Not To's

Things not to do…

Not to do Photo by lukasbieri from Pixabay

Inadvertently Opened SSH Remote Access

Inadvertently Opened SSH Remote Access

Be careful when using aliases because you could expose unnecessary services to the world...

In my network, I created an alias for all of the ports I have open on my server so that I can create firewall rules to allow several of my VLANs to access the services hosted on my server. The benefit of creating an alias is that I do not need to create 4 separate firewall rules to open 4 different ports to my server and then repeat this process for each VLAN I need to allow access (yes, you could use floating rules or rule groups depending on the order you need rules to be processed).
Inadvertently Blocked Access to Cable Modem Web Interface

Inadvertently Blocked Access to Cable Modem Web Interface

Want to access your modem's web interface and you are using VLANs or a non-default subnet address?

A few months ago, I switched to using my own cable modem instead of using the ISP provided modem/router, and I wanted to access the web interface for the cable modem status. Another reason was to change the default password if it had one since default passwords are not secure. The default web address for cable modems is typically http://192.168.100.1. Perhaps that is a common default IP address to avoid potential IP address conflicts with standard consumer grade routers which often default to 192.
Enabling Rocket Loader on Cloudflare Interfered with the Nextcloud web login page

Enabling Rocket Loader on Cloudflare Interfered with the Nextcloud web login page

Using Cloudflare to access your Nextcloud web interface? Beware of pitfalls...

When setting up Cloudflare for this website, I decided to try it out on some sites that I had setup on my home network. In particular, my Nextcloud web portal. All was going well until I began enabling various optimization features that are available in the free Cloudflare account. I noticed when accessing the Nextcloud web page from my work computer that it would not allow me to log in. The login button was visible but disabled.
Enabling IPv6 Broke Functionality to My IP Security Cameras

Enabling IPv6 Broke Functionality to My IP Security Cameras

A cautionary tale of enabling IPv6 on all network interfaces/VLANs

After the long journey of learning more about IPv6 and how to enable it on my home network (see my page for detailed info), I discovered that I broke some functionality. When you have IPv6 enabled alongside IPv4 in a dual stack configuration, IPv6 will often take priority – after all, it is newest protocol intended to replace IPv4. I have created a network for my IP security cameras that is isolated from the Internet that I use as baby camera monitors.
Restricting Ports too much with Port Isolation on Network Switch

Restricting Ports too much with Port Isolation on Network Switch

Isolating ports on a switch can be great for IoT devices but what about network infrastructure devices?

For security reasons, I decided to put my IoT devices on their own network using VLANs. I also had a desire to restrict certain devices to only have access to the Internet but not any other devices on my network. This should help reduce the likelihood of a hacked device from trying to traverse through the network by hacking other devices. A good example of a device on my network that only needs Internet access would be the 3rd gen Apple TV (affiliate link).