You basically need a router between the networks. I would recommend pfsense or opnsense or if you like cli vyOS. I run a pfsense that has my ISP router on the WAN port and a network interface for all VLANs and then I configured the firewall to allow specific traffic to specific devices in specific VLANs. For example my PC can reach the smart home controller website but no other device. And the samrthome devices only can reach the DNS in the ISP network (my kinda DMZ) and the router to reach the internet. And for every VLAN there are own rules where goes what communication.

You also can setup that on the managed switch which you would need for setting up VLANs.

2 days for most hosts as they had a kernel update. Other hosts about 30 days (no updates pending). And the winner is my core switch with 750 days up time.

Hm. Lag spikes in Tarkov and you check your server? I mean Tarkov.

But yeah I can feel your misconception here. But I am also the other way around I uninstalled firewalld and do all on iptables level. I am just more used to iptables. And so the sole controlling instance is iptables. In the end it’s all netfilter in kernel space.

Yea don’t use enterprise stuff and build servers yourself with lowpower hardware. Less power less heat also can be cooled easier with Noctua Low RPM low noise fans.

Nope. No VMs. Don’t know why would I if I have a dedicated XCP-NG pool for that.

Moving your gaming PC as client makes no sense no. But gaming servers like a Minecraft or whatever severer can make sense.

I can recommend XCP-NG as Hypervisor. I have over 25 VMs running my whole home from DHCP/DNS over media servers to game servers for CS2 and DayZ. And it’s stable and performant.

Don’t use NTFS either Linux as 24/7 file system. Use Linux natives like ext4, xfs or zfs. And share the drive via samba. If it’s a drive that needs to travel between systems use EXFat.

I use rdiff-backup to backup the volumes directory of my VPS to a local machine via VPN. Containers are stored in some public registry anyways. Also use ansible with all the configurations and container settings.

Free electricity for everyone.

So you know how to do it securely and analyze what may go one when it is attacked. Or what else do you want with cybersecurity? It’s about securing services on the global network and local. And webhosting is one of those service.

Use ELK. It’s basically the same but open source and unlimited for free. Also splunk sucks. Have to use it at work and it really isn’t great. (My personal opinion)

That‘s normal. There are countless bot nets that scan every public available IP to hijack. Using fail2ban is already a good approach. I personally switched to crowdsec a while ago as it comes with a crowdsourced blacklist which will silence a lot of the common noise and only occasionally I get an Alarm about an IP address not already on the default list.

I got one HGST with now almost 11 years. And some WD Reds with 9 to 10 years. They run now in a Helios 64 which I use to store DVD and BluRay backups before they get tagged correctly and moved to my Plex storage pool.

Windows bad. Linux good. BSD better.

For real though. Windows cost money, it uses a lot of resources. And Desktop Version is missing vital parts you might want to use on a windows server like Domain Controller, DHCP, Server, Web Server, Hyper-V. Etc.

Those reasons also have most running Limix or even BSD because they are pretty lightweight especially when used headless. Also as open source they are mostly free of cost. And when you virtualize on a free and open source Hypervisor like XCP-ng or Proxmox you can run way more smaller VMs than Windows VMs as they need more resources.

The Bill at the end of the year.

I am using terraform to create my VMs and destroy them. Using Ansible with the xenorchestra inventory plugin and have it configure the servers I created.

Depends on the support case you got. If it’s technical you have basically 24/7. I am in Germany but had once a hard drive failure in a server at 1am contacted technical support and it took about 30 minutes overall and the new drive was resilvering and the server back online. Takes a bit as the NOC needs to go to the data center and so on.

The problem is a lot of people here are beginners and have no real clue about network security. And opening a port is opening a door. If you have a bouncer that clears people beforehand then you can keep the door open. But you will still need to keep your bouncer trained so he can take care of people you don’t want. Same with software. Keep it updated and have security enhancements in place like 2FA and analysis tools like crowdsec or fail2ban. And the open port might not an issue at all.

But if you open a device like a NAS (cough QNAP cough) then you have a higher security risk.

TLDR; if you know what you are doing it might not have implications.

Moved on from compose ages ago. So should you.

As long as it is not reachable from any untrusted network like the Internet. It’s as safe as your home network is.