I would like to create a VLAN that can access the internet but cannot access the rest of my network, with one exception. It should still be able to connect to my HomeAssistant server which isn't on the VLAN.

I have never set up a VLAN before so I am a bit lost. Does anybody have any good guides on how to set up something like this on a GL.iNet router? I am able to access the OpenWRT settings including interfaces, devices, etc. from LuCI.

For those of you who know of PiAlert or similar projects/forks like NetAlertX, do you know of any that can run without WAN access?

I just got PiAlert running the other day and noticed that it does not update correctly unless it has access to WAN which seems odd, since it's basically just running arp commands within internal IP ranges over specified interfaces.

Edit: Looks like I was just able to modify one function to return a hardcoded value to resolve the need to connect to WAN

My Internet provider just installed a 2,5/1Gbps Internet connection and I've asked the guys to run a couple of their fiber to connect my router (HP Prodesk with OPNsense) to my server. I didn't know that the fiber is single mode and all the SFP+ sold used now seems to be all for multi mode fiber (www.bargainhardware.co.ukfor example). The cable is about 30m, can I use a 810nm SFP+ or is it definitely better to use a 1310nm?

So, I finally got this project (PiAlert) working how I'd like.

It basically uses arp to keep track of devices on your network, and let you know when new ones join. It gives some basic stats like uptime, etc and you can configure a few different notification options to be alerted when a rogue device connects.

Anyways, to get this work on my network involved setting up several network interfaces, as I have quite a few VLANs I'd like to keep an eye on. While everything seems to be working, I feel like I may have created an asymmetric-routing situation, as now when I SSH to the VM hosting this, it will freeze up after a few seconds.

My interfaces look like such. The problem is that I am accessing this VM (hosted on 192.168.1.0/24) from my personal network (192.168.6.0/24). My personal network has access to 192.168.1.0/24 and obviously to it's own subnet, so I think packets are getting confused, as there are multiple routes they can take to this VM.

I believe this is confirmed, because if I disable the entry for 192.168.6.0/24 in my /etc/network/interfaces file, the problem goes away.

How should I handle this? I've tried some simple UFW rules to try to force things to only use the 192.168.1.0/24 interface, but to no avail.

Edit: Sorry for the weird markdown, not sure why it's highlighting keywords

Hi everyone :)

It's time to switch and give my home network a proper minimal hardware upgrade. Right now everything is managed by my ISP's AIO firewall/router combo. Which works okayish, but I'm already doing some firewall/dns/VPN stuff on my minimal spare laptop server to bypass most of my ISP's restrictions. So it's time to get a little bit "crazy" !

While I do have some "power user" knowledge regarding Linux/server/selfhosted services/networking, I'm a bit clueless hardware wise, specially regarding my ISP's 2.5G ethernet port.

I do have a 5giga connection from my Internet provider (Obtic fiber) which is divided into 4 ethernet ports (Eth1 2.5G, Eth2 1G, Eth3 1G, Eth4 0,500G or something in that range). And right now the Eth1 port is connected through an old 1G switch.

1. To take full advantage of my ISP's 2.5G ethernet port do I need a router AND a switch capable of 2.5G througput ? Or only the router and the switch is going to divid it accordingly between all connected devices on a 1G switch?

I'm also looking for some recommendation/personal experience for a router and a switch with a budget of 250e.

First I was interested into a BananaPI as a router, to tinker a bit, but it seems a bit of a hassle to flash it with OpenWRT, then I found an interesting post on Lemmy talking about the Intel N100 Celeron N5105, which looks like more what I'm looking for but I'm not sure ?

2. I have no idea what's the best bet, a SBC (bananapi mini, orange pi, raspberry pi...) a fully fleged router (like TP-Link AX1800 and flash it with opensense/openwrt) or an Intel N100 Celeron N5105 Soft Router ?

The capabilities I'm looking for:

• VLAN capable
• AP VLAN capabable to segment wifi
• Taking advantage of my ISP's 2.5G ethernet port
• Firewall customization capabilities

I have an eye on a managed switch I found on amazon (SODOLA 6 Port 2.5G Web Managed) but I have no idea how reliable they are, I have never heard of SODOLA.

3. Any good recommendation I should look at for a managed switch that would work great with the same capabilities above?

4. Probably last question, is regarding wifi APs. Is it possible to make an access point from my router even tough it hasn't atennas? If I connect an access point directly to my router, will it be capable of giving away wifi connection?

Thanks for reading though, I'm a bit unsure how I should spend my money to have a minimal but reliable/capable homelab setup. Every advice is welcome. But keep in mind, I want to keep it minimal, a good enough routing capbability with intermediate firewall customisation. I'm already hosting a few containers with a spare laptop and the traffic isn't going to be to crazy.

I recently installed an instance of TPot Honeypot, and it looks and feels pretty fantastic.

I haven't opened it up to the whole world, because my goal here was to just have the same ports I expose for my personal projects (game server, matrix chat, wireguard, etc) be exposed to it.

I know this project is a bit overkill for this use case, since it comes with a ton of honeypots that I'm not using, and that I'm essentially trying to make a fancy IDS, however I have a couple questions.

1. Is it possible to add custom ports for honeypots that aren't included in the project? For example, if I have a game running on port 4567 and there is no honeypot for that, I won't see any activity.

2. Is there another (perhaps lighter) Honeypot that you guys would recommend?

Edit: I guess disregard. I realize now that I can't have honeypots running on the same ports as the services in which I'm wanting to monitor. Port forwarding from WAN to multiple devices using the same port won't work

From open bench table : https://openbenchtable.com/

To just sitting on top of a anti static mat...

There are options for how to manage a test computer.

Do you have a preferred case that is portable, stackable, and still easy to work on?

I've thought about Fractal cases but they are on the bulky side of things. I've thought about a 4U case Silverstone rm44, but then the components are hard to access.. and noise goes up

Hi everybody! For my OPNsense router (on a VM on Proxmox) I need a 2,5Gbe card (to connect to the ONT of my provider); I only have 2 PCIe 3.0 x1 or 1 x4 because the only x16 is for a dual SFP+ fiber card.

Can you suggest me a NIC (I'd prefer to buy used)? Is it better to go with a 2,5 or 10Gbe? The cooler (temperature!) the better. I just need 1 port, if there are 2 it would be better, but the most important thing is the low operating temperature.

Thanks!

I have installed Debian with software RAID1 (and installed Proxmox on it) on 2 256GB SSD and I now want to move to 2 500GB SSD, how do I proceed?

Edit: the RAID is of the OS disks.