summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--_posts/2021-04-25-networkstuff.md72
1 files changed, 72 insertions, 0 deletions
diff --git a/_posts/2021-04-25-networkstuff.md b/_posts/2021-04-25-networkstuff.md
new file mode 100644
index 0000000..8eadaf4
--- /dev/null
+++ b/_posts/2021-04-25-networkstuff.md
@@ -0,0 +1,72 @@
+---
+layout: post
+title: Network stuff
+date: 2021-04-25 21:50 +0200
+categories: tech
+---
+
+Been a long time.
+
+Recently, I got interested in the whole "homelab" stuff.
+So I got myself a used Mini PC to run Proxmox on it.
+
+Initially, it was to be just for fun, but soon after
+I received the PC, my Raspberry Pi (PiHole - running as DNS server)
+died in a dumb
+chain of events. ("Why is it blinking funnily? Oh, it
+blinks when the voltage is too low? Let me get my multimeter.
+Huh, it's now too low. If anything, it's to high. Mh, let me
+change the power supply and check again... Uh? Damn, what
+happened? Why won't it boot again?" - Turns out I probably
+shorted something. After some research it turns out the
+whole blinking stuff WAS THE STUPID OS DOING THIS AS A
+"HEARTBEAT". So I broke my Raspberry Pi which serves
+my whole network as a DNS server for nothing).
+
+So anyway, I installed Proxmox, fiddled around with it, got
+PiHole running in a container, everything is fine.
+
+Since, as the same time, I changed to work-from-home, I wanted
+to isolate the work PC. With VLANs. After a lot of head scratching
+and internet research, I still couldn't find out how to properly set
+up VLANs with Proxmox. (I already had a managed switch at that point).
+
+I ended up with this setup initially:
+
+ +--Proxmox---
+ |
+ |
+ +-eno1 ------- vmbr0 --- VM*/container
+ | |
+ | +- eno1.20 - vmbr1 --- VM*
+ |
+ * I decided to run OpenWRT
+
+With vmbr1 being a "VLAN aware bridge", because, obviously,
+I wanted to use VLANs, so I have to use it, right?
+
+Well, after a *lot* of experiments, internet research, and
+a seemingly wrong answer on StackExchange stating
+"If you attach a network interface on a bridge, you can't
+use VLANs anymore" (maybe I read it wrong) it turns out,
+this is not necessary.
+
+Just throw the vmbr0 into the VM, and do the VLAN separation
+inside there. Good enough for my use case. Although I understand
+that's probably "bad" because "rogue VMs/containers" could access
+the traffic they shouldn't see. But like I said, I don't consider
+that to be a problem.
+
+Meanwhile, I consider replacing my current router (FritzBox) with
+the virtualized OpenWRT router, but have no idea how to properly
+implement that, I also want to avoid the migration headache
+(I either need to put the FritzBox into another network / address
+space, or reconfigure my whole network). Also, I probably should
+consider whether I want to do that "exposed host" stuff on the
+FritzBox so I only have one NAT. Bearing in mind OpenWRT installed
+by a n00b like me inside a virtualization software being practically
+"open on the internet" is not a good idea.
+
+Not to mention I also had a look at OPNsense, but found it too
+confusing and overloaded for now.
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-21 22:22:30 +0000