Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - nikkon

#16
General Discussion / dns the same IP but different ports
February 19, 2024, 06:19:16 PM
Hi all,
I am looking for guidance.
I upgraded truenas core to scale. core jais had the possibility to get IPs from LAN DHCP, but the new OS with k8s can't. So, as on Truenas Scale all apps share the same ingress IP (turnas IP), can I add different DNS entries and filter by port & name ?

Thank you
#17
does anyone knows what this long means:
2023-11-14T13:41:01   Warning   haproxy   Proxy <HTTPCLIENT> stopped (cumulated conns: FE: 0, BE: 0).   
2023-11-14T13:41:01   Warning   haproxy   Proxy HASS_Backend stopped (cumulated conns: FE: 0, BE: 0).   
2023-11-14T13:41:01   Warning   haproxy   Proxy PLEX_Backend stopped (cumulated conns: FE: 0, BE: 0).   
2023-11-14T13:41:01   Warning   haproxy   Proxy acme_challenge_backend stopped (cumulated conns: FE: 0, BE: 0).   
2023-11-14T13:41:01   Warning   haproxy   Proxy NAS_Backend stopped (cumulated conns: FE: 0, BE: 0).

#18
Hardware and Performance / Re: i3-9100 vs i5-8500
November 14, 2023, 02:00:27 PM
depends on the application.
are you building a traffic filter? or just a router/firewall?
I would go for the T models for low consumption
#19
I am trying to use this howto only for the internal services (I have no intention to expose them out) and I can't make it work.
can anyone give me a hand with this. I tried everything I know to make this work.
#21
Hi all,
I'm curious if I can use this method for internal running services (jails on freenas) without exposing them outside.
I can force the DNS override so I resolve them with fqdn from LAN but I can't make HAproxy work and serve the Certificate for them. I already got certificates for all instances in acme (jail1.domain.x, jail2.domain.x)

thank you in advance
#22
General Discussion / Re: out rule question
March 08, 2023, 03:05:24 PM
I understood it wrong.
now it's clear. in this case this exception is not even needed.
thank you
#23
General Discussion / Re: out rule question
March 08, 2023, 11:29:32 AM
Thanks for your reply.

As you said, IN rules apply to WAN and OUT rules are applied to LAN.
Now my question is :
How can I exclude 1 single IP from LAN (direction out) from matching the block rule that has as destination the FireHOL1 list.
#24
General Discussion / out rule question
March 07, 2023, 10:38:36 PM
Hi all,
I have a few floating rules on both WAN (direction IN)  and LAN (direction OUT) which are blocking one specific host from lan to reach outside connections.
I don't want to disable the rules on LAN (this is where it happens), instead, I tried excluding that particular host from the match by using invert. something doesn't work and I have no clue what

The blocking rule is Block DROP out 1 - LAN.
how can I exclude only 1 ip from matching this rule?

#25
General Discussion / Re: routing question
February 21, 2023, 11:24:58 PM
problem fix.
I was missing the out rules on each interface.
thanks - this thread can be closed
#26
General Discussion / Re: routing question
February 21, 2023, 04:40:08 PM
forgot 1 thing:
on both interfaces I have a rule that allows traffic from 172.16.10.11/24 to 172.16.20.3/29 and vice versa via the default gateway.
#27
General Discussion / routing question
February 21, 2023, 02:18:30 PM
Hi all,
I got stuck with the following situation:
I have a few vlans and several networks.
2 networks have a problem:
network 1 -> 172.16.10.0/24 with x clients - no VLAN
network 2 -> 172.16.20.0/29 with only 2 clients - VLAN10
now this 2 networks intersect in my storage (TrueNAS) where I have 1 interface linked to network 1 and the second interface linked to network 2:
jail 1 -> connects to the non-vlan network and gets DHCP (172.16.10.11)
jail 2 -> connects to Vlan10 and gets DHCP (172.16.20.3)

now the problem is: VLAN10 network uses an openVPN gateway (SurfShark) to reach internet.
I need to make the 2 jails talk to each other by preventing 172.16.20.3 to use default gateway as internet gateway.

ping from 172.16.10.11 to 172.16.20.3 works
ping from 172.16.20.3 to 172.16.10.1 (gateway) works but it doesn't with 172.16.20.3.

what am i missing?
can be the switch port? network 2 binds to a tagged switch port. I think is blocked at the firewall level

thank you

#28
General Discussion / Re: unbound crash every day
November 09, 2022, 03:25:21 PM
any clue ?

What am i doing wrong ?
#29
General Discussion / unbound crash every day
October 31, 2022, 06:09:13 AM
Hi all,
I have a wierd unbond problem. It crashes once a day because of:
2022-10-31T05:03:13 Error unbound [75750:0] error: remote control failed ssl crypto error:02FFF020:system library:func(4095):Broken pipe
2022-10-31T05:03:13 Notice unbound [75750:0] notice: failed connection from 127.0.0.1 port 14221
2022-10-31T05:03:13 Error unbound [75750:0] error: remote control failed ssl crypto error:02FFF020:system library:func(4095):Broken pipe


I have DNS over TLS enabled with cloudflare and under Custome Options I manually added
tls-cert-bundle:  /var/unbound/unbound_server.pem
I have verified all CAs and Certifications. All (self signed + ACME) are valid

any clue what this error means?
#30
Cpu is actually 2.4 Ghz