I try to balance things between what I find enjoyable/ worth the effort, and what ends up becoming more of a recurring headache
I try to balance things between what I find enjoyable/ worth the effort, and what ends up becoming more of a recurring headache
Just SSH dropping. Everything on the VM side is ok.
And yes, the computer I’m using is on .6.X (LAN VLAN) and the VM is on .1.X (MGMT VLAN).
The management VLAN is only accessible by a couple devices and this is one of them. To get PiAlert to be able to see devices on the LAN VLAN, it has to have an interface to be able to ARP from.
Would that be similar to telling SSH to listen on only one interface? Because I did try that but it unfortunately did not resolve the issue
Edit: Found what you mean. I’ll give this a try, thanks!
I have a somewhat dated (but decently specd) NUC running Proxmox, and it’s the backbone of my home lab. No issues to date.
Updated with the forum posts
Hey there,
Yeah I’m doing it manually, and I did try importing the config from pfsense, however it would say import successful and then “Failed” at the bottom, lol. I did end up getting it working after finding a post from the staff mentioning that you should not put a listening address on the Peer and you should set a manual MTU of like 1300 which worked for me.
Thank you, I might give this a try tomorrow. I thought I read something similar, but that it would require you to take care of log rotation as well otherwise they would just grow. Not sure how true that is.
Oooh, good point. I’m not even sure if I should be using this with cert only based auth
It does usually not make sense to use fail2ban with e.g sshd when only public key authentication or similar is enabled.
I was thinking that might be the case. Thank you!
I was using a WD PR4100, but I upgraded to a Synology RS1221+ and it’s been fantastic :)
I have a beefed up Intel NUC running Proxmox (and my self hosted services within those VMs) and a stand alone NAS that I mount on the necessary VMs via fstab.
I really like this approach, as it decouples my storage and compute servers.
Hm, currently I have PFsense and my other network equipment on it’s own “management” VLAN, and I don’t allow my other VLANs access to it (except for a couple devices I whitelist). None of those can reach PFsense via the LAN IP as I expect, only by the WAN IP.
Thank you, that was the first thing I checked after having a near heart attack, haha. I thought the whole world could see my login for a second there.
Gotcha, thanks so much (to you and the others who mentioned this as well). This has been driving me crazy the last couple hours, as I can connect to any of my VLANs (some which I treat as fairly insecure) and they can all hit my firewall if I use the WAN IP.
I checked Pfsense, and I have NAT Reflection disabled everywhere I found it (System>>Advanced>>Firewall & NAT as well as in my individual NAT rules), however I can still access via the WAN IP.
So I guess all I can really do is set a rule to forward to port 80/443 to something else to avoid this, right? I was thinking of hosting a Matrix chat server which would use those ports, so maybe that’s the play.
Hm, my only NAT rule is to allow traffic to my game server on specific ports. Is there somewhere else that could be set? EDIT: I think you’re right.
Thank you!
That does make sense, thank you. I kind of have that started in a way, for example I have port aliases for games grouped in one alias, I have ports for crypto mining into an alias, etc. Now I guess I just need to break up the hosts more and give them the necessary (and minimum amount of) permissions
Edit: @oleorun@real.lemmy.fan made some changes to my Smart VLAN. Does this look a bit like what you mean?
4 currently with 8GB RAM and no pass through for transcoding (only direct play)
StandardNotes for me