cometship

Members
  • Posts

    18
  • Joined

  • Last visited

Everything posted by cometship

  1. See below screenshots of 2 ethernet physical connections in UNRAID. Objective is to install Shinobi docker for CCTV on separate VLAN that should not have access to array data or mgt interfaces. et0 10G NIC is intended for UNRAID array sharing only. Working OK. eth1 1G MB NIC is intended for Shinobi VLAN bridge. CCTV cameras on that VLAN should not have access to eth0 and array. Bridging has been enabled for eth1 and CCTV VLAN 100 Switch has been configured to isolate eth1 physical from 192.168.1.1/24. That's why eth1 is not able to talk to router and gets automatic private IP address: 169.254.187.134 Please help me review Network Settings configuration: Thanks! Creating a VM to check VLAN is accessible: Options are virbr0 (assume means eth0 virtual bridge), br1 (assume means eth1 virtual bridge) & br1.100 (CCTV VLAN)
  2. Turns out this is port scan from Gryphon. I disabled SSH port un UNRAID management tab since I don't use ssh. From Gryphon support: "Our Gryphon has a firewall that will block/filter inbound traffic. the Gryphon regularly scans ports that are open and will give you a notification for an open port. You will then determine if that port is used by an application or website and is safe to leave as open. Here are some options you can choose for a port scan detection result. 1. Quarantine - can’t access the internet on the rogue device (stops the device) 2. Monitor – to monitor the device and keep you posted. 3. Delete – delete the notification but will notify again when there is another scan 4. Ignore - will NOT notify the user for 7 days The quarantine will have your device totally blocked. Thank you, Gryphon Support/FE Customer Support Line +1 (480) 428-4016"
  3. What are these login attempts in system log? Googling shows is related to SSH from 192.168.1.1. I see about 100 of these warning over a 2 sec interval in sys log every few days. Is these an SSH attempt from router gateway, or coming from another network device? Hopefully not from the internet. Thanks Jan 16 02:19:24 NASBoy sshd[4420]: Connection from 192.168.1.1 port 57549 on 192.168.1.242 port 22 rdomain "" Jan 16 02:19:24 NASBoy sshd[4420]: Unable to negotiate with 192.168.1.1 port 57549: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth] .... (many attempts over 2 sec)
  4. Hi, please find attached diagnostics. The Fix Common Problems Plugin found no errors. How do I release a NIC interface from UNRAID that is labeled in Network Settings as 'shutdown inactive', and in System Devices page as 'In Use by Unraid'? NICs are not bonded or bridged. Do I just set above eth2 to same MAC as eth0? Is that the procedure to remove a NIC that is in use by UNRAID? Thank you for your help.
  5. How do I release a NIC interface from UNRAID that is labeled in Network Settings as 'shutdown inactive', and in System Devices page as 'In Use by Unraid'? Do I just set above eth2 to same MAC as eth0? Is that the procedure to remove a NIC that is in use by UNRAID? Don't want to try without getting some confirmation to avoid braking something and then have to figure out the fix. More details in the User Guide could help with questions like this. Maybe I'm not looking at the right wiki. Thanks
  6. I cannot find in user guide a description of Settings : Network Settings : interface rules. So I turned to the forum. My UNRAID uses eth0 (10Gig NIC port2) as primary connection. I successfully bound eth1 (10Gig NIC Port1) using "System Devices : Bind Selected..." button. eth2 is onboard LAN (shutdown inactive, 'In Use by Unraid') and appears as second option in interface rules. See pic below. In interface rules I get the option to set eth2 to same MAC as eth0. Is that normal to set both eth0 and eth2 to same MAC? If I set eth2 to same as eth0, does that mean that onboard NIC (eth2) will be released by UNRAID? Thanks for great forum support!
  7. (update) Asrock provided an engineering BIOS that separated the devices from 5 to 21 IOMMU groups. I've had great customer service from them in the past. They delivered again.
  8. Thank you ljm42 for detailed response and downsides of virtualizing the router. Just because it can be done it doesn't mean we should. I think my family will appreciate a stable router. I was swayed by the related SpaceInvader video, but he has a physical backup router that enables when the array is down A Shinobi docker seems like a better fit for UNRAID with vlans for security.
  9. Anybody, please? The UNRAID manual has no current entry for "Network Settings". I am using for reference therefore 2018 video from SpaceInvader. UNRAID grabs all ethernet ports across IOMMU groups. Objetive is to isolate one NIC port for pfsense VM, and other NIC port for UNRAID with security and stability. Are these the only options? 1) Enable bonding, bridging, and VLANs in tab "Network Settings" for both ports in NIC card. My switch supports VLAN & link aggregation. The bonding will double the 10GbE throughput for UNRAD and pfsense The bridging option will allow pfsense VM to access the bonded UNRAID physical ports The VLAN option can provide isolation between pfsense and UNRAID. 2) Motherboard supports bifurcation (I've used this successfully elsewhere). Bifurcate x8x8 and install a second NIC card. Will this result in bifurcated NICs with separate IOMMU group? 3) Get a motherboard that supports virtualization better. Which ones in ITX form? 4) Use 'vfio-pci.ids=19a2:0710' will this give each Ethernet port on same NIC their own IOMMU? The options below fail the security requirement since devices are not truly isolated 5) Use 'pcie_acs_override=downstream', if this fails, try 6) 6) Use 'pcie_acs_override=downstream, multifunction' (may not be truly isolated) ?? Thanks for help with this difficult topic.
  10. Hi, My unraid is using one of 10GbE NIC ports (device 19a2:0710 below). Can I isolate the unused port to be passed to pfsense VM using vfio-pci.ids, or another method? Do I need to install another NIC card for pfsense LAN ports? I am planning to use the MB NIC for pfsense WAN. Doing a little googling it looks like a NIC with SR-IOV would allow virtualizing the NIC ports: https://www.juniper.net/documentation/en_US/junos/topics/concept/disaggregated-junos-sr-iov.html I have Emulex 49Y7952 https://lenovopress.com/tips0844-emulex-10gbe-vfa-ii-iii which may allow VNICs if it can be switched to vNIC2 mode? Thanks! IOMMU group 0: [1022:1632] 00:01.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge [1022:1633] 00:01.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir PCIe GPP Bridge [19a2:0710] 01:00.0 Ethernet controller: Emulex Corporation OneConnect 10Gb NIC (be3) (rev 02) -> Not connected. Can I isolate this port? [19a2:0710] 01:00.1 Ethernet controller: Emulex Corporation OneConnect 10Gb NIC (be3) (rev 02) -> Connected and used by UNRAID
  11. I don't understand why UNRAID gmail notification needs my google password. Even a generated google app password "gives complete access to your google account", per Google. Seems too risky for a notification. I guess it's because there has to be a real user account generating & sending the email? Your explanation is greatly appreciated.
  12. Thanks for the script idea. I'll setup a backup share and use rsync in a script.
  13. trurl. yeah I know I can create RAID1 btrfs multiple disk cache. But I was hoping to have both fast IO cache AND disk array parity backup built in feature for a given share. Like this **addition**: No: Only stored on array. Yes: write on the cache and later move them to the array Only: Only stored on the cache, never moved to the array. Prefer: Will prefer to store on the cache, if the cache is full will move to the array. **Both**: will keep and synchronize data between cache and the array.
  14. For others buying the same IBM/Emulex NIC card for $20 on ebay. It worked perfectly with no firmware updates.
  15. New to UNRAID and watched spaceinvader1 to learn. I have a 10GbE NIC, HDDs for array, SDDs and 1 NVME for cache. I can't figure out how to configure a cache so I can benefit from high speed read and write AND also keep contents duplicated in the array for protection. A share with PREFER cache will meet the high speed RW, but the data won't be in the array for protection. CACHE YES will write on the cache, and later move data to the array negating IO performance. I could, I guess, setup a RAID1 CACHE, but I wonder if there is another solution. Thanks!
  16. Hi, Need advice for 10Gbe NIC card for UNRAID build below, please. This is only for media streaming with parity backup and NVME cache. From reading online it looks like Connect X2 or X3 has good support, but need confidence on Ryzen B450 compatibility. CPU - AMD Ryzen 5 PRO 4650G MB - Asrock B450 ITX Fatality 10GbE NIC - Cache - Seagate IronWolf 510 480GB NAS SSD NVME PCIE x4 Parity + HDD - 2 x Seagate IronWolf 8TB RAM - Timetec Hynix IC 16GB KIT Unb ECC 10GbE Switch - QNAP QSW-308-1C , with 3-Port 10G SFP+ NAS to Switch Connection - 10Gtek SFP+ DAC Twinax Cable 1m I think I made a mistake buying on Ebay a System X Server NIC: IBM/EMULEX 10GBE Dual Port Virtual Network Adapter Card P005630-05B FRU 49Y7952 Thanks!