• 1 Post
  • 8 Comments
Joined 1Y ago
cake
Cake day: Jul 24, 2023

help-circle
rss

Dunno if you are still watching this post.

I have a few comment to your post and the other panic about security.

  1. Using nextcloud only for bookmarks if total over kill, but if you want to start and understand and later use it more, it’s actually a good idea.

  2. Yes, exposing ports in your firewall is potentially dangerous, BUT if you only expose a port and not the complete PC the firewall deals with attacks (but your services still have to be up to date to ensure safety).

  3. Yes, using a VPN instead of exposing the service is saver that’s for sure. You can do it they way for the start. But don’t let you be frightened by some of the other commands. I have several services public on my network. 3.1. BUT I still evaluate if this service even have to be public and the risk of late patches. I have public services and local service (name.domain.com and name.local.domain.com). Any service that I don’t need to access from a random PC/share with family/friends can only be accessed in local network /via vpn.

  4. Its good you are careful, try to search online for more information since this post didn’t get a lot of comments.

Edit: 5. Don’t know why people recommend tailscale where you need an account, instead of recommendatinh wireguard (tailscale is build on wirequard) or OpenVPN.

Edit 2: 6. Don’t use UPnP! It enables your machines to automatically open ports, that’s so bad.


I used zabbix at some point, but I never looked at the data so I stopped. Zabbix shows all kind of stuff.

I have cockpit on my bare-metal that has some stats, and netdata on my firewall, I do not track any of my VM’s (except vnstat that runs on everything device).


That you very much for the answer.

Can I ask why you are doing your firewall virtualized? I never understood why people do it, for me using bare metal has more advanced.


I used devices from gl iNet, the devices are good, but I find the UI of opnsense way better (compared to advance ui of openWRT) and updates are directly from opnsense.

I still have them for smaller network tests but for some reason I never got close to it. Probably another reason is that my brother uses opnsense too, if we have any issues we can ask each other for help.


I tested with seedtest-cli, libre speed test and downloading a big file (with a combination of different devices). The CPU immediately goes to 100%

When I use the ISP box directly I get full speed.


Thank you for the answers. I enjoy opnsense, it’s easier to use then openwrt for me personally.

I was thinking to do some testing of the new device before I replace the old one. But I wanted to hear if anyone has experiences.

I looked at CPU benchmark net, and saw that N100 is about 8 times faster then the AMD SOC. I’m not sure if this is linear with performance increase. Currently max download is about 600-700 while upload is 300-400.


Intel N100 good enough for 1Gbits internet ?
I just recently got a new ISP and new internet speed 1200/600, my current firewall with opnsense can not handle the speed (AMD GX-412TC SOC), I have been looking for a new firewall (opnsense + 2.5 Ethernet) and found several with the Intel N100 CPU (2023). I was wondering if this CPU is good enough to handle the Internet speed and if there is overhead?
fedilink

If you want to start try to find something used on DBA, like an old laptop. If you are an student, maybe someone in your class upgrades their laptop and you can get it cheap. (Best a laptop where you can remove the battery, plus you need to change a setting so it doesn’t go in standby when closing the lit)

You can add an external hard disk for nextcloud data.

My first home server was an raspberry pi, it’s not great for nextcloud, you need to disable all preview image, and the UI might still be slow. Untop using an microSD card for the OS might randomly break (happens to me, SanDisk).

My second server was my old laptop, I used an laptop with i3 from like 2013 as server for a long long time.

Best thing I can recommend is to not rush and get the first best thing, try to look for a good deal. Start small and you can always increase your server in the future.

Wish you the best.


The first point is only when you use the tunnel function, right ?

Because I noticed, if use the tunnel function (hiding your private ip) the sites gets an Cloudflare certificate, but if just using it as DNS (without tunnel) the page has my certificate.