@wirestyle22 said in Hairpin NAT Issue:

change the gui port on my er4

You have zero need to do this. In the 30+ routers I have in my UNMS controller, I have never changed that.

Umm not sober...

@pmoncho said in Getting up and running with ER-X?:

Youtube Video

@Pete-S the problem with this video is the outdated firmware he sets up with to start. It does not have the modern wizard that UBNT now includes.

%publicdesktop% or something like that.

Once you get that told to them, you can then to get to the reason for such a stupid request. Likely a misunderstanding of some compliance need.

@notverypunny VLANs work jsut fine on the ER-X. Any firmware.

@brandon220 said in NAS for Plex use... Again:

@JaredBusch did you go directly to H265 or start out with another container? MakeMKV has worked well and consistent. Have not used Handbrake in a while. May have to compress a few files and see how big or a reduction in size there is.

It is always an MKV container. Just using the H265 codec. I never encode things any other way anymore.

@jt1001001 said in Sending Secure E-Mail?:

What about PGP?

The only communication method is email. so the key will be in email too. SO an admin will have access.

Basically, when I order fiber service from an ISP, I refuse their termination router.

So they drop in fiber, and a router that converts the fiber to ehternet. I hook my router up there.

The Fiber services (from the 3 companies I have used so far) all terminate on a /30. That is what I put on my router as the WAN. See above.

But then I make NAT rules to route all the traffic via the IP that they should show. See config posts above.

The only time I ever use the /30 IP if for VPN connectivity.

Your setup should be identical. Just the ISP provides a 10. instead of a public IP for that part of the routing.

@Dashrender said in Sending Secure E-Mail?:

@JasGot said in Sending Secure E-Mail?:

Our customer doesn't want the city's bank account and routing info transported through e-mail. He was willing to do it if we could come up with a way that would guarantee it could not be read in transit.

I do believe there is another option, now that you have changed the rules to the bolded above. TLS, TLS gives you this. And this is something you can confirm beforehand.

If by confirm you mean refuse to send the email if the recipient server rejects the STARTTLS then yes.

@jmoore Using wireguard instead of having to create their own software to do the encryption. But otherwise it is, basically, the same thing.

@brandon220 said in Linux Desktop Environment:

@Obsolesce said in Linux Desktop Environment:

@brandon220 said in Linux Desktop Environment:

Those of you on Gnome - Are you installing the gnome-tweaks package to allow desktop shortcuts, or just use keyboard shortcuts?

Gnome tweaks yes, desktop shortcuts definitely not.

I have refrained from using shortcuts on the desktop but it still takes some getting used to. I am assuming that is one "advantage" of using Cinnamon.

Desktop shortcuts are fucking stupid..
I have 3 only because I've been too lazy to go into settings and remove the defaults.

@brandon220 said in Linux Desktop Environment:

@JaredBusch I agree. People will see my screens on various systems and ask me "where all my programs are". I don't see how some people can fill an entire desktop with icons.

Like this?

@jmoore said in Redoing Home Network:

@Dashrender said in Redoing Home Network:

@jmoore said in Redoing Home Network:

@Dashrender said in Redoing Home Network:

I've with JB - You should save the money and get an ER-4. The processor is the same.

POE can be done in the switches, so no need for that in the router.
The ER-4 is nearly half the ER-6.

I already ordered the pieces. Thanks for your input though. I needed a router with 4 ports for my 4 rooms plus the incoming port. I plan to use and learn everything about it.

Do you really need four ports? I suppose if you don't have a core switch, and the switches in each room go directly to the firewall, then sure.

That was my plan yes. Router with 4 ports so I could directly connect a switch in each of the rooms. I'm being that's not a good idea.

Your router is not (should not) be your core switch.

Yes, if the router has a switch chip like the ER-X does, it could be your core switch, but you seriously should not think like that.

As I said your router needs 2 ports. WAN and LAN. Period. Can have more but that is all you need.

When you have a need for segregation, sure, use another port as a LAN 2, or just use a VLAN on LAN 1. Does not really matter which you do.

@unquietwiki said in Collecting info on ZeroTier use:

Hey all. I'm new here; some of the ZeroTier folks told me this existed. I made a Reddit post asking for some input; otherwise, I'd like to see some input from here too. Also always looking for resources to share with folks on troubleshooting IT issues.

I won't post on Reddit. Just not my cup of tea.

You can check the ZeroTier tag here.
https://www.mangolassi.it/tags/zerotier

@adam-ierymenko used to post here a bit.

Since COVID, I use ZeroTier at various clients to enable remote RDP in a secure way with flow rules (see post in tag link).

Prior to that I also used it to allow remote access to file shares by IP address. I keep the ZT IP excluded from DNS. Windows is just too stupid most of the time.

I sometimes will put ZT on a PBX if the customer wants me to do a lot of maintenance, but is not able to forward SSH in some secure fashion.

@unquietwiki said in Collecting info on ZeroTier use:

@JaredBusch A PBX? Like Asterisk?

Yes.

@unquietwiki said in Collecting info on ZeroTier use:

@JaredBusch Since Asterisk runs on Linux directly, you'd think you could provision an ed25519 key & have port 22 open in ip/nf tables?

That's normal. But there are some systems where they don't want to setup things just for me or they already have other things and it is just easier to let the ZT network flow over 443.

Even then, I use my ed25519 key though

I modified my remote phone book script to work on them for someone on the FreePBX community.

He gave me temp remote access the the phone’s web GUI. Was my first time in one since they are not easy to buy with warranty.

/me goes and deletes posts...