this post was submitted on 25 Mar 2026
27 points (90.9% liked)

Selfhosted

58026 readers
488 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
27
swapping out the router maybe? (sh.itjust.works)
submitted 5 days ago by muusemuuse@sh.itjust.works to c/selfhosted@lemmy.world
15 comments fedilink hide all child comments
 

I have a firewalla purple. it's idiot mode networking and I love it, but I have never been too thrilled with it's cloud shit and really don't to rely on it as my only option right now.

A while back I tried spinning up a VM with opnsense and never got good performance off my home ryzen server. I tried multiple NICs and even bare metal installs and while bare metal was a little more performant, it was never able to reach gigabit on WAN. the firewalla falls just a hair short of gigabit WAN but its still way ahead of my more muscular server. I notice the CPU load spikes high. it seems nothing I do can bring down that CPU load for opnsense. openwrt performed a bit better but still never hit gigabit speeds and was still below the firewalla's performance. bare metal was again a bit better but still not matching the firewalla.

The firewalla is a heavily optimized amlogic based pi. it's not special. but it works right and my crap doesnt. I have other SBCs I can use if folding into the home server as a VM just isnt practical but the server is always on anyway and already has extra resources I can throw into this so I'd like to just throw it all in there, snapshot a working config and be done with it if I can.

I walked away from this a while back thinking I would have a fix if I took a break and came back to it later but I'm still stumped. How are other people doing this?

you are viewing a single comment's thread
view the rest of the comments
[–] muusemuuse@sh.itjust.works 1 points 4 days ago* (last edited 4 days ago) (1 children)

I have a smart switch. It has some managed features like VLANs and stuff like that but it’s not a full managed switch

[–] irotsoma@piefed.blahaj.zone 1 points 4 days ago (1 children)

If configured properly, it can usually bypass the router altogether. In my setup I have several VLANs for different traffic, so for me it's important to have a Layer 3 switch that can handle the routing between VLANS. But if you don't use VLANs, a layer 2 switch will build a mac address table and bypass the router once it knows where the traffic is going. That way only your DNS queries and similar get sent to the router for internal traffic on the LAN. Then the issue is just traffic going to the internet.

For the internet side you just need to configure the firewall to drop packets on ports (not reject, just drop/ignore) you don't use and use something like fail2ban or crowdsec to make your router outright drop malicious and LLM bot kinds of traffic to ports you do use that otherwise have to be processed. That generally will reduce processing load unless you have self-hosted services that really generate a ton of traffic in which case you can move those to VPSs outside of your network.

Those are my general strategies at a very high level.

[–] muusemuuse@sh.itjust.works 1 points 4 days ago

I do use VLANs. But in testing even without them going laptop->server->WAN and nothing else it could not do it.