Treedav

joined 1 year ago
[–] [email protected] 2 points 11 months ago (1 children)

Wow, that was a highly relevant thread! Feels like my search skills were lacking to not have come across that.

Seems like I'm only a couple of adjustments away from getting this working, so I'll give you some peace now. Thank you so much again for your time and advice!

[–] [email protected] 2 points 11 months ago (3 children)

When you ping google.com, does this resolve as Google's v4 or V6 address

It's definitely returning the v4 address each ping.

Which rule was this? But more importantly, in the Wireshark trace, does any traffic at all from 192.168.10.1 show up as a source IP?

The "only allow access to internet" rule on the gaming interface which encapsulates the firewall alias I set as "privatenetworks" that included the LAN and gaming nets. As far as wireshark, I do see traffic from 192.168.10.1 as a source! Being totally fresh with you on the ARP broadcasts, with my current understanding, I don't know if I'm picking it out right. I do see broadcast requests coming from my laptop to 192.168.10.1 via DNS with responses of AAAA ipv4only.arpa.

To be clear, are you running 1 Gbps on the OPNSense interface and on all the switch ports?

OPNSense has a 2.5 Gbps connection to from the modem to 2.5 Gbps port on the box itself. Then the switch that is connected to the LAN on both the OPNSense interface and the switch port are both 2.5 Gbps. The remainder of the ports on the switch are all also 2.5 Gbps capable, but there are some ports occupied by devices that only support a max of 1 Gbps.

I did test the vlan by disabling ipv6 entirely and bam! All traffic flows no problem. Certainly a quick fix, but for no reason other than looking to understand and learn, I do want to get it working. I've got both LAN and the vlan set to track interface, and originally, both to allow manual adjustment of DHCPv6 and router advertisements. That seems to work no problem on the LAN with a prefix ID of 1, passes all ipv6 tests. On the vlan, though, prefix ID of 2, I do get the expected ipv6 leases with the corresponding ID, but it can never pass the ipv6 tests.

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago) (5 children)

Really appreciate your help on this!

I've been messing with wireshark, but I'll admit I'm not super sure how to interpret it all. Biggest thing standing out is some TCP retransmission packets, but nothing jumping out as an immediate failure. I realized I'm having similar difficulties across devices I test on the vlan. I've been using my laptop, and I can ping things like google.com or just the DNS of 8.8.8.8 no problem. I can't ping the static router address of 192.168.10.1, but I think that's because of the rule I have in place that includes all private networks, which includes the vlan net. I also realized that on the interfaces overview section, I've got 1 collision error on the LAN, and 2 in/out errors on the vlan on the out side, but I'm not sure how to assess those. Also correct that I am getting the expected DHCP assignments on the vlan side.

[–] [email protected] 2 points 11 months ago (7 children)

I'm familiar with wireshark, but don't have so much hands on experience with it. I'll give it a shot and see the type of responses I'm getting back from the afflicted machine.

In a the meantime, here's some of the firewall rules I have set on the interface itself as well as some floating rules. I'm following the recent guide from home network guy to set this up.

[–] [email protected] 2 points 11 months ago (9 children)

Hey! Thanks so much for the response.

So correction again, I do have vlan10 assigned with an IP of 192.168.10.1/24, so that does appear correct.

I have enabled ipv6 on both the vlan and the main LAN. I get assigned leases on both with the correct prefix I have set, and I have a requested prefix delegation of /60 on the WAN side, which also appears to have applied correctly. LAN I can pass all ipv6 tests, but the vlan I'm never able to pass any of the devices.

[–] [email protected] 1 points 11 months ago

Edit: so correction, the android and iphones can resolve certain domains, but I get timeouts with others. I'm running unbound as as the local resolver and have set the rule to allow traffic from the vlan to the DNS port.

 

Hey All,

Having a bit of trouble with my network setup. I'm mostly a noob with very light understanding of what I'm working with, so bear with me.

I've got my opnsense box setup with mostly defaults set for rules. The opnsense box is hooked directly to an MB8611 modem on the WAN interface, with LAN interface running to an 8 port managed netgear switch on port 1 of the switch. I have port 2 of the switch hooked up to a vlan-aware access point. Other ports are occupied by physical links to some servers.

Everything on LAN works fine, including the access point. I have the access point setup with 3 SSIDs, all that can connect clients no problem. Some of the clients on the network are game consoles/gaming PCs that run into connectivity issues with some titles, I believe because of a strict NAT. Rather than just assigning outbound rules by static addresses, I opted to create a VLAN to house all gaming devices and segment them from the network. I don't need them to talk to each other or other devices.

I have created VLAN10, assigned it a gateway address of 192.168.10.0/24, setup DHCP and assigned the LAN as the parent interface. I created a new SSID on the access point and gave it the VLAN 10 tag. All of the ports on the switch are now assigned to default vlan1 with untagged traffic, and then ports 1 and 2 are assigned to vlan 10 with tagged traffic. Testing with an iPhone, this works totally fine. I get assigned the correct leases and can make outbound connections to the internet. Testing on a windows 11 gaming PC, previously connected to an untagged SSID and now switched over to the tagged SSID, I am unable to make outbound connections to the internet. Another android device that I connected with to the new SSID also worked fine, so I'm not sure what's up with this PC. I haven't tested other gaming devices yet.

Any ideas on what I'm doing wrong here?

[–] [email protected] 1 points 1 year ago (5 children)

I'd definitely prefer to have gone the AMD route for these, but N200 isn't that awful, no? At least comparable to some Skylake gens? Not that that's amazing in the modern day, but I'd say still capable enough with the included specs to not be too bogged down by some of the lighter distros.

Better off with a Chromebook 10/10 times if you need something low powered, but I think it's an interesting entry to the hardware space.

[–] [email protected] 55 points 1 year ago (22 children)

I'm not sure on Starlab's background or people's stance on them, but I think this looks pretty nice.

Coreboot, 3:2 aspect ratio, magnetic keyboard, aluminium finish, I'd say makes this a pretty compelling alternative to a surface. Specs aren't super beefy, but I don't think they need to be in this form factor. Introductory price on this seems nice, too.

[–] [email protected] 1 points 1 year ago

Man, thanks so much for these.

Thankfully, most of my shares are datasets on the array, so I can snapshot, but I'm still only lightly familiar with how that works.

I gave truenas a shot originally, but I had a helluva time getting docker images working there. I'm mostly just trying to host my media server right now on this box and found UnRAID much more friendly for that.

8
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

Hey All,

Newbie selfhoster here trying to figure out next best steps for my UnRAID install. Essentially, I got a little overzealous in my setup and didn't quite provision things optimally, so I'm hoping to avoid having to start completely from scratch.

My drives: 2x8tb HDD, 2x14tb HDD, 1x1tb Nvme SSD, 1x2tb Nvme SSD

Array: all 4 HDDs, 1 parity, all formatted in ZFS

ZFS Pools: 1tb is standard UnRAID cache drive, 2tb is a slog (not certain if I'm using this term right; it's used as temp storage for downloads before data gets moved to the array)

My issue: didn't realize that the array in UnRAID doesn't allow for actual zpool/raid configuration, so writes to the array are pretty slow. I want to speed it up.

What I want to do: move the 2x8tb HDDs off the array, wipe them, reconfigure them into a new pool in raid0 (insert equivalent z-term for ZFS here). Leave the 2x14tb HDDs in the array, keeping the 1 that's there as parity.

My existing data: currently in the array, solely on the 14tb HDD not being used for parity. Nothing incredibly important, just media files and about 200gbs worth, but I'd like to keep that in tact.

My question(s): Because I have no data on the existing 2x8tb HDDs that are in the array, can I safely move them off the array and wipe them without concern for my data that currently exists on the array?

Will I have to rebuild the parity drive?

Should I preclear the drives I am looking to wipe?

Any other potential concerns I'm overlooking?

Sorry for going full noob on you all. I've been reading docs for what feels like a better part of a week, watching the guides, and I guess I'm just slow on the pickup and looking for some layman guidance. Also, sorry if this isn't the right place to ask. I've got a secondary backup solution available, so I'm not worried about ZFS and it's relatively new intro to UnRAID.