Jump to content
Search In
  • More options...
Find results that contain...
Find results in...


  • Content Count

  • Joined

  • Last visited


1 Follower

About brwainer

  • Title

Recent Profile Visitors

2,656 profile views
  1. If you have an iPhone, open the settings for that wireless network and make sure “Auto Login” is enabled. “Auto Login” really means “automatically open up the login page when connecting to this wifi”. If you’re on android, maybe they have something similar? Other than a phone config issue, it is also possible that the network is configured to allow through the pages that iOS/Android use to check whether a login is required, so they think that one isn’t. I work with this type of equipment and can 100% confirm that every vendor has a setting to do this, but why anyone would want to I have no idea.
  2. The Amplifi Alien hasn't been out long enough for there to be good reviews by really technical people - it went from being unannounced/rumored, to being available for purchase. The hardware looks nice, although if you want to expand it you have to buy a whole second (or third) Alien unit, they don't have a cut down mesh-only (non-router) unit like the Amplifi HD or most other Mesh systems offer. The feature set of Amplifi is the same as their other competitors in the mesh space - you'll get a wireless system that lets you view and control clients, but it won't have the ability to connect each SSID to a different VLAN, for example. For most home users the feature set is adequate.
  3. I'm waiting to make a decision on whether to leave PIA until I hear updates from LTT (Linus said in the WAN show 11/22 that they have put a hold on their PIA sponsorships, but have not cancelled them, until they hear from PIA) and also Purism, who resells PIA as part of the Librem.one service. Librem is a social-purpose corporation, meaning that by law they must put social good ahead of profit, and their social purpose is privacy and security. I trust them to figure out, at a deep level, whether PIA can be trusted under the new ownership, and to be vigilant for any changes in the PIA service.
  4. The point of a virtual machine, is that once you are talking about the network, it is indistinguishable from a physical device. Do your servers already have their own IP on the LAN side of your router? Or do the servers share the IP of the host? If they share, then that means your VM Host is doing its own layer of NAT, and you want to get rid of that. As long as the router can directly reach an IP, you can 1:1 NAT to it. (I’m simplifying here, there are ways with routing to NAT a device that isn’t directly on a router’s LAN, but that’s beyond the scope of your situation). If you wanted to take the “switch between the modem and router” option, then there are still two possibilities for the VMs to have public IPs, but the host to have a private IP: 1. Use a second ethernet adaptor on the host, and only assign the VMs which should have public IPs to it 2. Learn VLANs and get a switch that is capable of them. This would allow you to use a single port on the host, but have the VMs go to a different network than the host and other VMs. The VPS provider is doing one or both of the things I said above. Typically they will have separate ports for the management of the host versus the VPS traffic (and other port(s) for storage tasks like replication and backup), and sometimes each customer has their own VLAN for their VPSs so they can communicate “directly”
  5. Copying my answer from the Lawrence Technology Services forum so it is here for people who may come across your post in the future: I haven't come up with any other ideas, if I were in your situation I would handle it the way I described above.
  6. Two options: 1. plug in a switch before your router, and connect all the devices that need a public IP (the router and the servers) directly into that switch. 2. (using a router capable of this) set up 1:1 NAT. 1:1 NAT is basically port forwarding but on a whole IP basis - every incoming or outgoing connection on any port is directly mapped between a public IP and a LAN IP. It is named 1:1 because port 1 forwards to port 1, port 2 forwards to port 2, etc. Most installs I support use a mixture of the two - we tend to have multiple routers/firewalls which are connected via the switch, but for servers we do 1:1 NAT because that allows the IPS on the firewall to protect the server against obvious attacks like brute force attempts. This is a feature you normally pay a subscription for, on devices from companies like Cisco, Fortinet, Watchguard, Sonicwall, etc. You can set up IPS yourself for free using PFSense and Snort or Suricata, or you can get a home license of Untangle for $50/year which saves you a lot of hassle of setup and fine tuning.
  7. I am fairly sure that the actual Petabyte Project runs on a more traditional linux distribution like CentOS, on which you can run GlusterFS or Ceph. These are what allow expandability across many servers. But this has a cost in terms of CPU and RAM usage. Running “Hyper-converged” where you have VMs running on the same servers as Ceph or GlusterFS is not recommended without much more RAM than you have (I’ve seen 64 GB as the minimum for testing, and 128GB as the minimum for production use). Also, while you could run VMs on that CPU, I wouldn’t try to run a transcoding VM on the same system as Ceph or GlusterFS because they will compete. I expect you would have to throttle the VM to the point that it isn’t worth using it.
  8. Kind of cheating to post work systems. I don’t remember if the rules for this specifically prevent it, I know the Network Layout Showoff thread does.
  9. The UDM is a Unifi product, and you can connect other Unifi APs to it via Mesh. If you want to place things on desks, go with the FlexHD. If you have spare power outlets, go with the BeaconHD (which apparently just released today, I found out since my earlier posts: https://store.ui.com/collections/wireless/products/uap-beaconhd). The only limitation with the Unifi system is that APs other than the Mesh, Mesh Pro, and BeaconHD have to be first connected by ethernet and have the "Allow meshing to another access point" feature enabled, before you can unplug the ethernet and put them in other parts of the house/apartment.
  10. I would try to have less than 20-30 clients per AP by placing the APs strategically, regardless of which system you go with. I don’t have a lot of insight or opinion on the systems beyond that. The UDM is comparable to the USG Pro in terms of routing capability, so in terms of the connection to the internet I’m sure it is stronger than Amplifi.
  11. Make sure both are using the same type of encryption (WPA2 is preferred).
  12. The Unifi Dream Machine is based on a new operating system, which means it shares nothing on the backend with prior Unifi equipment (prior Unifi Routers, Switches, and APs you could SSH into them and make lots of extra changes, because they used the same OS and basic hardware as the Edge* devices). The frontend, the Unifi software, is still the same and is compatible with other Unifi devices. What this means is the UDM is limited to ONLY what is available in the UI, whereas the older devices can do more if you were willing to do it via command line. They are developing a new Unifi device called “Beacon” which plugs directly into an outlet (it covers the whole outlet plate, which I think makes it very limited) and is intended to be used as a mesh node with the UDM. They also recently released the FlexHD for the same purpose. You can also do mesh with any of the other Unifi APs. In terms of Amplifi vs Unifi (with or without the UDM as the central device), it comes down to how much tinkering and learning you want to do (either required to do, or able to do). A minimal working setup isn’t hard with Unifi, but it is harder than Amplifi. By the same token, if you want to dig into it, Unifi has more for you to do so.
  13. You can use 1:1 NAT and port forwarding together. I have 5 IPs at home, all on a Mikrotik. On the first IP, I do the normal stuff of opening some ports on the router for VPN, forwarding other ports for services, etc. Two of the IPs are 1:1 NAT. The final two are a mixture - certain ports are forwarded, and the rest are 1:1 NAT. This is easy to do on Mikrotik (or anything that uses the same or similar type of firewall stack, which is somewhat common on linux in general) by ordering the NAT rules properly. This would be difficult to do on other systems like WatchGuard and Fortinet. I suspect it can be done on PFSense and EdgeRouter but I haven’t tried. I asked for the IP because I suspected they only have one from their ISP, or that possibly they have CGNAT and/or IPv6. I assume as little as possible. So is this your only IP? Or do you also have .187, .188, etc? Or are the other IPs you have from a completely different set of numbers? I’m trying to understand what you have, in order to figure out how to help you better.
  14. Being able to use more than one public IP requires one of two setups: A router that is capable of using more than one IP on the same interface, with features like 1-to-1 NAT, and port forwarding based on incoming IP in addition to incoming port. I doubt the router you have now has these features as it is a unit designed for consumer use. Put a switch before the router, and use more than one router. This requires you to have a modem, or a router with a bridge mode acting as a modem, so that the public IPs available to you are usable from an ethernet port. Can you tell use what the IPs your ISP gives you look like? You can remove the middle digits, like 206.x.x.145
  15. Verizon FIOS has no IPv6 support on the network side - Verizon transferred millions of IPv4 addresses from Verizon Cellular to Verizon Wireline, so they don’t need to nor have any business reason to set up IPv6. Frontier may be different in general, but if they took over your area then they aren’t going to make any changes until the next time they work on your node, which may be years.