News:

Welcome to the Home Network Guy forum!

Main Menu

Recent posts

#21
Troubleshooting / Re: Network novice - 2 private...
Last post by Home Network Guy - January 26, 2023, 10:36:36 PM
Yes, if you use your own consumer grade router, you will have an isolated network.

You will also be double NATed. Double NAT is not a feature that has to be supported by the router. Instead it simply means that router 1 has NAT enabled and router 2 which is plugged into router 1 also has NAT enabled. Any devices plugged into router 2 will be behind 2 NAT firewalls.

For the most part, double NAT will work just fine especially for browsing the Internet or using cloud based services (since they are often designed to allow internal/external access to private networks behind NAT firewalls).

The big problem people always talk about with double NAT is it makes it harder for others to access your devices. That may not sound bad but it can cause issues with gaming or other services where users are trying to connect directly to your system/device. Some users use encrypted tunnels using Cloudflare or other providers in order to access their internal network remotely and securely.
#22
Troubleshooting / Network novice - 2 private net...
Last post by tudo - January 26, 2023, 08:59:45 PM
I moved into a new location that has a service provider that only allows their infrastructure, and users are on a common ssid for wireless.  When I plug into the wired ports, I am given a private ip address but have no idea if I'm sharing the same subnet as others on my floor.

My problem is I want to use my NAS (it's wired only) and ensure only my wired and wireless devices can see it.  I have an unused wireless router that I can reuse, but can I insert the router after  the building Ethernet to create my private network before it goes to the building's private network?  Wouldn't that be double NATing?  Do home routers even allow this?

Any help on building my network is appreciated.
#23
Troubleshooting / Re: Slow network file transfer
Last post by Home Network Guy - January 13, 2023, 08:50:08 AM
This indeed sounds strange especially since you can download from the Internet faster than you can transfer files between your computers. The speeds should be much greater than that.

From a network perspective, I can't think of any reasons why that would happen, but I did find a page talking about slow file transfers (between 2 disks or over the network) which affects Windows 10/11. There is a long list of items that can cause that. It may be worth checking out to see if this is a Windows 11 problem caused by one or more issues.
#24
Troubleshooting / Slow network file transfer
Last post by PickyBiker - January 12, 2023, 12:31:41 PM
The attached image describes what is on my home WiFi network.
I have a 50mb fiber internet connection to the house.
Each PC is running Windows 11
Each PC is less than 35' from the router with only 1 wall between each PC.
Each PC shows the full 4 bars of signal strength.
Each of the PCs can download files from the internet and double-digit MB speeds.

The problem is file transfers from PC to PC happen at speeds of 5-60 KB. This is true whether I use 2.4g or 5g connections. Everything I know to check seems okay. All IPs are automatically assigned.

What can I check to speed the PC to PC file transfers?
#25
Troubleshooting / Re: [OPNSense]Routing for host...
Last post by Home Network Guy - November 02, 2022, 02:22:59 PM
I have not personally use IPVLAN in Docker, but after looking at it, I think I would like to learn about it in more detail and write about it since it could be an interesting topic.

From what I gather, using IPVLAN allows you to separate your Docker containers into separate VLANs. If I correctly interpreted what I read on Docker's website, you might not need static routes but instead you should configure the switch port that your Docker server is connected to as a VLAN trunk so that you can use VLAN tags/IDs to isolate traffic on the appropriate VLANs. If your Docker server is plugged directly into OPNsense, you would need to ensure the VLANs are configured on that port on OPNsense.
#26
Troubleshooting / [OPNSense]Routing for host wit...
Last post by C18uj8Ms - November 01, 2022, 10:29:13 AM
Hi HNG,
Thanks a bunch for the awesome material. I am configuring and learning my OPNSense router and I frequently refer to your pages.
I am trying to use a bunch of docker containers on a Raspberry Pi with their own IP address and I decided to use IPVLAN to have maximum control.
I have added a static route on OPNSense which specifies the Pi as a gateway for the subnets on the IPVLAN network even though there is an advisory note that says
QuoteDo not enter static routes for networks assigned on any interface of this firewall. Static routes are only used for networks reachable via a different router, and not reachable via your default gateway.
This largely works apart from the fact that my SSH connection keeps dropping. When FW optimizations are set to normal it lasts 30 seconds (same as the expiration value on Diagnostics-> Sessions) or 900 seconds for conservative.
Am I missing some setting?
Would it be possible to sort of recreate the static route with a firewall rule? Could this potentially solve my problem?
Cheers
#27
Home Lab/Network Memes / Oonsense is blocking my mi app...
Last post by Witcher - September 05, 2022, 11:42:55 PM
I am not able to connect my mi app to router my mobile is 10..242 in logs I see ports blocked is it normal what is the solution
#28
Security/Advisories / Plex Media Server Breach
Last post by Home Network Guy - August 24, 2022, 02:48:24 PM
One of the databases containing Plex user account information was breached. The subset of affected data is emails, usernames, and encrypted passwords. A password reset has been enforced by the Plex security team. Below is the full transcript:

QuoteDear Plex User,

We want you to be aware of an incident involving your Plex account information yesterday. While we believe the actual impact of this incident is limited, we want to ensure you have the right information and tools to keep your account secure.

What happened

Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset. Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable in this incident.

What we're doing

We've already addressed the method that this third-party employed to gain access to the system, and we're doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions. While the account passwords were secured in accordance with best practices, we're requiring all Plex users to reset their password.

What you can do

Long story short, we kindly request that you reset your Plex account password immediately. When doing so, there's a checkbox to "Sign out connected devices after password change." This will additionally sign out all of your devices (including any Plex Media Server you own) and require you to sign back in with your new password. This is a headache, but we recommend doing so for increased security. We have created a support article with step-by-step instructions on how to reset your password here.

We'd also like to remind you that no one at Plex will ever reach out to you to ask for a password or credit card number over email. For further account protection, we also recommend enabling two-factor authentication on your Plex account if you haven't already done so.

Lastly, we sincerely apologize to you for any inconvenience this situation may cause. We take pride in our security system and want to assure you that we are doing everything we can to swiftly remedy this incident and prevent future incidents from occurring. We are all too aware that third-parties will continue to attempt to infiltrate IT infrastructures around the world, and rest assured we at Plex will never be complacent in hardening our security and defenses.

For step-by-step instructions on how to reset your password, visit:
https://support.plex.tv/articles/account-requires-password-reset

Thank you,
The Plex Security Team
#29
Proposed Network Designs / Communications / Entertainment...
Last post by JW - May 30, 2022, 06:39:48 PM
Hello,

I am looking for a way to accomplish the following securely:

1. A home network with certificate-based (or otherwise password-less) authentication for users and guests
2. Remote access to a home media server (e.g. Plex), but with the capability to upload video feeds from car cameras, drones, etc.
3. A secure domain for family email, files, etc.

Currently using Netgear Oribi home network on Xfinity. I use Proton VPN since they are Swiss-based, no indication of Chinese affiliation or ownership.

Also interested in using HAMNET with this setup, in case anyone here is into amateur radio.

Crazy, right? Standing by for ideas ...

#30
Tech Discussions / Re: Use Static Routing to Seco...
Last post by cmonty14 - April 21, 2022, 05:22:08 AM
And now I'll open the more specific questions.

But I'll try to describe my home network first...

In my network there is

This ISP router has only some features that could be helpful, e.g. static routing table, open ports to WAN of specific clients connected to LAN.

Any router has multiple ethernet ports.
I'm planning to install OpenWRT on Mikrotik hEX S and OPNsense on gateprotect GPO 150.
Generally I was thinking about a setup like this:
Internet > ISP router (= modem & router)
ISP router > OpenWRT router
OpenWRT router > DMZ Switch
OpenWRT router > OPNsense router
OPNsense router > LAN Switch

This means the DMZ is in between external and internal firewall. To my understanding this is a recommended setup to strengthen security.

What makes setup a little more complicated: my ISP offers 2 WAN:

  • static public IP
  • and dynamic public IP

Luckily this ISP router provides bridge-mode for static public IP.
So consequently the OpenWRT router will have 2 WAN ports.

Now here are the questions:
Is it advisable to setup "NAT disabled for homelab" if ISP router only offers static routing, but very limited firewall rules (specific ports can be opened for internal devices connected to this ISP router)?
Is it advisable to use the same subnet for managing any network device's WebUI? Or would this undermine all measures for strengthen security?

The ISP router can only provide 1 subnet (= LAN) that is used for administration.
And WANdynamic of OpenWRT router will be connected to this subnet.
I'm not sure if it makes sense to use this LAN for administration of all network devices then.
Certainly I could use ISP router LAN for administration of this router only and another network for administration of OpenWRT and OPNsense router.

THX