70

Hi,

I’ve been trying to work out my network architecture with the pieces i have today:

  • isp box with 10gig dac downlink, 4 ssd bays
  • pfsense box with dual 10gig dac card
  • switch with 10gig dac uplink and multi gig rj45
  • main proxmox host
  • other devices (laptops, iot…)

ive ran into a dilemma regarding switching my isp box to bridge mode:

  • if i do, i lose wlan and nas capabilities
  • if i dont, i have to contend with double nat

i’m sure that eventually i will get an ap (maybe unifi) and a dedicated nas (either home built or something like synology or asustore), but for the moment, i want to keep cost down and gradually add new pieces

i was wondering if double nat is of huge performance and maintenance implications, or if i would be okay running this setup for a few months until i get to add an ap and nas?

thank you

you are viewing a single comment's thread
view the rest of the comments
[-] EncryptKeeper@lemmy.world 5 points 1 year ago* (last edited 1 year ago)

If it’s double NAT where you have control over both boxes, it’s not that big a deal. First of all, it only matters at all if you’re trying to forward ports for remote access to your services, in which case you just need to add two port forwarding rules for each service, instead of one, one in each firewall. Alternatively if the ISP router allows it, see if it has a 1:1 NAT feature, this way it forwards ALL the ports to your private router, where you can then be selective about which ports to allow.

Alternatively, if you’re not trying to host services on your LAN for public access and consumption (Which would be a bad idea at this point in time anyway given your level of knowledge) don’t worry about the NAT or port forwarding at all and just use a mesh VPN like Tailscale (Optionally with the self hosted control application Headscale) and use that to access your services which outside home securely.

[-] LazerFX@sh.itjust.works 4 points 1 year ago

Some routers will call the 1:1 NAT feature, "DMZ" (Short for Demilitarised Zone). The idea is that you just act as a pass-through, in this case, "passing through" the external internal to the internal router.

this post was submitted on 04 Sep 2023
70 points (100.0% liked)

Selfhosted

40219 readers
930 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS