|
Kind of freaks me out running those tiny PIs as DNS servers. Doesn't that slow down internets a lot?
|
#
?
Aug 17, 2018 00:17
|
|
|
|
| # ? Apr 26, 2024 02:08 |
|
|
Armacham posted:Good question. I was going to try running the controller for my tplink access points alongside pihole, so I can at least let you know how that goes. Please, I'm moving into a new house soon and planning on setting up an all unifi network. Would love to only need 1 RPi.
|
|
#
?
Aug 17, 2018 00:19
|
|
|
redeyes posted:Kind of freaks me out running those tiny PIs as DNS servers. Doesn't that slow down internets a lot? The amount of DNS traffic your house makes is not that ... demanding, especially when most of the domains are in cache (since , humans in general, tend to have and prefer and like habits, and habits die hard, and habits include visiting domain X a bazillion times, like this somethingawful.com domain) therefore retrieving an IP from cache is not that time or CPU consuming. While personally I have my gateway handle my DNS (some pentium 4 CPU, older than grandma) the RPi should be more than suited for the job. No, it cannot handle a 100+ employees company each with their different porn habits, but it does just fine for a normal household.
|
|
#
?
Aug 17, 2018 00:23
|
|
|
And if you did have a use case of a ton of users, you could probably run it on a newer Atom based deal or a NUC with gigabit ethernet and it work pretty splendidly. For household use, I think even a Pi1 is still not really a bottleneck.
|
|
#
?
Aug 17, 2018 00:44
|
|
|
Ah ok. I was just talking about a home network. Might have to give it a try since I have a few PIs floating around. Thanks for the info.
|
|
#
?
Aug 17, 2018 01:26
|
|
|
Wacky Delly posted:All the Pi-Hole discussion got me thinking. Has anyone run the Unifi controller and Pi-hole on the same raspberry pi? If so how'd it run? I run a Home Assistant server and the Unifi controller on the same Pi with no issues. Probably going to rear end a pihole to it too soon.
|
|
#
?
Aug 17, 2018 01:39
|
|
|
Wacky Delly posted:All the Pi-Hole discussion got me thinking. Has anyone run the Unifi controller and Pi-hole on the same raspberry pi? If so how'd it run? Here you go:  This is on a RaspberryPi 3 with a 16GB SanDisk MicroSD. They run fine. I think a RaspberryPi 2 would probably run fine, too. A first-gen Pi would probably struggle, though.
|
|
#
?
Aug 17, 2018 02:56
|
|
|
TPLinks EAP controller does not work because they only have it compiled for x86 and not ARM.
|
|
#
?
Aug 17, 2018 19:00
|
|
|
reL posted:I had a few issues upgrading to 4.0. I believe with cloudflared the problem was with the guide I originally used to implement it. They had me editing dnsmasq files which were replaced as part of the upgrade. I've ditched dnsmasq and set it up like you said. Seems to be working. How can I be sure that my DNS is now going encrypted? Wireshark?
|
|
#
?
Aug 17, 2018 20:30
|
|
|
I just redid my traffic shaping with fq_codel and pfSense. It blows the other algorithms out of the water, and it's far simpler to deploy and maintain. You can make it as granular as you like with sub-queues, or simply deploy it set to 95% of available bandwidth and let the algorithm do it. Yes, it is that good, and yes, that means your VOIP is handled with a vanilla, no screwing about installation. In testing, we had a perfect VOIP MOS score for 16 simultaneous G.722 HD channels while the network was artificially loaded to 100%. It's amazing. it's available in pfSense now (in 2.4.4 it will be natively available under Limiters, which can then be applied to rules). Right now, in 2.4.3, there's a pfSense approved patch to add the capability for using fq_codel in Limiters (applied using the System Patches package). Here's the thread, scroll down to about 4 months back for the section where the patch gets approved and setups are talked about : Thread It's easy, you just apply the patch, remove any existing shapers, make an upload/download limiter (or as many as you'd like for different rates) using CoDel as the type with FQ_CoDel as the scheduler/limiter, and then a LAN rule above all the others that references those limiters under the Advanced section. No need to develop out rules for RTC/VOIP/bulk/ACK/etc, it's all handled natively and naturally by fq_codel.
|
|
#
?
Aug 17, 2018 22:29
|
|
|
I always thought about doing pfsense but I know enough about security to have an idea of what things are but not enough to really know if I’m doing it right, and I can’t really get a bead on what type of hardware to use.
|
|
#
?
Aug 17, 2018 23:41
|
|
|
H2SO4 posted:You're trying to break a fundamental rule of networking. You can't NAT one port/IP combo to two devices. I know the end result you want sounds frustratingly simple, but if two people are using xboxes to play games then at least one of them is very likely to have a bad time. You're at the mercy of MS and the game designers to design their networking pieces to be able to support multiple ports and try them in a failover/round robin/etc fashion. If you have a router that supports UPNP you can have two xboxes just fine, I think its great to chime in and answer questions but I found the response this dude got seemed kinda funny to me. "you're trying to break a fundamental rule!" he shouted as he struck the bridge and both he and the balrog went tumbling into the deep. I think he was just asking if there's a way to get two of them online, and the good news is, it does work if you have a non ancient router. Ham Sandwiches fucked around with this message at 00:47 on Aug 18, 2018 |
|
#
?
Aug 18, 2018 00:44
|
|
|
KKKLIP ART posted:I always thought about doing pfsense but I know enough about security to have an idea of what things are but not enough to really know if I’m doing it right, and I can’t really get a bead on what type of hardware to use. If you don't know why you need it, and you're happy with the current performance of your router, you don't need it. That said, it's easy, just grab any Supermicro mITX board with two Intel ports, used, off eBay, add memory and a tiny little SSD. This ensures you get something supported by the FreeBSD HCL. It's "secure out of the box", in that, once installed, nothing will be allowed in that you didn't specify through a rule. You'd also need a separate wireless access point if you go down this road, but that generally results in higher performance and reliability of both items as opposed to an all-in-one trying to hit a certain price/power/performance/reliability envelope.
|
|
#
?
Aug 18, 2018 01:23
|
|
|
Ham Sandwiches posted:If you have a router that supports UPNP you can have two xboxes just fine, I think its great to chime in and answer questions but I found the response this dude got seemed kinda funny to me. "you're trying to break a fundamental rule!" he shouted as he struck the bridge and both he and the balrog went tumbling into the deep. I think he was just asking if there's a way to get two of them online, and the good news is, it does work if you have a non ancient router. Yeah I have an ER-X and can use my two xbox ones at the same time just fine.
|
|
#
?
Aug 18, 2018 03:34
|
|
|
So I just restarted my Windows Host, and now both my FreeBSD and Debian virtualbox vms are unreachable. Windows Update happened two days ago, but it seemed to work fine. Until now? I literally changed nothing on the machines, their network setup, or the host. I noticed something was wrong when vboxvmservice didn't start them up at boot. It fails, saying something like "if a service is not needed by another program, it will shut down". Anyway I disabled it. I've uninstalled and re-installed virtualbox. Nothing. Restarted the host several times. Not sure what I'm supposed to do at this point. I can reach the host from the guest though, for what it's worth, as well as guest to guest. e: ok, fixed it. for some reason I hat to reset my vbox network adapter by removin/adding it. mike12345 fucked around with this message at 13:35 on Aug 18, 2018 |
|
#
?
Aug 18, 2018 08:40
|
|
|
Ham Sandwiches posted:If you have a router that supports UPNP you can have two xboxes just fine, I think its great to chime in and answer questions but I found the response this dude got seemed kinda funny to me. "you're trying to break a fundamental rule!" UPNP doesn't map one outside port to two inside devices. It either maps an alternate port, or it takes turns allocating that port to the first device that requests it.
|
|
#
?
Aug 18, 2018 15:56
|
|
|
CrazyLittle posted:UPNP doesn't map one outside port to two inside devices. It either maps an alternate port, or it takes turns allocating that port to the first device that requests it. UPNP on xbox seems to generally gracefully try to do whatever it needs to do to get ports and series of ports. Whether the port lists online are partial and don't include ports that might be valid or whether the networking implementation is more flexible in UPNP mode, it does seem to work in a lot of situations where the port forwarding does not.
|
|
#
?
Aug 18, 2018 18:36
|
|
|
Things get complicated when different titles do their own thing for networking rather than using whatever is built into the console's OS though. This is why you get different experiences on different games.
|
|
#
?
Aug 18, 2018 20:16
|
|
|
apropos man posted:Has anyone got encrypted DNS working with the latest version? I had mine working with cloudflared but the latest update seems to have broken it, so I've reverted back to running it standard. Bit late to this- but I setup dnscrypt-proxy listening on 5353, and it works great with the pihole- very customizable. There's a setup guide on the pihole wiki. On the IPv6 front- after some time spent with my Ubiquiti configuration, I setup both ULA and GUA addressing so the pihole has a static IPv6 address. After some time spent really understanding IPv6 concepts, it works great- especially once you configure NULL or NXDOMAIN blocking... I'm not sure if they made that a default yet in the pihole configuration.
|
|
#
?
Aug 18, 2018 21:21
|
|
|
 Seems successful so far.
|
|
#
?
Aug 18, 2018 22:08
|
|
|
Ham Sandwiches posted:If you have a router that supports UPNP you can have two xboxes just fine, I think its great to chime in and answer questions but I found the response this dude got seemed kinda funny to me. "you're trying to break a fundamental rule!" he shouted as he struck the bridge and both he and the balrog went tumbling into the deep. I think he was just asking if there's a way to get two of them online, and the good news is, it does work if you have a non ancient router. I'm sorry you're reading all that weird bravado into my post, but the content is correct. You can't NAT one source IP/port combo to two different internal hosts. UPNP doesn't change that. What's likely happening is that the two consoles negotiate and automatically choose different ports if the desired ones are in use already, but if the games or features that are in use don't have that design provision built in then you'll have issues. Console developers suck at networking, film at 11. The problem isn't "my xbox can't talk to the outside world." The problem is "my game says I have closed NAT".
|
|
#
?
Aug 18, 2018 22:08
|
|
|
I have some Pihole questions: does it trip the counter-adblocker things some sites have? Some sites have functionality that gets cut off without ad locker. Like not even messages saying to turn it off, some buttons won’t work. Will it do the same thing, or is the functionality different since it’s a DNS server rather than whatever way the extension works? I would have to run it on one of my computers in a container currently. That would keep it from going to sleep, right? I’m just concerned about power draw, unless there was some way to make everything but the container sleep. Which I doubt. E: thought, is it possible to flash Raspbian on an old Android phone? I guess I would need a micro usb to usb hub with a usb-Ethernet adapter, at which point it might not be any cheaper than a normal Raspberry Pi. 22 Eargesplitten fucked around with this message at 01:09 on Aug 19, 2018 |
|
#
?
Aug 19, 2018 01:04
|
|
|
Pi 3 B+ is ~$40 on Amazon Full kit with PSU and nice case, $55
|
|
#
?
Aug 19, 2018 01:45
|
|
|
Armacham posted:Seems successful so far. How do you have like 10x the amount of blocked domains I do? Is it because I just set my Pi-Hole yesterday, or are you adding in more block lists to Gravity?
|
|
#
?
Aug 19, 2018 01:48
|
|
|
Tapedump posted:How do you have like 10x the amount of blocked domains I do? Is it because I just set my Pi-Hole yesterday, or are you adding in more block lists to Gravity? This is a very good place to start, but if you just add everything willy nilly, you might have to whitelist some stuff as you go: https://firebog.net/
|
|
#
?
Aug 19, 2018 01:53
|
|
|
Tapedump posted:How do you have like 10x the amount of blocked domains I do? Is it because I just set my Pi-Hole yesterday, or are you adding in more block lists to Gravity? I just added a ton of blocklists right off the bat and have been whitelisting things as needed.
|
|
#
?
Aug 19, 2018 02:34
|
|
|
Armacham posted:... and have been whitelisting things as needed. With this in mind, is there a high-Wife-Acceptance-Factor method to whitelist stuff on PiHole?
|
|
#
?
Aug 19, 2018 04:05
|
|
|
Heners_UK posted:With this in mind, is there a high-Wife-Acceptance-Factor method to whitelist stuff on PiHole? Yeah p much echoing this request. I hate long whitelists and do shop online; I don't want my wife pissed at me because I made uploading a Facebook pic impossible, which is something one of those huge rear end lists did.
|
|
#
?
Aug 19, 2018 04:29
|
|
|
I just went through all the listed recommended whitelists on Reddit and on the pihole forums. I haven't had any problems yet.
|
|
#
?
Aug 19, 2018 06:53
|
|
|
dox posted:Bit late to this- but I setup dnscrypt-proxy listening on 5353, and it works great with the pihole- very customizable. There's a setup guide on the pihole wiki. Cheers. I might even dip my toes into IPv6 if I get the time. On an unrelated note: I got my Ubiquiti 8 port switch running and network all configured. I'm using a Qotom miniPC with 4 eth ports as my pfSense box. I decided to try aggregation on two of the eth cables coming from the pfSense box (labelled igb1 and igb2) to two of the ports on my Unifi switch (ports 1 and 2). It all seemed to work so well. I configured Unifi first and made ports 1&2 on the switch an aggregate pair and then set up a LAGG using LACP on pfSense so that it should automatically use both trunks (whichever is least busy at the time) and it should also provide redundancy if one of the ports breaks/cable snaps/whatever. I had it working fine and showing up as an aggregated port in Unifi interface and showing up as LAGG0 in pfSense. I tried unplugging one cable and everything carried on working, seamlessly. Then replugged and watched the aggregated link rebuild itself automatically in the Unifi interface. Then tried unplugging the OTHER cable and I lost my link. So I have a LAGG from pfSense that sort of works. I have 50% redundancy as long as it's a certain cable/port pair that dies and not the other one. I've got to go out for a couple of hours, now but any suggestions welcome how I'm not getting 100% redundancy. Could it possibly be the lovely arrangement of NICS on my Qotom box? They are numbered strangely in that, left to right they go igb0, igb2, igb1, igb3 or something like that. It's not linear from left to right like most consumer switches.
|
|
#
?
Aug 19, 2018 11:09
|
|
|
So I got my LAGG to work. I double-checked all settings in pfSense and Unifi controller. I realised that I had three VLANS configured on igb1 that I had disabled while I was doing my config. So I completely removed them so that igb1 and igb2 were identical - no VLANS on either. Even though they were disabled in pfSense they were still assigned to the interface, so in pfSense I had: code:code:code: EDIT: Had problems getting VLAN's working on the LAGG last night, so I've reverted back to a single link until I find time to try again. EDIT2: Never mind. Got VLAN's and LAGG with LACP working. Finally.. yaaay 
apropos man fucked around with this message at 22:21 on Aug 20, 2018 |
|
#
?
Aug 19, 2018 18:13
|
|
|
Is an old second hand J9450A HP ProCurve 1810G-24 24-Port Gigabit Ethernet Managed Switch still worth getting? I'm planning on using it in my home network partly for the extra ports, but also for setting up LAGG and isolating my iLO interface to its own management VLAN. I know it's an old model but they're relatively cheap for a lot of ports, and are fanless. Is this a known dud or will the outdated firmware affect me on my internal network?
|
|
#
?
Aug 19, 2018 22:09
|
|
|
1810s are fine. Like you say, a bit old but there's a software release from a few months ago so it's not abandoned yet. It will be good for home use, static assignment of VLANs etc.
|
|
#
?
Aug 19, 2018 22:16
|
|
|
Is there a browser plugin to allow easier whitelisting for pihole?
|
|
#
?
Aug 20, 2018 15:49
|
|
|
Also is there a working whitelist for pihole so that embedded tweets work? whitelisting pbs.twimg.com and t.co doesn't seem to do it.
|
|
#
?
Aug 20, 2018 23:17
|
|
|
Dr. Despair posted:Also is there a working whitelist for pihole so that embedded tweets work? whitelisting pbs.twimg.com and t.co doesn't seem to do it.
|
|
#
?
Aug 20, 2018 23:38
|
|
|
Well now that I enabled logging and whatnot it seems to be working ok... I wonder if I just need to reboot the pi or at least restart pihole after updating the whitelist to keep things happy.
|
|
#
?
Aug 20, 2018 23:46
|
|
|
Looking to replace my ancient Asus RT-AC66U... While it has served me well over the years, I am starting to have random issues that I can only attribute to it; WAN port seems to randomly die, wifi stops working, etc... I have 1Gbps fiber.. My AC66U has been able to handle it somehwat, but hitting anywhere near 1Gbps pegs the CPU. I was looking at getting a small computer and going the PFSense route as I am familiar with that platform... But I see the Edge Router X/Lite are also recommended these days. And its pretty cheap... I had planned to go with Unifi for access points as I use them for work and love them. Goons, please make my decision for me.
|
|
#
?
Aug 21, 2018 02:56
|
|
|
Edgerouter and unifi WAPs. Homebrewing a router is cool but takes more time. If you care about the whatever extra features pfsense has you can use it, but if you're asking random goons you probably don't care about them that much.
|
|
#
?
Aug 21, 2018 04:04
|
|
|
|
| # ? Apr 26, 2024 02:08 |
|
|
I've been running a Qotom mini-PC with pfSense for well over a year and just changed the rest of my setup to Ubiquiti. Well, 2 AP's and a switch. It's probably easier if you get an Edgerouter so that everything's Ubiquiti. Having said that, I like the fact that my mini-PC is overpowered for what I'm doing with it. Quite happy using pfSense for routing and Ubiquiti gear for everything else that hooks into the router. EDIT: My Qotom box has loads of headroom left on it. I guess that's the advantage over using an pre-built router. You can put something together that suits the amount of abuse you intend to give it. Here it is on idle traffic: 
apropos man fucked around with this message at 06:45 on Aug 21, 2018 |
|
#
?
Aug 21, 2018 06:28
|
|