Login

u/Gazolatroll

r/HomeNetworking r/homelab r/netbird
▲ 3 r/netbird

Reverse proxy doubts

Hi everyone, I have some doubts about the reverse proxy and could not find an awser.

I recently set up self-hosted Netbird management on a VPS, configured my custom domain, and network access to my home network using a routing peer. Everything worked fine, but when I set up a reverse proxy to my NAS by using its private IP within my home network and downloaded a file, I noticed that my VPS traffic limit was consumed by the same amount as the downloaded file size.

Maybe I am wrong, but wasn't it supposed to use only the routing peer network? I have limits on the VPS traffic that are not fit for NAS consumption, and I thought that the management only created the connection between the two peers.

Is there a way to set this up, or is there a better way than a reverse proxy?
Is my home network access doing the same thing?

I have some trusted users who need to access it from outside the home network and do not want to make them install a NetBird client everywhere.

reddit.com
u/Gazolatroll — 1 month ago
▲ 5 r/netbird+2 crossposts

Hi everyone,

I came to ask for guidance on a full makeover of my home lab setup, my networking level is beginner at most, and I cannot find any guides that work for my case.

What I currently have:

  • Proxmox node running a Cloudflare tunnel to expose services
  • Netbird routing peer for internal services access.
  • DDNS to get around NAT, resolving to the ISPs border device IP, mainly for game servers that need open ports and fast connections.
  • Paid VPN and domain name currently pointing to Cloudflare for the tunnel services.
  • Multiple Ethernet ports on the Proxmox node that will work as a switch for now, one of them is connected to ISP, the others have some computers and a future wireless AP.

What I aim to achieve:

  • I want a good setup to expose services, I like the idea of using my domain on Netbird reverse proxy for encryption and auth for services that don't have their own auth.
  • Internal and external services resolve internally when accessed with their domain from the same network, mainly for better transfer speed, maybe a self-hosted DNS can solve this?
  • I want to host my own firewall (pfSense is the best candidate for now) and hide everything behind it, I've been delaying ditching the ISP firewall for too long.
  • Segregated networks in a way that protects internal machines in case an external service gets compromised, isolate IoT devices and a network for VPN-only connection, aiming for privacy (totally legal reasons). I've seen something about combining VPN with encryption and scrambling packages, but I don't even know where to start.
  • I want to host all the services that I possibly can, preferably using LXC containers. I would prefer not using docker unless it is strictly necessary.

Where do I need help:

  • I have a lot of doubts about how to build this infrastructure and have little to no understanding of how most network security works. I have mostly followed guides from trusted sources until now, so I think what I'm asking for is a network map with the services that I need to run and how to run them properly.
  • I run a few game servers, if it is possible to not expose ports anymore and protect my IP using a VPS or Netbird, I need to know how and if it affects speed too much, I live a little far from the closest VPS datacenter.
  • I need to know the steps to configure each service, usually default installation and most configuration I can handle, but there's always some obscure/specific configuration that may be necessary for my case. I know I'm already asking a lot, so no need to tell me the exact commands, once I know what needs to be done, I can google how to do it and debug my way through.

Problems encountered so far:

  • I tried self-hosting Netbird to get some of their paid cloud services and to ditch Cloudflare tunnels, but there is no tutorial for behind-NAT configuration. The main problem I could find is that I cannot expose the ports needed for the Netbird management interface because my DDNS resolves to the ISP device, and I cannot forward the ports they use for their web interface. I use an external DDNS too that maybe is best to self-host, but I have not been able to get on it yet.
  • When setting up the custom domain on Netbird, I tried using the domain provider DNS but it does not let me set CNAME *.my-domain to the Netbird server, it refuses the wildcard "*". I think I need to host my own DNS and resolve my DDNS to it, but I'm not sure.

Thanks for reading all of this, even if you cannot help!

Any tips or recommendations are welcome and would be greatly appreciated.

reddit.com
u/Gazolatroll — 1 month ago