Recent content by Nicklebon

  1. Nicklebon

    Tracing out ethernet cables. Any easy way?

    Terminate remote ends and then tone out and label at the central location. Once labeled terminate what you like at the hub.
  2. Nicklebon

    What are you guys using for a router that you love?

    There's not much, read no, point in allowing encrypted dns to some certain addresses. You either block it outright and force DNS to internal sources where you can filter it or you don't. QUIC is another thing that is just blocked completely in a secure network.
  3. Nicklebon

    What are you guys using for a router that you love?

    If you're trying to block out going DNS from everything except PiHole you should be blocking 853 (DoT) as well. You should also block 443 to all known DoH servers. Of course DoH to unknown servers will ignore all that shit and breeze on through. It is my sincere desire that the inventors of DoH...
  4. Nicklebon

    SOHO Rack Mount Firewall Recommendation

    That's seems strange. We push PAN hard and still sell 3-5X more Fortinet. Of course the price/performance difference is substantial coupled with much better SDWAN integration on the Fortinet side. For the last year almost every deal has some element of sdwan in it. It isn't mentioned often in...
  5. Nicklebon

    SOHO Rack Mount Firewall Recommendation

    100/101-F or E series Fortigate or use a 60/61-F or E series with one of these: https://www.amazon.com/Rackmount-RM-FR-T10-Rack-Mount-FortiGate/dp/B01MXMCODG
  6. Nicklebon

    School Me on how to start this fiber setup please.

    FC HBA are great if you're running fibre channel not so much (read worthless) for ethernet.
  7. Nicklebon

    School Me on how to start this fiber setup please.

    Pretty sure those cards are FC HBA and not NICS. Also, I'm afraid to ask but .... All that external cable you describe in #7 is plugged into grounding blocks on both ends of the external pieces before being attached to your gear yes? If you were to switch to 1 run at 400 feet assuming 10G SR you...
  8. Nicklebon

    WiFi MAC randomization - good for privacy on public networks, but bad for home security?

    I never said they invented it. They are however the biggest cheerleaders as it plays right into their wallet. DoH is horrible for consumers as it allows app vendors to bypass any local DNS requirements and filtering to collect 100% of your dns searches from the app in question and return...
  9. Nicklebon

    WiFi MAC randomization - good for privacy on public networks, but bad for home security?

    The OP needs to understand that privacy and security are two different things. Quite often you must sacrifice one for the other. If you are interested in security then your doing TLS deep inspection on everything. If you're interested in privacy then you likely think doing so is evil. Very often...
  10. Nicklebon

    Is there benefit to direct DoT and/or DoH connection compared to local DNS server?

    Sadly this is true. You can still play the cat and mouse game of blocking known DoH servers but that's generally a loosing scenario. This is the primary reason I despise DoH. It's an abomination and should be stomped out of existence. DoT solves all the issues with plaintext DNS and does so in...
  11. Nicklebon

    Is there benefit to direct DoT and/or DoH connection compared to local DNS server?

    If you've local DNS resolvers then only those resolvers should be allowed outbound DNS. All other DNS should be blocked on your firewall. There is little point in DNS filtering if all a client has to do is change resolvers.
  12. Nicklebon

    Is there benefit to direct DoT and/or DoH connection compared to local DNS server?

    If someone is doing MITM on your LAN then they have already installed certs on your endpoints. You're already owned and DNS is the absolute least of your worries.
  13. Nicklebon

    How to isolate wireless from LAN ?

    Can you ping a wired device from a wifi device or the reverse of that?
  14. Nicklebon

    Battling with ISP over ports

    Is this a satellite ISP or a WISP? Are you certain you have a static publicly routable IP? Also, Starlink will not be a solution for this as they use CGNAT so no inbound traffic you. There is a possibility that will change later but as of today ... sorry Charlie.
  15. Nicklebon

    How to isolate wireless from LAN ?

    I'll add that if you have more than one AP you can plug a switch into the new PFSense interface and then plug APs into the switch. Also you said earlier in the thread you needed but didn't have an L3 switch for VLANs. Please note VLAN are layer 2 that require layer 3 routing. You can build a...
Top