The new forums will be named Coin Return (based on the most recent
vote)! You can check on the status and timeline of the transition to the new forums
here.
The Guiding Principles and New Rules
document is now in effect.
Helping You Build A Better [Home Network]
Posts
So, when I set up my Christmas lights, I put the smart plugs on the guest network for the time they're going, to reduce the access that they have to the overall network. Most of my other smart devices are connected to the main network, mainly because they are a) either within the house or b) are in protected enclosures outside.
As for brands, I tend to stick with ones with significant presence, and stay away from ones that I've heard little about.
"dnsmasq-dhcp[464]: not giving name localhost to the DHCP lease of 192.168.1.XX because the name exists in /etc/hosts with address 127.0.0.1" (this is not the precise message since I've resolved the issue so I copied this from a forum describing the issue)
after some google searching, apparently this is an old issue going back as early as 2015 where samsung devices give themselves a hostname of localhost which is generally reserved for loopback and it was making pihole angry, but never really knew about it till this update brought it to my attention more visibly.
Samsung has apparently ignored this issue and the workaround is to go into pihole or whatever is acting as your DHCP server and set up a static DHCP assignment where you can give it a different DNS name.
Enlist in Star Citizen! Citizenship must be earned!
https://steamcommunity.com/profiles/76561197970666737/
Just needed to type it out apparently. Eero would control 2.4 and 5Ghz.
How does data flow between devices attached to the switch in this scenario? Let's say I am streaming a movie from a NAS to a TV and they are both connected to the switch. Does the data only flow through the switch? Or does it go all the way out through the router and back?
It would only go to the switch, because the packets would point specifically to the MAC and IP addresses for the devices, and the switch is smart enough to make sure that the packets go to the right device.
In general, TCP/IP networks work by having nodes like your switch try to figure out if an incoming packet can be handled at their level or needs to be sent upstream to be handled by devices up the chain. These networks use a hub and spoke topology, which is why plugging a switch into itself (and this happens more often than you think) will bring a network to its knees.
1) Subnet mask. If your devices are on the same subnet, they are going to handle everything through the switch using MAC addresses after looking up the MAC that your PC's IP is at. If they in different subnets, they would forward via the switch to your router.... POSSIBLY out further if your network is really screwy.
2) VLANs: You are incredibly unlikely to have these with an unmanaged switch (But I've seen sillier). These are technically not a routing/etc domain, but can force traffic up to a/the router. Generally speaking, you CAN do the same subnet split over vlans, but... it's a bad idea. Generally speaking you will be using big boy hardware before you get to that point and have a very specific reason.
Instead, my recommendation is to set up your own recursive DNS lookup server using unbound - the Pi-Hole folks have an excellent guide on getting unbound up and running on your Pi-Hole.
Would a newer router have any benefits over the old one? Have there been improvements in utility, speed or security?
We're with 2 wired PCs, 3 phones, 1 TV and 1 tablet on our network. Our modem is in bridge mode with the router handling all traffic. We currently have a ASUS RT N12.
Blizzard: Pailryder#1101
GoG: https://www.gog.com/u/pailryder
Short answer: Yes.
Longer answer: A new router will have more power under the hood, be running newer Wi-Fi protocols, and have continued support.
Haven't done a whole lot of testing but it's been good stuff so far. You can have it either as an actual router, or an access point behind an existing router.
Blizzard: Pailryder#1101
GoG: https://www.gog.com/u/pailryder
At some point I want to do port forwarding because I'm a nerd with a Kubernetes cluster in my apartment, but so far it's been working great.
Conversely what is the preferred Mesh system currently and is they a reason I should use one over the other? Overall area in <2000 sqft., one story but I think the walls were made fairly thick based on cell service I get inside vs outside of the house.
And on that note, Cloudflare Tunnel is pretty awesome and I don't have to bother with opening and forwarding ports.
Well, other than that whole "defending bigotry" thing the company has for some unfathomable reason.
As I said before, Pi-Hole will run on almost anything, as it has a modest footprint. The reason why the Pi 4 is recommended is because it has native gigabit Ethernet, which is important because this is going to be network infrastructure that sees a lot of traffic, especially if you're using it for both DNS and DHCP.
Edit: You'll also want to run unbound (a lightweight recursive DNS resolver based on BIND) as well to completely bring DNS resolution in house.
Edit 2: For what it's worth the 2GB RAM Pi 4 is what Pi-Hole is running on here at Casa Hedgie.
Those kits give you everything you need for your Pi to run - including a case, power supply, cooling, and such.
I am finally moving into an apartment with (Ziply) fiber instead of cable.
If I want to do it myself instead of waiting 2 months for an installation appointment, what am I looking at?
A router plus some cable? Right?
I've got an old desktop, a laptop, tv, and an X-Box. Laptop (and my phone of course) will need to connect on wifi, but I'd like to wire te the rest physically.
Any suggestions? Router I should get/stay away from? Things to do? Things to stay away from?
Please don't let me walk into this like an idiot!
So, fiber is a very different beast than cable, and actually connecting the fiber is not something you can do yourself. That said, what you need to find out is how the connection is being done - some apartments will have individual fiber connections, others might have a main fiber trunk that gets routed out centrally to units. Without knowing exactly how this is set up, I can't give you specific information on your use case.
That said, fiber is "similar" to cable in that once installed, you'll have a fiber-Ethernet converter that works like a cable modem (though it's possible that you may not see it if your apartment has everything centralized.) You'll connect your router's WAN port to that, and that will provide your network with external connectivity.
A crimp in the plan, it seems.
I currently have one NAS that also serves a bunch of apps, plus one small Kubernetes cluster running on a bunch of Raspberries. I'm at the stage where I'd like to have some of the admin UIs reachable from the big scary internet -- NAS file data optional, but nice to have.
...so I guess it's time for an actual non-Baby's First Firewall firewall. This is where I'm drawing a blank, because networking is pretty uncharted territory for me.
I've heard WireGuard being thrown around every here and there. Yes? No? Yesno? What hardware to look at?
So, you want to roll your own, or go with an actual turnkey solution? If the former, there are dual-NIC NUCs designed for slapping pfSense on and calling it a day. If you'd prefer dealing with a vendor who supplies things like actual support, Ubiquiti is popular - my lead had shown off his (frankly overkill) home setup using their gear to me.
Had a quick question though, if I am just using this as a DNS server with Google WiFi how Johnny on the spot do I have to be if my Pi were to let its magic smoke out? Would it just be going into the Google Home network settings and changing the DNS server back to default or will there be lots of black magic to perform? I have this on the same UPS as my Synology NAS so it'll be pretty safe but I had seen some stuff online where using it as a DHCP server and having it fail could be problematic but I may have misunderstood the issue.
Okay, so DNS and DHCP are two different beasties that do two different things:
* Domain Name Service (DNS): This is the system that allows fully qualified domain names (FQDNs) to be dynamically translated to IP addresses so that you can actually go to the website you asked for. It's also how Pi-Hole does its black magic, as it uses DNS to intercept and kill calls to blacklisted domains. If your Pi-Hole goes down, you would only need to tell your router to inform devices what the DNS settings are (I would recommend Quad9 for an upstream provider if you're not going to run your own recursive DNS server.)
I've discussed How DNS Works in other posts in the thread, if you want to understand what's happening under the hood.
* Dynamic Host Control Protocol (DHCP): This is a way to dynamically allocate IP addresses from a pool - it was originally designed to allow for a small pool of IP addresses to be used more efficiently among a larger set of machines that may not always need a connection, but has basically become How To Handle IP Allocation Period because it's a single turnkey solution to setting up IP addresses. If your DHCP server goes down, you won't see issues right away, but as address leases expire, your devices will no longer be able to connect as they won't have IP addresses. Again, you can just turn on your router's DHCP server in that case.
That said, there's no issue with having your Pi-Hole serve as both (and it's designed to be able to.) However, anything that is part of your network's core structure, like the router, the Pi-Hole, your NAS - those should not be on DHCP, but instead have a static route - their IP address should be manually and permanently assigned. In addition, with your devices on static routes, you can use Pi-Hole to assign them local FQDNs to reach them (i.e. I can get to my router via "router.hedgienet" at home) through the web interface.
Do you use your pi to VPN into your network as well or do you leave it closed off? I came across that on the pihole subreddit and it seems neat but on the other hand I can't think of a reason I'd want to VPN into home since I can already get into the NAS and the smarthome type stuff... and while using the pi hole on the VPN to filter ads on the go might be a fun party trick I imagine it wouldn't be worthwhile.
That's unusual, as the router needs to have a static route, given that the address of the router is the gateway address. And yeah, that's part of why I wouldn't use a Google router - I want full control of my network.
I leave it closed, because the simple truth is that any hole you punch in your network firewall a) makes it less secure and b) adds more management work for you.
As I said before, Ubiquti is pretty much where you go once you need to go past consumer grade gear and want a turnkey solution.
https://steamcommunity.com/profiles/76561197970666737/