πΎ Archived View for station.martinrue.com βΊ fripster βΊ 219c85382419476fb7b379b8d5fd00b5 captured on 2024-12-17 at 14:59:52. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Just put an extra router behind my ISPβs router, and set up the home network (except gopher server) behind the second one. Two wholly different brands of routers. With all the regular port scanning attacks going on and the probability of my gopher server getting compromised at a certain moment, there will be two firewalls to defeat before you get to the good stuff.. was relatively easy to setup. Gives me more peace of mindβ¦
2 weeks ago Β· π m0xee, io_cat, bavarianbarbarian
@danrl: I have no acces to the 'insides' of the boxes. The ISP's router is a Zyxel box, and my second line unit is a AVM Fritzbox. I have not seen any issues with the two NATs not playing together. I set up the 'outer' latyer as a 172.16.1.0 network, and the 'inner' one as a 192.168.1.0 network. This seems to work nicely so far. And I can still access the 172.16 machines from the inner layer. Β· 2 weeks ago
make sure to enable sqm (smart queue management) via cake or codel on the inner router to avoid effects of bufferbloat Β· 2 weeks ago
@m0xee It sounds like a double NAT problem, NAT's do not like each other. π
@fripster Double NAT and double firewall has a tendency to cause weird problems and make stuff harder to solve. You could just get your ISP hardware to bridge to your own well managed firewall. Having a firewall on machines however, even though it is technically double firewalling, isn't a bad idea.
Most firewalls will also let you rate limit, so you could have one rate outgoing and a separate rate directly to the machine. Β· 2 weeks ago
for i have been a sysadmin for several years and had to do a lot with security stuff, i have a simple solution for (my personal) issues with digital privacy: i just have no data on a digital device what would be worth to protects it ;) these machines are insecure by design. trust is a weakness... Β· 2 weeks ago
@m0xee: thanks for the heads-up. will monitor stability! Β· 2 weeks ago
@m0xee: thanks for the heads-up. will monitor stability! Β· 2 weeks ago
Good from security standpoint! However, not sure what your exact configuration is, in my experience living behind 2 and if you're using VPN β behind 3 NATs makes networking less reliable, when I was using a configuration like that sometimes the connections were failing to get established, sometimes I had to reload the page because the original request didn't go through for one reason of the other β every tiny delay introduced on every hop might make it time out.
Gemini is more resilient against things like that β works fine even over a throttled cellular connection π , but browsing the Web with dozens of requests per page might become an unfun experience. Β· 2 weeks ago