 'creation':43 'current':327 'd':65,101,358 'data':53,197,363 'decid':57 'devic':123,157,171,299 'diagram':328 'differ':252,393 'dmz':110,310,355,380 'door':90 'entir':376 'face':41 'far':366 'fedivers':99 'figur':71 'firewal':62,126,255,262,275,315 'first':46 'flash':29 'gbs':236 'go':271 'got':25,50 'hardwar':231 'home':156,164,180,183,194,202,208,223 'homelab':47 'host':20,172 'hw':277 'internet':129,154,217,344 'iot':188 'jellybean':204,221 'keep':361 'kind':87 'lemmyf.uk':144 'lemmyf.uk/pictrs/image/74aeb2e6-4e83-4e1a-a2ea-ed075759fd5e.png)':143 'like':66,102,297,331,359 'limit':128 'locat':374 'lurk':8 'machin':78 'main':257 'manag':120 'month':22 'much':228 'nas':28,170,219,316,324,338,352,377 'net':369 'netgear':294 'network':107,113,181,394 'nic':245,390 'obvious':346 'open':85 'openwrt':232 'pfsens':266 'physic':308 'pi':284 'place':350 'plan':115 'play':35,79 'point':319 'port':385 'possibl':335,371 'presum':220 'pretti':227 'printer':158 'project':4 'qnas':242 'question':254,258,321 'ram':287 'raspberri':283 'readi':39 'receiv':340 'recip':190 'regard':322 'relat':259 'router':234 'rpis':250 'run':246 'secur':70 'see':6 'seem':264,330 'self':19 'self-host':18 'separ':309 'servic':175 'setup':63 'sinc':48,300 'sketch':134 'spec':253 'spin':76 'stack':212 'standard':106 'start':34,75 'storag':54 'sw':274 'switch':238,241 'thank':400 'think':138,292 'thrown':12 'time':403 'today':36 'traffic':121 'truena':32,247,382 'turn':96 'tv':210 'unknown':93 'unmag':237,240 'unwit':84 'updat':341 'use':117,280 'vlan':118 'vms':173 'want':140 'way':269 'within':111,353 'wks':165,195,203,209,224 'work':55,288 'world':16 'would':281,302,395"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1706084419
+visibility: "visible "
+apId: "https://lemmyf.uk/post/4971341"
+editedAt: null
+createdAt: DateTimeImmutable @1705999419 {#1793
date: 2024-01-23 09:43:39.0 +01:00
}
}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: App\Entity\EntryComment {#4288
+user: App\Entity\User {#4272 …}
+entry: App\Entity\Entry {#2419}
+magazine: App\Entity\Magazine {#265}
+image: null
+parent: null
+root: null
+body: """
If you’ve an OpenWRT compatible router why are you thinking about pfsense? There isn’t much to gain there, your OpenWRT will do NAT and also has a firewall.\n
\n
> I like this device since 3ports would allow me to create a physically separate DMZ\n
\n
OpenWRT can do this as well. What are your plans with the DMZ tho?\n
\n
Be careful with the use of the acronym DMZ as in the context of typical routers and ISPs it has a different meaning of what you’re implying here. DMZ usually is used in the context for a single host that is “outside” the ISP router’s firewall and all requests coming into the ISP router will be forward to that device.\n
\n
> With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet.\n
\n
You NAS will never “receive updates” it will *ask* for updates. Maybe add a firewall rule that allows traffic from the NAS to the internet but not the other way around (this is usually the default state of any router, it will allow local devices to go to the internet but not incoming connections to those devices).\n
\n
> My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?\n
\n
You can, but is it really worth it? If someone hacks the device they’ll access the rest of the network. Same applies to your computers and cames consoles, they can be used to jump to the other side and vice versa.\n
\n
Frankly I don’t see the usefulness of your setup as you’ll end up with weak points somewhere. Just get a single OpenWRT router and throw everything into the same network. Apply firewall restrictions as needed.
"""
+lang: "en"
+isAdult: false
+favouriteCount: 6
+score: 0
+lastActive: DateTime @1728070903 {#4296
date: 2024-10-04 21:41:43.0 +02:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
"@OpenTheSeaLegs@lemmyf.uk"
]
+children: Doctrine\ORM\PersistentCollection {#4289 …}
+nested: Doctrine\ORM\PersistentCollection {#4280 …}
+votes: Doctrine\ORM\PersistentCollection {#4283 …}
+reports: Doctrine\ORM\PersistentCollection {#4278 …}
+favourites: Doctrine\ORM\PersistentCollection {#4276 …}
+notifications: Doctrine\ORM\PersistentCollection {#4274 …}
-id: 333951
-bodyTs: "'2x2.5gb':202 '3ports':36 'access':233 'acronym':67 'add':154 'allow':38,159,184 'also':27 'appli':240,292 'around':172 'ask':150 'benefit':217 'came':245 'care':61 'come':111 'compat':6 'comput':243 'connect':195,206 'consol':246 'context':72,95 'creat':41 'current':124 'default':177 'devic':34,121,186,198,230 'diagram':125 'differ':81,211 'dmz':45,58,68,89 'end':273 'everyth':287 'firewal':30,107,156,293 'forward':118 'frank':260 'gain':19 'get':280 'go':188 'hack':228 'host':99 'impli':87 'incom':194 'internet':141,166,191 'isn':15 'isp':77,104,114 'jump':252 'like':32,128 'll':232,272 'local':185 'mayb':153 'mean':82 'much':17 'nas':135,143,163 'nat':25 'need':296 'network':212,238,291 'never':145 'nic':208 'openwrt':5,22,46,283 'outsid':102 'pfsens':13 'physic':43 'plan':55 'point':277 'port':203 'possibl':132 're':86 'realli':223 'receiv':137,146 'request':110 'rest':235 'restrict':294 'router':7,75,105,115,181,284 'rule':157 'see':264 'seem':127 'separ':44 'setup':269 'side':256 'sinc':35 'singl':98,282 'someon':227 'somewher':278 'state':178 'think':11 'tho':59 'throw':286 'traffic':160 'truena':200 'typic':74 'updat':138,147,152 'use':64,92,250,266 'usual':90,175 've':3 'versa':259 'vice':258 'way':171 'weak':276 'well':51 'worth':224 'would':37,213"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6941746"
+editedAt: DateTimeImmutable @1727946517 {#4294
date: 2024-10-03 11:08:37.0 +02:00
}
+createdAt: DateTimeImmutable @1706012206 {#4295
date: 2024-01-23 13:16:46.0 +01:00
}
}
+root: App\Entity\EntryComment {#4288}
+body: """
Thanks for all the info!\n
\n
At the time, I wasn’t sure why i bought OpenWRT compatible router, only that the community seemed to love it. Now I’m glad I got it!\n
\n
Time to get OpenWRT working!
"""
+lang: "en"
+isAdult: false
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1706045772 {#4398
date: 2024-01-23 22:36:12.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@OpenTheSeaLegs@lemmyf.uk"
"@TCB13@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4401 …}
+nested: Doctrine\ORM\PersistentCollection {#4403 …}
+votes: Doctrine\ORM\PersistentCollection {#4405 …}
+reports: Doctrine\ORM\PersistentCollection {#4407 …}
+favourites: Doctrine\ORM\PersistentCollection {#4409 …}
+notifications: Doctrine\ORM\PersistentCollection {#4411 …}
-id: 335212
-bodyTs: "'bought':15 'communiti':22 'compat':17 'get':36 'glad':30 'got':32 'info':5 'love':25 'm':29 'openwrt':16,37 'router':18 'seem':23 'sure':12 'thank':1 'time':8,34 'wasn':10 'work':38"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmyf.uk/comment/5150969"
+editedAt: null
+createdAt: DateTimeImmutable @1706045772 {#4399
date: 2024-01-23 22:36:12.0 +01:00
}
} |
|
Show voter details
|
| 33 |
DENIED
|
edit
|
App\Entity\Magazine {#265
+icon: Proxies\__CG__\App\Entity\Image {#246 …}
+name: "selfhosted@lemmy.world"
+title: "selfhosted"
+description: """
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
\n
Rules:\n
\n
- Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
- No spam posting.\n
- Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
- Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
- No trolling.\n
\n
Resources:\n
\n
- [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
- [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
- [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
\n
> Any issues on the community? Report it using the report flag.\n
\n
> Questions? DM the mods!
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 222
+entryCommentCount: 3916
+postCount: 0
+postCommentCount: 0
+isAdult: false
+customCss: null
+lastActive: DateTime @1729582735 {#275
date: 2024-10-22 09:38:55.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#237 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
+entries: Doctrine\ORM\PersistentCollection {#180 …}
+posts: Doctrine\ORM\PersistentCollection {#138 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
+bans: Doctrine\ORM\PersistentCollection {#117 …}
+reports: Doctrine\ORM\PersistentCollection {#103 …}
+badges: Doctrine\ORM\PersistentCollection {#81 …}
+logs: Doctrine\ORM\PersistentCollection {#71 …}
+awards: Doctrine\ORM\PersistentCollection {#1346 …}
+categories: Doctrine\ORM\PersistentCollection {#1823 …}
-id: 120
+apId: "selfhosted@lemmy.world"
+apProfileId: "https://lemmy.world/c/selfhosted"
+apPublicUrl: "https://lemmy.world/c/selfhosted"
+apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
+apInboxUrl: "https://lemmy.world/inbox"
+apDomain: "lemmy.world"
+apPreferredUsername: "selfhosted"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1703473826 {#269
date: 2023-12-25 04:10:26.0 +01:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1703473826 {#271
date: 2023-12-25 04:10:26.0 +01:00
}
} |
|
Show voter details
|