Maybe try podcast addict, been using it for years and it’s just got constant development. I donated to them because I hate subscriptions and I’ve gotten a lot of value from it.
Free version only has ads on the search page as far as I can tell, and it’s just a couple recommended casts.
I’d recommend using unifi/ubiquiti switches. They’re a bit pricey but they’re incredibly solid and you can manage them with a self hosted container of unifi controller software.
A good place to start is one of their 8port POE switches. I have a couple and they’re L3 switches (so you can do VLAN stuff like you want), and I’ve never ever had a problem with any of them. Even with the inexpensive ones their POE budget is pretty good, and great to power other switches or APs. They don’t power some cameras so you might need injectors for some thirsty gear.
The controller software is pretty good, and will let you manage the switches without getting into command line config at first (which can be a crutch so be cautious of that, especially if you want to branch out into other cheaper switches or take advantage of good 2nd hand gear deals you find).
But for your network I think an 8 port and a WAP are a good place to start. Get away from using your combo router as your wireless AP (or use both) and get some VLANs set up, and work on inter-VLAN routing and firewall rules.
How do you want to segment your network?
I recommend you have the following to start:
-management VLAN
-trusted devices
-guest/IoT devices
Just getting those three set up correctly will teach you a lot and let you environment. Firewall/routing rules to allow connections through in certain directions and not others is… fun to get the hang of if you’re new.
What are you planning on using as your router? Your combo router might tie your hands if that’s what you plan to use for everything. Combo routers generally suck at everything. You can get a cheap router also, edgerouter er-x is a fine choice but it’s not the best, but it’ll still outdo whatever you currently have, I’m sure. Put it behind your modem at your network edge and you can manage your vlan routing and your firewall on one device.
Additionally you can set up a VPN server on one of your PCs and set up static routes to allow you to tunnel in and access your network when you’re out (wireguard for the win).
Good luck on your journey! There’s a lot to learn so don’t get frustrated then your stuff doesn’t work. Back up your configs so you can revert back and be REALLY careful because it’s easy enough to make your stuff insecure by trying to make stuff work. Yeah it’ll function but next thing you know you’ve got a ransomware virus on your entire network… Not fun, I hear.
As you set up your VLANs look into VLAN traversal, it’s a means of network attack that allows attackers to cross over from one VLAN to another when you set up trunk/switch ports and VLAN tagging incorrectly. Again, your stuff will work but it’ll be vulnerable (not really a problem at home as long as your firewall works fine but still).
Edit: you can go with a router with several ports but I’d recommend you shy away from that if you have the money for dedicated devices. Routers are better at routing (L3) and switches are better at switching (L2). Their guts are built for different things and your network will be much faster if you use them for their intended purpose.
Not trying to go down a rabbit hole, nor invade your teen’s privacy, but have you done any kind of packet inspection on what’s going out/in? Teens can surprise you with the kind of stuff they’re up to sometimes.
I’m not sure why your resolver started acting up but what you’re describing doesn’t sound like normal cause/effect. Four people on a residential connection, even if you throw in a ton of electronic devices and iot/crap that calls home constantly shouldn’t cause any kind of ISP engagement.
Not like it really matters, for 99.9% of people having a forwarder is easy and just fine and there isn’t good reason to troubleshoot it if there’s a working solution. I’m pretty privacy conscious and I don’t even think having my own forwarder is worth the hassle, I am just choosy about my upstream.
If pi hole is configured to use another DNS it will still forward your request, just not to your ISP DNS server. Essentially you’re providing your DNS requests to a 3rd party, for a slight boost to performance (because they’ll have tons of stuff cached and can do recursive queries faster if you’re requesting a site not in their cache.) Your web pages will load faster because you don’t have an SBC trying to manually figure out what’s the IP for bigfuckdaddyhairbrushemporium.net
The downside is you’re exposing your DNS queries to a 3rd party and it’s a bit of a privacy hit, as the upstream DNS server you select has your public IP correlated with your DNS requests. Doesn’t really matter to most, but it does for some.
Even if your ISP did have something in place to try and prevent abuse I find it unlikely it would trigger over normal traffic. Do you have a huge network/many hosts/exposed services?
You haven’t really given enough information about your config to diagnose.
If you’re able to access it from your local network but not your outside network it’s a port forwarding/firewall or routing issue. My guess is it’s a firewall issue either on your network edge (likely integrated into your router) or on your server that’s hosting immich.
Unless you do one of the following you won’t be able to access it from outside your network:
-set up a VPN and tunnel into your network. Wireguard or tailscale/zerotier will be easiest.
-set up port forwarding correctly. Not my first choice, best to VPN in rather than poke holes in your firewall, especially if you’re a noob.
-set up a reverse proxy. This is a bit more complicated than a VPN or overlay VPN (tail scale etc), but it works fine and will be secure as well.
If you haven’t done one of those three things then you won’t be able to access anything from outside your network, for good reason - your firewall is by default set up to deny connections that are initiated from outside your network, so when you’re trying to connect from the outside it looks at your traffic trying to start a connection to your server and naw dawg’s it.
Edit: just saw from another comment you’re not able to connect from your home Wi-Fi. If that’s the case, are you running a VPN on your phone? That can cause problems. Have you tried using the server’s local IP instead of your external IP? 192.168.x.x most likely. You can try to disable the server’s firewall and see if that lets you connect as well. Is your server on the same subnet as your phone? 192.168.1.x and 192.168.2.x won’t talk unless you set your router up correctly.
Just shooting in the dark here without more info
Edit2: if you’re running inmich in a container or VM your configs on that might not be set up correctly to allow you to reach it as well. It can be a lot of things but my money is on firewall/routing somewhere. Start by making sure you’re trying to connect to the local IP of the server, then try to disable server firewall (don’t forget to enable it again whether that solves it or not), and see if that works.
That same target audience would be the least equipped to install a new drive or handle any problems that do come up. How many John Q public people have even opened up their laptop to dust it out?
Problems might be rare, but if I am selling a product (in this case new storage with Linux on it) I need to be able to charge enough to cover all my overhead. Every time I sell it and it doesn’t work out of the box that’s time spent helping the customer, more shipping/return costs, or both. Markup has to cover all that, and I’d guess that it’s not viable as a business model to charge a high enough price to deal with all the random static from computer illiterate people.
I get what you’re saying but I just don’t see it being a viable business strategy to sell this product to that target audience.
Anyone who knows enough to seek out and purchase a Linux OS drive can just download and install it themselves.
Hmmmmmm… I think the hardware bugs might be rare, but common enough to make this a tricky product to sell consistently to the unknown masses.
Also, I think storage partitioning could be a problem; assuming some number of people would have other drives that they had OS/media together, or just separate storage with files they wanted to keep. Those would be NTFS, which can read/write on Linux but you won’t have the best compatibility with Linux program execution (depending on a ton of factors).
There are countries where this is culturally how litter is managed. Japan is a fully developed example - bins are hard to come by, everyone brings their trash with them.
It can be done.
I’m sure this guy’s dad that needs help installing Linux will appreciate the clarification, good thing you’re here to point that out
Louis explains in several videos on his channel.
They’re experimenting with a business model where they ask users to pay for the product if you get value from it. Development isn’t free, their time is valuable. In return they’ll never harvest and sell your data.
If this experiment is a success it can demonstrate that it’s a viable business strategy to not harvest data, which is good for everyone.
Personally, at this point I’m trying out the FUTO keyboard but it’s too janky for me to pay for it. Lots of bugs and swipe is not good. I hope it gets better and I’m trying to help the project by submitting bug reports.
Grayjay I’ve barely used but I see the potential, and if it gets good I’ll pay for it. I paid for Signal messenger because it’s the same kind of thing.
It’s up to you. They’re telling you what the price is, it’s the honor system if you use it and get value from it.
Server equipment is not on any normal burglar’s list of items to nab. It’s such a low risk I think it’s completely not worth worrying about.
It’s incredibly unlikely they’ll know what they’re looking at in the first place, and won’t be assed to carry out heavy switches and PC gear “just in case” to look it up later. They want to get in, check rooms and closets, drawers, etc and GTFO before you come home or a neighbor notices. Computers aren’t as expensive as they used to be. Gaming laptops might look attractive, but other than that you’re fine.
They want jewelry, cash, guns, good tools, silver, modern game consoles, expensive bicycles, etc. These are all things that are easy to carry and pawn or sell well on the street. Nobody is selling switch gear at a pawn shop or to random people, so even if they know the value of what they’re looking at (extremely unlikely) they’ll leave it because it’s too hard to fence.
If you’re that worried about theft then set up good full disk encryption and have off-site backups of your data (should do that anyways) but you don’t need to worry about physical security at home, at least not specifically in regards to your home lab.
Businesses are at much higher risk for hardware theft, from employees or from others that are targeting the locations specifically because they DO understand the value and have a way to offload the gear, but those same people won’t be randomly breaking into people’s houses hoping they’ve got Cisco gear in a closet somewhere.