Skip to content

Network Security

Your content here

Firewall

opnsense

boot environment

bectl list
bectl create after-themes
bectl activate after-themes

SSH

ssh tunnel

ssh -i C:\Users\jdede\.ssh\id_ed25519_serge -v -p 33301 -L 1443:10.0.0.139:1443 -L 33301:10.0.0.1:9000 root@serverhome.info

ssh -p 33301 -L 9000:10.0.0.1:9000 jdedev@serverhome.info
ssh -p 33301 -L 22:10.0.0.10:22 jdedev@serverhome.info
ssh -p 33301 -L 1443:10.0.0.139:1443 jdedev@serverhome.info
ssh -p 33301 -L 9000:10.0.0.1:9000 jdedev@serverhome.info

sshfs

# mount remote file system
sudo sshfs -o IdentityFile=/volume1/homes/jdedev/.ssh/id_ed25519_serge ubuntu@152.69.179.52:/ /volume1/mount/ocihost001

VPN

Wireguard

content 

sudo bash

Tailscale

pfsense

outbound NAT rules

2023-09-14_15_22_23-pfsense.homelab.lan_-_firewall__nat__outbound.png

install tailscale

Settings -> Keys -> Auth keys -> Generate auth key (reusable, expiration, ...) -> Generate key -> Copy tskey 

curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up --authkey tskey-***

tailscale synology

https://tailscale.com/kb/1131/synology/

/var/packages/Tailscale/target/bin/tailscale configure-host; synosystemctl restart pkgctl-Tailscale.service

sudo synosystemctl restart pkgctl-Tailscale.service

Reverse Proxy

Traefik

content 

sudo bash

Cloudflare Tunnels

2023.06.07-cloudflare-tunnel.png

setup application (authentication)

Required for authentication
Example : Github

start cloudflared tunnel

docker run cloudflare/cloudflared:latest tunnel --no-autoupdate run --token abc

confugure public hostnames

Configure hosts at https://one.dash.cloudflare.com/

host1.domain : connection type . url:port

nas.serverhome.info                 : https://10.0.0.1:5001
homepage.serverhome.info         : https://10.0.0.1:3000
librenms.serverhome.info            : https://10.0.0.1:3100