Making a Linux home server sleep on idle and wake on demand — the simple way

[-]

riasthebestgirl@reddit

Great writeup. The big reason I never got a home server is that electricity is prohibitively expensive here to justify running a server. Sleep on idle/wake on demand, seems like a good solution to that

I'm curious, what's the power consumption like for your server (both when awake and asleep)?

[-]

ult_avatar@reddit

I doubt this provides a great improvement over a simple WOL setup. If you have outomated jobs, just send a WOL package at the beginning.

If you want to use it yourself, like via SSH, just send a WOL package before... hell .. you could even configure your ssh config to always send a WOL package when connecting..

[-]

sadiqonx@reddit

Can you explain a bit more?

[-]

ult_avatar@reddit

oh wow this is an old post

so theres

LocalCommand

https://stackoverflow.com/questions/58187257/how-do-i-run-a-local-command-before-starting-ssh-connection-and-after-ssh-connec

You can put a command or script there. For example you could place as script there that sends the WOL and then pings unil the IP comes up, then exits.

This way, each time you connect via SSH to the target you send a WOL and wait for it to become reachable - repeated WOLs won't harm anything, so if you open a second or third SSH shell after the VM, its no problem. There will be a slight delay (sending WOL, waiting for a ping) but otherwise the second connection would be instant.

or just write a wrapper script where you WOL and Ping first, then try SSH.

hope this helps

[-]

sadiqonx@reddit

Thanks!

[-]

ult_avatar@reddit

I'd suggest boards like askubuntu.com or unix.stackexchange.com if you have more specific questions. They can seem a bit daunting, I know.

I prefer askubuntu, it's not overly Ubuntu specific and I'm active there.

[-]

sadiqonx@reddit

:o

[-]

tobimai@reddit

I have a deskmini with 5TB SSD. 9W in idle

[-]

HardwareRaidIsDead@reddit

AMD or Intel?

[-]

tobimai@reddit

AMD, 5600G

[-]

HardwareRaidIsDead@reddit

I have the same CPU sitting in a Box for a office PC.

[-]

tobimai@reddit

Deskmini + 5600G is a REALLY great PC. Low Power usage but still very powerful, and if you get a Nocuta cooler also practically silent

[-]

Prob_Ignoring_You@reddit

I wrote this somewhere else on Reddit…

I have 6x 3.5” HDDs. With them all in standby, my energy monitor reads 24-25 watts at the wall. With them all active, it consumes 60 watts. A difference of about 35 watts.

35 watts, 24/7/365, at my current kWh cost of 63.09 pence, is £193.43 per year.

My Netflix subscription is £131.88 per year.

The 8TB Seagate IronWolf I bought two months ago cost £174.99.

With my home server in standby, it uses about 5w IIRC. I actually sleep my server all the time now and wake on demand. I do this from a raspberry Pi which monitors all my tech and sends wake commands when it detects something is going to need the server… eg, when the TV is switched onto a specific input, it will power on the server

[-]

Bobb_o@reddit

Damn UK electricity is expensive. I pay no more than about $0.20 and that's only for super on peak, off peak is $0.03

[-]

Prob_Ignoring_You@reddit

It was about 23p six months ago but the UK generates most of its electric by burning natural gas. The ban on Russian gas has meant prices have rocketed in Europe as we’re all fighting over the limited supply.

I used to have an off/on peak tariff where is was as low as 5p during the night, but more expensive during the day. It wasn’t cost effective though, as we don’t really use anything during the night, and have nothing heavy-duty enough to move to night time use (charging electric car, heating water etc)

[-]

JockstrapCummies@reddit

The ban on Russian gas has meant prices have rocketed in Europe as we’re all fighting over the limited supply.

Why don't you guys just band up and invade Russia and take that gas for yourselves? Good old conquest and war.

[-]

ThreeHeadedWolf@reddit

Maybe stopping being idiots and starting using nuclear and renewables as all the peoples on this globe should do to fight global warming would be great. If you just plan to stop buying gas altogether there is no need for WW3 to start a nuclear winter and solve the global warming.

[-]

Prob_Ignoring_You@reddit

Ruling the world isn’t all it’s made out to be. That’s why we’ve given most of it back already. This actually hits them where it hurts, the pocket.

We’ll just help Ukraine win this war. They can pay us back in gas once it’s all over. Might be expensive now but it’ll be cheap before long, plus we’re transitioning to renewables pretty quickly so it’ll not be long before we don’t need it anyway.

[-]

JockstrapCummies@reddit

Damn, and I was hoping to see a Queen Elizabeth II Dreadnought :(

[-]

ajanata@reddit

You don't want to know what electricity costs in California.

[-]

DonutDisturb@reddit

I use a schedule approach and WoL in case i wish to access something on the go. Due to various Dockers running it never seems to sleep though. But your wake on demand idea sounds useful, Homeassistant i presume?

[-]

Prob_Ignoring_You@reddit

It’s all shell scripts I wrote and built into Docker containers.

Basically, I have a script running on the server which monitors the contents of specific files on the Pi… stuff like rpi:/tmp/sabnzbd, rpi:/tmp/transmission, /rpi:/tmp/backup, rpi:/tmp/radarr etc. It will also check if there are local ssh connections and stay awake if there are. Plus a /tmp/maintenance which I set if I need the server to just stay on regardless.

Then my raspberry pi runs another script which monitors those services. So it will use the Sab/Radarr/Sonarr/Lidarr APIs to see if they are active. It uses the transmission-cli app to check the queue. It check’s to see if Kodi is playing/idle. If the are, it just writes “active” to the appropriate /tmp/ file. If not, it writes “idle”.

I also have two containers which do the waking. One is a WoL container which I can just send an HTTP request to and it will then send the wake packet to the server. The other container monitors my AV hardware and will wake the server whenever my TV is changed to Kodi channel or if my 5.1 system is powered on.

[-]

Offbeatalchemy@reddit

I do this from a raspberry Pi which monitors all my tech and sends wake commands when it detects something is going to need the server

Home Assistant? or do you use something else for this?

[-]

Prob_Ignoring_You@reddit

It’s all just scripts I wrote and deployed in Docker containers. I did install HomeAssistant, with the idea of configuring that to do it all, but I just found it easier to write it myself.

[-]

spinlox@reddit

My home server is a single board computer with an ARM processor and a 3.5" mechanical drive. It uses about 10 watts while awake, and most of that is the drive.

[-]

Prob_Ignoring_You@reddit

Yeah, each mechanical drive I have saves about 8-9 watts when I put them into standby.

[-]

rainingcrypto@reddit

Just got the Odroid M1 8GB. Love it so far. Cheers to your Odroid!

[-]

Prob_Ignoring_You@reddit

I went for N2 coz of the HDMI-CEC support. The idea was that it was gonna replace my Nextcloud server (also Kodi’s SQL server), but it’s not got enough RAM so my database keeps getting killed.

I’m gonna swap it with a Pi and use it as my main Kodi device. Just need a free weekend to sort it out.

I do think Odroid are top notch devices. Definitely moving away from the Pis.

[-]

rainingcrypto@reddit

Good stuff. Glad to hear this. Load up ZRAM, maybe that will help with the RAM.

[-]

Prob_Ignoring_You@reddit

It comes enabled out of the box on the Armbian disto I stuck on there. I still had swap issues every day. The clam scan AV that was running on it needs over a GB of ram just for its virus definitions. Would probably have been ok if it had 8, but oh well.

[-]

hbdgas@reddit

Just spot-checked mine, the UPS reports 105W at the moment. That's about $18/month. For a relatively idle i7 with 8 hard drives, and some other stuff like network gear on the same UPS.

[-]

Prob_Ignoring_You@reddit

I have an Dell micro factor i7 that’s always on and running Nextcloud. Just an NVMe and 1TB SSD.

That uses about 10w. I was surprised how little it used. I’m thinking about moving all my monitoring stuff to it and using the Pi to replace and old Odroid C2 I have.

105w x 24/7/365 would be about £580 per year for me… or US $720

I’m only talking costs for my home server. My Nextcloud box, Pi, Netgear switch aren’t included in my tech costs… I also have two RPi devices plugged into my TVs running Kodi.

[-]

BradChesney79@reddit

I wonder if using an always on separate power supply for the drives (to keep them spinning) would be a positive compromise on conserving power.

[-]

peanutbuttericescrem@reddit

Disable IPv6: this approach relies on ARP, which IPv6 doesn't use

I hate that this still is a valid solution nowadays.

[-]

CHEEZE_BAGS@reddit

People are too scared to learn ipv6 even though its more simple since there is no NAT

[-]

Offbeatalchemy@reddit

yeah but there's benefits for NAT too, even if it is simplier. I don't want every device i have to on my network be web accessible. Sure, firewall rules fix that and i don't mind getting a WAN IPv6 but on the LAN for most people, it's a solution seeking a problem.

[-]

daredevilk@reddit

Wasn't that a side effect of the real problem? Which was running out of ipv4 addresses?

[-]

Offbeatalchemy@reddit

Yeah, assuming that everything needed a public address which we very much don't.

For example, once upon a time, my computer lab at school had a unique web accessible IPv4 ip for EVERY computer in the school. I could ping those computers from home.

Things like that is why we were running out of addresses.

At the end of the day, we need a WAN addresses per network so we can get internet, which IPv6 will work great for. But after NAT, it doesn't really matter because we're likely using private class IPs anyway which can be IPv4 or IPv6.

[-]

turkeypedal@reddit

I'm under the impression that this wouldn't work (with NAT, at least). Anything online would only be reachable using an IPv6 address, but the computer on the IPv4 network would not be able to send an IPv6 address to the router. You'd have to have some sort of translation layer--like a VPN or proxy--that would map IPv4 addresses to IPv6.

There's even a list of IPv6-only websites. My computer is using IPv4, and I cannot access them. Most websites are still IPv4 and IPv6 at the same time.

And, of course, as long as that's the case, we still have the problem with running out of IPv4 addresses if every server online has to have one.

[-]

daredevilk@reddit

But wasn't that the problem? There's only 4,294,967,296 IPV4 addresses total, so we're running out of WAN addresses, even when there's only one per home?

They've definitely gone overboard with the whole 1 IP per device (future proofing I guess), but there's nothing stopping you from doing IPv6 nat

[-]

Offbeatalchemy@reddit

Right. But i don't care if my home has an IPv6 address because i can still NAT it to IPv4 on LAN if i needed to. The article in question says that it doesn't work with IPv6 on the LAN which sparked this thread.

[-]

chief_x2@reddit

You are right on both accounts of NAT providing a layer of scrutiny and networks still using NAT even when ipv6 are allotted.

IPv6 are not an infinite source and NAT does prevent and provide a firewall layer for all network topologies.

[-]

Sartanen@reddit

IPv6 are not an infinite source

My understanding is, that it practically is:

BUT, there are 6-billion people on the planet, so if everyone was assigned just one IP address, we’d run out and leave 1/3rd of the world without IP addresses.

So they invented IPV6, a 128-bit value, which is 16-bytes long. Since they had to identify this to distinguish it from 4-byte values, the 1st byte has a 1-byte value that was never used in the 1st byte of the original 32-bit addresses.

So that leaves 2120 possible IP addresses using IPV6. How big is that? Well, several web sites say there are 1.33 x 1050 atoms in the earth. That’s way bigger than 2120. But to make it come closer, I computed the number of atoms on the surface of the earth. That turns out to be 1.26 x 1034 atoms. 2120 is 1.33 x 1036, which is still bigger by 105 times.

So we could assign an IPV6 address to EVERY ATOM ON THE SURFACE OF THE EARTH, and still have enough addresses left to do another 100+ earths. It isn’t remotely likely that we’ll run out of IPV6 addresses at any time in the future.

source: https://www.edn.com/ipv6-how-many-ip-addresses-can-dance-on-the-head-of-a-pin/

[-]

spicyboi404@reddit

Why have they gone overboard? What possible downside would that have?

[-]

elsjpq@reddit

Because globally scoped objects is just a terrible way to organize anything.

Imagine if every variable in every program had to be globally unique across the whole system. That's basically what IPv6 is trying to achieve and it makes no sense

[-]

spicyboi404@reddit

Once again, what downside is there?

[-]

elsjpq@reddit

I thought it was obvious, but... reduced use and support of NAT, inefficient use of address space, excessively long addresses

[-]

javster101@reddit

Why is inefficient use of the address space in ipv6 a problem? It's not like you need a giant warehouse to store all the unused address.

[-]

ALLCAPSNOBRAKES@reddit

NAT is an ugly hack that we've been stuck with for too long

[-]

spicyboi404@reddit

What real and definitely problematic problems you just listed. None of these are problems. Eliminating NAT would be a dream come true and enable P2P technology for everyone. No-one types in an IPV6 address by hand.

[-]

Lonsdale1086@reddit

There's no reason for every device not to have a GUID.

We have infinite numbers.

MAC addresses are already effectively globally unique. What issue has that ever caused? (yes, hotels use it to limit free access to the internet).

Imagine if every variable in every program had to be globally unique across the whole system. That's basically what IPv6 is trying to achieve

That's not comparable. Global variables in programming are bad because of collisions and outside modification. Not an issue with a guid.

[-]

sogun123@reddit

Reasoning is historical, when they were designing IP, there were only hundreds (if even) machines connected to the internet. No one expected that they can ever run out

[-]

jk3us@reddit

I ran my first web server from my dorm room, they even gave each student a hostname.

[-]

Sarcasm-Probably@reddit

Yeah it was two-fold. AIANA and by extension registrars gave out blocks of IPv4 addresses, so the normal person wouldn't just be able to easily get IPv4 addresses for all of their devices. ISPs didn't want to give away their finite IPv4's in their blocks like that, so a one-to-many NAT is the solution on the consumer's boundary. So now multiple devices could essentially share one publicly routable IP Address.

Now, IPv4's are basically exhausted, so there is Carrier-Grade NAT which is becoming more and more common. Your modem doesn't get its own publicly routable IP address anymore. Many consumer's share the same publicly routable IP addresses now.

This causes problems because not only are you in a double-NAT situation but you can't forward ports through the CGNAT to your NAT or LAN. Even if you could, what happens when more than one person wants port 22 or whatever? Only one forward per port.

You may be able to use IPv6 NAT (probably NAT66 if so) to accomplish the same thing. Many say 'why would you?' but remember this, the IPv4 NAT has been doing the lion's share of security for people's LANs since essentially the meaningful beginning of the Internet to the general public. NAT isn't really meant for security but by coincidence it is doing it.

As IPv6 rolls out Temporary IPv6 for security and privacy isn't going to be enough IMO and you'll really want to have a firewall solution for your devices.

[-]

ThreeHeadedWolf@reddit

As IPv6 rolls out Temporary IPv6 for security and privacy isn't going to be enough IMO and you'll really want to have a firewall solution for your devices.

Yes, but even then privacy is not completely achieved if you keep a unique addressable IPv6 address on each and every device. Even if they don't roam they are literally tracked throughout the entire navigation meaning your privacy is diminished.

I see a usefulness of NAT66 from the privacy POV. It would "just" add a complexity level at the border router but it would be worth it.

[-]

VexingRaven@reddit

Every consumer router made in the last 20+ years is already a basic stateful firewall, that's all you need: Block everything inbound that isn't associated with an outbound request, which is coincidentally exactly the same way NAT works.

[-]

Sarcasm-Probably@reddit

A NAT is not a firewall.

[-]

VexingRaven@reddit

Where did I say it was? A stateful firewall is a firewall, and is a core component of a NAT router.

[-]

Sarcasm-Probably@reddit

A firewall is also not a core component of any router. A router can perform 100% of all routing functions without a firewall.

In many consumer firewalls they usually sit on the "one" side of a many-to-one NAT making them an expensive way to filter traffic when the majority of it is just going to get dropped anyway. Frankly they are almost all, if not all, a bad implementation of a firewall.

Some of them are so terrible that they inspect all and even filter outbound traffic with no ACL control.

[-]

ParvatiIsBae@reddit

https://weberblog.net/why-nat-has-nothing-to-do-with-security/

[-]

chief_x2@reddit

Wait.

NAT provides obscurity and a firewall. Even as per our article, NAT is secure and fine. It’s the phishing attacks that break it.

The proposed solution by the writer is to have firewall at each device level.

How is that a failure of NAT?

The proposed solution not only works for NAT but NAT is also providing a hiding layer on the network topology.

[-]

ParvatiIsBae@reddit

My brother in Christ, NAT is definitely not a firewall. It is simply a workaround to the problem of limited IPv4 space.

[-]

chief_x2@reddit

I understand the issue of running out of a very finite number of ipv4 addresses.

We still use NAT after getting an IPV6 allocated to us.

Everything is limited to a point and NAT does provide a hiding layer. Does it not?

[-]

ParvatiIsBae@reddit

We still use NAT because people are lazy and don’t want to go through the trouble of upgrading everything to IPv6.

NAT doesn’t obscure anything really. If you completely removed the firewall from a gateway and left NAT in place, a port scanner could come along and scan every port on the external IP and have a list of all your internal machines that responded. Sure they wouldn’t have the internal IP, but they wouldn’t need it since they can just talk each of your devices on {public_ip}:{mapped_device_port}.

This is because all NAT (or PAT to be more accurate) is doing is mapping your internal IPs to ports on your public IP. “Real” NAT is actually even simpler and more useless: it just maps 1 internal IP to 1 external IP.

Without a network firewall (or at least firewalls at the OS level on individual devices) you can’t control who talks to your devices. Doesn’t matter if you’re behind NAT or not.

[-]

chief_x2@reddit

So I can just have on firewall at the Nat router instead of having one per device without Nat?

[-]

ParvatiIsBae@reddit

Not exactly. By default your home router does come with a firewall for example.

If you were to switch to IPv6, all of your devices would have globally routable addresses (instead of private addresses behind 1 public address) but you could still hide your devices behind a gateway that has a firewall.

I can’t think of a consumer use case where you’d want all your devices to be directly exposed to the internet and have each device manage its own firewall as its only network protection.

[-]

ThreeHeadedWolf@reddit

If you were to switch to IPv6, all of your devices would have globally routable addresses (instead of private addresses behind 1 public address) but you could still hide your devices behind a gateway that has a firewall.

I can’t think of a consumer use case where you’d want all your devices to be directly exposed to the internet and have each device manage its own firewall as its only network protection.

Thus a NAT, even on IPv6, could actually be good for some purposes. Not the intended ones when NAT was invented, but still some are there. Which is more privacy related advantages, not security.

[-]

ParvatiIsBae@reddit

Again, all of these benefits I mentioned are provided by the firewall, not NAT.

If NAT provided any security benefits, they would’ve added it to IPv6. But no, they made the conscious decision to say “this NAT stuff sucks and isn’t our original intent, let’s make a new version of the IP protocol that matches our initial intent of allowing every device to have a globally routable address.”

[-]

ThreeHeadedWolf@reddit

Again, all of these benefits I mentioned are provided by the firewall, not NAT.

No, that benefit is literally an IP translated into another. It's a Network Address Translation by definition. In common NAT with IPv4 it is done by whatever device has the public IPv4 assigned to its external NIC and in IPv6 it could be done by whatever device is in the network controlled by the organization. Still it's literally a translation of an address into another.

For a privacy POV it could take an "internal" address and map to another one that changing every once in a while, for example.

If NAT provided any security benefits, they would’ve added it to IPv6.

Privacy was just not that important at that time. Tracking users and selling their data was not so common and remunerative.

But no, they made the conscious decision to say “this NAT stuff sucks and isn’t our original intent, let’s make a new version of the IP protocol that matches our initial intent of allowing every device to have a globally routable address.”

The NAT stuff definitely sucks for the sysadmin's POV. That's why every technical person wanted it gone. They weren't that privacy aware as we are now. And the initial assumption of having every device to have a global routable address is not totally fine with a world where the owner of that device doesn't want to be tracked across all the web, especially if that IPv6 address never changes for days, months, years.

[-]

chief_x2@reddit

So one firewall to cover all the devices, same scenario that the writer of the article didn’t like because of phishing and other hacking methods.

NAT isn’t replacing firewalls but definitely adds another layer to lower the attack surface, something clearly lacking if every device is accessible and addressable from the internet.

[-]

ParvatiIsBae@reddit

A firewall will not help you if you get phished. At that point you’ve clicked a link that made your computer establish a connection and your firewall will basically say “oh an inside device initiated this connection, it must be ok”.

NAT offers 0 protection because it doesn’t filter anything. Again, it’s just a workaround to limited routable IPv4 space. I guess if you setup NAT and none of your devices ever send a packet out to the internet through NAT then sure yeah you’re good because the translation to the public IP/port will never happen, but at that point you might as well not even pay for internet.

Even with IPv6, your devices are not exposed publicly if you use a firewall (which every home router should come with out of the box). Same as with IPv4. In fact, IPv4’s original design was for every device to have a public IP, it just turned out that the internet became way more popular than expected.

[-]

legion02@reddit

Umm, your scanning example wouldn't reveal any clients because there's no active nat entry for that internal external pair. Pat translations are stateful and there no preexisting state.

[-]

Sarcasm-Probably@reddit

NAT doesn't provide obscurity directly. It actually denies the packet to traverse because it drops it. It isn't just 'hiding' but is 'blocking' the packet. The reason isn't for security but merely because the NAT has no idea where to route the packets to unless you forward the port, which makes the NAT assume 'if packet comes through this port, route to that private IP address'.

However, NATs are not firewalls. Firewalls can have NATs if they are also routers for instance, such as Cisco Firewalls but the firewall uses different security feature sets and methodologies to actively provide a layer of security.

One-to-Many NATs are providing security by coincidence of design. For example a Many-to-Many NAT wouldn't be providing any type of security what-so-ever by itself.

[-]

chief_x2@reddit

Oh I agree 100%. I never claimed that Nat is a firewall.

But Nat does not only provide another lawyer of protection by default but also lowers the target area for direct hacking attacks by using obscurity.

I am just sour over how “obscurity is not security” is used as an argument over current IPv4 Nat.

We will still be using NAT for ipv6 addressable devices at work with firewalls in between each layer as that is the securest way to have a network.

[-]

Sarcasm-Probably@reddit

For sure and I agree, I just don't consider NAT security by obscurity either since it actively drops the attack. Granted, scans won't see anything because they are dropped but it would also drop active attacks too. A one-to-many NAT (LAN to WAN) is factually a security layer whether it is intended or not.

One "obscurity is not security" that annoys me is when I advise people to change their default ssh port and don't use 2222 like everyone else when they do for their VPS/Dedicated Server/Droplett/Whatever. It demonstrably reduces and will likely eliminate ssh brute force and exploitation attempts. Pretty much, everyone should change default ports for software as reasonable if its directly Internet facing. Obviously, it wouldn't be reasonable to change port 443 for a webserver if the intent is to serve web content to the general public for example.

I think a lot of people miss the spirit of the saying and instead treat it as if it is set in stone for everything.

[-]

chief_x2@reddit

Anything that is changed from default ports and default username is a big thumbs up my friend.

I see such a huge amount of attack vectors that scan your network for obvious, try the obvious logins and move on.

The issue of weak security is still there for more determined attackers but that’s another story based on the level and size of the target and how much protection they can afford. There is always an exploit and no security is 100%.

[-]

Sarcasm-Probably@reddit

For sure, targetted attacks are rare for regular people. I do remember I did have a server years ago that appeared to have been targeted by a botnet (lots of residential looking hostmasks and various servers). Thankfully a combination of Snort, iptables, Fail2Ban and routine hardening made it pretty ineffective. It was a DDoS but attempting to use metasploit some other suite of attacks and active scanning. Unfortunately, I also learned that day that a lot of the Abuse contacts direct to ISPs and providers didn't seem to help anything. Surprisingly though some of the next higher up ones worked better (actual datacenters and sometimes peering providers like Level3).

I like to think that the loss of at least some of the botnet was perceptible and infuriating to someone but it probably wasn't. Eventually just changing IPs worked. I guess they never bothered to reverse lookup to find the domain.

[-]

i_eat_cauliflower@reddit

People who say NAT provides security give off the same vibe as people who say closed source provides security.

[-]

RunningOnPunkTime@reddit

One of my coworkers is CONVINCED that open source software is full of security holes and is an invitation for thousands of hackers

[-]

tom-dixon@reddit

The routers doing the NAT typically have firewalls too. Yes, NAT is not a firewall, but the NAT device will offer firewalling.

Say what you want but I prefer IPv4 on my home LAN for a variety of reasons.

[-]

VexingRaven@reddit

Yes, NAT is not a firewall, but the NAT device will offer firewalling.

And it should do the exact same thing on IPv6.

[-]

legion02@reddit

What it does is provide no thought security since there's no externally facing attack surface unless you do it intentionally. Realistically no different than a default deny rule though, you just don't have to think about it.

[-]

grudg3@reddit

I'd say NAT provides a tad of obscurity, so people see it as more 'secure'.

[-]

IBNash@reddit

Those benefits pale in comparison to the overhead NAT creates. You can configure your LAN to run without GUAs if firewalling IPv6 devices are cumbersome.

Disabling IPv6 is a poor solution in 2023, get used to IPv6, it's not going away.

[-]

Offbeatalchemy@reddit

I know IPv6 perfectly well. I just don't need it. My ISP doesn't support IPv6 in the first place still and my router is overpowered for the level of network i'm pushing right now. the overhead is negligible.

It's very much an "if it aint broke" situation.

[-]

DoublePlusGood23@reddit

If we didn't run out of IPv4 addresses no one would've have invented NAT. Firewalls are the solution to "web accessible" devices.

[-]

Sarcasm-Probably@reddit

If we didn't run out of IPv4 addresses no one would've have invented NAT.

We surely would have. NATs do more than became a solution for many private IP addresses routing through a publicly routable IP address. There are different types of NATs that are common outside the consumer's typical network. For example a many-to-many NAT can provide a 1:1 between each private and public routable IP address. This is a common solution for WANs that aren't the Internet connecting to each other for example.

Every participant LAN or WAN node does not have to agree to a specific IP Schema for their LANs. They can still use their IP Schema and then use a many-to-many NAT on the boundary to conform to a shared schema anyway without having to change the LAN's schema for example.

There are also times where you may want to have a one-to-many NAT in the other direction -- so inbound IP addresses are translated into a single one coming into your boundary, such as perhaps a DMZ or something.

[-]

sogun123@reddit

There is no real difference against nat. It's because all home routers block all incoming traffic, so even if they are addressable, they are not reachable if they don't start first. That's why we need firewall punching even with IPv6. If you think it is problem you can employ nat even with IPv6 if you think nat provides security. But all network people claim it doesn't.

[-]

badboybeyer@reddit

My firewall rules that account for prefix delegation are scarry

[-]

BabyEaglet@reddit

any good sources you'd recommend for learning ipv6?

[-]

badboybeyer@reddit

Charter, my isp, and my router; ubiquiti, gave me enough information to get it set up in my home lab. Just replaced DHCP with prefix delegation and it basically works the same.

[-]

L911P@reddit

i wish i could use ipv6 but my isp deploys new installations with ipv6 enabled but not working

[-]

AstacSK@reddit

What's ipv6? My last 2 ISPs don't have that, they have CGNAT so why bother with ipv6?

[-]

Sir-Simon-Spamalot@reddit

I feel you. I've been thru many diffent providers in at least three different countries and none of them got ipv6.

[-]

pcs3rd@reddit

Because cgnat causes issues.
There's endless evidence of this on subs like r/networking, r/selfhosted, and r/hometworking.
Cgnat pretty much breaks port forwarding too.
Cgnat is a bandaid solution.

[-]

AstacSK@reddit

I know very well how many issues CGNAT causes to my homelab

I meant it as a joke just worded it badly

[-]

jajajajaj@reddit

Pshh, maybe for customers, sure, but my isp isn't having any issues. Hehe

[-]

pcs3rd@reddit

That's what you think.
Troubleshooting cgnat issues is a fight.
We have to exhaust pretty much everything then escalate.

[-]

jajajajaj@reddit

Oh dang, I believe that. I should have thought of it, too, since I work in tech and used to work in networking.

[-]

AG00GLER@reddit

Fios?

[-]

lumberjack5500@reddit

Something something… being able to easily read and reason about addresses

[-]

CHEEZE_BAGS@reddit

I agree, its not easy to parse at a glance. It does get easier though as you get used to reading hex.

[-]

fractalfocuser@reddit

I think of it like the scene from BoJack Horseman with the jogger

"It doesn't get any easier... But you get better at it"

[-]

Zettinator@reddit

It isn't!

[-]

ouyawei@reddit (OP)

Yea I was startled by this too. What's wrong with ip neigh?

[-]

peanutbuttericescrem@reddit

Oh, still learning something new everyday thanks mate!

[-]

AstroChrisR@reddit

I wouldn't call it a valid solution at all. IPv6 is well established and disabling it is not the solution. ISPs here in Australia have supported IPv6 for decades and most people have no idea they're using it all the time.

[-]

peanutbuttericescrem@reddit

I work in a company with a IPv4 only network, sometimes strange bugs appear in production because software tries to network using IPv6. Admins are quick to just disable it instead of moving the whole network to IPv6 or atleast enable and support it. Just fucking sucks, cause i love v6.

[-]

Jacksaur@reddit

The fact that I've literally just started getting into Homelab stuff and have spent last week looking for a NAS and server setup makes it terrifying to suddenly see this post on the frontpage.

(Super useful though)

[-]

soulc@reddit

Just proves that they are listening.

[-]

Jacksaur@reddit

Well I'd appreciate it if they helped with my problems more often!

[-]

soulc@reddit

Oh no They won't do that.

[-]

FarFieldPowerTower@reddit

Recency bias! Happens to me all the time lol

[-]

partytoni1@reddit

Eheh not helpful if your server is a Raspberry Pi

[-]

partytoni1@reddit

I guess i should have added /s at the end. I was kidding

[-]

aot2002@reddit

It consumes 7 watts idle its nothing to worry about

[-]

AndrewNeo@reddit

if you're worried about the idle consumption of a pi you might have other problems

[-]

diffident55@reddit

Fantastic if it's a laptop with a second lease on life though.

[-]

ukralibre@reddit

I want to know how much does your server actually sleeps. Chineese hackers constantly look for exploits on any public box.

[-]

Ncell50@reddit

I doubt it’s public. It’s a home server.

[-]

ukralibre@reddit

A home server doesn't mean it's intranet only. I always keep at least one ssh accessible directly for emergencies.

[-]

council2022@reddit

As long as none of the nodes have internet access. Lots of people will have their intranet set up to access the internet, or machines connected do. Fine if you turn that box off when it doesn't need to be accessed. Really, your private machines cannot physically interface publically at all if you want secure. Even wireless private networks not connected to the internet are high risk.

[-]

rajrdajr@reddit

Even wireless private networks not connected to the internet are high risk.

What’s the threat model here?

[-]

LoafyLemon@reddit

I CAN'T SLEEP AT NIGHT, I THINK THE CHINESE ARE AFTER ME.

Bro, go touch grass.

[-]

JockstrapCummies@reddit

Bro, go touch grass, now!

I'll never understand the popularity of this turn of phrase as an insult. It's so... insipid.

[-]

elmosworld37@reddit

Yeah, we have Twitch chat to thank for this. Comedy on the internet is just regurgitating the Twitch Chat Joke of the Quarter™

[-]

19Jacoby98@reddit

RIZZ

[-]

LoafyLemon@reddit

It's not an insult, just a phrase meaning 'what you're saying doesn't make sense, perhaps you should think about what you said some more'.

However, as mentioned in another comment, I misunderstood the context, so I'm touching grass. 🙃

[-]

garbitos_x86@reddit

Ehhh it's calling someone a basement dwelling nerd who never goes outside.

[-]

LoafyLemon@reddit

Why I, a basement dwelling nerd, would call anyone else that?

[-]

sccrstud92@reddit

Because you didn't know what it meant until now?

[-]

LoafyLemon@reddit

You're making things up.

https://www.urbandictionary.com/define.php?term=touch%20grass

[-]

sccrstud92@reddit

Your definition

'what you're saying doesn't make sense, perhaps you should think about what you just said'

is missing the "go outside" meaning mentioned in your linked definition and mentioned here https://knowyourmeme.com/memes/touch-grass. Without that part the term "touch grass" doesn't make any sense. That's why it seems like you are using it wrong.

[-]

OGNatan@reddit

[Cries in sysadmin]

[-]

General_Tomatillo484@reddit

It's definitely an insult

[-]

LoafyLemon@reddit

No u

[-]

CabbageCZ@reddit

Pretty sure he meant his server would be kept awake by the constant traffic, not the person.

[-]

LoafyLemon@reddit

Oh. I read that wrong then. I'll go touch grass.

[-]

aot2002@reddit

I started thinking this way but quickly jumped to 10 watts idle with a pico power supply. Problem solved

[-]

Difficult_Bit_1339@reddit

Some more digging into the ARP protocol revealed that ARP resolution doesn't even require a specific, authoritative host to answer requests — any other network device can respond to ARP requests.

OP accidentally discovers ARP cache poisoning

[-]

Azzk1kr@reddit

This was pretty interesting in college. We discovered Ethercap back then (2002 or so) and we were able to intercept all traffic from other computers without anyone knowing. Luckily, most things are secured by TLS nowadays.

[-]

AndrewNeo@reddit

That's just promiscuous mode and dumb switches delivering all traffic to all ports, not ARP poisioning

[-]

cloggedsink941@reddit

You don't know what you're talking about.

[-]

Sartanen@reddit

Loosely interpreted, you could argue a hub is a dumb switch :b
If that's what they meant, I don't know.

[-]

Azzk1kr@reddit

Weird, I remember it sending ARP packets to tell as if I was the router. Then again it was a long time ago though, and am not a network specialist.

[-]

dbbo@reddit

I have a Plex server on my linux desktop, which is in an office away from living room/TV. AFAIK there's no way to send WOL request through plex.

If the server isn't on already when the Plex app tries to access it doesn't work, and I set my desktop to suspend after 3hrs of inactivity.

My solution- to avoid having to literally walk a short distance- was to connect a $10 wireless mini keyboard/touchpad to the desktop (stored with my TV remote in living room), which I switch on and press a random button to wake server from suspend.

I later also discovered I could log in to my router's web interface from my phone and send WOL request to the desktop, but the wireless keyboard method is about 3 seconds faster.

[-]

tim128@reddit

There are also apps to send WOL packets

[-]

Cybasura@reddit

Disable IPv6

If your fuckin solution requires me to disable a feature, it is a shit solution

[-]

oromier@reddit

"The simple way" eh

[-]

FengLengshun@reddit

Interesting read. For now, just using my laptop is enough for my needs, but I'll keep this bookmarked for when I might need it.

[-]

mc36mc@reddit

a power switch... :)

[-]

Dr0zD@reddit

I put relay on POWER ON cable (in paralel with switch) and nodemcu. Nodemcu serves a) simple page with a button (which is a href to /poweron) and b) /poweron. Best part is I can access it by static IP from whatever device is on at home or just come to PC and use the HW switch.

[-]

j_a_f_t@reddit

Great and all, but suspend is still using power.

I've got my system to actually switch off and can wake it with a magic packet. Massive difference in power.

Sure slower to boot but not an issue for me.

[-]

VexingRaven@reddit

How much is your system using in suspend? It shouldn't be much at all.

[-]

A1berkz@reddit

Constant rebooting could end up using more power in the long run depending on what kind of traffic you are expecting.

[-]

ForceBlade@reddit

Your disks will also love being spun up and down over and over again.

[-]

j_a_f_t@reddit

If it’s a weekly task, then I think my way saves more power. I reckon even if it was switching off overnight mine would win. But depends on your own usage of course.

[-]

IanGoldense@reddit

This is pretty cool, but if you’re using this on a system with spinning hard drives, beware that spinning up and down the drives regularly can significantly increase the degradation rate. Enterprise drives are rated to spin up and stay on 24/7, not spin up and down on a regular basis the way consumer drives are. This can also significantly throw a wrench into a RAID array depending on its mechanics.

[-]

ForceBlade@reddit

Just came here commenting the same thing. This setup will physically destroy rust drives. It's no myth, spinning them up and down all the time will help you reach a day where they can no longer spin up much quicker.

[-]

rajrdajr@reddit

Hopefully someone sends this article to the mailing list for the Linux driver so they can add support for ARP offloading!

[-]

nullpointerninja@reddit

This sleep proxy client tries to accomplish the same but using an always on low power Apple device (like a HomePod) to trigger the magic packet: https://github.com/awein/SleepProxyClient From my understanding this actually sends a WoL magic packet to wake up the device so it wouldn’t be necessary to allow any packet to wake up the server.

[-]

KMReiserFS@reddit

i had a server that had power off and wake on lan scheduled on my home assistant.

the motherboard broke, it was a notbook, and i had to change to a new one, but it is using an usb ethernet dongle and wake on lan do not work.

still did not find a solution.

[-]

purpleidea@reddit

Would be great if more network drivers supported wake on PHY. That's what it's for.

[-]

PistachioOnFire@reddit

Here are 2022 results if anyone is interested.