zlacker

A homelab with an useable uplink can be sufficient for many services like blog,DNS, mail. I have 3 Lenovo ThinkCentre Mini PCs running Proxmox VE in HA mode off my basement. Picture at https://devops.science/

replies(1): >>sobkas+E

>>rmoriz+(OP)
> A homelab with an useable uplink can be sufficient for many services like blog, DNS, mail.

I always felt like you are painting target on your homelab when you allow outside access.

replies(2): >>rmoriz+93 >>dend+c3

>>sobkas+E
You are. I'm tunneling a /23 which I let Vultr announce via BGP over WireGuard to a local router VM. I have a nftables firewall in place before routing the traffic through the tunnel. I block everything except for exposed IPs and ports/protocols just to keep my limited bandwidth free of noise.

>>sobkas+E
You do. That's why I wouldn't recommend it to anyone unless they absolutely know what they're doing. Can't tell you how many friends I had to have a talk with who had plain vanilla port forwarding done on their home router, exposing their entire home network to the web.

Nowadays, I recommend them use Tailscale as an out-of-the-box Wireguard-based VPN to safely connect to their home servers from remote locations.

replies(1): >>rmoriz+TD

>>dend+c3
To be honest, as an IT professional you should have basic knowledge about firewalls. nft/nftables is a big improvement in firewall usability for Linux, I also know many homelab people using OPNSense or even DD-WRT for that job. I prefer plain Linux (distro of your choice, I don't judge) and nft.

Tutorials:

- https://wiki.gentoo.org/wiki/Nftables/Examples

- https://wiki.archlinux.org/title/Nftables

- and probably the best advanced tutorial is a video series https://www.youtube.com/watch?v=K8JPwbcNy_0&list=PLUF494I4KU...

TL;DR One should know firewall fundamentals, nft/nftables as successor of iptables is very convenient to use, a single config document instead of interactiving with 100 cli commands which have to be in a specific order.