file sharing in the 21st century
-
@Donahue said in file sharing in the 21st century:
@JaredBusch said in file sharing in the 21st century:
@Donahue said in file sharing in the 21st century:
@Obsolesce said in file sharing in the 21st century:
@Donahue said in file sharing in the 21st century:
@JaredBusch said in file sharing in the 21st century:
@Donahue said in file sharing in the 21st century:
Is there a way to point devices on the LAN to the LAN address instead of the external address?
FFS, we just had this conversation in your other thread.
You use an internal based DNS name. for clients that are only ever in the office.
This prevernt you from having to add your public domain to your internal DNS.
Sorry, I see this as a slightly different thing. I do have external access now, and I would like users who may be out of the office to prefer internal when available. This is probably not a big deal though, no need to get your panties in a bunch
The only way to get internal clients to use different DNS than public clients is to have an internal DNS Zone that is the same name as your external public DNS name. But doing it that way means you need to copy over all public DNS records to your internal DNS zone now except now you will point hosts names to internal IP addresses for those you want
yeah, if that is the case, I will keep it simple and just run external full time.
That’s not how that works
I am not sure what you are saying. If I do nothing, then users are going to be looking at the external domain and can access it that way as the default. I dont have to point it to the internal name.
-
@Donahue said in file sharing in the 21st century:
The third question is similar to the second. I would like NC to create a consistent folder structure when a new user is created or when some similar event is triggered. I plan on seeing if I can treat NC like a folder redirection of sorts.
This works, at least the first half. You can create whatever you want for the default folders and files for new users by defining the skeletondirectory
'skeletondirectory' => '/path/to/nextcloud/core/skeleton',
https://docs.nextcloud.com/server/15/admin_manual/configuration_server/config_sample_php_parameters.htmlI set mine up with Documents, Desktop, and Scans folder, and no files.
-
In Windows DNS, it is super easy to setup split DNS. Create a new forward lookup zone with the external domain and sub domain, i.e. subdomain.externaldomain.com
Then, create an A record in that forward lookup zone, leaving the Name field blank and use the private IP address you are using for the server you want to point to.As long as your clients and other servers are using your internal DNS server for lookups, they will be able to find it.
-
@wrx7m said in file sharing in the 21st century:
In Windows DNS, it is super easy to setup split DNS. Create a new forward lookup zone with the external domain and sub domain, i.e. subdomain.externaldomain.com
Then, create an A record in that forward lookup zone, leaving the Name field blank and use the private IP address you are using for the server you want to point to.As long as your clients and other servers are using your internal DNS server for lookups, they will be able to find it.
It’s also super stupid to do
-
@Donahue said in file sharing in the 21st century:
@JaredBusch said in file sharing in the 21st century:
@Donahue said in file sharing in the 21st century:
@Obsolesce said in file sharing in the 21st century:
@Donahue said in file sharing in the 21st century:
@JaredBusch said in file sharing in the 21st century:
@Donahue said in file sharing in the 21st century:
Is there a way to point devices on the LAN to the LAN address instead of the external address?
FFS, we just had this conversation in your other thread.
You use an internal based DNS name. for clients that are only ever in the office.
This prevernt you from having to add your public domain to your internal DNS.
Sorry, I see this as a slightly different thing. I do have external access now, and I would like users who may be out of the office to prefer internal when available. This is probably not a big deal though, no need to get your panties in a bunch
The only way to get internal clients to use different DNS than public clients is to have an internal DNS Zone that is the same name as your external public DNS name. But doing it that way means you need to copy over all public DNS records to your internal DNS zone now except now you will point hosts names to internal IP addresses for those you want
yeah, if that is the case, I will keep it simple and just run external full time.
That’s not how that works
I am not sure what you are saying. If I do nothing, then users are going to be looking at the external domain and can access it that way as the default. I dont have to point it to the internal name.
Good routers don’t let you access something on your own IP from inside the network. Routers for stupid people have an option call hairpin. But what you actually need to do is create a gnat rule for inbound traffic on your land it’s destined for your own WAN To not actually route out and back in but just to then route to the correct internal Destiination.
-
@JaredBusch Interesting.
-
@wrx7m said in file sharing in the 21st century:
@JaredBusch Interesting.
The fact that it works for you without even trying means that you have some kind of Nat hairpin already in place whether you know it or not
-
@JaredBusch said in file sharing in the 21st century:
@wrx7m said in file sharing in the 21st century:
@JaredBusch Interesting.
The fact that it works for you without even trying means that you have some kind of Nat hairpin already in place whether you know it or not
Interesting, I didn’t know that.
-
The users that are on wifi are on a different network than those on the wired LAN. Maybe that is why.
-
@wrx7m said in file sharing in the 21st century:
The users that are on wifi are on a different network than those on the wired LAN. Maybe that is why.
No, that is not how it works.
-
@JaredBusch said in file sharing in the 21st century:
@wrx7m said in file sharing in the 21st century:
@JaredBusch Interesting.
The fact that it works for you without even trying means that you have some kind of Nat hairpin already in place whether you know it or not
Blame fortigate
-
@Donahue said in file sharing in the 21st century:
@JaredBusch said in file sharing in the 21st century:
@wrx7m said in file sharing in the 21st century:
@JaredBusch Interesting.
The fact that it works for you without even trying means that you have some kind of Nat hairpin already in place whether you know it or not
Blame fortigate
-
@JaredBusch said in file sharing in the 21st century:
@Donahue said in file sharing in the 21st century:
@JaredBusch said in file sharing in the 21st century:
@wrx7m said in file sharing in the 21st century:
@JaredBusch Interesting.
The fact that it works for you without even trying means that you have some kind of Nat hairpin already in place whether you know it or not
Blame fortigate
He may not know it by that "Hairpin NAT" term. When I first heard it a couple years ago or whenever, I had no idea idea it meant "NAT loopback", which is the only tearm I've heard or seen it called before that.
-
@Obsolesce said in file sharing in the 21st century:
@JaredBusch said in file sharing in the 21st century:
@Donahue said in file sharing in the 21st century:
@JaredBusch said in file sharing in the 21st century:
@wrx7m said in file sharing in the 21st century:
@JaredBusch Interesting.
The fact that it works for you without even trying means that you have some kind of Nat hairpin already in place whether you know it or not
Blame fortigate
He may not know it by that "Hairpin NAT" term. When I first heard it a couple years ago or whenever, I had no idea idea it meant "NAT loopback", which is the only tearm I've heard or seen it called before that.
I remember last year a discussion like that with @JaredBusch since Sonicwall and other firewalls refers them as NAT Loopback.
-
@Obsolesce said in file sharing in the 21st century:
I had no idea idea it meant "NAT loopback", which is the only tearm I've heard or seen it called before that.
Interesting, I had only heard the term hairpin for years, until I taught myself more about the networking side of things.
-
@JaredBusch said in file sharing in the 21st century:
@Obsolesce said in file sharing in the 21st century:
I had no idea idea it meant "NAT loopback", which is the only tearm I've heard or seen it called before that.
Interesting, I had only heard the term hairpin for years, until I taught myself more about the networking side of things.
Same here, hairpin is the only one I've traditionally heard.
-
To refresh the memory this is the discussion I was talking about @Obsolesce
https://mangolassi.it/topic/16233/website-internal-external -
@Obsolesce said in file sharing in the 21st century:
@JaredBusch said in file sharing in the 21st century:
@Donahue said in file sharing in the 21st century:
@JaredBusch said in file sharing in the 21st century:
@wrx7m said in file sharing in the 21st century:
@JaredBusch Interesting.
The fact that it works for you without even trying means that you have some kind of Nat hairpin already in place whether you know it or not
Blame fortigate
He may not know it by that "Hairpin NAT" term. When I first heard it a couple years ago or whenever, I had no idea idea it meant "NAT loopback", which is the only tearm I've heard or seen it called before that.
Yup. I had heard the term, didn't know it was synonymous with NAT loopback.
-
@wrx7m said in file sharing in the 21st century:
@Obsolesce said in file sharing in the 21st century:
@JaredBusch said in file sharing in the 21st century:
@Donahue said in file sharing in the 21st century:
@JaredBusch said in file sharing in the 21st century:
@wrx7m said in file sharing in the 21st century:
@JaredBusch Interesting.
The fact that it works for you without even trying means that you have some kind of Nat hairpin already in place whether you know it or not
Blame fortigate
He may not know it by that "Hairpin NAT" term. When I first heard it a couple years ago or whenever, I had no idea idea it meant "NAT loopback", which is the only tearm I've heard or seen it called before that.
Yup. I had heard the term, didn't know it was synonymous with NAT loopback.
NAT Reflection when using pfSense.
-
Here's an update of my work and testing. I have NC up and most things are working as I expect, but I fear that I will run into similar issues to other people with the sync client. Most of my concerns related to using NC to host CAD files, or other non office files.
Based on my testing I have observed:
- There is no good file lock system with sync (and from what I read, webdav). I have the W2G2 app, and that can lock the web UI, but it sadly does not affect any other interfaces. I have read up on how NC handles conflicts and deliberately created some to verify the process. It was confusing at first, but then I realized that NC is only aware of uploads, not someone opening a file, particularly with the sync client. I forsee confusion on the part of my users, because they are all used to having a file lock when it is opened. If two people have the same file open, the first person to save gets to update the server and the second person gets the conflict, even if they opened it first. This would not happen to us everyday, but it would happen occasionally.
- The conflict files take awhile to appear. I am worried that the user that created the conflict (by the nature of saving second) will have moved on and will be no longer looking in that directory and it will be very easy to miss that there is a conflict. I would prefer if conflicts were uploaded to the server or even synced to other clients to increase the chance of seeing it before it became a big problem.
- NC either cannot say (or I don't have the right config) who created each version of a file, so when a conflict arises, and the user checks the web, they can see that there might be multiple versions, but no other useful information like what the change is, or who to ask. This might be very frustrating when the differences between two files is subtle.
- There doesn't appear to be any log that tracks all activities by all users. I seem to only be able to see activities that are related to the user in question in some way.
- OCR doesn't seem to work, but I would bet that is a config issues. Full text search does work though.
- When creating a share by email, there is no option to enforce a expiration date.
- We have two different versions of the windows sync client, 2.5.0 and 2.5.1, both say they are the most current and there are no updates. I have tried both on a second computer, and both versions will not show the sync icons, they just look like regular folders. The icons work fine on my end.
- Automated tagging is limited. I wish there was a setting where files would/could inherit tags from their parent folders.
None of these are deal breakers, but there are some definite holes that we would need to fix in our workflows. Some of these issue may be able to be overcome with better communication, but it made harder by the fact that in many cases, the user wouldn't know who to coordinate with.
I can conceive of overly complicated ways of making a hybrid of NC and NAS/File server. Something like using NC to sync two file servers together, and for remote access, while letting the users connect directly to the file servers to handle the locks. But part of me shudders and trying to keep a house of cards like that working.