Viclan

joined 1 year ago
[–] Viclan@beehaw.org 1 points 1 year ago

bro your app is super stable as well! I was having a lot of crashes with Mlem, not to discredit their work they've got a cool multi profile feature that's really nice. Appreciate your work!

[–] Viclan@beehaw.org 1 points 1 year ago

Hard agree, definitely feels more personable. People are making an effort to understand one another and people are collectively calling out the shitty things. Very nice change of pace

[–] Viclan@beehaw.org 10 points 1 year ago* (last edited 1 year ago)

Oh boy, I hope this statement pisses off a lot of people and motivates them to extend the blackout. My only criticism of the blackout was that there was an end date, Reddit only has to wait it out temporarily in that case, but idk this statement is kinda ridiculous. I hope people take it as the spit in the face it is, who tf is getting violent over subreddits going private? no one, extend the blackout!

[–] Viclan@beehaw.org 0 points 1 year ago (1 children)

So you’re saying your services run on a separate subnet? 255.255.0.0? How would you connect from your home pc connected to your home WiFi? I assume have the vpn running on the machine on a different subnet and also have it running in front of the service, the vpn would give your home computer an IP on the /16 subnet range? Am I correct in that assumption?

I suppose I need to get OPNsense actually working and providing a different subnet in the first place before worrying about all this, I appreciate your input! I understand about exposing the WAN IP, I’m assuming VPN tunnel for those specific services would protect my WAN IP as it would just send all my traffic to the VPN provider and then out to the actual destination, again correct me if I’m wrong. I don’t think I understand how the actual routing would work, how to hook the services into nginx proxy manager and how to know which ports to close and what not, but I suppose I’m not at that step quite yet

 

Hi All!

New to the Fediverse from the reddit exodus, I've gotten into Self-hosting around January this year and have been loving learning about Networks and how they are structured and communicate and I love the projects that come out of managing a home lab.

As I've built up my home lab, from a single node to 3, I've been trying to think of how to structure my network to segment it in such a way that my homelab is on its own segmented network, whether this be VLAN or separate LAN (though I've heard terrible things about double NAT), and have that whole segment of traffic be pushed through a VPN tunnel. Unless that is not necessary? Part of the reason I want to make this post is so that people who are around the same point in their home lab adventure who might have similar questions can come to this thread to discuss particulars about the manner at hand. I'll probably be structuring future questions in such a manner that allows people to discuss and nail down topics they may be struggling with wrapping their head around.

Back to my question, so let me give a better lay of the land. I am running Proxmox as my hypervisor on all these nodes, I have a generic ISP-provided router (ActionTek T3200 if interested in the model) that handles LAN routing and WiFi. Currently all my nodes are hard-lined to the router and I rely on proxmox default firewall atm, I haven't dug into how to properly configure any of that since I wanted a separate solution, not sure the security implications of just using proxmox's firewall so chime in if you know.

So all my nodes are hooked up to my router, but I have a Layer 2 switch I got for free (supports basic VLANs as well as some other basic features) and I want to configure my 3rd node to run OPNsense for my routing and VLAN tagging. The 3rd node will sit on the edge of the Router and the Switch, meaning Router connects to Ethernet port 1 on node 3 and Ethernet port 2 on node 3 connects to the switch and would be providing the LAN and internet access from my understanding. Node 3 will also be running a VPN tunnel to provide remote access as well as providing protection for my *Arr downloads. So the routing for my homelab should go from this:

Node 1, Node 2, Node 3 ------- ISP Router ------ Internet

to this:

Node 1, Node 2--Switch/Node3---ISP Router --Internet

Now my understanding is that structuring it in such a way means that if, for example, Node 1 which hosts my *Arr network were to pull a compromised download then its damage would only go as far as where the VLAN ends, ie would only affect my homelab network because its segmented in such a way that my devices connected to wifi would be unaffected.

I've just started to tinker around with configuring OPNsense when I got a sense for how to structure my network. I'm trying to virtualize it, which is a bit unconventional but not unheard of. I was able to spin up a VM running the installer and it gets through the install just fine but I am unable to reach the address provided. It's 192.168.1.1 which is off my IP range. This might be where I need a bit of help understanding, but shouldn't it give me an IP address that's in my Routers IP Range? Maybe not, maybe its a sort of DMZ type thing? I'm not all too familiar so give a shout if you know something. I am thinking that the WAN and LAN ports are just getting switched during install and I need to interrupt the install and manually delegate those ports and then I'll be able to connect? I haven't had some solid time to dig deep on this so I figured rambling on a forum with tech savvy individuals might at the very least provide me with some insight and more understanding.

So I suppose my question is what do you think of my thought process? Am I missing anything major in my understanding? How should you think about configuring your firewall and VPN? How do you setup VLANs to allow communication where necessary between VLANs and Wifi network? Apologies that this got so long, I was trying to keep it brief but also give enough info on my environment. Let me know if there's any questions. I'd also be interested in resources if my topics just point to needing a better understanding of networking generally. Thanks for your time

[–] Viclan@beehaw.org 0 points 1 year ago (1 children)

I would also recommend spending time looking into Usenet providers with lifetime subscriptions as it provides a great resource for pulling media from. I use NZBgeek and Frugal UseNet, rarely have problems finding seeders. It does take a bit more setup than just pulling from Torrent Indexers but the ease of finding the content I'm looking for is 100x better than just torrents from personal experience.