|
Bit the bullet and decided to build a Raspberry Pi for network use at home. Got a Raspberry Pi 4 w/ 4 gigs of memory and a 64 gig memory card for the OS and storage. That being said, is there a go to guide or resource for setting up a Pi Hole? Also, what else can I do with this thing? I’m running a Ubiquiti AmpliFi HD network at home, anything I need to know before hand to avoid pitfalls?
|
#
?
Mar 6, 2020 18:36
|
|
|
|
| # ? May 14, 2024 21:36 |
|
|
Set a static IP from your router, paste in the install command from their website, follow the prompts, and set the aforementioned IP as the DNS server for your network. I don’t know if your setup may need special steps, but that should about do it.
|
|
#
?
Mar 6, 2020 18:47
|
|
|
Beverly Cleavage posted:What would you do here? To echo what others have said, pull more cable than you need while you're at it, might as well put something in every bedroom even if you don't see a need for it now. Even if you just hide it in the walls without terminating in a wall jack. Two cables to one location is just as easy as a single cable, and may save you from needing a switch there later. Definitely put things in a rack, and I would definitely consider just getting a rack mount POE switch to go alongside the whatever normal switch is serving the house. While the APs come with injectors, it is so much cleaner to use a POE switch. Also makes other things, like POE-fed 8-port switches to serve home theater stuff, etc easier.
|
|
#
?
Mar 6, 2020 19:11
|
|
|
Flail Snail posted:Has anyone had experience with Calyx Institute? Seems like it'd be a good choice for residential LTE. I've had a membership with them for the last several years, and have used it for home internet in a pinch, but mostly use it while traveling. the only caveat is that you are locked into the hardware provided by the company handling the LTE contract for them, Mobile Citizen. so you can't just drop the SIM into any old LTE modem or hotspot with an ethernet port. I've had decent success using a TP-Link travel router in client mode to connect to my hotspot and pass the connection on to my regular network stack and APs. It does up the latency because of an additional hop over WIFI but it is serviceable for browsing or streaming.
|
|
#
?
Mar 6, 2020 19:46
|
|
|
Flail Snail posted:Has anyone had experience with Calyx Institute? Seems like it'd be a good choice for residential LTE. just be warned that orgs like Calyx are at Sprint's mercy: https://stopthecap.com/2017/10/23/4gcommunitys-sprint-powered-4g-lte-service-shutting/
|
|
#
?
Mar 6, 2020 19:52
|
|
|
ROJO posted:To echo what others have said, pull more cable than you need while you're at it, might as well put something in every bedroom even if you don't see a need for it now. Even if you just hide it in the walls without terminating in a wall jack. Two cables to one location is just as easy as a single cable, and may save you from needing a switch there later. This is a very good point. Rather than using dumb switches for media center or whatever, you can use the tiny baby Unifi POE powered ones and have it be nice and clean.
|
|
#
?
Mar 7, 2020 03:56
|
|
|
Warbird posted:I have a few services running on my home network that I’d like to access remotely. I already have a staticIP service and an OpenVPN server running so that all works great. I’d like to have a password protected portal so I could hit these services from any machine instead of just ones VPN’d into the network (with proper credentials of course) any suggestions of where to start on this? Please, no. Don't do it.
|
|
#
?
Mar 7, 2020 10:21
|
|
|
I have a TP Link Powerline setup to get internet from my modem downstairs to an office upstairs (wifi reaches, but it's pretty slow & inconsistent). It worked great until the other day, when the Powerlink LED on both units started flashing red and green, indicating a poor connection. Speeds used to be quite good, but they've now slowed to a crawl. Nothings changed in the wiring and we haven't added any appliances etc, so I'm not sure why the connection would suddenly poo poo the bed. I'm going to try moving them to different outlets, anything else I should look for or try? Edit: the network goes modem -> router -> Powerlink; Powerlink -> PC, all on Cat6. Toebone fucked around with this message at 15:11 on Mar 7, 2020 |
|
#
?
Mar 7, 2020 15:09
|
|
|
Warbird posted:I have a few services running on my home network that I’d like to access remotely. I already have a staticIP service and an OpenVPN server running so that all works great. I’d like to have a password protected portal so I could hit these services from any machine instead of just ones VPN’d into the network (with proper credentials of course) any suggestions of where to start on this? I can make a huge effort post about why this is a terrible idea. Please do not expose a webserver to the internet in any capacity. How about alternatives. Can you download and run software on these sample computers - ssh is pre-installed on a mac, KiTTy on windows? SSH can be used to setup cheap and easy port forwarding. You should still not just use a password. Email yourself an encrypted key[1] and disable password authentication on your server. Otherwise implement a TOTP[2,3]+password. This could make a cheap and easy way to access those services. You can email yourself the configs you need as well to make this one stop shopping. This is around equivalent security posture to a vpn server. How many files and how large are they? Is this your bespoke porn collection or actual important files? Why not use Google Drive + sync? Google runs a tight ship and doesn't often give out the wrong files to the wrong people. You should still use their modern authentication with TOTP. [1] https://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html - though it appears outdated instructions, you want the hard to brute force method. [2] https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm [3] https://authy.com/ - Anytime you see "use google authenticator" or whatever, use this instead. I promise it will work. For Microsoft you have to click an extra button or two.
|
|
#
?
Mar 7, 2020 18:25
|
|
|
Not sure if this is the right place to ask, but anyways, my parents got a TCL 6 series Roku TV that has wireless AC. I have their home network setup with 2 TP-Link APs — one is AC1350, the other AC1750. The TCL TV is literally right next to the AC1750 AP, and it connects to 5GHz Wireless AC, but I see in the AP controller that the TV's throughput is only 173Mbps. Why is that? The Apple TV box they were using before that was in the same location (that the TV's built-in Roku is now replacing) connected on the same AP/5GHz band at 800+ Mbps. Is the TCL's low speed on Wireless AC 5GHz a limitation of its radio? Or something else in the AP configuration? [edit] I see my parents' Galaxy S10 phones are connected to the same AC1750 AP at 800Mbps now as well. [edit] The AP controller reports the TV's RSSI is -28 dBm. [edit] Also, the 5GHz band for the AC1750 AP is currently set to channel 48, channel width is 20/40/80MHz. teagone fucked around with this message at 21:31 on Mar 7, 2020 |
|
#
?
Mar 7, 2020 21:22
|
|
|
My guess would be that just because it supports AC doesn't mean the chip supports that level of throughput.
|
|
#
?
Mar 7, 2020 22:24
|
|
|
And if it’s next to the router, why not just....plug it in to Ethernet? Or is this a super lovely Wifi-only smart tv
|
|
#
?
Mar 7, 2020 22:54
|
|
|
devmd01 posted:And if it’s next to the router, why not just....plug it in to Ethernet? It's next to a wireless AP, not the router. The router is on the other side of the house. That said, the AP does have an additional ethernet port for bridging. Does that mean I can connect the TV to that? The TV has ethernet, but it's only a 10/100Mbps port. I'm assuming the AC would be faster in this case? Tautulli reports that when playing back a 50+ Mbps 4K bluray remux through Plex, I think it says the required bandwidth is around 115Mbps to ensure no buffering. Unsure of how accurate that reading is, or if that's what that bandwidth number actually means. teagone fucked around with this message at 23:06 on Mar 7, 2020 |
|
#
?
Mar 7, 2020 23:02
|
|
|
Maybe the TV is defaulting to the 2.4ghz band? Some devices, like the Switch, do that and take some coaxing to connect to the 5ghz band.
|
|
#
?
Mar 8, 2020 00:08
|
|
|
A wild guess, but try changing the channel to 36
|
|
#
?
Mar 8, 2020 00:22
|
|
|
I had that issue with my FireTV 4K stick literally last night and took some fiddling to get it to quit trying to connect to the 2.4.
|
|
#
?
Mar 8, 2020 02:42
|
|
|
H110Hawk posted:I can make a huge effort post about why this is a terrible idea. Please do not expose a webserver to the internet in any capacity. How about alternatives. Appreciate the effort post. I honestly just want to view my PiAware ADS-B page that’s being run on my RasPi in my attic. Not sure where we took a left turn into hitting my NAS. That currently requires either A) OpenVPN into a different Pi and hitting it via a browser or B) Portfowarding shenanigans with NOIP; which is bad bad bad bad. I can ssh in just fine and do what I need with my private keys already, it’s viewing this specific page via browser without installing an OpenVPN client that’s the rub. Powershell comes stock with the sag suite these days btw. No need for putty outside of personal preference; Microsoft got weird in a good way over the last few years.
|
|
#
?
Mar 8, 2020 04:08
|
|
|
Warbird posted:Appreciate the effort post. I honestly just want to view my PiAware ADS-B page that’s being run on my RasPi in my attic. Not sure where we took a left turn into hitting my NAS. That currently requires either A) OpenVPN into a different Pi and hitting it via a browser or B) Portfowarding shenanigans with NOIP; which is bad bad bad bad. I can ssh in just fine and do what I need with my private keys already, it’s viewing this specific page via browser without installing an OpenVPN client that’s the rub. I forget powershell has features, didn't know your personal technical ability, and the most common request I see for this is so folks can get at their nas.  SSH + a port forward nets you what you want in a quick and dirty one liner assuming you have the keys. ssh -R 1234:10.1.2.3.4:443 user@bastion as I recall.
|
|
#
?
Mar 8, 2020 04:29
|
|
|
Oh dammit you’re right. I forgot you could do that with the good ol’ ssh command. No worries about the miscommunication, that one’s on me.
|
|
#
?
Mar 8, 2020 06:10
|
|
|
Warbird posted:Oh dammit you’re right. I forgot you could do that with the good ol’ ssh command. No worries about the miscommunication, that one’s on me.  also use -L I am crazy.Protip: Have sketchy internet access? Want to have it come from your home ssh server instead? -D 12345 and you now have a socks proxy on port 12345. Point your OS/browser at it.
|
|
#
?
Mar 8, 2020 16:39
|
|
|
So just to make sure I’m not about to blow’d my rear end out, exposing 22 externally is “””fine””” so long as password based authentication is disabled and I’m using an unique key pair that I set up in advance, no? Ideally I’d put the thing on its own subnet or the like but that may take a bit of doing.
|
|
#
?
Mar 8, 2020 17:31
|
|
|
It’ll still get hammered thanks to automated scans, but disabling keyboard interactive auth is a good move. Also naturally make sure you keep it updated.
|
|
#
?
Mar 8, 2020 17:42
|
|
|
Warbird posted:So just to make sure I’m not about to blow’d my rear end out, exposing 22 externally is “””fine””” so long as password based authentication is disabled and I’m using an unique key pair that I set up in advance, no? Ideally I’d put the thing on its own subnet or the like but that may take a bit of doing. Yup. I would make sure that you schedule updates on it or something, and add fail2ban. It will eventually ban most of the internet.
|
|
#
?
Mar 8, 2020 17:46
|
|
|
I’m biting the bullet on the UDM PRO... any discounts I should know about? I plan to pair it with a craigslist AC PRO and get rid of my crap xfinity router. I’m sure I’ll have a bunch more questions once I start to set it up For now, if I only have a 250mb down plan, a docsis 1.0 cable modem should suffice, right? astral posted:You mean 3.0, right? Yeah, oops... thx namlosh fucked around with this message at 22:51 on Mar 8, 2020 |
|
#
?
Mar 8, 2020 19:48
|
|
|
namlosh posted:I’m biting the bullet on the UDM PRO... any discounts I should know about? You mean 3.0, right?
|
|
#
?
Mar 8, 2020 20:36
|
|
|
H110Hawk posted:Yup. I would make sure that you schedule updates on it or something, and add fail2ban. It will eventually ban most of the internet. Oh for sure, I already have update and restart crons up and running. I’ll take a look at fail2ban.
|
|
#
?
Mar 8, 2020 20:42
|
|
|
H110Hawk posted:Yup. I would make sure that you schedule updates on it or something, and add fail2ban. It will eventually ban most of the internet. Why not just ban all of the internet from the start and only allow the IPs you actually need?
|
|
#
?
Mar 10, 2020 00:15
|
|
|
Set up a wireguard VPN and save the client config to Dropbox or whatever so you can quickly connect from wherever?
|
|
#
?
Mar 10, 2020 00:43
|
|
|
Volguus posted:Why not just ban all of the internet from the start. I agree. Your post and my edit are equivalent in my opinion.
|
|
#
?
Mar 10, 2020 02:21
|
|
|
That would be an excellent proposition if I knew what IPs I might be hitting from. I travel for work so it could be most anything. I’d be down for wireguard, but installing a VPN client would likely lead to some fun questions from the security guys and would likely break Pulse as it he held together by rubber bands at the best of times.
|
|
#
?
Mar 10, 2020 02:29
|
|
|
Warbird posted:That would be an excellent proposition if I knew what IPs I might be hitting from. I travel for work so it could be most anything. I’d be down for wireguard, but installing a VPN client would likely lead to some fun questions from the security guys and would likely break Pulse as it he held together by rubber bands at the best of times. Can your mobile do hotspot? You can wireguard, then hotspot for on demand.
|
|
#
?
Mar 10, 2020 02:57
|
|
|
Warbird posted:That would be an excellent proposition if I knew what IPs I might be hitting from. I travel for work so it could be most anything. I’d be down for wireguard, but installing a VPN client would likely lead to some fun questions from the security guys and would likely break Pulse as it he held together by rubber bands at the best of times. Which is funny given the new information you gave us there. You already seem to know this but for those playing along at home: https://www.cvedetails.com/vulnerability-list/vendor_id-15824/product_id-33650/Pulsesecure-Pulse-Connect-Secure.html
|
|
#
?
Mar 10, 2020 03:25
|
|
|
How do you tell if your modem or router is the problem? The internet has been randomly disconnecting for the entire household (wired and wireless) the past couple of days. I usually have to unplug and plug the power back in to start it up again. Internet was stable before this. The internet technician came in and tested the coaxial cable with his handheld machine thing. He said the internet is fine and the issue lies with either my router or modem. I have a sb8200 with an Archer c5 + unifi ap-ac lite. The routers about 4 years old and the modem+ap is about a year and half old.
|
|
#
?
Mar 10, 2020 18:16
|
|
|
What exactly are you power cycling that fixes the issue?
|
|
#
?
Mar 10, 2020 18:23
|
|
|
poe meater posted:How do you tell if your modem or router is the problem? The internet has been randomly disconnecting for the entire household (wired and wireless) the past couple of days. I usually have to unplug and plug the power back in to start it up again. Internet was stable before this. Run a constant ping to 8.8.8.8 (or some other internet address that will respond) in one window, and another to your router, then wait for the outage and see which ping starts timing out. If it's just the internet one, it's probably the modem. If it's both, it's probably the router. EDIT: If just power-cycling the modem fixes it, I would definitely start there. Inspector_666 fucked around with this message at 18:35 on Mar 10, 2020 |
|
#
?
Mar 10, 2020 18:28
|
|
|
I just pull the power plug directly from the back of the cable modem and plug it back in immediately. I don't bother waiting anymore. Seems to work I'm at work but I'll update you when I get home. Appreciate the quick responses guys.
|
|
#
?
Mar 10, 2020 18:29
|
|
|
In that case, you could go the cheap route and pick up a modem from your provider and use that temporarily, If you don't have any more issues then you can probably just get a new modem, if you still have issues then your router may be the problem.
|
|
#
?
Mar 11, 2020 03:45
|
|
|
Got a weird issue/question that I hope you all can help with. My wife and I have AT&T Fiber and our home network is AT&T Gateway -> Eero Pro -> our devices As of some point today, my devices no longer load certain websites (Twitter and Dropbox are two). When I run a ping test on the 192.168.1.254 configuration/diagnostic page, I get 100% packet loss for those websites which tells me that it has something to do with the AT&T router’s configuration. When I turn off WiFi and use cell service, the sites work. For some reason though, my wife’s phone and computer work fine (same WiFi network, phone set to airplane mode to ensure that WiFi is being used). What could possibly be the issue? Thanks for the help!
|
|
#
?
Mar 11, 2020 05:56
|
|
|
H2SO4 posted:In that case, you could go the cheap route and pick up a modem from your provider and use that temporarily, If you don't have any more issues then you can probably just get a new modem, if you still have issues then your router may be the problem. Surprisingly I had no issues last night. But I do have an old cable modem lying around. I'll swap it out and see how it goes. Thanks.
|
|
#
?
Mar 11, 2020 14:02
|
|
|
|
| # ? May 14, 2024 21:36 |
|
|
illcendiary posted:Got a weird issue/question that I hope you all can help with. Do a traceroute to those pages, if it's dying somewhere in the providers network (e.g. more than a couple of hops out) then there's nothing you can do except raise it with ATT. Is it possible that a content filter has been enabled?
|
|
#
?
Mar 11, 2020 14:06
|
|
