Home Network

| 3 minutes

sysadmin

12FEB24

Setting up routing based on time of day….basically shutting down most traffic at night. Now to figure out how

list of devices that will be allowed after midnight: mac studio apple tv ring cameras wifi bridges voip phones

  1. setup alias list of allowed hosts, then built the rule, anyone not on the list is blocked
  2. setup a schedule, hopefully, I don’t have to do the schedule every month. We will see

I just installed starlink on the roof. Why you ask? Less reliance on local internet providers and it’s cool.

So I now have 2 wan providers: t-mobile and starlink.

My current firewall is ipfire and I have used them for years (even donated to the cause). However, they don’t support multi-wan networks, so (sigh) I’m switching to pfsense.

https://www.cyberciti.biz/faq/howto-configure-dual-wan-load-balance-failover-pfsense-router/

OR

https://docs.netgate.com/pfsense/en/latest/multiwan/load-balance-and-failover.html

Using pihole to filter websites. pfblocker and squid were overcomplicated.

Getting pfsense and pihole to play well together. This worked perfectly

More Notes on forcing all traffic to use pihole dns server:

  1. Force all clients to only use the set DNS server of PFSense.
  2. From the source, forcing all dns traffic through specific dns server
  3. https://github.com/pfsense/docs/blob/master/source/dns/redirecting-all-dns-requests-to-pfsense.rst

Special Domain Mask pihole: https://discourse.pi-hole.net/t/special-domain/57811 This is blocked by pihole, otherwise all safari traffic will go around pihole.

/var/log/pihole.log has all the dns queries, so you can see what is going on much faster than web interface

https://www.iblocklist.com

I use dhcp and mac address to assign ip addresses to devices. For sanity, the ip-ranges will be divided by device type and maybe even owner. We will see.

To map all hosts

https://www.stationx.net/nmap-cheat-sheet/

nmap 10.0.0.0/21 -sn -oX firstscan.xml

sudo nmap 10.0.0.0/21 -sS -oX secondscan.xml -O -osscan-guess

xsltproc firstscan.xml -o firstscan.html

Wifi Bridges

  • TV Room
  • B & L
  • Kitchen

Cameras

  • Ring
    • Backyard
    • Driveway
    • Front
    • Front Door
    • Oak Tree
  • Ecobee
    • LivingRoom

Doorbells

  • Downstairs
  • TV Room
  • Upstairs

Lights

  • Hue
    • Bridge Master controlling multiple hue lights and switches
    • Bridge TV controlling multiple hue lights and switches
    • Switch Living Room
    • Switch Laundry Room
    • Switch Base of Stairs TV Room
  • Lutron
    • Master
  • Bond
    • Ben
    • Living Room
  • Nanoleaf
    • Ben

Doors

  • August
    • Front Door
    • Side Door
  • myq
    • Garage Door

Thermostats

  • Ecobee
    • Downstairs
    • BnL
    • TV

Speakers

  • Sonos
    • Larry
    • Curly
    • Steamroom
    • TV Room
    • Garage

Homepods

  • TV Room Apple TV
  • Ben Homepod
  • HP Master
  • Lilly Homepod
  • Living Room

Fans

  • Lilly
  • Ben Bond
  • Living Room Bond
  • Master Lutron

laptops, ipads, iphones

  • Anne (named Ben) Macbook air
  • Anne iPhone
  • John macbook pro
  • John iPad mini
  • John iPad large barely used
  • John iPhone
  • Ben iMac
  • Ben iPad
  • Ben iPhone
  • Lilly iPhone
  • Lilly iPad

Servers (Hardwired)

  • Mac Pro (Trashcan) uses 2 ip’s
  • firewall itself
  • ncid which is really homebridge now, rename
  • NAS Time Machine

IP Phones

  • Master
  • Living Room
  • TV Room
  • B & L

Misc

  • Samsung TV in TV Room
  • TV in Garage
  • mac mini in garage

Future

  • Shelly Switches