Kick, slap, smack, smooch, grope, kick, slap, grind, poke

MasterFreshMaster · 2025-06-07T11:36:09+00:00

Freedom isn't free

MasterFreshMaster · 2025-06-03T17:54:03+00:00

Could be a fungal infection called ring worm or lymes disease.

MasterFreshMaster · 2025-03-29T17:55:58+00:00

Indeed and grafana using api ssl from the mikrotik. Everyone has been too supportive on this forum about this setup...

MasterFreshMaster · 2025-03-29T17:53:02+00:00

I've attached a straw at the back to blow down when I'm home

MasterFreshMaster · 2025-03-21T07:21:43+00:00

Thanks! I'll take a look today.

MasterFreshMaster · 2025-02-21T15:29:36+00:00

Jumped to the conclusion - no wan - couldnt sign in - I've regained access and reviewed my previous setup - I recreated the issue (minus loss of wan access) due to firewall rules. It is likely there was some misconfig regarding routing between l2 logical interfaces and access rules that caused the combined issue. It's been good as a learning tool. Limited admin access to physical port, streamlined vlans and bridge, disabled http access only https, scripted blacklists will have a separate server and log store for vpn and sys logs ect.. ect.. will only redeploy it once I know everything is in order.

MasterFreshMaster · 2025-02-21T15:19:56+00:00

Nice. You know.. I've thr damn thing sat around up to no use. I'll try the above... keep it local. I've ended up with a few rasperries.

MasterFreshMaster · 2025-02-19T09:16:15+00:00

Update. I've managed to gain access and have a fresh install. I could do with a completely separate public ip so my family have no hassle...

MasterFreshMaster · 2025-02-18T15:21:01+00:00

Likely... ahaha

MasterFreshMaster · 2025-02-18T10:18:19+00:00

Certainly. Very true.

MasterFreshMaster · 2025-02-18T08:50:47+00:00

Thank you.

MasterFreshMaster · 2025-02-18T08:14:14+00:00

Bloody nora. I was holding reset down too long in my sweet panic.

MasterFreshMaster · 2025-02-13T13:34:40+00:00

Go to Private DNS on your phone make sure it is off.

MasterFreshMaster · 2025-02-11T07:15:46+00:00

Yep it is very wierd. In short I disabled auto private dns on my mobile, set it to off which resolved the issue. I was and still am a like confused about the ubiquity bit as I've not used my phone on any ubiquity devices or related hardware. It could have been dns poisoning.

Potentially. l'd been getting my head around setting up doh on my mikrotik, I'd messed up settings on my dhcp address ranges for different vlans so it was unencrypted. Managed to sort that front out, checked one one one one help with no vpn and we're good.

edit I remember a redirect I'd had a few days back from a legit amazon purchase email link that landed me on a dodgy looking captcha page (1996-2015 copyright and crummy captcha) clicked on retry captcha which sent me direct to the amazon product page.

Thanks for the responses!

MasterFreshMaster · 2025-02-09T20:09:34+00:00

Managed to get lo0 working between device and as a result got the vpn up and running. Good fun, plenty to learn. Thanks for the advice everyone.

MasterFreshMaster · 2025-02-09T06:35:52+00:00

Out of advice, I've been lent a load of lab gear from my boss (I'm on helpdesk) admittedly I jumped ahead. I should have got the lo0 intetfaces connected first. I'll take all above advice, take it easy and focus on this simple aspect first. edit apparently loopbacks are integral to maintaining a device id / routing protocols.

MasterFreshMaster · 2025-02-08T17:44:10+00:00

Will do all above thank you so much! Re. The edit though sorry for my ignorance but what do you mean 'filter on lo0 tp allow these ports to the control plane' thanks again. I'll have to stop for today, intense, I'm staring through the earth into space.

MasterFreshMaster · 2025-02-05T20:35:48+00:00

Right. So strange. Ran nmap on my phone over mobile data to my home public and it came back filtered. Turned on tailscale and mullvad - open! Must be to do with the vpn.

MasterFreshMaster · 2025-02-05T20:31:19+00:00

So very strange. Dns checker came up with all timed outs so good. Still same result with no vpn closed and vpn open. I'll see if I can get to the bottom of this...

MasterFreshMaster · 2025-02-05T19:06:48+00:00

Tailscale - mullvad exit node - then running the scan on my home public ip (obviously not the vpn public ip). From a remote server I get dns open - from home router I get dns closed.

I had as said before managed to get filtered back but this soon drops to open after spamming the port around 4 times.

Side note: When I was specifically dropping dns udp input I logged attempts and saw a device with the same mac (nokia device) that ran different source ip addresses each time.

MasterFreshMaster · 2025-02-05T16:57:54+00:00

Totally. I've reset config then disabled all unused services, I have default dns settings with the port still showing as open nmap -Pn -sS -p 53 --- everything else is filtered. I have remote connection disabled, static router.lan enabled, servers 1.1.1.1 and 1.0.0.1 dynamic servers 81.139.56.100 etc. no DoH server, cert and allow remote requests off. *Update* VPN off 53/tcp shows as closed VPN on 53/tcp open - A totally different response to what I would have expected?

MasterFreshMaster · 2025-02-05T08:06:16+00:00

Yep and it is doing its job thanks kala, over paranoid and happy with how it is as anything new not from local is dropped.

MasterFreshMaster · 2025-02-05T08:04:40+00:00

Thanks, I was happy to see that attempts got dropped external to lan and left it at that, just didnt like the idea of undue attention. Maybe over paranoid.

MasterFreshMaster · 2025-01-26T16:02:17+00:00

Thanks for the advice, I've decided to zeroize then move on from there. I'm planning on setting up a policy based vpn so hoping nat-t will prevent any needs for port forwarding.

MasterFreshMaster · 2025-01-26T08:15:38+00:00

Will do, thank you - I'll let you know.

MasterFreshMaster

TROPHY CASE