This profile is from a federated server and may be incomplete. View on remote instance

root OP ,
@root@lemmy.world avatar

Great to hear; Sounds like I made the right choice!

root OP , (edited )
@root@lemmy.world avatar

Thanks for the reply! I'll look into these!

Update: Ended up installing Actual and it's pretty nice! I think I'll also check out Quicken and YNAB (for non self-hosted options).

root OP , (edited )
@root@lemmy.world avatar

Would that be similar to telling SSH to listen on only one interface? Because I did try that but it unfortunately did not resolve the issue

Edit: Found what you mean. I'll give this a try, thanks!

root OP ,
@root@lemmy.world avatar

Just SSH dropping. Everything on the VM side is ok.

And yes, the computer I'm using is on .6.X (LAN VLAN) and the VM is on .1.X (MGMT VLAN).

The management VLAN is only accessible by a couple devices and this is one of them. To get PiAlert to be able to see devices on the LAN VLAN, it has to have an interface to be able to ARP from.

root OP ,
@root@lemmy.world avatar

Understood. Thanks so much!

root OP ,
@root@lemmy.world avatar

Yeah, such a nightmare, lol. If I ever feel like hosting a honeypot I'll probably DMZ it or use a VPS or something, but I'm going to change gears on projects for now.

root OP ,
@root@lemmy.world avatar

Right. Most of my VLANs are set up that way; they're silos. The VLAN that this is running on is the "management" VLAN that can see the other ones

root OP ,
@root@lemmy.world avatar

Gotcha. I’m using a ATX 1800 with full tunnel. I figured there would be a default deny all (haven’t touched anything in the way of the firewall on that device yet), but wasn’t sure if ARP would be able to get past it from the public AP side. I guess I can always do a few experiments at home in the lab too. Thanks again!

root OP ,
@root@lemmy.world avatar

Thanks so much for looking into it! That’s a relief

root OP ,
@root@lemmy.world avatar

Hey there,

Yeah I’m doing it manually, and I did try importing the config from pfsense, however it would say import successful and then “Failed” at the bottom, lol. I did end up getting it working after finding a post from the staff mentioning that you should not put a listening address on the Peer and you should set a manual MTU of like 1300 which worked for me.

root OP ,
@root@lemmy.world avatar

Ty!

root OP ,
@root@lemmy.world avatar

Oooh, good point. I’m not even sure if I should be using this with cert only based auth

It does usually not make sense to use fail2ban with e.g sshd when only public key authentication or similar is enabled.

root OP ,
@root@lemmy.world avatar

Thank you, I might give this a try tomorrow. I thought I read something similar, but that it would require you to take care of log rotation as well otherwise they would just grow. Not sure how true that is.

root OP ,
@root@lemmy.world avatar

I was thinking that might be the case. Thank you!

Backdoor rIRA limits

Ok, so I’ve been contributing to a backdoor for almost a year, and since I don’t have the liquidity to just find it outright at the beginning of the year, I put some in each paycheck. Sometimes while it’s sitting in my settlement fund, it will gain like $0.10-$0.30 before I get a chance to move it to my rIRA....

root OP ,
@root@lemmy.world avatar

Gotcha, thanks so much for the clarification!

root OP ,
@root@lemmy.world avatar

Edited the OP with a overview of the plans. Thank you for the reply!

root OP ,
@root@lemmy.world avatar

Good point, I hadn’t considered rolling over. I’d like to get away from Kaiser, but my HDHP option with Anthem is 20% after the deductible. So I guess it will with be PPO or stick with Kaiser -_-

root OP ,
@root@lemmy.world avatar

Thank you for your response, and I hope you and your family stay healthy. I have similar concerns for things that might pop up, but luckily everyone is generally pretty healthy. Last year we had to take a quick trip to urgent care and my copay was $450. It was a surprising amount, because previously I had never paid more than $75 for a visit. I was able to use my HSA for it, but man…if something more serious happened I could see that getting really expensive fairly quickly.

root OP ,
@root@lemmy.world avatar

Ah, sorry about that. The plans vary from ~150-300 per paycheck. I’ll have to check the details a bit more.

root OP ,
@root@lemmy.world avatar

Gotcha, thanks so much (to you and the others who mentioned this as well). This has been driving me crazy the last couple hours, as I can connect to any of my VLANs (some which I treat as fairly insecure) and they can all hit my firewall if I use the WAN IP.

I checked Pfsense, and I have NAT Reflection disabled everywhere I found it (System>>Advanced>>Firewall & NAT as well as in my individual NAT rules), however I can still access via the WAN IP.

So I guess all I can really do is set a rule to forward to port 80/443 to something else to avoid this, right? I was thinking of hosting a Matrix chat server which would use those ports, so maybe that’s the play.

root OP ,
@root@lemmy.world avatar

Thank you, that was the first thing I checked after having a near heart attack, haha. I thought the whole world could see my login for a second there.

root OP ,
@root@lemmy.world avatar

Hm, currently I have PFsense and my other network equipment on it’s own “management” VLAN, and I don’t allow my other VLANs access to it (except for a couple devices I whitelist). None of those can reach PFsense via the LAN IP as I expect, only by the WAN IP.

root ,
@root@lemmy.world avatar

Serves them right. When your product is completely virtual/ digital, there’s no real reason to be in the office other than “cOLlAboRAtioN”

root OP ,
@root@lemmy.world avatar

Networking isn’t their strong suite, lol

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • All magazines