diff options
author | uvok cheetah | 2021-04-25 22:07:28 +0200 |
---|---|---|
committer | uvok cheetah | 2021-04-25 22:07:28 +0200 |
commit | da63ddfc05151c90344d300970c1609adbd32d52 (patch) | |
tree | 20cb3fb87c018a79d3d2f63fb60e5890d174aa5b /_posts/2021-04-25-networkstuff.md | |
parent | 67915fc3d4943bbe3e08d9483658953c82e99e8e (diff) |
Add blog post
Diffstat (limited to '_posts/2021-04-25-networkstuff.md')
-rw-r--r-- | _posts/2021-04-25-networkstuff.md | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/_posts/2021-04-25-networkstuff.md b/_posts/2021-04-25-networkstuff.md new file mode 100644 index 0000000..8eadaf4 --- /dev/null +++ b/_posts/2021-04-25-networkstuff.md @@ -0,0 +1,72 @@ +--- +layout: post +title: Network stuff +date: 2021-04-25 21:50 +0200 +categories: tech +--- + +Been a long time. + +Recently, I got interested in the whole "homelab" stuff. +So I got myself a used Mini PC to run Proxmox on it. + +Initially, it was to be just for fun, but soon after +I received the PC, my Raspberry Pi (PiHole - running as DNS server) +died in a dumb +chain of events. ("Why is it blinking funnily? Oh, it +blinks when the voltage is too low? Let me get my multimeter. +Huh, it's now too low. If anything, it's to high. Mh, let me +change the power supply and check again... Uh? Damn, what +happened? Why won't it boot again?" - Turns out I probably +shorted something. After some research it turns out the +whole blinking stuff WAS THE STUPID OS DOING THIS AS A +"HEARTBEAT". So I broke my Raspberry Pi which serves +my whole network as a DNS server for nothing). + +So anyway, I installed Proxmox, fiddled around with it, got +PiHole running in a container, everything is fine. + +Since, as the same time, I changed to work-from-home, I wanted +to isolate the work PC. With VLANs. After a lot of head scratching +and internet research, I still couldn't find out how to properly set +up VLANs with Proxmox. (I already had a managed switch at that point). + +I ended up with this setup initially: + + +--Proxmox--- + | + | + +-eno1 ------- vmbr0 --- VM*/container + | | + | +- eno1.20 - vmbr1 --- VM* + | + * I decided to run OpenWRT + +With vmbr1 being a "VLAN aware bridge", because, obviously, +I wanted to use VLANs, so I have to use it, right? + +Well, after a *lot* of experiments, internet research, and +a seemingly wrong answer on StackExchange stating +"If you attach a network interface on a bridge, you can't +use VLANs anymore" (maybe I read it wrong) it turns out, +this is not necessary. + +Just throw the vmbr0 into the VM, and do the VLAN separation +inside there. Good enough for my use case. Although I understand +that's probably "bad" because "rogue VMs/containers" could access +the traffic they shouldn't see. But like I said, I don't consider +that to be a problem. + +Meanwhile, I consider replacing my current router (FritzBox) with +the virtualized OpenWRT router, but have no idea how to properly +implement that, I also want to avoid the migration headache +(I either need to put the FritzBox into another network / address +space, or reconfigure my whole network). Also, I probably should +consider whether I want to do that "exposed host" stuff on the +FritzBox so I only have one NAT. Bearing in mind OpenWRT installed +by a n00b like me inside a virtualization software being practically +"open on the internet" is not a good idea. + +Not to mention I also had a look at OPNsense, but found it too +confusing and overloaded for now. + |