Conversation

Notices

1. Embed this notice
   Brendan Conoboy (bconoboy@mastodon.social)'s status on Monday, 06-Jan-2025 09:23:39 JST Brendan Conoboy

   Mostly I fiddle with #Fedora and #CentOS, but this winter break was all about #OpenWRT. I'm heading back to work tomorrow with a much more secure home network! For the last few years I've had all my Linux systems and blackbox devices (roku, sonos, google stuff, etc) on the same network, using a comcast cable modem router- the upmost in lazy network administration. Likewise my main desktop was also serving as the file sever. Yuck.

   • Embed this notice
     Brendan Conoboy (bconoboy@mastodon.social)'s status on Monday, 06-Jan-2025 09:24:03 JST Brendan Conoboy

     in reply to

     Over the last 2 weeks I moved file services to a spare NUC (#CentOSStream 10) and replaced the Ziply (ne' Comcast) router with 2 #Openwrt routers (Banana Pi r4 and an old WRT1900ACS): untrusted systems on the WRT, trusted on the BPi... Separate SSIDs, network segments, and of course physical separation all in effect. Heavy firewalling in all 3 directions, minimal holes for Sonos to talk to Samba and desktops get to a network printer.

   • Embed this notice
     Brendan Conoboy (bconoboy@mastodon.social)'s status on Monday, 06-Jan-2025 09:24:22 JST Brendan Conoboy

     in reply to

     Future ideas to pursue: Explore the openwrt suite of plugins (hello ad blockers), put an opnsense router in front of both the #OpenWRT devices, add a sim card to the bpi for network failover, and maybe add a tiny fileserver on the untrusted network to remove the smb attack surface. Feels great to spend a little time on tech and have a much more robust setup for the fun!