Conversation

Notices

1. Embed this notice
   goatsarah (goatsarah@thegoatery.dyndns.org)'s status on Monday, 23-Oct-2023 02:55:22 JST goatsarah

   Put my friendica installation on a VLAN. It made accessing it locally ... interesting.

   So I can access it from outside. Fine.

   But if I try to access it internally, the traffic just gets dropped. There's no firewall rule to handle the forward via external IP address loopback.

   So I set up a forward, and of course, that was a stupid thing to do. Every other https service in the world suddenly and unceremoniously disappears.

   So I change the forward to only be something looking to loopback via my external IP.

   But the external IP is dynamic. The router will update the dyndns record, but it will not update its own firewall rule. I'd have to do it manually every time it changed. Very far from ideal.

   But inspiration struck! I have my own DNS server! (pihole).

   As of now, thegoatery.dyndns.org from within my internal network resolves to the IP address of the friendica box on the VLAN.

   Done.

   • Embed this notice
     goatsarah (goatsarah@thegoatery.dyndns.org)'s status on Monday, 23-Oct-2023 03:01:03 JST goatsarah

     in reply to
     Anyway, the squeaky bum time of anyone able to root my Friendica server being able to access my internet network is over.
   • Embed this notice
     goatsarah (goatsarah@thegoatery.dyndns.org)'s status on Monday, 23-Oct-2023 09:04:54 JST goatsarah

     in reply to

     Potential gotcha: LuCI is available on all interfaces on #OpenWRT. WAN is moot because firewall and redirect anyway, but having it on the Friendica DMZ VLAN is very bad!

     It’s no longer there.