Thank you for providing the details. Based on your requirements, you can achieve your goal by utilizing the Linux bridge functionality to create a software-level Layer 2 switch. Here’s an outline of the steps involved:
Install the necessary software: Ensure that the bridge-utils package is installed on your Linux machine. You can typically install it using the package manager specific to your distribution. For example, on Ubuntu or Debian, you can run sudo apt-get install bridge-utils.
Identify your physical network interface: Determine the name of your WiFi network interface that is connected to the ISP router. You can use the ip link command to list the available network interfaces. Look for the interface name associated with your WiFi connection (e.g., wlan0).
Disable network management on the physical interface: To prevent network managers from managing the physical interface directly, you’ll want to disable their control. This step may vary depending on your specific network manager. For example, if you’re using NetworkManager, you can edit the configuration file associated with your WiFi connection (usually located in /etc/NetworkManager/system-connections/) and set managed=false. Alternatively, you can stop or disable the network manager service temporarily.
Create a bridge interface: Create a Linux bridge interface using the brctl command. For example, you can run sudo brctl addbr br0 to create a bridge named br0.
Add the physical interface to the bridge: Add your WiFi interface to the bridge using the brctl addif command. For example, run sudo brctl addif br0 wlan0 to add wlan0 to the bridge.
Configure the bridge interface: Assign an IP address to the bridge interface (br0) by configuring it in the network configuration files. The specific file to edit depends on your Linux distribution. For example, on Ubuntu or Debian, you can edit /etc/network/interfaces and add the following lines:
Alternatively, you can use network management tools like NetworkManager or systemd-networkd to configure the bridge interface.
Configure the virtual machines and containers: Configure your virtual machines, Docker containers, and systemd-containers to use the bridge interface (br0) as their network interface. This configuration varies depending on the specific technology you are using. For example:
For Docker: Create a new Docker network of type “bridge” and specify the bridge name as br0. Then, when creating or running Docker containers, connect them to this network.
For systemd-containers: Configure the [email protected] and [email protected] units to attach the container to the bridge interface (br0). This can be done using the systemctl command and systemd network configuration files.
With these steps, your virtual machines, Docker containers, and systemd-containers should be able to obtain IP addresses directly from your ISP router via the software-level Layer 2 switch created using the Linux bridge interface.
Please note that the specific commands and configuration files may vary depending on your Linux distribution and network management setup. Make sure to adapt the instructions accordingly. Additionally, be cautious when modifying network configurations as it can potentially impact your network connectivity.
Optiplex 3070, it’s made a good box for jellyfin, truenas etc. SFF is goof for my needs but if i didnt move often i’d get a regular size to hold more HDD
They are solid, the bios was my biggest surprise as there are so many settings i can tweak. Dell and Lenovo both make good boxes for homelabs and run linux well.
seems to be down for me too. I keep getting an error that the server is redirecting too many times, I wonder if they’re undergoing a DDOS attack or something like that.
The sky-high barrier to entry was a MAJOR problem for me.
When I was seriously considering installing Linux, the first issue I ran into was the lack of tutorials - or, more accurately, the bewildering array of tutorials. You couldn’t just search the term “Linux tutorial” and expect an answer that was specific enough to your case to actually be useful. There was (and is) a wide variety of distributions, each with their own unique behaviors and requirements.
If you were looking for help with the Windows or Mac OS, all you needed was the OS version number, plus maybe some basic hardware info, and most of the time you were good. With Linux, answering even the simplest question required a focused, concentrated effort, and there was still a decent chance a beginner wouldn’t have enough background knowledge to understand the answer. Generally speaking, beginner-friendly tutorials were often too broad to be useful, and specific tutorials tended to assume knowledge that a beginner didn’t have.
Unless you had someone standing by who was willing to be your Linux Yoda, starting out was very difficult. I didn’t know such a person, so I just gave up.
Granted, this was several years ago, and things may have changed. I’m speaking from my own limited experience.
If the boss make $5 while I make $0.05, I never feel bad about demanding, not asking, for a raise, and if I don’t get it, I quit and go to a place that will give it. Have walked out on jobs the day I was denied multiple times and never have regretted it.
Damn, ballsy. I definitely abide by that unwritten rule that the best time to find a new job is while you still have one. Happy it never negatively impacted you, but I have a kid that depends on me, can’t really risk that unless I think I can find something in a matter of weeks, even days… I do have some emergency savings, but I’d rather it be for actual emergencies (firing/layoffs, sickness, whatever) than me quitting.
I’d rather start doing the bare minimum and continue sucking off the maximum amount of money I can from an employer I hate out of pure spite lol. If they’re not happy with it, they can fire me, and I’d at least get access to the unemployment I’ve been paying those taxes for anyway.
I have clamav installed, but only run it sporadically during attacks of paranoia. The only thing it’s ever found was a Windows virus in an old email attachment among some files that had come from a Windows box.
The main thing you need to do to avoid viruses is avoid running untrusted code, which means, among other things, using paranoid browser settings. Linux tends to have fewer random holes where script execution environments ooze into places where they really shouldn’t be, although even Windows isn’t quite as bad about that as it was twenty-five years ago.
I hope that snaps, flatpaks, AppImages, etc., will make a big difference in terms of adoption and ease of use. As @Millie said, if complications arise while trying to install or use software, then you’re basically screwed unless you have a really good tutorial or deep knowledge. I’ve been using various Linux distros as daily drivers for the past ~10 years, and in that time, I still haven’t figured out why there’s such a big emphasis on compiling software. Your average Windows user has probably never even heard of compilation let alone been required to compile software in order to use it. For better or worse, the emphasis in Windows is on shipping binaries that the user can simply double-click to run. And if we want to reduce frustration for new Linux users, we can’t expect them to know how to compile software. Snaps, flatpaks, and AppImages definitely move us in the right direction even if there’s a lot of internal debate about which of those is best.
It’s also nice to see big flagship projects like Gnome finally really taking off in terms of quality. Of course, the Gnome desktop environment won’t appeal to everyone aesthetically, and it’s generally much more resource-intensive than Cinnamon, KDE, XFCE, LXQt, etc.; but distros like Ubuntu, Fedora, Pop!_OS, etc., look really great and work really well out of the box for most people. Same with Linux Mint. And I personally don’t care for KDE, but it’s another DE that’s pretty solid.
Setup cloudflare, I believe the free tier includes ddos protection. Then setup your ingress to only allow cloudflare IPs, either with iptables or even better if your vps supports it with a network policy.
I appreciate the tip but as a privacy minded self-hoster I try to avoid companies like cloudflare. Surely there has to be a way to diy DDoS protection?
I imagine that’s essentially what I’ve accomplished with Traefik already. The question I have is if Geoblocking does much to mitigate a DDoS. I know for sure it’s at least useful to block third world scammers and bots from running hacking scripts against my server.
@brownmustardminion DDoS usually involves attacks from multiple geographical locations simultaneously. You will eliminate a large threat surface by restricting which countries are allowed for incoming. Of course this won't prevent targeted attacks from hackers who know you and want revenge and can setup bots in a single location but these are rare. Most attempts are by script kiddies.
A 2 gigabit event isn’t big enough to be considered a real attack, a service like cloudflare can sink a 2 terrabit attack every day of the week.
Building a DDoS protection service ( that isn’t just black holing traffic ) starts with having enough bandwidth to throw away the attack volume plus keep your desired traffic working and have a bit of overhead to work your mitigation strategies.
What this means is to DIY a useful service you start by buying a couple of terrabits of bandwith in ‘small’ chunks of a hundred gigabits or so in most peering locations around the globe and then you build a proxy layer like cloudflare on top of it with a team of smart dudes to automate outsmarting the bad guys.
I don’t like cloudflare either, but the barriers to entry in this industry are epic.
Can you go IPv6 only with dynamic dns + recycling ip every day? My raspberry pi doesn’t get bot traffic. I have 22, 80, 443 and a few other ports open on public ipv6 address.
Digital foundry had an interesting take on this. Cod makes more than 1 billion a year, and cost probably more each year than any other franchise to develop and maintain. If Microsoft made it an Xbox exclusive, they might cut that 1 billion dollar figure in half, and the franchise might bleed more money than MS would make selling more consoles. In fact, the franchise might go negative.
Basically, they can’t afford to lose the ps5 playerbase.
Do you feel you are being paid fair value for your work?
If not ask for a raise or look for a new job. Note that for the last 20 years in the US it has been shown to be easier to get a raise by changing jobs than asking for one.
kbin.life
Active