All projects
networking · 18 Jun 2025
Setting up a DMZ VLAN with UniFi for public-facing services
How I isolated my self-hosted blog from the rest of my home network using a dedicated VLAN and UniFi firewall rules — so a compromised server can't reach anything else.
When you self-host something public-facing, you’re opening a door from the internet into your home. The question isn’t whether to open it — it’s how far that door goes. By default, if your server gets compromised, an attacker has a foothold inside your LAN and can potentially reach everything else on your network. A DMZ VLAN removes that risk entirely. What is a DMZ VLAN? A DMZ (Demilitarised Zone) is an isolated network segment that sits between the internet and your internal LAN.
networking
Read full →
networking · 20 May 2025
Getting started with pfSense: my home firewall setup
How I set up pfSense as my home firewall — VLANs, firewall rules, DNS over TLS, and why I landed on it over other options.
pfSense is a FreeBSD-based firewall and router platform that gives you enterprise-grade network control on commodity hardware. I ran it as a VM on Proxmox before moving to a UniFi Dream Machine. This writeup covers the full setup from installation through to a working multi-VLAN configuration with DNS over TLS. Why pfSense I evaluated OPNsense, pfSense, and a plain Linux iptables setup. pfSense won for three reasons: the volume of documentation available, the maturity of the package ecosystem, and the WebGUI which makes complex firewall rule management approachable without sacrificing depth.
networking
Read full →
windows · 22 Apr 2025
Running Windows Server in my home lab: AD, DNS, and Group Policy
Setting up a Windows Server VM in Proxmox for Active Directory, DNS, and Group Policy — and why it's worth having even in a home lab.
Most home lab setups are entirely Linux. Mine mostly is too — but a Windows Server VM running Active Directory has been one of the most valuable additions to the lab. It gives me a local environment to test Group Policy, practice AD administration, understand Entra ID hybrid identity, and replicate the kind of environment I manage professionally. VM setup in Proxmox Windows Server needs a full VM rather than an LXC.
windows
Read full →
storage · 15 Mar 2025
Setting up iSCSI on TrueNAS for my Steam library
How I configured a TrueNAS iSCSI target over a dedicated 10GbE connection and presented it to my gaming PC as a local disk for Steam — with jumbo frames and write caching tuned for game workloads.
I have a TrueNAS box with several terabytes of storage and a gaming PC running out of local SSD space. Rather than buying another drive, I used iSCSI over a dedicated 10GbE connection to present a chunk of TrueNAS storage to the gaming PC as a raw block device. Windows sees it as a local disk, Steam has no idea it’s network storage, and the performance over 10GbE with jumbo frames is indistinguishable from a local SATA SSD.
storage
Read full →
storage · 28 Feb 2025
Synology setup: shares, Docker, and keeping it off the open internet
How I set up my Synology NAS for file shares, running Docker containers, and locking it down so it's accessible from my network without being exposed to the internet.
Synology’s DSM (DiskStation Manager) is the most polished NAS operating system available. It’s approachable enough to be useful out of the box, but deep enough to keep tuning indefinitely. This writeup covers my full setup — SMB shares, Docker containers via Container Manager, firewall configuration, and a 3-2-1 backup strategy. Initial DSM setup Skip QuickConnect The first thing DSM prompts you to do is enable QuickConnect — Synology’s relay service for remote access.
storage
Read full →