Posts by HannesJo

What I mean by toxic is that the popularity of the vids in combination with the lack of any hint about security leads to a mass of servers with basic Nextcloud, plex, smb/cifs, …. setup that works in general but have not a minimum of security.

People expose their ports, grant full file access to everyone, open their shares for everyone in the network. They allow root to connect via ssh with poor password and heard nothing about eg fail2ban. They setup raid but have no backup.

When someone tells them, they are almost always very surprised and even kind of shocked. And very often it has begun with one of these howtos where the instructor did not even spent 1 min for at least giving some keywords about missing security aspects that must be covered before going productive. They just thought it’s done.

Furthermore, if you comment his videos just to add missing info for a proper setup, he just deletes your comment.

Quote from gderf

Not true.

There are many users who are on Carrier-grade NAT networks and they do not have public IP addresses on any of their equipment.

Now you got me! I really wonder why I never heard about that ... Well, perhaps I did and forgot. So massenzio is it that what you meant? Because if your Ports are not exposed, it should actually not be necessary. I think the big question is how can one contact your port 22 from the internet.

Quote from massenzio

ask them to put me on a private ip

Just to clear things up regarding public and private ip. You seem quite confused here. Everyone who accesses the internet has a public ip. You cannot access internet without it. Either you have got an IP that makes your gateway/router reachable from the world, this is a public one then - or you don't have internet access at all. Then, you dont have a public IP. There is nothing like private ip from internet service provider. Best you can do in that matter is accessing your services via VPN only and forbid anything else. That may be kind of what you mean by private ip.

In the local network your devices communicate via local IPs. These are kind of private. But you dont get them from your isp as they only work within your lan environment. They are not reachable from outside and you cannot connect to the internet with them.

So I really wonder what you mean by you switched to a public IP. Have you setup a dyndns maybe?

----

BTW Here we see again why TechnoDadLife 's videos are toxic. For him, the quantity and simplicity of the videos takes precedence over quality and care. He explains the most easy way to setup something so that it is somehow working. But he never gives any hint about why he does what settings and what topics are left to make things at least a little bit secure. Just open up everything, people gonna be happy. Security and Safety? What the hell is that?!

Yeah that sounds like Adguart is being used but the ad you are talking about is perhaps just not on your blocklist or the app doesn’t even use DNS. It’s also possible it uses a direct ip or the ad is loaded from a Ressource that is needed for the service. Additionally there are lots of blocking lists that are way too strict. Some months ago I was suddenly not able to load podcasts anymore because some of my lists were shitty.

Hmm that sounds good so far. Especially when your phone shows the correct DNS it should use it. Is it the same with other devices connected via wifi? Can you go to Adguard and check the devices using it? I unfortunately don't know Adguard since I use Pihole. On Pihole there is a network overview that lists all network devices and if they use the correct DNS.

First of all. The IP of your AdGuard is not 127.0.0.1. 127.0.0.1 is just a pseudo IP for any network device to call itself. Your Adguard IP is most likely the IP of OMV (depends on configuration but if technodad says the Router DNS setting should point to OMV than thats how he configured it)

If your Router is the DHCP Server that is correct. The DNS setting of OMV can be 1.1.1.1. But here you already see the problem of technodad. He just does not explain what you are actually doing and why. So let me explain what you actually did. Your Router is the DHCP Server of your local network. That means any device that uses IPv4 and DHCP will ask your Router for a IP address. Your router then takes an address that is free and assigns / passes it to the device. Additionally, your router now tells the device: Hey, in the network there is a DNS server at the address xxx.xxx.xxx.xxx (OMVs address). So for these devices, DNS requests go over Adguard now and Adguard can filter eg ads. But think about it, what if you sit infront of your OMV server and try to reach a resource with ads?

As you mentioned, OMV is configured to use DNS 1.1.1.1. So it bypasses Adguard. On OMV that is okay because you are not browsing there anyway. But it is also possible that someone configured his notebook to use DNS 1.1.1.1. What happens? That notebook will just ignore Adguard, no matter if in your network or not. The second point is that we are talking about IPv4. I dont know if or how Adguard can work with IPv6 and how to do so. But I suppose technodad ignored IPv6 and only configured IPv4. So what do you think happens when a device connects via IPv6? How should it use Adguard? Long story short: Check your wifi devices what DNS they use. If they have entered 1.1.1.1 it obviously cannot use Adguard. If they use IPv6 it may be necessary to change the IPv6 setting to link local.

Ah sorry I just thought about dd full

You must restore the image temporarily to a drive that is NOT smaller, then resize the partition to match the smaller one, do a new backup of it and restore that to the smaller drive. If I remember correctly there are also some extra steps on the smaller drive at the end. Not sure right now. Google should find you instructions. But I tell you, this is really not fun. Perhaps you should just take a drive of the same size. I am also no expert in that. Maybe geaves can help..

Theoretically yes, but it's not that easy even for advanced users. You have to do some extra steps that are not covered in the threads mentioned. I recommend you not to do that.

I would stick to RE: How to restore from an omv-backup? (#7)

I think there is no restore app. Have you read @macoms links?

Sounds like your wifi devices are not using the correct DNS. I would check that on one of them.

In the other hand technodads videos are always just the very very basic config. Thats why I dont like them that much. Maybe the way he configured it does not work on your environment or he forgot to explain certain settings.

Most likely not because as Agricola already mentioned, you can only unmount unreferenced drives (Drives that are not configured to be in use by any service). So when you say you want to access via LAN, I think you gonna reference it eg in SMB/CIFS. Best you can do is change the power management setting so the drive spins down after a certain time not being used (Perhaps it will do that anyway).

The reason why this works on Windows is that you use your Windows for a PC / Desktop. OMV is a server system. You commonly don't use the OMV GUI daily to use the server, but only to change the configuration, apply updates or check the state.

In engineering, everything is a trade-off. Do you use an existing solution or do you develop your own? If you want to use an existing one, which one comes into question? Which offers which advantages and disadvantages? That's what engineers do. Objective-oriented working.

You now visit a forum and with a lot of patience they explain to you what options you have in the world of OMV, what advantages and disadvantages there are and why your idea is not the best choice and therefore not officially supported.

If you think you are the expert here who actually knows everything best, that's okay. But then you should actually be able to configure your server yourself according to your wishes, instead of endlessly arguing about it. Funny enough, your first sentence here in the thread was about IPv6 and now you tell us that the thread is not about IPv6. lol.. So then don't argue about it.

Quote from ryecoaaron

I don't remember the last time I had something go bad on install or update. And if I did, they typically aren't hard to fix. You learn from fixing them as well. Rolling back just avoids the issue in my opinion and is very Windows-like.

I totally agree with that in general but here it is also about up-time. I do not want to fiddle and tinker on my main NAS. I just want it to be online. So if sth broke it makes me happy to just roll back and thats it. In that matter BTRFS on OS drive is a blessing.

I am running 5.12. but I think there is no official package yet. You can just compile it yourself. You should find a guide here in the forum. I don't really understand why you think you need IDMAPPED, but anyway.

Yes

crashtest do you think a newly setup omv would automatically detect the raid?

Ah sorry I did not even think of that since I use btrfs raid. Whats yours? mdadm?

In case you wanna use OMV6, wait some months until it is released. If you wanna update right now, use OMV5 as it is the current stable release.

However, I would do the following steps:

1. Setup a virtual omv on your pc just to get familiar with it. Test things that you gonna need. Solve any problems prior to doing anything on your NAS.

2. BACKUP ALL DATA

3. Disconnect data drives

4. Swipe system drive and install new omv

5. Reconnect data drives

6. Configure ..