domanpanda

joined 1 year ago
[–] [email protected] 1 points 11 months ago

Thanks!

"Untagged" here means default VLAN with id:1 - the one used when nothing is set. By default all ports on the switch are set as untagged for this id.
Maybe i should have marked VLAN1 and VLAN2 as VLAN10 and VLAN20 (with respective id's) to avoid confusion.

[–] [email protected] 1 points 11 months ago

Yes currently its set to dumb switch but i can change/tag them according to my needs. Ive already created VLAN1 on edgerouters side for other devices (unifi AP, pc). So this part should not be more difficult in case of VLAN2. Except trunking. So what im asking here would connecting tagged ports (vlan2) on edgerouter and tagged ports on the switch with second cable work? Or should i still try to push both tagged and untagged traffic to switch through one cable

[–] [email protected] 1 points 11 months ago

Even if your login page is not easy to break, it will be indexed by robots or hackes in their list. And they will test on it every vulnerability that will be published for any DSM component. Using VPNs like ZeroTier or Tailscale is definetly MUCH more secure than all of those tweaks and easier to setup too.

But offcourse its YOUR data so ... good luck :)

[–] [email protected] 1 points 11 months ago

Can it monitor containers or some files?

 

First of all i DONT'T ask what DO YOU use, because i know some ppl have really advanced and fancy stuff at home. So if you want give advice please try to make it relevant to this post. Otherwise it wont be usefull much.

Im looking for some simple log aggregator system which allows me to see logs in one place (like web panel). Logs i want to observe are:

  • syslogs from few machines
  • docker containers logs
  • logs in docker volumes (like nginx proxy configs)

I dont need fancy filtering, querying, alerting, visualisations, webhooks etc. I just want to gather my logs in one place and be able to quickly check them out. For example ELK stack which i used in the past is complete opposite of this.

Ive seen Loki, but it requires to learn graphQL and there are some weird issues with docker driver (like freezing all containers when loki goes down??).

Ive seen Graylog tutorial by Lawrence Systems and it seems to be simpler on the surface, yet powerfull if needed. Im checking now how to monitor docker with it.

Ive seen some swear by splunk - that it's easy to setup - is it true?

 

I want to setup proxy for my netgear router. Everything works with ip: both with http and https. But when i try to enter the site through nginx proxy it returns 403. It doesnt make sense because login page shows up correctly. I tried to set Origin header like they advise here but it just doesnt work.

https://www.reddit.com/r/nginx/comments/g7a6da/comment/fogiil0/

log from nginx:

192.168.5.2 - - [19/Nov/2023:12:46:02 +0000] "GET /base/images/Registration_on.gif HTTP/1.1" 403 25 "https://netgear.mysite.com/base/cheetah_login.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"
192.168.5.2 - - [19/Nov/2023:12:46:02 +0000] "GET /base/images/TurnOff_on.gif HTTP/1.1" 403 25 "https://netgear.mysite.com/base/cheetah_login.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"
192.168.5.2 - - [19/Nov/2023:12:46:02 +0000] "GET /base/images/TurnOff_off.gif HTTP/1.1" 403 25 "https://netgear.mysite.com/base/cheetah_login.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"

my config. I use very similar one for other things like vaultwarden, proxmox, edgerouter and many other ones and it works ok.

server {
    server_name netgear.mysite.com;
    listen 80;
    return 301 https://netgear.mysite.com$request_uri;
}

server {
    set $DN netgear.mysite.com;
    server_name netgear.mysite.com;
    #listen 80;

    listen 443 ssl;
    ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers          HIGH:!aNULL:!MD5;
    ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;

    access_log /var/log/nginx/netgear.mysite.com.access;
    error_log  /var/log/nginx/netgear.mysite.com.error error;

    location / {
        proxy_http_version 1.1;
        proxy_request_buffering off;
        proxy_buffering off; 
        # proxy_set_header        Host $host:$server_port;
        # proxy_set_header        X-Real-IP $remote_addr;
        # proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        # proxy_set_header        X-Forwarded-Proto $scheme;
        
        proxy_pass https://192.168.5.10:443; # tried with http too

        proxy_set_header Origin https://192.168.5.10/; # tried with http too
    }
}

[–] [email protected] 1 points 11 months ago

Thanks for all your advices guys. Problem has been solved here thanks to user u/mccantech https://www.reddit.com/r/Ubiquiti/comments/17y987i/i_want_to_separate_my_sons_pc_and_wifi_devices/

[–] [email protected] 1 points 11 months ago

Why do i need managed switch for in this setup? I mean ERX can create and manage VLANS, unifi can add tags to its wifi networks so why additional device is needed here?

[–] [email protected] 1 points 11 months ago (2 children)

I want to separate my sons PC and wifi devices from default network.

Even though im familiar with neworking - subnetting with masks, DNS, DHCP, VPNs (wireguard, openvpn, zerotier) somehow VLANS and tagging has never clicked in my head.

I have classic problem and pretty classic setup - edgerouterX and unifi AP as wifi device. All devices are in the same LAN. What i want is:

  • my son's PC (cable) is separated from default network
  • some particular wifi devices are also in this network (separate SSID)
  • this network does not have access to default network ...
  • ... except some few things like in this example (wifi) printer - everybody should have access to it

Ive watched 3 videos about Vlans and have seen this tutorial. https://help.ui.com/hc/en-us/articles/115012700967-EdgeRouter-VLAN-Aware-Switch but it doesn't have double WIFI ssids.

So i still have questions.

  1. Should i remove my current LAN or should i just tag it with id: 1 (this is tag for default networks right?). I dont want to creat entirely new network as i have things assigned to my IPs (like subdomains but not only that)
  2. Should i tag eth1,eth2 and eth4 ports with tag id '1' or should i just set 'untag 1' for eth3?
  3. eth4 should be "trunking" port right. Should i just set both tags on it - would it be enough?
[–] [email protected] 2 points 1 year ago

Ive seen people building whole houses from empty bottles. He could do the same with those phones. He would end up with true "smarthome"

[–] [email protected] 1 points 1 year ago (3 children)

What if they dont ring but start to lockpick/bash your door right away? :D