GateToTheFuture

On 12/18/2021 at 11:05 AM, Alex Atkin UK said:

Can you be more specific?  Its good to have details in case someone in the future runs into the same issue.

The local lan subnet was set with the wrong CIDR. It’s has since been rectified. 

On 12/16/2021 at 11:57 PM, Alex Atkin UK said:

Its really not recommended to NAT across subnets, it will put the router under a LOT of strain as it needs to handle the bandwidth of Plex streaming + your Internet.

It also makes it more complicated as Plex broadcasts itself to the LAN and you can't afaik forward that.

However if you insist, what you might be missing here are NAT, Outbound rules to allow the LAN to NAT to the IoT client.  Its easy to forget them as from LAN to WAN the rules are created automatically (unless you chose otherwise), but if you're trying to NAT from LAN to LAN you'll need manual or hybrid rules.

It was a subnetting issue.  I'm not worried about the extra strain on this firewall.  I push gigabit with IPS and traffic filtering and the CPU doesn't even hit 5%.  In addition to this, I also have layer 3 switching happening ahead of this so really not my full concern.  Thanks for the tip though.

Try running nmap using this service...https://nmap.online/.  This will check to see if there is the port open or if your ISP is blocking it.  Also, don't use PPTP VPNs.  Wireguard and OpenVPN are far more secure and mature than the dreaded PPTP and L2TP.  Guide here...https://shebangthedolphins.net/vpn_openvpn_windows_server.html

HI!

So I am having some rules issues with my pfSense and allowing Plex from my primary LAN to my IoT LAN while blocking all traffic to all private networks.

Logs and Rules Below

I have tried rules in different positions, I have Plex set to notice different VLAN subnets as local, but I keep getting a connection refused  What gives? Thanks in advance!

15 hours ago, LtStaffel said:

Seems like you generally know what you're doing. As far as hardware is concerned, consumer grade CPUs and RAM will always be hugely faster for anything that isn't extremely parallel or virtualized (or containerized). An R720 would be nice and they are plentiful but the main consideration with them is noise and power. They will be much louder (60-70 dB) than any consumer grade hardware, which is why I ended up going with a whitebox similar to what you specced out on PCPP. However, DDR4 RAM is still really expensive. Pick your poison: loud and power hungry with cheap ram, or quiet and efficient with $$$ upgrades.

For a firewall, it depends how much network security know-how you have and want, but starting in a VM with a couple passthrough ethernet ports is a good idea. From there you can see exactly how much hardware you need in order to run the stuff you want, and you may find you don't do enough on it to justify having a separate box (besides single-point-of-failure reasons). Also, use OPNsense instead of pfSense. It's largely the same thing (it forked pfSense) but without being largely owned by Netgate and without the less-desirable licensing of pfSense.

Haproxy is probably not worth learning compared to the other, newer things you could be looking at instead. Nginx is huge in the industry and overall a good performer (and linuxserver.io's "swag" container has Nginx with Lets Encrypt builtin!!) that you seem to already be using. You could also look at Envoy, if you want to get really distributed.

Thank you for the suggestions!  I will take those into consideration.  I've been trying to expand my knowledge a little only because I am interested in pursuing a career track in IT.  I enjoy the infrastructure design, setup, maintain and upgrade.  Thanks!

6 hours ago, Electronics Wizardy said:

If your goin with used server, id go r720 or newer, a good amount faster, lower power and better support.

 

If you just wanna play with pfsense, you can do it in a vm if you want, but that 210 ii will work fine and is pretty lower power.

 

For that build, Id go stock cooler, Id probably go 64gb ddr4, and probably just use the onboard sata, as you don't have many drives.

Thanks!

Assuming that your budget is around the $900-$1000 mark, here is what I work do...

PCPartPicker Part List: https://pcpartpicker.com/list/HPZVcT

CPU: AMD Ryzen 5 3600 3.6 GHz 6-Core Processor  ($199.99 @ B&H) 
Motherboard: MSI B450 Gaming Plus MAX ATX AM4 Motherboard  ($106.99 @ Amazon) 
Memory: *Crucial Ballistix 16 GB (2 x 8 GB) DDR4-3600 CL16 Memory  ($74.94 @ Newegg) 
Storage: Samsung 970 Evo 500 GB M.2-2280 NVME Solid State Drive  ($69.00 @ Amazon) 
Storage: *Seagate Barracuda Compute 2 TB 3.5" 7200RPM Internal Hard Drive  ($54.99 @ Newegg) 
Video Card: PNY GeForce RTX 2060 SUPER 8 GB Dual Video Card  ($399.99 @ B&H) 
Case: NZXT H510 ATX Mid Tower Case  ($69.98 @ Amazon) 
Power Supply: *EVGA BQ 600 W 80+ Bronze Certified Semi-modular ATX Power Supply  ($70.00 @ Amazon) 
Total: $1045.88
Prices include shipping, taxes, and discounts when available
*Lowest price parts chosen from parametric criteria
Generated by PCPartPicker 2020-11-07 01:01 EST-0500

Hey folks,

I’ve been noticing that my UnRaid server is getting a tad long in the tooth in terms of speed of docker containers running and the VMs. Granted the server is running on an old FX-8320 and 16GB of DDR3 ram. 
 

So I think it’s time to upgrade but I don’t know which path to take. Currently I’ve got an order to Amazon for the following parts list...https://pcpartpicker.com/list/xcnPVc

(Note that all Purchased Items will be put into the new server from the old one.)

On the other hand however, I also thought that maybe a used Dell R710 like this one...Click Here, would also be a viable option.  It would be specced with 64 GB of Ram and the 6 drive caddies as blanks.

The UnRaid Server runs the following:

2x Ubuntu 18.04 + Bind 9 DNS Server

2x Ubuntu 18.04 + PiHole

1x Ubuntu 18.04 + Poste.io Mail Server

1x Ubuntu 16.04 + UniFi Controller + Lets Encrypt

Docker containers:

• Crashplan Backup Pro
• Plex Media Server
• NGinx Proxy Manager
• Syncthing
• Bitwarden
• MariaDB
• WordPress Website
• Nextcloud
• DuckDNS

One more note, I've been wanting to tinker with PfSense and HAProxy.  I currenly have a full UniFi network setup USG 3P->USW-16-POE->AP-AC-Lite, AP-AC-Pro, US-8-60W and a couple of cameras and a cloud key gen 2+.  I was looking at this Dell R210 ii to run PfSense as I believe the chip supports AES-Ni and also I can add that NIc from the Unraid build to the Dell R210ii for more physical ports.

Let me know your opinions and if I am over building these servers.

Hello,

I'm enlisting in some help for a client of mine.  I'm fairly versed on the fundamentals of UNRaid as I run it myself, however, I wanted to run a few things by some more "informed" people to make sure I'm not crazy.  I am looking at the following configuration for this post:

Quote

 

PCPartPicker Part List: https://pcpartpicker.com/list/vLc6rV

CPU: AMD Ryzen 5 2400G 3.6 GHz Quad-Core Processor  ($119.00 @ Amazon) 
Motherboard: Asus PRIME B450M-A/CSM Micro ATX AM4 Motherboard  ($87.38 @ Amazon) 
Memory: G.Skill Aegis 8 GB (1 x 8 GB) DDR4-3200 Memory  ($30.99 @ Newegg) 
Storage: Kingston A400 240 GB 2.5" Solid State Drive  ($27.99 @ Best Buy) 
Storage: Seagate IronWolf NAS 4 TB 3.5" 5900RPM Internal Hard Drive  ($89.99 @ Newegg) 
Storage: Seagate IronWolf NAS 4 TB 3.5" 5900RPM Internal Hard Drive  ($89.99 @ Newegg) 
Storage: Seagate IronWolf NAS 4 TB 3.5" 5900RPM Internal Hard Drive  ($89.99 @ Newegg) 
Storage: Seagate IronWolf NAS 4 TB 3.5" 5900RPM Internal Hard Drive  ($89.99 @ Newegg) 
Case: Corsair 200R ATX Mid Tower Case  ($69.98 @ Amazon) 
Power Supply: EVGA BQ 750 W 80+ Bronze Certified Semi-modular ATX Power Supply  ($89.99 @ Monoprice) 
Custom: UnRaid OS 6 ($59.00)
Total: $844.29
Prices include shipping, taxes, and discounts when available
Generated by PCPartPicker 2019-12-02 10:52 EST-0500

 

So I need to do the following with this machine:

1. Backup a desktop tower
2. Backup a personal laptop
3. Store photos and videos
4. Nextcloud for "Secure" Data Storage (Prerequisite is MariaDB) 
5. OpenVPN (so I can get into the machine and network remotely if things go a rye)
6. Plex for Music and Movies
7. Notifications via app somehow

My plan is to run this is a 2 Parity Drive setup with effectively 8 TB (~7.3 TB formatted) for the utmost in protection and the 240Gb SSd as a cache drive.  The following issue lies though.  With all of this running am I going to be:

1. Stable
2. Reliable

I need help setting up the Nextcloud and MariaDB because everytime I setup the MariaDB, it doesn't connect to Nextcloud and I get two errors that say 504 Gateway or MySQL Server unreachable or connection refused.  Please let me know your thoughts and if there is something cleaner I could use.  Anything I may need to rethink?  Thank you for your time

-Mike

20 minutes ago, GateToTheFuture said:

What if you were to go the more odd but practical and do the following:

 

Build a High core count machine and install UNRaid on it with VM's GPU and USB passthrough.

Here's a parts list.  IMHO I would also look at getting some usb pcie cards for "hotplug" usb so you don't need to reboot everytime you plug in a thumb drive.  If you need help feel free to reach out to me.

PCPartPicker Part List: https://fr.pcpartpicker.com/list/YYz2mg

CPU: AMD Ryzen 9 3900X 3.8 GHz 12-Core Processor  (€570.90 @ TopAchat) 
CPU Cooler: be quiet! Dark Rock Pro 4 50.5 CFM CPU Cooler  (€81.73 @ Amazon France) 
Motherboard: *MSI X570-A PRO ATX AM4 Motherboard  (€167.99 @ Amazon France) 
Memory: *G.Skill Ripjaws V 64 GB (4 x 16 GB) DDR4-3600 Memory  (€375.90 @ LDLC) 
Storage: Samsung 970 Evo 500 GB M.2-2280 NVME Solid State Drive  (€107.50 @ Amazon France) 
Storage: Samsung 970 Evo 500 GB M.2-2280 NVME Solid State Drive  (€107.50 @ Amazon France) 
Storage: *Toshiba X300 5 TB 3.5" 7200RPM Internal Hard Drive  (€148.94 @ Amazon France) 
Storage: *Toshiba X300 5 TB 3.5" 7200RPM Internal Hard Drive  (€148.94 @ Amazon France) 
Video Card: Gigabyte GeForce GTX 1660 Ti 6 GB OC Video Card  (€272.16 @ TopAchat)

Video Card: Gigabyte GeForce GTX 1660 Ti 6 GB OC Video Card  (€272.16 @ TopAchat) 
Case: NZXT H510 ATX Mid Tower Case  (€90.89 @ Alternate) 
Power Supply: Corsair RMx (2018) 850 W 80+ Gold Certified Fully Modular ATX Power Supply  (€139.90 @ Corsair) 
Sound Card: Asus Xonar AE 24-bit 192 kHz Sound Card  (€67.80 @ Amazon France) 
Sound Card: Asus Xonar AE 24-bit 192 kHz Sound Card  (€67.80 @ Amazon France) 
Total: €2620.11
Prices include shipping, taxes, and discounts when available
*Lowest price parts chosen from parametric criteria
Generated by PCPartPicker 2019-12-01 20:28 CET+0100

5 hours ago, Tiggr said:

Budget is 3k euros.

And this for

2 cpu's

2 motherboard's

1 M.2 ssd

1 graphicscard

1 powersupply

1 chassi

2 sets of 32gb rams

1 cpu cooler 

 

Building 2 computers 1 for me and 1 for my daughter.

What if you were to go the more odd but practical and do the following:

Build a High core count machine and install UNRaid on it with VM's GPU and USB passthrough.

Hello,

I'm new to docker as a whole so I'm going to have some dumb questions. I just wanted to put that upfront.

Anyway, I have a client who is in need of syncing two UnRaid boxes in separate locations securely, safely but most important simply. I have heard good things about SyncThing (yes it can be run in Docker) from Tom Lawrence of Lawrence Systems on YouTube (I know a great reliable source) and wanted to give it a shot. The files are definitely needing to be synced and updated in as close to realtime as possible (business databases and Quickbooks files). I think it's secure because as long as you don't allow outside access minus the LAN to the GUI, and password protect the hell out of it, you should be okay. The only port needing to be opened is 22000/TCP and that's all. The boxes us a Unique ID that is encrypted by SyncThing and that's how you point the boxes together.

Questions:

1. Is this a good idea?
2. Should I worry more about security?
3. Any questions I should be asking myself?

Thanks in advance
Mike

Just now, fasauceome said:

new pricing on just the tower comes to about $1000, so I'd say with all the peripherals and good cable managing it's a fair price.

Okay. When I get pictures, I'l send them. IMO it is pretty well managed but I'll let the internet be the judge of that.

2 minutes ago, jstudrawa said:

Little further down the forum list...

 

https://linustechtips.com/main/forum/89-classifieds/

 

 

Thanks

1 minute ago, jstudrawa said:

There's a classified forum which may garner more views. 

 

 

Where?

Just now, fasauceome said:

USD or CAD?

USD

Just now, Slottr said:

Z != X

Oh lol, not even paying attention its 4AM with no sleep

Just now, dgsddfgdfhgs said:

becoz that should be X470 lol

Asthetics my man

Just now, SGBudgetGamer said:

Well the silverstone one is really compact that's what he wanted. 

Oh okay there also the Phanteks Enthoo Evolv ITX as well

Just now, SGBudgetGamer said:

Itx? I can't find a z470i

It's your best bet, If your going for a complete black with no lights no one can tell it's a small board

1 minute ago, GateToTheFuture said:

For a board try an Asus Strix Z470-I Gaming and change the cooler to a Be Quiet Dark Rock 4

Also case try NZXT H700i or H500i and for a card try An Asus Dual or Strix and disable LEDs

2 minutes ago, SGBudgetGamer said:

Helping my friend look for blacked out components for his system upgrade build. 

 

Silverstone PS15-B (black version) - $45.00 sgd

Ryzen R7 2700 

CoolerMaster Hyper 212 (blacked out edition) - $60.00 sgd

(looking for blacked out m-atx motherboard) 

Corsair Vengeance LPX(black) 3000mhz cl15 32gb (8gb x 4 sticks) - $362.00 sgd

(looking for a good blacked out RTX 2080)

Adata XPG SX8200 nvme 512gb (windows) - $178.00 sgd

Samsung 860 Evo 2.5 inch 1tb (storage) - $348.00

Seasonic Prime 650GD 80+Gold modular 12yrs - $169.00 sgd

Windows 10 - free download. 

For a board try an Asus Strix Z470-I Gaming and change the cooler to a Be Quiet Dark Rock 4

Just now, GateToTheFuture said:

In theroy, build a shed at the location of choice, run power and fiber from the house and stick the modem or router in the shed and run a new network with QoS traffic shaping on the internal side, limiting all uplaod to 150kbs and downloads to 2500kbs.

22 minutes ago, ozio said:

Living in rural america and trying to get a low latency, high bandwidth internet connection can be a complete hassle at times, especially since there is no DSL ISP's in our area as well. Most people would resort to satellite based internet connections but issues such as extremely high latency, low bandwidth at more than frequent intervals, and ridiculous data caps are still present even in 2019. I seem to have found my best option though with the help of a company named 'Evdodepotusa', they offer unlimited internet access to rural parts of the U.S through 3g/4g internet connections. While the experience so far is better than satellite I still feel it could be improved, with a max download speed of 10mbs, upload of 1mbs,and an average latency of 105ms it would be perfect for a single person home and minimal devices connected but I have my family with me and all of us on at once bogs down any online web content. I currently have a Yagi antenna mounted on the side of my house pointed toward the nearest cell tower in the line of sight (6 miles away) but there is another tower that is the same provider and extremely close (no more than 1.5 miles) sitting on the other side of a large hill above my home with a clear line of sight . I would like to get a signal  from the top of the hill to my home (roughly 700-800 ft distance) with the original antenna through underground fiber and keep in a budget of 600-800 dollars (or less) im wondering if anyone knows of any solution that might be able to work in this situation. Here is the current hardware in use- Tupavco TP545 Yagi Directional antenna and a WE826-T2 4G LTE WiFi Router running on  openwrt. If any other additional info is needed to find a solution to this project I will be  glad to supply it as fast as I can. 

IMO this is your best bet, you'd ned ot redo you entire home network and may be double NATed

20 minutes ago, ozio said:

Living in rural america and trying to get a low latency, high bandwidth internet connection can be a complete hassle at times, especially since there is no DSL ISP's in our area as well. Most people would resort to satellite based internet connections but issues such as extremely high latency, low bandwidth at more than frequent intervals, and ridiculous data caps are still present even in 2019. I seem to have found my best option though with the help of a company named 'Evdodepotusa', they offer unlimited internet access to rural parts of the U.S through 3g/4g internet connections. While the experience so far is better than satellite I still feel it could be improved, with a max download speed of 10mbs, upload of 1mbs,and an average latency of 105ms it would be perfect for a single person home and minimal devices connected but I have my family with me and all of us on at once bogs down any online web content. I currently have a Yagi antenna mounted on the side of my house pointed toward the nearest cell tower in the line of sight (6 miles away) but there is another tower that is the same provider and extremely close (no more than 1.5 miles) sitting on the other side of a large hill above my home with a clear line of sight . I would like to get a signal  from the top of the hill to my home (roughly 700-800 ft distance) with the original antenna through underground fiber and keep in a budget of 600-800 dollars (or less) im wondering if anyone knows of any solution that might be able to work in this situation. Here is the current hardware in use- Tupavco TP545 Yagi Directional antenna and a WE826-T2 4G LTE WiFi Router running on  openwrt. If any other additional info is needed to find a solution to this project I will be  glad to supply it as fast as I can. 

In theroy, build a shed at the location of choice, run power and fiber from the house and stick the modem or router in the shed and run a new network with QoS traffic shaping on the internal side, limiting all uplaod to 150kbs and downloads to 2500kbs.