Used to run a virtualized firewall setup. And then one day discovered that somewhere along the lines I had made a change (or an update changed something) that meant proxmox admin interface was being served publicly. That's despite confirming during initial setup that it isn't.
So now I do not do any funky stuff with firewalls anymore. Separate appliance with opnsense bare metal.
eqvinox 1 hours ago [-]
That's not a router, that's a CPE, and one without IPv6 support.
marssaxman 9 minutes ago [-]
Thank you for informing me that a novel definition of the term "router" has come along since the last time I turned a Linux box into a router. The world changes in strange ways sometimes!
trelane 10 minutes ago [-]
What is "CPE" in this context? It's probably not "Common Platform Enumeration" (my top results for "cpe linux") or "Customer-Premises Equipment." ("cpe networking")
oxygen_crisis 54 minutes ago [-]
Technically it's an IPv4 router once you enable net.ipv4.ip_forward in step 1, the rest is enabling a whole lot of supplementary services and operations not intrinsic to the definition of a router.
TacticalCoder 39 minutes ago [-]
I didn't see in TFA --although I may have missed it-- where it said it was replacing the ISP's router/CPE. Anything routing traffic is a router.
At home I've got both a CPE given by my ISP and my own router that routes and bridges traffic between two LANs of mine (192. and 10.).
Moreover the lack of IPv6 inside our own LANs is, for many of us, a feature. It doesn't mean we don't have an IPv6 address: it just means we have the choice and did choose to have our own LANs on IPv4 only. And, no, I don't care that it makes some programmers at some megacorp' lives more difficult to "reach" inside my networks.
I'm the boss at my home and my router is IPv4 only.
And I've got that in addition to my ISP's CPE.
Rendered at 22:16:03 GMT+0000 (Coordinated Universal Time) with Vercel.
So now I do not do any funky stuff with firewalls anymore. Separate appliance with opnsense bare metal.
At home I've got both a CPE given by my ISP and my own router that routes and bridges traffic between two LANs of mine (192. and 10.).
Moreover the lack of IPv6 inside our own LANs is, for many of us, a feature. It doesn't mean we don't have an IPv6 address: it just means we have the choice and did choose to have our own LANs on IPv4 only. And, no, I don't care that it makes some programmers at some megacorp' lives more difficult to "reach" inside my networks.
I'm the boss at my home and my router is IPv4 only.
And I've got that in addition to my ISP's CPE.