Sarah Brown

goatsarah@thegoatery.dyndns.org

I'm Sarah. I'm a Brit who fled to Portugal on account of Brexit, increasing intolerance and the British weather. I like climbing (although I can't do much any more for health reasons) and sailing. This is a Friendica account. Friendica is kinda like Facebook as Mastodon is kinda like Twitter, except they can talk to each other.

Network Posts

Lagos, Faro, Portugal

Sarah Brown

1 year ago •

Sarah Brown
1 year ago •

Put my friendica installation on a VLAN. It made accessing it locally ... interesting.

So I can access it from outside. Fine.

But if I try to access it internally, the traffic just gets dropped. There's no firewall rule to handle the forward via external IP address loopback.

So I set up a forward, and of course, that was a stupid thing to do. Every other https service in the world suddenly and unceremoniously disappears.

So I change the forward to only be something looking to loopback via my external IP.

But the external IP is dynamic. The router will update the dyndns record, but it will not update its own firewall rule. I'd have to do it manually every time it changed. Very far from ideal.

But inspiration struck! I have my own DNS server! (pihole).

As of now, thegoatery.dyndns.org from within my internal network resolves to the IP address of the friendica box on the VLAN.

Done.

like this

in reply to Sarah Brown

Sarah Brown

in reply to Sarah Brown • 1 year ago •

Anyway, the squeaky bum time of anyone able to root my Friendica server being able to access my internal network is over.

like this

in reply to Sarah Brown

Sarah Brown

in reply to Sarah Brown • 1 year ago •

Potential gotcha: LuCI is available on all interfaces on #OpenWRT. WAN is moot because firewall and redirect anyway, but having it on the Friendica DMZ VLAN is very bad!

It’s no longer there.

#openwrt

⇧