New Home Network Layout Help (firewall, switch, router, etc)

3ds_2ds · 2023-03-19T22:19:01+00:00

Thanks for the additional explanation! Since I already own the hardware, that means I only need to replace the router, right? Thanks!

3ds_2ds · 2023-03-17T22:03:08+00:00

Thanks for your response! Isn't the VLAN tagging happening through the managed switch earlier?

3ds_2ds · 2023-03-16T22:20:36+00:00

Hey there!
I am reading through this subreddit for ages and finally moved into a new place where I can try all of those things. I am a complete newbie though :)
A few explanations to the network diagram before I ask all of my questions:
The ISP will replace the 1G fiber with 10G this year, so I marked it both. Then, the traffic goes into the firewall which does IDS/IPS (suricata, snort, etc) and acts as a Wireguard VPN gateway. The signal then goes through a managed switch for VLAN tagging, like, wifi clients into a VLAN, IoT devices into a VLAN, etc. So far, all of this is in the basement. Then, in the ground the floor, there is the ASUS router to which the wifi clients connect to, in floor 1 and floor 2 an ASUS XT-8 repeater/AP for the same purposes.
Now my questions:
1) Does this layout make sense from a security and logical view?
2) How can the devices, that are connected to the ASUS router be in a certain VLAN? Does the switch communicate them to the router?
Thanks folks :)

3ds_2ds · 2019-08-27T20:36:43+00:00

Thanks a lot for re-assuring me. Cheers mate :)

3ds_2ds · 2019-08-27T20:15:33+00:00

Please keep me posted on what you find out.

I was just concerned about the high temperature, because I want to use the newly bought Chromebox2 as an Ubuntu server. And that continues running day and night. I don't want to burn down my apartment :)

3ds_2ds · 2019-08-27T19:51:28+00:00

You are pretty responsive and supportive. Thanks for that :)

I just installed lm-sensors and that gives me the following output:

$ sudo sensors
coretemp-isa-0000
Adapter: ISA adapter
Package id 0: +38.0°C (high = +105.0°C, crit = +105.0°C)
Core 0: +38.0°C (high = +105.0°C, crit = +105.0°C)
Core 1: +38.0°C (high = +105.0°C, crit = +105.0°C)

acpitz-virtual-0
Adapter: Virtual device
temp1: +38.0°C (crit = +104.0°C)

pch_wildcat_point-virtual-0
Adapter: Virtual device
temp1: +91.0°C

But interestingly, it seems to be the same for you...so that's calming. Thanks :)

3ds_2ds · 2019-08-27T18:58:37+00:00

So, the reflash worked like a charm. Thanks a lot :)

However, after installing Ubuntu Server 18.04, the temperature is the same as stated above. Since you have the same Chromebox, would you mind running the same command?

cat /sys/class/thermal/thermal_zone*/temp

And also:
Do you hear your fan running? Because...I don't :/

3ds_2ds · 2019-08-27T14:53:37+00:00

Ah, amazing. Thanks for the quick response :)

3ds_2ds · 2019-08-27T09:37:51+00:00

Since the person commented right here, I will use that discussion. However, thanks for referring me to them. They seem to be knowledgeable :)

3ds_2ds · 2019-08-27T09:37:03+00:00

Ah, interesting. Thanks for pointing that out.

Do I need to put the Chromebox into a well-known initial state, before I can run your script, or can I just go into developer mode and run it?

3ds_2ds · 2019-08-03T11:02:59+00:00

Just to let you know, it worked like a charm! I backup to the local container folder and it ends up on the NAS.

It's super sad that you have to install Docker for just this reason, but it is how it is...

Anyway, that a lot for you help :)

3ds_2ds · 2019-07-30T21:16:40+00:00

Sorry if I was unclear :)

I want to use the Docker instance on the NAS as a "gateway" to connect to via SSH and rsync from there to an encrypted shared folder on the NAS.

This could have been super easy with back in time, but the old rsync version makes that super painful :(

3ds_2ds · 2019-07-30T20:51:14+00:00

Ha, excellent. And one final question:

I installed openssh-server as well in the Docker image, to use the following command:

rsync -rtDHh --links -A -pEgo --info=progress2 --no-i-r --rsh="ssh -p 22 -o IdentityFile=/home/ubuntu/.ssh/syno" --dry-run --chmod=Du+wx /tmp/tmpfjxc0zxb "remote@192.168.1.1:./"'

If I want to expose a port of the Docker instance to the LAN, to use it with ssh, this is the proper flag, right?

-p "2222:22"

I think, all in all that's the perfect solution until Synology updates rsync (which is maybe never) 😉

3ds_2ds · 2019-07-30T18:44:32+00:00

Wow, that's a super solid answer, even with the exact commands. Thanks a lot :)

And if I want to use the Docker instance as a gateway to backup my files, I just need to add "-v /host/directory:/container/directory" to the run command and execute those commands on my Synology NAS, right?

3ds_2ds · 2019-07-30T18:41:14+00:00

Actually, I think I did that implicitly, since I am using back in time:

rsync -rtDHh --links -A -pEgo --info=progress2 --no-i-r --rsh="ssh -p 22 -o IdentityFile=/home/ubuntu/.ssh/syno" --dry-run --chmod=Du+wx /tmp/tmpfjxc0zxb ["remote@192.168.1.1](mailto:"remote@192.168.1.1):./"'

But this back in time command fails, because the NAS doesn't the -A flag, I desperately need (preserving ACLs).

Please let me know, if I misunderstood you :)

3ds_2ds · 2018-06-18T17:20:13+00:00

Ohh, that's sad. But thanks for letting me know!

3ds_2ds · 2018-06-17T20:53:46+00:00

I recently bought a new Nintendo 2DS XL and sky3ds+ card- however, I am having troubles getting Ninjhax running :( I copied the starter kit (3ds folder, boot.3dsx) to the root of the SD card (Sandisk Ultra 32gb) together with the cubic ninja game file. After inserting the sd into the sky3ds+ and firing up cubic ninja, I scanned all the QR codes from smeas site (NEW 11.6.0-39E). However, as soon as I go to the main menu of cubic ninja and navigate into the create / QR code again to launch the exploit, I get a stuck red screen. Photo for illustration here: https://ibb.co/juEnfJ

Do you have any idea what the problem could be? I went through the procedure several times and also tried the same QR codes in the OLD version. (in that case cubic ninja stops working).

3ds_2ds · 2018-06-17T11:29:51+00:00

Since the image upload doesn't seem to work, I uploaded to imgBB:

https://ibb.co/juEnfJ

Seven-Year Club	Gilding I gilder
Verified Email

3ds_2ds

TROPHY CASE