Hi, c/selfhosted! This is my first post on Fediverse and I am glad to be making it here.

I recently got fed up with having to use Tailscale to access my server at home and decided to expose it publicly. A friend recommended segregating the server into a dedicated VLAN. My router’s stock firmware does not allow that, so I flashed OpenWrt on it (I am amazed how simple and easy the process was).

Getting the router to actually assign an IP address to the server was quite a headache (with no prior experience using OpenWrt), but I managed to do it at the end with a help from a tutorial video on YouTube.

Now, everything is working perfectly fine and as I’d expect, except that all requests’ IP addresses are set to the router’s IP address (192.168.3.1), so I am unable to use proper rate limiting and especially fail2ban.

I was hoping someone here would have an experience with this situation and help me.

Edit: Solved thanks to @PotatoesFall@discuss.tchncs.de.

I messed around with the port-forward settings with no luck in the past. Instead, disabling the “Masquerade” option in the firewall settings for the server’s VLAN worked.

  • iamthetot@piefed.caEnglish
    2·
    13 hours ago

    Welcome to Lemmy! Unfortunately I can’t be of help, but if you’ll indulge me, I’m curious why you got “fed up” with using Tailscale.

    • pogodem0n@lemmy.worldOPEnglish
      2·
      12 hours ago

      Thanks. I have been lurking ever since Reddit’s third-party client shenanigans, actually. 😅

      The Android client has a recurring bug where the connection to the Tailnet and the DNS break about half the time when switching between Wi-Fi and cellular networks. Plus, I can’t use it and a VPN at the same time.

      I can remedy that by toggling the connection off and on from the notifications panel, but it still keeps breaking with stuff that use a persistent connection, like ntfy (a UnifiedPush server).

      • mic_check_one_two@lemmy.dbzer0.comEnglish
        2·
        10 hours ago

        Yeah, Tailscale’s “zero-config” idea is great as long as things actually work correctly… But you immediately run into issues when you need to configure things, because Tailscale locks you out of lots of important settings that would otherwise be accessible.

        For instance, the WiFi at my job blocks all outbound WireGuard connections. Meaning I can’t connect to my tailnet when I’m at work, unless I hop off the WiFi and tether to my personal cell phone (which has a monthly data cap). Tailscale is built on WireGuard, and WireGuard only. If I could swap it to use OpenVPN or IKEv2 instead, I could bypass the problem entirely. But instead, I’m forced to just run an OpenVPN server at home, and connect using that instead of using Tailscale.