Firewall

This article shows a simple solution to a weird networking problem that plagued me for hours: IPv6 packets were sometimes lost; IPv4 was not affected. Problem: IPv6 Ping Timeouts and Packet Losses Symptom: Teams Issues I noticed the problem first when there were intermittent connectivity issues in Teams during a meeting.

This article presents a simple, balanced OPNsense firewall configuration for a secure smart home. The config provides good security while still allowing the freedom that is required by a family that is comprised mostly of people who wouldn’t call themselves IT geeks. This post is part of my series on home automation, networking & self-hosting that shows how to install, configure, and run a home server & network with dockerized or virtualized services.

This article explains how to configure OPNsense as your (only) internet router in a fiber to the home (FTTH) setup. This post is part of my series on home automation, networking & self-hosting that shows how to install, configure, and run a home server & network with dockerized or virtualized services.

When I tried to connect to the administrative file share C$ on my wife’s computer I got the error A device attached to the system is not functioning. The other way round worked without a hitch, i.e. I could access my laptop’s C$ share from my wife’s computer.

With the advent of BYO it has become fashionable to regard PCs as untrusted devices that should be isolated in a dedicated security zone. Zoning Such an approach has a big advantage: by separating clients from servers it is possible to treat them differently and potentially apply more relaxed security policies - which is a basic requirement for BYO. In a truly BYO-only environment you block everything except Citrix ICA or some other remoting procotol of choice at the firewall and life is good. In real corporate networks things are a bit more complicated, however. Say you want to isolate your managed Windows PCs. In that case you might want to be able to manage them remotely from systems outside the client security zone (e.g. from management terminal servers). And suddenly you have a problem: Windows management protocols, especially RPC and DCOM, are not exactly firewall-friendly.

I had an interesting little case to solve at home recently when my headless file server suddenly would not accept RDP connections any more. It still worked flawlessly as a file server, so I ignored the problem for a while.