Self-Hosted Main

502 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

founded 1 year ago

MODERATORS

[email protected]

Hosting on my network with pfsense and vlans (alien.top)

submitted 9 months ago by [email protected] to c/[email protected]

2 comments fedilink hide all child comments

Hello, I've been learning and making products to sell online, I've recently started to make a simple website using angular to host docs and usage guides for my products, I believe its almost ready to publish and I'm thinking of hosting it in a VM on my personal server in my local network

I've read little about cloudflare tunnel but I'm wondering if my setup is enough

I've been using pfsense and vlans for sometime, Plus I've been sharing my internet with 5 neighbours and a small cyber cafe for about 3 years and had no issues that I'm aware of, But I've heared about VLAN hopping which made me afraid to proceed

All vlans are only allowed to access the net, no rules to allow to talk to other vlans, Except for VLAN 0 which can talk to the rest of the vlans

I'm also using Nod32 antivirus firewall on my VM with filtering mode set to "Policy-based" which I believe blocks/drops all traffic except what I allow

But I'm not sure if these steps are enough to avoid vlan hopping, For now its not a big deal if my VM gets hacked, I'm mainly worried about the rest of the network, Will they be safe if I expose my Public IP? Is Pfsense enough to protect them? Is my vlan setup enough to protect against vlan hopping?

Thanks!

top 2 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 9 months ago

This post is an automated archive from a submission made on /r/selfhosted, powered by Fediverser software running on alien.top. Responses to this submission will not be seen by the original author until they claim ownership of their alien.top account. Please consider reaching out to them let them know about this post and help them migrate to Lemmy.

Lemmy users: you are still very much encouraged to participate in the discussion. There are still many other subscribers on [email protected] that can benefit from your contribution and join in the conversation.

Reddit users: you can also join the fediverse right away by getting by visiting https://portal.alien.top. If you are looking for a Reddit alternative made for and by an independent community, check out Fediverser.

[–] [email protected] 1 points 9 months ago

Since pfsense is block first, nothing can communicate unless you have a rule that allow it to communicate. VLAN hopping is a valid problem, it can be mitigated with locked down ports with white-listed MAC addresses and vlan tags.

I highly recommend that nothing is served on vlan0. It should be only for an admin station and network devices, you should not use the admin station unless you are performing admin activities, for every day activities you should be on another locked vlan as anyone else.

I also highly recommend to enable IPS.