Hello.
Ive been following this wonderfull guide but i have a problem.
Lancache does indeed cache downloads but if i download a big game like Doom Eternal and then set to download it again via Lancache the VM network just dies.
Even a reboot of the VM server fails to get the network running again.
This is when starting it up again after the crash.
Any ideas ?
Edit: Seems like my server doesn’t like Alma, tried with Debian and no problems.
Likely nic firmware or kernel/dirver version. Maybe. Interesting.
So everything is working great only Pihole spams my event log with:
Exec instance started: /bin/sh -c dig +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1
I’ve tried everything now to fix this but i am a newbie at this so any idea to fix this?
Edit: Forgot to write that i know they are health checks, i just can’t find a way to filter them from the event veiwer so it isn’t filled with them.
so I need to learn squid… sigh, but yeah ok!
doing the same thing, kids vlan for wifi/lan that will have more strict filtering
@wendell think it would be hard to setup lancache to also cache things like distro updates from Manjaro?
I’m playing with my own Forbidden Router and pushing down several VLAN-tagged SR-IOV NICs to the router guest:
2: if-1g: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether a0:36:9f:xx:xx:xx brd ff:ff:ff:ff:ff:ff
vf 0 link/ether 52:54:00:xx:xx:xx brd ff:ff:ff:ff:ff:ff, vlan 20, spoof checking on, link-state auto, trust off, query_rss off
vf 1 link/ether 52:54:00:xx:xx:xx brd ff:ff:ff:ff:ff:ff, vlan 30, spoof checking on, link-state auto, trust off, query_rss off
vf 2 link/ether 52:54:00:xx:xx:xx brd ff:ff:ff:ff:ff:ff, vlan 40, spoof checking on, link-state auto, trust off, query_rss off
Unfortunately I’m seeing an absolutely monstrous amount of CPU utilization, even when downloading from the public internet at sub-gigabit speeds. Like two of the four VCPUs showing 90+% utilization in htop. The CPU is a Ryzen 9 3900X so it’s no slouch. Interestingly the increased CPU utilization is only apparent at the hypervisor level; the guest thinks it’s mostly idle.
I’ve been playing around with the kvm.halt_poll_ns tunable and with the spoofchk, trust, etc. ip link options and can’t seem to crack this nut. My understanding was that the NIC would offload most of the MAC- and VLAN-filtering but that doesn’t track with the host appearing to be so busy.
Any ideas?
ETA: I tried pushing down an untagged VF and doing all the tagging within the router guest instead, same behavior. So it doesn’t appear to be related to VLAN tagging per se.
EDIT 2: OK, I guess altering kvm.halt_poll_ns in real time doesn’t effect running VMs. If I set it to zero on boot (i.e. on the kernel command line) it solves the issue. Now I just need to figure out if there are any pitfalls to doing that!
I think I’m running into the aforementioned TrueNAS woes. I’ve set it up through the “apps” section rather than docker and my ignorance has me stuck. I choose ports for web/tcp/udp but I don’t understand what ip my clients should point to for dns? If I just put the host machine’s it doesn’t work, which makes sense… but even when running ip a from the shell of the application I get a nat-ish ip that wouldn’t make sense for my network’s IP range.
Sorry for my obvious ignorance, would appreciate any suggestions and happy to post screenshots or whatever else is helpful.
Do you mean “Portainer” here?
Yes portainer has stacks lol oops. But portainer works with podman
Something i found helpful if people expose their forbidden router DNS server to the web.
It would be useful to use a regex to stop ANY queries
Add the following to the regex blacklist
.*;querytype=ANY
Also blacklisting version.bind TXT queries will help reduce the information the DNS server gives out to the internet. Ive found those requests disturbingly often come from shodan and censys DOT io. I take it one step further and disallow quering cachesize.bind/insertions.bind/evictions.bind from anywhere other than my internal network
Now instead of using the firewall to do it (more intensive) you can just configure pihole to block it and thus it will block most amplification attacks
I’m trying to set up my NAS as a forbidden router, and it is gruelling. I’ve got a B550-F Gaming WiFi II motherboard with a 5600G on it, but the bifurcation is such that if I install anything in one of my PCIe3x1 slots, the PCIe3x4 slot goes down to x1 also. I’ve got a breakout card for four M.2 in the PCIe4x16 slot, and a 10GbE NIC in the PCIe3x4 slot (which is PCIe2, so unfortunately it needs at least three lanes), but I also need to install a PCIe2x1 4xGigabit NIC. There’s no way to arrange these cards that won’t cripple the 10GbE or leave me without my SSDs. I’d kill for a “card” that is just internal USB2 header to 4x100Mbps Ethernet right now, but it seems I’d have to make such a thing myself.
what about the m.2 to 1gbe ot 2.5gb e adapters? they make both m/b key and e key adapters, so you can ditch the wifi card and get at least one maybe 2 1gb nics that way?
Yeah, I just had that thought too. I do need the WiFi, I’m planning to use this machine as the router for the west wing+office+garage of the house and then slave my two old WiFi routers to this computer as APs for the front and back yard, so I can have good WiFi everywhere. But I do have a spare M.2 slot, and I can get rid of one of the SSDs since I have lots of spare room on my Octanes. I’ve found M.2 NICs that offer two 2.5GbE each, so that’s all the ports I need. It’ll also be slightly faster, which might be nice for the future.
Certainly less of a hassle than ripping apart four USB NICs, soldering them to a ribbon cable, and printing some sort of PCI bracket to hold them in place. I may still do that just for fun though, just to avoid buying a switch and doing things properly.
The built in wifi is not likely to outlive the usefulness of a network port either. 5-10 year routers are a thing for me but wifi access points last about 2 maybe 3 years
One of my WiFi routers is ten years old and the other is five, so I’m definitely on a slower cycle than you for replacing them. I don’t actually use my wireless all that much, the toughest loads it suffers are probably the laptops backing up to the NAS overnight, where speed doesn’t really matter anyway. Apart from that almost all my heavy network loads are wired, including streaming to my TVs. I am getting some wireless CCTV cameras for the yard though, so good range and reception will be more important in the future. If the WiFi card the motherboard came with were to break I’d probably just replace it, it doesn’t look too complicated. I don’t think I’ve ever had a WiFi card just die on me though, is it really that common?
Hopefully this helps someone. Theres a typo that confused me for a bit.
“yum-config-manager –add-repo htt…”
is missing a -. Should be two dashes before add-repo. The website keeps simplifying it to a single long dash though.
re thinking life choices when planning to build this
-Estimating 14-18TB of steam cache needed…and rising if I can add Ubisoft, Rockstar and EA games…UG… Time to fire up the big boy dell t420 I built lol
Soooo, I had fun today. I decided hey, I built a new machine I want to use for light VM’s and a steam cache. I’ll try out XCP-ng like is suggested here and make a few modification for my infrastructure as I have a separate Firewall (OPNsense) and don’t need a superfast DNS so Pi is working fine for me.
I ran into a “fun” issue I thought I might bring up as it took me a while to trouble shoot… I’m sure a lot of pro’s wouldn’t have this issue because they have better processes than I.
I had trouble installing XCP-ng. I had no option to select a “Drive” for VM’s. I planned on just using the one drive for VM’s and XCP-ng itself because I didn’t plan doing a ton with the system because it’s a new platform I’ll learn on and the supporting doc’s said that is possible it should use the open space on the installed drive. Some googling later I saw one post stating a line of code to name the drive… no joy. After some googling and 3 tries to install I discovered a drive that had been previously used in a ZSF pool or formatted with ZFS retains a tag for that which interferes with XCP-ng from properly using it.
I’m sure most people, sysadmins etc do this before hand…BUT I did not… Secondly “Secure Erase from ASUS” does not support cleaning Samsung drives or my 980 at least. I had already built the machine and would have to tear it down to get to it so i had to create a Samsung Secure Erase boot drive with Samsung Magician. Re installed and viola theres the druve and we are up and running… well till system froze and i couldnt give any commands or sign in via the CLI even…so back to proxmox to tinker a bit.
I’m sure this is a niche issue, but I wanted to post it all the same for anyone else who may have the issue.
I have made a post about ntp servers here, but I figured why not ask directly if you hadn’t yet seen my post. With all these services and using both pfsense and openwrt (and adding it to repeaters too, I would be interested in that)
do you run a local NTP server, so all other VMs, containers routers and all the rest, can sync with ONE server online, maybe once every week or two, and sync all lan devices locally to that server however often you want.
To me, (and there has been quite a bit of debate over this idea) I think it would help save a LOT of energy if enough people actually did this. Where it truly has no downside at all, is adding it to openwrt, which would be a wifi router that more than 99.999999% of people never unpower manually, for any reason other than network diagnostics. Which is probably quite rare too.
Error Deployment error
failed to deploy a stack: open /data/compose/14/.env: no such file or directory
2023-04-10 04:15:09
I did a boo boo… for the life of me I can not get the stack to start for Lancache.
Scratch that…I did have to install manually via CLI, the setup using potainer failed, but it does showup and I do have control via portainer so I’m happy… going to try caching now 