Recent Posts

11

Troubleshooting / Re: Network novice - 2 private networks question

« Last post by tudo on January 28, 2023, 12:22:20 AM »

I have inserted my personal router after the building's network.  I now need some advice how to access the Internet from the LAN clients on my personal router.  The WAN port of my personal router has an IP of 10.31.1.166 and i have set the DHCP server on the LAN side to allocate clients from 172.16.0.1 range.  I did this to ensure my private network to have isolation from the building's private network.

How do i configure the router so the 172.16 clients use the 10.31.1.166 address to access the Internet or is this even possible?  I have tested the building's Internet access by plugging the cable from their wall socket into a PC and could browse the Internet successfully.  Thanks.

12

Troubleshooting / Re: Network novice - 2 private networks question

« Last post by Home Network Guy on January 26, 2023, 10:36:36 PM »

Yes, if you use your own consumer grade router, you will have an isolated network.

You will also be double NATed. Double NAT is not a feature that has to be supported by the router. Instead it simply means that router 1 has NAT enabled and router 2 which is plugged into router 1 also has NAT enabled. Any devices plugged into router 2 will be behind 2 NAT firewalls.

For the most part, double NAT will work just fine especially for browsing the Internet or using cloud based services (since they are often designed to allow internal/external access to private networks behind NAT firewalls).

The big problem people always talk about with double NAT is it makes it harder for others to access your devices. That may not sound bad but it can cause issues with gaming or other services where users are trying to connect directly to your system/device. Some users use encrypted tunnels using Cloudflare or other providers in order to access their internal network remotely and securely.

13

Troubleshooting / Network novice - 2 private networks question

« Last post by tudo on January 26, 2023, 08:59:45 PM »

I moved into a new location that has a service provider that only allows their infrastructure, and users are on a common ssid for wireless.  When I plug into the wired ports, I am given a private ip address but have no idea if I’m sharing the same subnet as others on my floor.

My problem is I want to use my NAS (it’s wired only) and ensure only my wired and wireless devices can see it.  I have an unused wireless router that I can reuse, but can I insert the router after  the building Ethernet to create my private network before it goes to the building’s private network?  Wouldn’t that be double NATing?  Do home routers even allow this?

Any help on building my network is appreciated.

14

Troubleshooting / Re: Slow network file transfer

« Last post by Home Network Guy on January 13, 2023, 08:50:08 AM »

This indeed sounds strange especially since you can download from the Internet faster than you can transfer files between your computers. The speeds should be much greater than that.

From a network perspective, I can't think of any reasons why that would happen, but I did find a page talking about slow file transfers (between 2 disks or over the network) which affects Windows 10/11. There is a long list of items that can cause that. It may be worth checking out to see if this is a Windows 11 problem caused by one or more issues.

15

Troubleshooting / Slow network file transfer

« Last post by PickyBiker on January 12, 2023, 12:31:41 PM »

The attached image describes what is on my home WiFi network.
I have a 50mb fiber internet connection to the house.
Each PC is running Windows 11
Each PC is less than 35' from the router with only 1 wall between each PC.
Each PC shows the full 4 bars of signal strength.
Each of the PCs can download files from the internet and double-digit MB speeds.

The problem is file transfers from PC to PC happen at speeds of 5-60 KB. This is true whether I use 2.4g or 5g connections. Everything I know to check seems okay. All IPs are automatically assigned.

What can I check to speed the PC to PC file transfers?

16

Troubleshooting / Re: [OPNSense]Routing for host with IPVLAN network

« Last post by Home Network Guy on November 02, 2022, 02:22:59 PM »

I have not personally use IPVLAN in Docker, but after looking at it, I think I would like to learn about it in more detail and write about it since it could be an interesting topic.

From what I gather, using IPVLAN allows you to separate your Docker containers into separate VLANs. If I correctly interpreted what I read on Docker's website, you might not need static routes but instead you should configure the switch port that your Docker server is connected to as a VLAN trunk so that you can use VLAN tags/IDs to isolate traffic on the appropriate VLANs. If your Docker server is plugged directly into OPNsense, you would need to ensure the VLANs are configured on that port on OPNsense.

17

Troubleshooting / [OPNSense]Routing for host with IPVLAN network

« Last post by C18uj8Ms on November 01, 2022, 10:29:13 AM »

Hi HNG,
Thanks a bunch for the awesome material. I am configuring and learning my OPNSense router and I frequently refer to your pages.
I am trying to use a bunch of docker containers on a Raspberry Pi with their own IP address and I decided to use IPVLAN to have maximum control.
I have added a static route on OPNSense which specifies the Pi as a gateway for the subnets on the IPVLAN network even though there is an advisory note that says

Do not enter static routes for networks assigned on any interface of this firewall. Static routes are only used for networks reachable via a different router, and not reachable via your default gateway.

This largely works apart from the fact that my SSH connection keeps dropping. When FW optimizations are set to normal it lasts 30 seconds (same as the expiration value on Diagnostics-> Sessions) or 900 seconds for conservative.
Am I missing some setting?
Would it be possible to sort of recreate the static route with a firewall rule? Could this potentially solve my problem?
Cheers

18

Home Lab/Network Memes / Oonsense is blocking my mi app from connecting to the ax9000 router

« Last post by Witcher on September 05, 2022, 11:42:55 PM »

I am not able to connect my mi app to router my mobile is 10..242 in logs I see ports blocked is it normal what is the solution

19

Security/Advisories / Plex Media Server Breach

« Last post by Home Network Guy on August 24, 2022, 02:48:24 PM »

One of the databases containing Plex user account information was breached. The subset of affected data is emails, usernames, and encrypted passwords. A password reset has been enforced by the Plex security team. Below is the full transcript:

Dear Plex User,

We want you to be aware of an incident involving your Plex account information yesterday. While we believe the actual impact of this incident is limited, we want to ensure you have the right information and tools to keep your account secure.

What happened

Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset. Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable in this incident.

What we're doing

We've already addressed the method that this third-party employed to gain access to the system, and we're doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions. While the account passwords were secured in accordance with best practices, we're requiring all Plex users to reset their password.

What you can do

Long story short, we kindly request that you reset your Plex account password immediately. When doing so, there's a checkbox to "Sign out connected devices after password change." This will additionally sign out all of your devices (including any Plex Media Server you own) and require you to sign back in with your new password. This is a headache, but we recommend doing so for increased security. We have created a support article with step-by-step instructions on how to reset your password here.

We'd also like to remind you that no one at Plex will ever reach out to you to ask for a password or credit card number over email. For further account protection, we also recommend enabling two-factor authentication on your Plex account if you haven't already done so.

Lastly, we sincerely apologize to you for any inconvenience this situation may cause. We take pride in our security system and want to assure you that we are doing everything we can to swiftly remedy this incident and prevent future incidents from occurring. We are all too aware that third-parties will continue to attempt to infiltrate IT infrastructures around the world, and rest assured we at Plex will never be complacent in hardening our security and defenses.

For step-by-step instructions on how to reset your password, visit:
https://support.plex.tv/articles/account-requires-password-reset

Thank you,
The Plex Security Team

20

Proposed Network Designs / Communications / Entertainment / Security

« Last post by JW on May 30, 2022, 06:39:48 PM »

Hello,

I am looking for a way to accomplish the following securely:

1. A home network with certificate-based (or otherwise password-less) authentication for users and guests
2. Remote access to a home media server (e.g. Plex), but with the capability to upload video feeds from car cameras, drones, etc.
3. A secure domain for family email, files, etc.

Currently using Netgear Oribi home network on Xfinity. I use Proton VPN since they are Swiss-based, no indication of Chinese affiliation or ownership.

Also interested in using HAMNET with this setup, in case anyone here is into amateur radio.

Crazy, right? Standing by for ideas ...