root

joined 1 year ago
 

I recently had my Proxmox host fail, so I re-installed and recovered all my VMs from backups.

I'm noticing that my file structure (this is on my NAS where Proxmox mounts it via SMB/CIFS) has some duplicate folders in it. The ones I highlighted are all empty. Is this normal? Can these be removed safely?

[–] root@lemmy.world 8 points 2 weeks ago (1 children)

Is keeping everything inside of a local “walled garden”, then exposing the minimum amount of services needed to a WireGuard VPN not sufficient?

There would be be no attack surface from WAN other than the port opened to WireGuard

[–] root@lemmy.world 3 points 3 weeks ago

Exactly this. Everyone focuses on how fast you can charge a phone, but 99% of the time I’m charging over night and would prefer a slower charge.

I just capped mine to 90%, if that goes well I might go down to 80.

[–] root@lemmy.world 1 points 4 weeks ago (1 children)

Do you think trickle charging via wireless would be significantly worse?

[–] root@lemmy.world 2 points 4 weeks ago (1 children)

I was actually thinking of using the battery charge limit feature to prevent charging above 90%. Not sure I could do 80 without an charge during the day, lol

 

When charging a phone wirelessly, there is sometimes significant heat generated. That combined with higher charging rates that are now coming out with the Qi 2 standard make me wonder what the ideal charge for the battery would be.

Most of the time I just toss my phone onto a wireless charger before bed, and don’t really care how quickly it charges. Would it be better to use a 5W brick with a charging pad? Should wireless be avoided and usb used instead?

 

I see a lot of guides on setting up DoH (DNS over HTTPS) using things like cloudflared, but not many concrete ones on DoT (DNS over TLS).

Does anyone have any guides they'd recommend?

[–] root@lemmy.world 2 points 2 months ago (3 children)

Ah got it. I was looking at the UDM Pro. Is that a router and a controller? If so, I should be able to access locally I'd hope

[–] root@lemmy.world 1 points 2 months ago

I've heard of this setup before. I had thought of using PFSense + UniFi Apps/ Switch, but haven't pulled the trigger on it yet

[–] root@lemmy.world 3 points 2 months ago (7 children)

Oh interesting. So you can't manage Ubiquiti devices without an Internet connection? TIL

[–] root@lemmy.world 2 points 2 months ago (4 children)

Would you use it at home over PF/OPNsense?

 

I've been using PFSense for years, and it's been pretty great, but I also have some friends who are homelabbers that like their Unifi setups.

What do you guys prefer, and why?

[–] root@lemmy.world 1 points 4 months ago

Got it, thanks so much for the explanation!

 

I am hosting a couple of services (Matrix chat server and a game server). I know NAT's job is to translate external requests into internal addresses, so that the traffic can hit the WAN and ultimately make it to the internal service which is expected to handle the traffic, however I'm wondering if my setup is correct.

Everything is working as expected, but I'm just wondering how the traffic knows which service to go to. If an outside requests comes in, is it just the destination port that is used to route to the correct internal IP? Do I need to do something else here for best practices?

[–] root@lemmy.world 2 points 4 months ago

StandardNotes for me

[–] root@lemmy.world 3 points 5 months ago

I try to balance things between what I find enjoyable/ worth the effort, and what ends up becoming more of a recurring headache

5
submitted 6 months ago* (last edited 6 months ago) by root@lemmy.world to c/homelab@lemmy.ml
 

For those of you who know of PiAlert or similar projects/forks like NetAlertX, do you know of any that can run without WAN access?

I just got PiAlert running the other day and noticed that it does not update correctly unless it has access to WAN which seems odd, since it's basically just running arp commands within internal IP ranges over specified interfaces.

Edit: Looks like I was just able to modify one function to return a hardcoded value to resolve the need to connect to WAN

[–] root@lemmy.world 1 points 6 months ago

Understood. Thanks so much!

14
submitted 6 months ago* (last edited 6 months ago) by root@lemmy.world to c/homelab@lemmy.ml
 

So, I finally got this project (PiAlert) working how I'd like.

It basically uses arp to keep track of devices on your network, and let you know when new ones join. It gives some basic stats like uptime, etc and you can configure a few different notification options to be alerted when a rogue device connects.

Anyways, to get this work on my network involved setting up several network interfaces, as I have quite a few VLANs I'd like to keep an eye on. While everything seems to be working, I feel like I may have created an asymmetric-routing situation, as now when I SSH to the VM hosting this, it will freeze up after a few seconds.

My interfaces look like such. The problem is that I am accessing this VM (hosted on 192.168.1.0/24) from my personal network (192.168.6.0/24). My personal network has access to 192.168.1.0/24 and obviously to it's own subnet, so I think packets are getting confused, as there are multiple routes they can take to this VM.

I believe this is confirmed, because if I disable the entry for 192.168.6.0/24 in my /etc/network/interfaces file, the problem goes away.

How should I handle this? I've tried some simple UFW rules to try to force things to only use the 192.168.1.0/24 interface, but to no avail.

Edit: Sorry for the weird markdown, not sure why it's highlighting keywords

24
Homelab Honeypot (lemmy.world)
submitted 6 months ago* (last edited 6 months ago) by root@lemmy.world to c/homelab@lemmy.ml
 

I recently installed an instance of TPot Honeypot, and it looks and feels pretty fantastic.

I haven't opened it up to the whole world, because my goal here was to just have the same ports I expose for my personal projects (game server, matrix chat, wireguard, etc) be exposed to it.

I know this project is a bit overkill for this use case, since it comes with a ton of honeypots that I'm not using, and that I'm essentially trying to make a fancy IDS, however I have a couple questions.

  1. Is it possible to add custom ports for honeypots that aren't included in the project? For example, if I have a game running on port 4567 and there is no honeypot for that, I won't see any activity.

  2. Is there another (perhaps lighter) Honeypot that you guys would recommend?

Edit: I guess disregard. I realize now that I can't have honeypots running on the same ports as the services in which I'm wanting to monitor. Port forwarding from WAN to multiple devices using the same port won't work

 

I recently discovered Pi Alert (and the various forks of it) and it seems like something that might be useful on my homelab.

I've decided to use this version, and have tried the others as well, but I can't seem to get it to discover things outside of the VLAN that it is installed on.

It is running on a Proxmox VM using a trunk'd interface that has several VLANs available to it. If I SSH into the VM hosting Pi Alert, I am able to ping the devices on the other VLANs without issues, so I know ICMP detection should be working.

Here is the config section. I am using SCAN_SUBNETS = [ '192.168.1.0/24 --interface=ens18', '192.168.2.0/24 --interface=ens18' ] To test 2 of my VLANs, and as mentioned, they are on the same interface, however this does not seem to be working.

Anyone have any suggestions?

12
submitted 8 months ago* (last edited 8 months ago) by root@lemmy.world to c/homelab@lemmy.ml
 

After looking into travel routers a bit, I quickly came across Gl.iNet which seems to be a leader in the space. It seems they use OpenWRT which is great, but with some special sauce on top of it.

In a few different posts I've seen people mention that they are no longer open source. Does anyone know if this is the case? I see some activity on their Github repo, but am not quite sure which parts people are worried about being closed.

Post 1

Post 2

 

For those of you who use travel routers, do you only use them to wire guard/ openvpn back to your home networks for local resources?

Do you use the travel routers firewall features at all, or does the VPN tunnel home take care of concerns about others in the public (hotel/ coffee shop/ etc) from seeing your devices?

7
Whoogle (lemmy.world)
 

I've been using Whoogle for probably a couple years now, and it's been great.

I do not have a cert on my PC that's running it (in my house) so my connection to it is not https. My question though, is once my query reaches from my device to the whole server (http) does Whoogle then use HTTPS when exiting to complete the query?

view more: next ›