IsoKiero

NAS stands for 'Network Attached Storage' and there's dedicated hardware for that task from multiple brands. It's a somewhat spesific thing and from what I understand you have a multi-purpose server running on your network. For discussion it's better to use the established terminology to avoid confusion on what's what. Your generic server can of course act like a NAS, but a 100€ Synlogy NAS can't (for the most part) act as a generic server.

Similarly there's a dedicated hardware for routers and they are not the same than generic servers which can run whatever. Dedicated routers do some things way better/faster than generic server, and there's pretty much always a trade-off between the two. You can of course install hardware to your server to be as good as or even better than any consumer grade router and run a pfsense on virtual machine on top of it, but that's going to be at least more expensive than dedicated hardware.

So, your server is running pihole in a container on the same network address/hardware than the rest of your server, and I suppose you already gathered from other messages that the firewall component on it treats traffic coming from outside the server itself differently than traffic originating from the server itself. For this spesific case I'd say it's just simpler to configure the server to use DNS server as localhost:1053 than trying to work out firewall forwarding rules for it, if possible. If not, and you absolutely insist that your pihole runs on a unprivileged port and that your server also has to use pihole as DNS sever, then you need to dig out a firewall config for outgoing traffic which redirects the destination port. Or you could set up a dns proxy on the server which uses pihole as upstream and serves addresses to localhost only or one of the other multiple ways to achieve what you're after, but each of those have some kind of trade-off and there's too many to go trough in a single post.

I personally don't, but many do. But it doesn't matter, my employer isn't legally allowed to read my emails, unless it's a sort of an emergency. My vacation, weekend, short sick leave and things like do not qualify. And even then, if the criteria is met, it's illegal to read anything else than strictly work related things out of my box.

We even have a form where people leaving the company sign permission that their mailbox can be accessed by their team leader and without signature we're not allowed to grant permissions to anyone, unless legal department is on the case and terms for privacy breach are met.

If the firewall was running on a router then you'd need to DNAT back to the same network from which they originated and that is (in general) quite a PITA to get running properly. My understanding is that the firewall doing port forwarding is running on the NAS. And we don't have much information on what that 'NAS' even is, I tend to think devices like qnap or synology when talking on NAS-boxes, but that might as well be a full linux-system just running CIFS/NFS/whatever.

OP could obviously use his router as a DNS server for the network and set upstream DNS server for the router to pihole, but that's a whole different scenario.

This is the same as complaining that my job puts a filter on my work computer that lets them know if I’m googling porn at work. You can cry big brother all you want, but I think most people are fine with the idea that the corporation I work for has a reasonable case for putting monitoring software on the computer they gave me.

European point of view: My work computer and the network in general has filters so I can't access porn, gambling, malware and other stuff on it. It has monitoring for viruses and malware, that's pretty normal and well understood need to have. BUT. It is straight up illegal for my work to actively monitor my email content (they'll of course have filtering for incoming spam and such), my chats on teams/whatever and in general be intrusive of my privacy even at work.

There's of course mechanisms in place where they can access my email if anyting work related requires that. So in case I'm laying in a hospital or something they are allowed to read work related emails from my inbox, but if there's anything personal it's protected by the same laws which apply to traditional letters and other communication.

Monitoring 'every word' is just not allowed, no matter how good your intentions are. And that's a good thing.

As it's only single device I'd suggest configuring DNS server for that to :1053. Port forwarding rule on the nas firewall most likely applies only to 'incoming' traffic to the nas and as locally generated DNS request isn't 'incoming' (you can think it as 'incoming' traffic is everything coming via ethernet cable into the nas) then the port redirection doesn't trigger as you're expecting.

Erittäin hyvä ajatus. Suomi.fi:hin mastodon pyörimään ja kaikki kansanedustajat, mepit ja vaikka kuntapoliitikotkin sinne twitterin ja tiktokin sijaan niin tiedonkulku tulee varmistettua eikä tarvitse pitää arpajaisia että mitä Musk ja/tai kiinalaiset tänään sattuu sensuroimaan (tosin tiktokissa tuo ei tieten ole ollut niin iso ongelma, alusta on muuten vain hieman kyseenalainen).

Ja ei toki sillä, että Metan ja kumppaneiden tuotteet olisi yhtään sen parempia, twitteristä lähtö olisi ihan pirun hyvä ensimmäinen askel.

It takes Two (co-op puzzle)

Unravel 2 is a bit similar co-op puzzle game.

Bare metal server sounds like optimal solution for you and set up a hypervisor on top of it, so it's pretty trivial to migrate VMs to your own hardware when needed. But then for your 'long term' environment VPS would most likely be better and migrating a full VM from your hypervisor to VPS is a bit more work, but can be done.

I don't know about providers in Australia, but Hetzner has both and combined billing and my personal experience with them is pretty good. But I'm in Europe, so bandwidth nor latency is not a problem.

I am well aware of the situation and Russia is breaking laws of the war pretty much as fast as they can, by the means (among others) mentioned on the article. But without context this particular message plays directly to Russians and when message like that is spread around someone might take the bait and actually reveal positions of the Ukrainian military, but Russia has proven over and over again that they just don't care about civil casualties (or human life in general). If anyone there actually provides locations for fighters to the attacker the Russia would most likely attack them first and after that destroy the city and all the informants in it, like we've seen many times over last few years.

And that's what I'm referring to when calling for responsibility on spreading messages like this. Some poor soul might believe the message in fear/hope for the better/something else and that would really only make things even worse for them, as the cities are already being destroyed by the attacker and any intel to them is only going to weaken the force trying to stop them.

By all means, spread the information and reveal the lies Russians are offering, but do that with care and include the context with everything. Revealing information about Ukraine troops is not going to stop Russian drones from attacking childrens and their mothers on the playing field.

Someone more or less anonymous over the internet is saying that. I have no doubt that Russia would level entire city blocks if they have even a suspicion that there's Ukrainian fighters in the block (or just in case regardless of the intel), but in here we have a single telegram message and nothing else. It might be someone in command on the Russian side, maybe trying to get most out of their ammunition, or it might be something bigger, with the information provided we don't really know. And that's something to keep in mind when relaying these kind of messages. We, who are sitting in our chairs in warm glow of the monitor and a beer in reach, should have at least some responsibility on what information we spread and in what context.

But with the track record from Russia, I wouldn't be surprised if they shoot to anything given to them, so if people in that area happen to know that area between this street and that street is completely empty, it might be worth a try to get them to shoot at nothing and reveal their positions while doing it. Just take into account that their accuracy isn't really the best there is for multiple of reasons.

My experiences are few years old, so I don't remember excact models anymore, but some back-ups models (es series rings a bell, but as I said, it's been a while) had batteries with soldered connectors and form-factor which (at least at the time) wasn't available from anyone else than APC.

2021: Nordea ulkoistaa osan it-tukensa ydintehtävistä Intiaan

Ilkeämpi saattaisi pohtia onko näillä jotain yhtymäkohtia.