tuxed

@tuxed@sh.itjust.works

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Requesting a sanity check...help untangle my home network as I expand into more advanced networking?

Hey there, I’ve been on a networking journey that has, over a few years, taken me from simple unmanaged networking, to managed networking, to advanced VLAN management. It’s all been self taught, but mostly successful. However, I’ve gotten myself into a bit of a pickle and I’m hitting a wall in troubleshooting. Apologies...

tuxed,

First off, if your firewall can ping 8.8.8.8 it can access the WAN, as 8.8.8.8 (hopefully, or you have bigger issues) is on the WAN. It not being able to do updates etc is probably a DNS issue in that case, probably caused by your firewall not being able to access your DNS server due to improper configuration on either the firewall, the switches or the DNS server itself.

Is your DNS server allowing clients coming from subnets other than its own? Can your Wireguard clients also ping 8.8.8.8? If so, they probably share the DNS issue with your firewall.

I would recommend trying to debug this iteratively, as this sort of problem has a lot of potential error sources that is hard to know of no matter how many screenshots you provide, like the configuration of your switches and DNS server. Try this:

  1. Computer A cant reach computer B. What is the IP of A? What is the subnet of A? If it is different from the subnet of B, what route should it take to reach B? What is the next step on that route? Can we successfully reach this next step? Does the next hop on the route know where to go to reach the subnet for B? If so, what is the next step? Repeat until we’ve reached B, ideally ensuring each step on the way is acting as it should either trough something like wireguard or the built in tools of your firewall/switch/gateway/etc.
  2. Assuming the problem hasnt been found, repeat from B to A, as responses might not reach us resulting in a broken connection even if we can reach B.
  3. If the routing makes sense, is there a firewall on the way that doesnt allow us to reach B from A? Can we instead reach A from B? If not, we’ve found the problem.

I would strongly reccomend drawing your network layout (or at least the route you are trying to debug) in a flowchart tool (diagrams.net being a good option), as it is extremely hard to keep track of everything otherwise.

tuxed,

If the firewall cant reach the LAN, either because of a firewall rule or bad routing, it will not be able to access the DNS server even if it works well for the rest of the LAN. I’m assuming that the rest of the LAN talks to the DNS server directly and not through the firewall.

It sounds like you would benefit from reading a bit about how routing and gateways work, as it seems like you’re mostly trying stuff without really knowing what it does. Please save yourself some sanity and make some proper planning on your different subnets, their vlans and how they should route their traffic, ideally in a diagram of some sort.

Without knowing your exact setup I’m getting a feeling that your current configuration is both overly permissive and overly restrictive, meaning you cant access the things you want but any potential attackers can probably get around just fine.

I would seriously consider tearing it down and starting over with a more cohesive plan, but I know that might not be possible for you time-wise. On the other hand, having a well planned network that you understand would almost certainly save you time in the long run, especially if you want to keep doing more advanced and unorthodox stuff to it.

tuxed,

Okay, I think I know (at least one of) the problem(s).

It is sending the ping from the WLAN interface because that is your default route, and you either don’t have a route specified for your 10.2.x.x network or you’re overwriting it with a different route (I’m guessing the first option).

E.g. you need to tell your firewall “if you want to reach an ip-address in 10.2.x.x you need to go through here”, with “here” probably being either your managed switch if it works as a gateway (10.6.1.254?) or an interface on your router if it works as a switch (10.6.1.41?).

tuxed,

Have you tried setting the gateway to one of your LAN interfaces? And what happens if you ping 10.99.1.254 from the firewall?

tuxed,

Probably a good idea sadly… There can be a lot of different things wrong, so will probably be faster doing that either way.

When rebuilding, try to verify each that each step works so you find the problem eventually, Im guessing it will be easier to find that way

tuxed,

Glad to hear it seems to be working! Hoping you find the issue in the backups, would be interesting to know what went wrong haha

tuxed,

Everyone may deserve a living wage, but if im awful at art there are probably more useful things I could be doing for the betterment of all.

tuxed,

Seems to be some cursor themes that do it that way, like this one for example: store.kde.org/p/2103612

Android Hardware Surveillance (upload.wikimedia.org)

Could it be that the processor sends data from the camera/microphone to the Qualcomm/Mediatek servers, bypassing the system? Is it possible to find out about this by checking the traffic leaving the device? Are there any studies that have done this? If this happens, then even GrapheneOS becomes mostly meaningless.

tuxed,

Yes, its possible to check. Data has to be sent through some connection, and we are able to monitor all traffic going through connections we control. Its not happening on wifi and not on 4G/etc. So unless there is some other connection that is not a real issue.

tuxed,

If you don’t mind, could you explain why one would want to buy these kinds of microtransactions, especially if you don’t even enjoy the game? I just cant understand it, but obviously people enjoy it or the business model wouldn’t work.

No judgement here, just genuinely curious.

tuxed,

Why not use a laptop if you’redoing CPU heavy work? Not really the usecase for a tablet IMO, more for maximum portability over raw power.

tuxed,

This used to be me until I got diagnosed with ADD. Medication pretty much solved the issue completely.

tuxed,

Might also be undiagnosed ADD/ADHD, which in general is a lot easier to treat than pure depression.

tuxed,

Sounds like you need some happy pills

tuxed,

Arent they owned by a Chinese company these days?

tuxed,

Which model? Currently searching for one, and that sounds bearable

tuxed,

Wait, are hotspot dataplans a thing…? That is awful information

tuxed,

My only remaining issue is that wayland has slightly more input latency when playing games, enough that it’s noticeable (or a very convincing placebo effect).

This makes it so that I have to use X11 and that I have to disable compositioning when playing games as my displays have different refresh rates. All in all, not a big problem but looking forward to be on wayland for good soon.

tuxed,

For anyone considering getting started with/switching to home assistant I highly recommend it

tuxed,

Best usecase I can think of currently is for camera storage through frigate or for other HA addons

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • tacticalgear
  • DreamBathrooms
  • InstantRegret
  • magazineikmin
  • Youngstown
  • everett
  • anitta
  • slotface
  • GTA5RPClips
  • rosin
  • thenastyranch
  • kavyap
  • mdbf
  • Leos
  • modclub
  • osvaldo12
  • Durango
  • khanakhh
  • provamag3
  • cisconetworking
  • ngwrru68w68
  • cubers
  • tester
  • ethstaker
  • megavids
  • normalnudes
  • lostlight
  • All magazines
    •