Hello!
I noticed on my new oneplus 12 ( I am based in USA and bought this from Oneplus US website), before even connecting to a wifi, that there is already a saved network in my wifi saved network settings. (Wifi->More Settings->Saved Networks) It's named "optimum" and it doesn't seem to be connected to my device at the time and looks like there is no password but I cannot connect at this time.
After resetting system and network settings only, the saved network is gone ( as expected). However after doing a factory reset after the network and system setting reset, the phone once again has this "optimum network" as soon as I start it up (before connecting to wifi). I also noticed that even if I remove the network, it'll reappear in saved network if I restart or reboot my phone (no factory reset). Anyone else notice this and should I be concerned?
Here's the information regarding the network that shows
The following info is shown for this network:
"Optimum"
Security: Passpoint
MAC address: -some letters and numbers are here- (Random)
Proxy: None
IP Settings: DHCP
Privacy : [this is greyed out but says "Use random MAC address"]
Thank you!

Create this app myself due to can't find any app that allow me to modify config files directly.
Anybody know Is there something similar out there?, e.g. custom/3rd party repo.

Hello, i recently just got a powerline adaptor (TL-PA7017P) and the instructions were plug and play. However, I plugged it in and my ethernet doesn't connect as it shows unidentified network no internet. I've used the TL utility app to check that there is in fact a connection.
These are the things that I have tried: 1. Reinstalling network adaptors 2. Changing automatic to manual IP address and DNS address and typing in correlated 8.8.8.8, 8.8.4.4, 192..... 3. Used the Network troubleshooter (error given was "Can't reach the DHCP server") 4. Updated drivers (most updated)
This is my ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : DESKTOP-LULRQ2C
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller
Physical Address. . . . . . . . . : 9C-6B-00-12-7F-F5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::588c:304:3897:6d7d%8(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.148.138(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 463235840
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2A-07-AE-8A-9C-6B-00-12-7F-F5
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Local Area Connection* 1:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 2C-8D-B1-89-E0-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : 2E-8D-B1-89-E0-54
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 3168
Physical Address. . . . . . . . . : 2C-8D-B1-89-E0-54
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::af64:79a3:e362:b07c%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.50.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, 14 May 2024 8:56:37 pm
Lease Expires . . . . . . . . . . : Wednesday, 15 May 2024 9:09:25 pm
Default Gateway . . . . . . . . . : 192.168.50.1
DHCP Server . . . . . . . . . . . : 192.168.50.1
DHCPv6 IAID . . . . . . . . . . . : 153914801
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2A-07-AE-8A-9C-6B-00-12-7F-F5
DNS Servers . . . . . . . . . . . : 192.168.50.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 2C-8D-B1-89-E0-58
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Thank you for reading and hope I can get some help on this :>

These hacking apps are very useful for those who wants to hack someones account or device remotely. Hacking, by its very nature, is the act of breaking into computer systems and networks.
In simple terms, it is the process of finding clever ways to get around security measures so that one can gain access to data or information.
Android, being the world‘s most popular operating system, already has a plethora of mobile applications that allow its users to perform ethical hacking tasks from the comfort of their hands.
There are many hacking apps available on google play store but not all of them are safe so be careful while downloading any app. Some of the best hacking apps for android are as follows:-

These hacking apps are very useful for those who wants to hack someones account or device remotely. Hacking, by its very nature, is the act of breaking into computer systems and networks.
In simple terms, it is the process of finding clever ways to get around security measures so that one can gain access to data or information.
Android, being the world‘s most popular operating system, already has a plethora of mobile applications that allow its users to perform ethical hacking tasks from the comfort of their hands.
There are many hacking apps available on google play store but not all of them are safe so be careful while downloading any app. Some of the best hacking apps for android are as follows:-

Hacking Apps for Android

A hacking app is a tool that can be used to test the security of your phone. It allows you to find out if your device has been compromised and if so, how it happened.
These apps are useful for finding out if there are any security vulnerabilities in your device. But they don’t provide any direct protection against attacks like malware or viruses.

1. AndroRAT

AndroRAT is a remote administration tool for Android devices. It has the ability to send commands to a device, and to download files from it. AndroRAT can also change the phone’s settings, and show the user’s location on a map.
It is a free and open-source Java-based client/server application developed to give remote control of the Android system for retrieving information.
It was created by a team of 4 for a university project and includes functionalities such as getting call logs, contacts, messages, and location (by GPS/Network), taking pictures from the camera, streaming video and sound from the microphone, making calls, and opening URLs in the default browser.
Download: AndroRAT

2. zANTI

zANTI is a mobile penetration testing and security analysis tool that lets you see how risky a network is. Using zANTI allows you to simulate a cyber attack—specifically Man In the Middle (MITM) attacks—to test networks and identify vulnerabilities in them.
This tool will show you the users connected to the network, the weak points in their devices and the network itself, and where you should apply further cyber-protection.
However, your device needs to be rooted in order to use zANTI properly. It provides a comprehensive security architecture for your Android device.
zANTI is a security scanner that detects and removes malware, adware, spyware, and viruses from your device. It also helps you to keep your phone secure by removing unnecessary apps or games when they are installed on the device.
The app’s main features include:* Scanning all apps downloaded from Google Play Store automatically when they are installed on the phone. Removing any unwanted applications/games which were installed on your phone or tablet.
Monitoring whatsapp messages sent via chat boxes to check whether they contain malicious links or texts.* Scanning all attachments sent via email attachments (including PDFs) for viruses and malware infections
Download: zAnti

3. Fing

Fing is a network utility app that provides you with an in-depth view of your network. You can use it to find all the devices connected to your network, and their MAC addresses.
This type of tool can be very useful in a number of different situations, such as when you want to find out what devices are on a network, or when you want to troubleshoot connectivity problems.
Fing also allows you to configure settings like:

• DHCP reservations
• Proxy server configuration

Download: Fing

4. Nmap

Nmap is a security scanner that can be used to scan your network for open ports, vulnerabilities, and other information. It can also be used as an alternative way to find out which programs are installed on a computer or device.
Nmap is a command line tool and requires you to type in commands into the terminal (command prompt) of your Operating System before it will do anything useful.
Download: Nmap

5. Droidsheep

Droidsheep is a tool that can be used to collect information about the Facebook and Instagram accounts of users. However it’s designed to help you gather information on your friends, family and other people who use Social Media.
Sure, here’s your revised sentence with added transition words:
It is one of the best hacking apps that allows you to intercept web browsers that are not well protected using a WiFi connection. Additionally, it examines and accesses the strength of a network by exposing the vulnerabilities.
DroidSheep is an application equipped with functionalities that simplify the hacking of social media messaging platforms such as Facebook and Instagram. This distinctive feature distinguishes it from other hacking applications.
The app is available for Android devices and will run on most versions of the operating system, including Android 4.0 or later (Ice Cream Sandwich), but it does not work with some older versions of Google’s mobile platform such as Gingerbread 9 or Honeycomb 3.2
Download: Droidsheep

Read More

ReadAlso:
The World’s Top 8 Most Famous Female Hacker
Hijacking satellites is easy than you think
The Top 10 Best Keylogger Apps for Android Devices
How to Make a Fake Facebook Phishing Page

I posted this on homelab and got a lot of downvotes, maybe it wasn't the right place to ask the question.
I'm currently using a 3 piece google wifi system (the old one) and finding it really limiting for my home.
This is my setup, apologies if the terminology is wrong 1. In New Zealand to use our fibre network, we all have a supplied ONT (Optical network terminal). As a consumer I don't access this device. 2. My main google wifi device. This is my dhcp server, where I chose my primary DNS (my pihole), and where I currently configure port forwarding successfully for my applications and reverse proxy settings 3. I have 2x downstream google wifi devices which act solely as access points, and operate as a mesh with device 2.
In particular the only way to administrate the network is via the slow and off-putting google home app. Port forwarding, IP's, and troubleshooting are just a nightmare because of the latency in the app.
I think we have outgrown the simplistic functionality of the old google wifi, and will be looking for an upgrade. Any recommendations?
I was told I'm looking in the wrong place, as I should be changing my router, not my wifi devices. And that I should be getting a new upstream device.
I am not an expert with this stuff, but google wifi is my dhcp server, it's where I currently administer my port forwarding for my self hosted applications successfully, and my reverse proxies are working fine.
I thought the router was what directed your DNS requests to your chosen DNS server and route that information to your devices via the lan IP address is assigns through dhcp? Am I genuinely misunderstanding this stuff?

I've posted this question over in tailscale, but it's become more a docker question now since that's the way I think I'll have to solve it.
I have a machine that has two network interfaces.
One connection is rate & traffic limited, the other is not metered. I'd like to restrict the tailscale traffic to only go over the unrestricted network, but I can't risk the restricted network going down at all so I can't disable it even for a short time as it's my only way of connecting to the computer without relying on tailscale.
I'm thinking I can do this using a docker instance and restrict the docker interface to just use eth1, which would allow me to do what I want as long as I can restrict docker to eth1 (or the 10.x.x.x IP, whichever is easiemore appropriate).
Is this possible? (Background below)
To clarify, without the second, rate limited device I lose my access to the remote network. The remote device is also a gateway for several other devices on which we can't install tailscale as we don't have any control over them (think industrial controller). Also I don't want to change the entire configuration at once - I'd much prefer a staged approach. Finally, I can't just pull the 4G modem as the local network configuration relies on it for local DHCP and network connection to the devices.
I have already setup a reverse SSH tunnel to the remote machine through a proxy relay, but we need the tailscale to be a direct connection to the other network interface in the same machine. The remote setup is a ~10 hour drive away, or two 2 hour flights and a 2 hour drive, so very inconvenient if I lose my access and can't fix the reverse tunnel remotely. Basically it's a 3-day turnaround plus the travel expense if I break anything. Site support is non-existent (no skills).
The layout is like this:
eth0 is connected to a 192.168.1.0/24 network, which has numerous other devices we connect to using a reverse ssh tunnel and some socat magic. This network gets its connection to the internet over a 4G modem, with a data allowance of ~10GB/mo.
eth1 is connected to the client's network, with a 10.x.x.x address, which is not rate or data limited, but is restricted to out of business hours for our purposes. Over this connection, I need to send ~60GB per day to my office. I wanted to use a tailscale network but only on eth1, since this traffic has to negotiate the client firewall (outbound traffic very restricted), as well as our corporate firewall (also very restricted).
So, how do I do that?

I have a machine that has two network interfaces.
One connection is rate & traffic limited, the other is not metered. I'd like to restrict the ~~network~~ tailscale traffic to only go over the unrestricted network, but I can't risk the restricted network going down at all so I can't disable it even for a short time as it's my only way of connecting to the computer without relying on tailscale.
Is this possible?
[EDIT]:
To clarify, without the second, rate limited device I lose my access to the remote network. The remote device is also a gateway for several other devices on which we can't install tailscale as we don't have any control over them (think industrial controller). Also I don't want to change the entire configuration at once - I'd much prefer a staged approach. Finally, I can't just pull the 4G modem as the local network configuration relies on it for local DHCP and network connection to the devices.
I have already setup a reverse SSH tunnel to the remote machine through a proxy relay, but we need the tailscale to be a direct connection to the other network interface in the same machine. The remote setup is a ~10 hour drive away, or a 2 hour flight and 2 hour drive, so very inconvenient if I lose my access and can't fix the reverse tunnel remotely. Basically it's a 3-day turnaround plus the travel expense if I break anything. Site support is non-existent (no skills).
The layout is like this:
eth0 is connected to a 192.168.1.0/24 network, which has numerous other devices we connect to using a reverse ssh tunnel and some socat magic. This network gets its connection to the internet over a 4G modem, with a data allowance of ~10GB/mo.
eth1 is connected to the client's network, with a 10.x.x.x address, which is not rate or data limited, but is restricted to out of business hours for our purposes. Over this connection, i need to send ~60GB per day my office. I wanted to use a tailscale network but only on eth1.
I'm thinking I can do this using a docker instance and restrict the docker interface to just use eth1, which would allow me to do what I want as long as I can restrict docker to eth1 (or the 10.x.x.x IP, whichever is easiemore appropriate).

services: adguard: container_name: adguardhome image: docker.io/adguard/adguardhome:latest restart: unless-stopped network: dns volumes: - :/opt/adguardhome/conf - :/opt/adguardhome/work labels: - "io.containers.autoupdate=registry" ports: # Plain DNS - 10053:53/tcp - 10053:53/udp # DHCP - 10067:67/udp - 10068:68/udp # Webserver - 8080:80/tcp - 3000:3000/tcp 

# Plain DNS :53 { reverse_proxy :10053 } # DHCP :67 { reverse_proxy :10067 } :68 { reverse_proxy :10068 } 

Windows Version: \ Microsoft Windows [Version 10.0.19045.4170]
netsh winsock reset shutdown -r -t 0 then ````` C:\Windows\system32>net stop dhcp The following services are dependent on the DHCP Client service. Stopping the DHCP Client service will also stop these services.

 IP Helper WinHTTP Web Proxy Auto-Discovery Service Network Connected Devices Auto-Setup Network List Service Network Location Awareness Do you want to continue this operation? (Y/N) [N]: Y The IP Helper service is stopping. The IP Helper service was stopped successfully. System error 5 has occurred. Access is denied. 

`````
Why?

Windows Version: Microsoft Windows [Version 10.0.19045.4170]

netsh winsock reset shutdown -r -t 0 

then

C:\Windows\system32>net stop dhcp The following services are dependent on the DHCP Client service. Stopping the DHCP Client service will also stop these services. IP Helper WinHTTP Web Proxy Auto-Discovery Service Network Connected Devices Auto-Setup Network List Service Network Location Awareness Do you want to continue this operation? (Y/N) [N]: Y The IP Helper service is stopping. The IP Helper service was stopped successfully. System error 5 has occurred. Access is denied. 

Why?

I'm at my wit's end. I just switched ISPs. Was using PPoE previously (and the PiHole worked fine). My router is an Archer AX53, I'm in Japan, now using IPv6 over DS-lite.
My local DCHP looks the same as it used to, pointing to PiHole as DNS:
https://imgur.com/a/YBl4lFl
But this no longer blocks ads on my network.
Under IPv6, these are the default settings, which give me internet access but of course no PiHole.
https://imgur.com/a/dzvkxFi
If I choose "Use the following DNS address:" then input the PiHole's IPv6 address and hit save, like this, I lose connectivity:
https://imgur.com/a/ZAtrcAh
Also, as per the default IPv6 config, the bottom section defaults to ND Proxy, which again gives me connectivity but is not using the PiHole. I'm pretty sure I need to set it to SLAAC+Stateless DHCP, but when I select that option, it asks me for an address prefix. I searched in English and Japanese for info about my ISP and I have tried my best to figure out what my address prefix might be but I'm too much of a noob to figure it out. No matter what I enter in there, it says "invalid format." I also cannot toggle prefix delegation ON without losing connectivity.
I have been trying to figure this out for weeks. Any help would be greatly appreciated.

This might be a basic question but my knowledge of dns is limited...
I do use Pfsense as my main home router.
I do have a registered public domain that I use to generate ssl certs for my internal lan services with letsencrypt.
Pfsense is configured in dns forward mode but I use host overrides to redirect some hosts to my internal nginx proxy that serves ssl certs for them.
Now everything seems to work as expected, when I nslookup my internal services with hostxyz.domain.com everything works.
But today, my ISP failed and until internet came back working, when I tried to nslookup anything of my internal services I get their internal ip as expected but followed with "server can't find xxx.domain.com: refused" and accessing internal webpages that should be behind the proxy served with the cert just don't work.
I'm wondering why I get this message since I tought this would be handled by the pfsense dns (at least for anything related to my "domain.com" and anything I've added in the host overrides section). Is there anyway to tell pfsense dns forwarder to resolve anything related to domain.com internally since I guess it still try to reach external dns for those entries ?
I also have the following options enabled :
"register DHCP static mappings in dns forwarder"
"register DHCP leases in DNS forwarder"
Should I've setup "domain override" instead of individually set each host for my specific domain ?
ISP Down scenario:

nslookup host Server:192.168.1.1 Address:192.168.1.100#53 Name:host.domain.com Address: 192.168.1.100 ** server can't find host.domain.com: REFUSED 

ISP UP scenario:

nslookup host Server:192.168.1.1 Address:192.168.1.1#53 Name:host.domain.com Address: 192.168.1.100 

I have a small home network, currently running a pfSense firewall, TrueNAS server with NextCloud, a Proxmox server with a few containers and VM's, including a VM running Docker with a dozen containers. Nothing on my home network is currently exposed directly to the Internet except for Wireguard VPN.
My domain name is registered and public DNS is provided by GoDaddy, which was a requirement to configure my Microsoft 365 Family subscription custom email domain. I also host my public website with GoDaddy, using a GoDaddy SSL certificate.
DNS on my LAN is resolved via unbound on my pfSense firewall, using automatic enrollment by DHCP.
I recently installed Nginx Proxy Manager with the intention of eliminating the hassle of specifying port numbers and approving self-signed certificates. However, I've been unable to get NPM/Certbot to create a LetsEncrypt certificate using DNS-01 challenge with GoDaddy. I'm seeing the following errors in my NPM logs:

2024-05-08 01:01:43,131:DEBUG:certbot.plugins.dns_common_lexicon:Encountered error finding domain_id during deletion: Error determining zone identifier for xxxxxxx.com: 403 Client Error: Forbidden for url: https://api.godaddy.com/v1/domains/xxxxxxx.com. Traceback (most recent call last): File "/opt/certbot/lib/python3.11/site-packages/certbot/plugins/dns_common_lexicon.py", line 250, in _resolve_domain with Client(self._build_lexicon_config(domain_name)): File "/opt/certbot/lib/python3.11/site-packages/lexicon/client.py", line 168, in __enter__ raise e File "/opt/certbot/lib/python3.11/site-packages/lexicon/client.py", line 161, in __enter__ provider.authenticate() File "/opt/certbot/lib/python3.11/site-packages/lexicon/_private/providers/godaddy.py", line 62, in authenticate result = self._get(f"/domains/{domain}") ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/lexicon/interfaces.py", line 162, in _get return self._request("GET", url, query_params=query_params) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/lexicon/_private/providers/godaddy.py", line 338, in _request result.raise_for_status() File "/opt/certbot/lib/python3.11/site-packages/requests/models.py", line 1021, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://api.godaddy.com/v1/domains/xxxxxxx.com 

I'm not sure exactly what is causing the problem. I double-checked my GoDaddy API key and secret, even tried using a key I am using with pfSense for DDNS updates. Does anyone here have a similar setup that can offer any advice?

I have been unsuccessful in getting a Cisco ASR1001 to talk with a Fortiswitch 424E. Can someone have a look and see what I am doing wrong here? Both Cisco and FortiSwitch configs I can attached if needed. The ASR (WAN) has a BGP connection to AWS, it is up and running. The FortiSwitch (FS) is connected to the ASR's LAN interface (thats what I will call it) and we need three vlans to talk to ASR interfaces that have IP's for their respective subnets. Here is the relevant info (at least I think this is really all that is needed at this point). I can share Cisco config, FS config and Drawing if needed.
Cisco
interface TenGigabitEthernet0/0/0 mtu 3800
no ip address
!
interface TenGigabitEthernet0/0/0.2900
description "Direct Connect to Amazon VPC or Transit Gateway on AWS Cloud"
encapsulation dot1Q 2900
ip address 169.254.38.182 255.255.255.252
!
interface TenGigabitEthernet0/0/1
description "Prod DBNET access"
ip address 192.168.51.249 255.255.254.0
no ip proxy-arp
ip nbar protocol-discovery
!
interface TenGigabitEthernet0/0/1.4
encapsulation dot1Q 4
ip address 10.1.0.4 255.255.254.0
!
interface TenGigabitEthernet0/0/1.35
encapsulation dot1Q 35
ip address 10.10.2.4 255.255.255.0
FortiSwitch
config system interface
edit "mgmt"
set mode dhcp
set allowaccess ping https ssh
set type physical
set secondary-IP enable
set snmp-index 31
set defaultgw enable
config secondaryip
edit 1
set ip 192.168.1.99 255.255.255.0
set allowaccess ping https ssh
next
end
next
edit "internal"
set ip 192.168.50.41 255.255.254.0
set allowaccess ping https ssh
set type physical
set alias "internal"
set snmp-index 30
next
next
edit "port25"
set snmp-index 25
next
edit "port26"
set native-vlan 2
set snmp-index 26
next
edit "port27"
set native-vlan 35
set snmp-index 27
next
edit "port28"
set allowed-vlans 1-2,35
set snmp-index 28
next
edit "internal"
set allowed-vlans 1-2,35
set stp-state disabled
set snmp-index 29
next

tl/dr: settling on bhyve as a hypervisor, but main focus will be on FreeBSD compatible s/w when I have a choice except for some have-to-have tech that only comes on Linux or Windows. Does this make sense?
In the process of researching a replacement for my current router (old Cisco ISR) which cannot keep up with my internet speed (1Gbps), I came across pfSense on DIY bare metal and also folks virtualizing it on ESXi and Proxmox. My plan was to run it on the latter. Then, I found out that it relies on FreeBSD and wraps pf (along with other add-on features). I decided to run FreeBSD in a Proxmox VM on a NUC instead. And, to learn it all, I planned a prototype SDN: firewall gatewall with pf, dns/dhcp server, web server (nginx) and jump server running tailscale (nginx in reverse proxy and ssh to internal servers). I suddenly had to travel quite a bit over the last 2+ months and brought a Raspberry Pi installed with FreeBSD 14.0 with me in which I wrote a couple of shell scripts to install thinjails and assist with jail networking along with prototyping the above SDN—all on an RPi! It's been really fun.
Meanwhile, I also discovered that Pi-Hole (for ad blocking) is just a GUI wrapper of dnsmasq which I've been using plus some blacklist tables (easily done in pf) AND Tailscale is Wireguard + co-turn/stun along with authorization configs and an excellent HTTPS tunnel fallback model. I'm quite certain I could learn how to deploy both of those directly. A DIY theme has emerged.
Now that I've done all that, I think I'm too far down the FreeBSD path to enjoy a GUI wrapper for a Debian Hypervisor and LXCs (Proxmox). Plus, while trying to install Proxmox VM backups (PBS) I found myself fighting with Docker or LXC configurations. I'm sure they're scrutable, I just don't want to bother.
So, I've shifted again and my plan is the following:

1. FreeBSD Host with a handful of Jails to run a firewall-gateway (router), dnsmasq, jump server.
2. bhyve VM: FreeBSD with Dashboard and other services (jails) that I'd like to have on my network.
3. bhyve VM: Linux variant (with Kubernetes?) for Docker and LXCs where the s/w doesn't exist in FreeBSD.
4. bhyve VM: Windows 11 for accounting s/w that I need and only runs on MSFT.

I'm sure I'm capable of managing all of this. Question is: are there any gotchas in this I should be aware of? From my research, it looks to me like all of this will work as I expect to. I will have plenty of head room on the NUC for other VMs if I need.
Kool aid never tasted so good, I guess.
Thoughts?

For whatever reason I want to change my default network IP range. I keep getting this error
Failed saving network "Trusted". {modelType, select, profile {Profile} network {Network} portIpGroup {Port and IP Group} other {}} includes {type, select, User {a Client's } FirewallRule {a Firewall Rule } other { }}"{name}" configuration. Please remove this first before deleting the {modelType, select, profile {Profile} network {Network} portIpGroup {Port and IP Group} other {}}.
I've deleted everything in my firewall rules. Deleted the port forwarding that has any IP's on the main LAN, removed any reserved IPs and made sure all unifi devices were set to DCHP, I switched to legacy and it gave me a different error, which led me to wireguard. So I deleted that as well.
Looking through the network log I saw this.
thership syswrapper[4077812]: [apply-config] using fast apply
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Trying to migrate config due to inconsistency (invalid config .versionDetail: must be between 22 and 22: .interfaces) to resolve following issue: invalid config: configuration syntax is invalid: must be between 22 and 22: .versionDetail.interfaces
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Starting config .versionFormat 'v2' migration for /tmp/udapi-fastapply-b534_e1ad_5479_ce4b.cfg.tmp
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Migrating config .versionDetail.firewall/nat from 5 to 6
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Migrating config .versionDetail.interfaces from 19 to 20
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Migrating config .versionDetail.interfaces from 20 to 21
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Migrating config .versionDetail.interfaces from 21 to 22
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Migrating config .versionDetail.services/dnsForwarder from 2 to 3
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Migrating config .versionDetail.services/dnsForwarder from 3 to 4
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Migrating config .versionDetail.services/radiusServer from 2 to 3
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Migrating config .versionDetail.services/radiusServer from 3 to 4
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Migrating config .versionDetail.services/radiusServer from 4 to 5
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Migrating config .versionDetail.services/upnp from 1 to 2
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Migrating config .versionDetail.services/wanFailover from 4 to 5
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Migrating config .versionDetail.system from 2 to 3
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Migrating config .versionDetail.system from 3 to 4
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Migrating config .versionDetail.system from 4 to 5
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Migrating config .versionDetail.qos from 1 to 2
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Finished config .versionFormat 'v2' migration of /tmp/udapi-fastapply-b534_e1ad_5479_ce4b.cfg.tmp
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: config-migrate-helper: Migrated config is valid
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: service: vvv Apply new configuration
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: service: * [interfaces]: configuring
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: service: * [services]: configuring
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-redirector-service: +(services): Keep stopped service redirector
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-arp-inspection-service: +(services): Keep stopped service arpInspection
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-ddns-service: +(services): Keep running service ddns
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-dhcp-server-service: +(services): Keep running service dhcpServers-net_Trusted_br0_192-168-1-0-24
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-dhcp-server-service: +(services): Keep running service dhcpServers-net_POS_br5_10-30-5-0-24
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-dhcp-server-service: +(services): Keep running service dhcpServers-net_UPnP_br3_10-12-3-0-26
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-dhcp-server-service: +(services): Keep running service dhcpServers-net_IoT_br2_10-12-2-0-24
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-dns-forwarder-service: +(services): Keep running service dnsForwarder
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-doh-proxy-service: +(services): Keep stopped service dnscrypt-proxy
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-dpi-service: +(services): Keep running service dpi
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-geoip-filtering-service: +(services): Keep running service geoipFiltering
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-ids-ips-service: +(services): Keep running service idsIps
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-igmp-snooping-snoopd: +(services): Keep stopped service igmpSnooping
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-lldp: +(services): Keep running service lldp
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-loop-protection: +(services): Keep stopped service loopd
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-mdns-service: +(services): Keep running service mdns
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-ntp-client-timesyncd: +(services): Keep running service ntpClient
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-radius-server-service: +(services): Stop running->deleted service radiusServer
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-radius-server-service: stopping the service
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-system-log-syslog-ng: +(services): Keep stopped service systemLog
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-unifi-network: +(services): Keep running service unifiNetwork
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-utm-service: +(services): Keep running service utm
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-wan-failover: +(services): Keep running service wanFailover
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: svc-wifiman: +(services): Keep running service wifiman
2024-05-05T08:17:54-05:00 TheMothership ubios-udapi-server[2094]: service: * [firewall/filter]: configuring
2024-05-05T08:17:55-05:00 TheMothership ubios-udapi-server[2094]: service: ^^^ Apply new configuration done
2024-05-05T08:17:55-05:00 TheMothership ubios-udapi-server[2094]: process: Got process exit event for process radiusServer
2024-05-05T08:18:19-05:00 TheMothership inadyn[2601]: Update forced for alias , new IP#
2024-05-05T08:18:19-05:00 TheMothership inadyn[2601]: Failed resolving hostname https: Name or service not known
2024-05-05T08:20:20-05:00 TheMothership inadyn[2601]: Update forced for alias , new IP#
2024-05-05T08:20:20-05:00 TheMothership inadyn[2601]: Failed resolving hostname https: Name or service not known
2024-05-05T08:22:20-05:00 TheMothership inadyn[2601]: Update forced for alias , new IP#
2024-05-05T08:22:20-05:00 TheMothership inadyn[2601]: Failed resolving hostname https: Name or service not known
2024-05-05T08:24:20-05:00 TheMothership inadyn[2601]: Update forced for alias , new IP#
2024-05-05T08:24:20-05:00 TheMothership inadyn[2601]: Failed resolving hostname https: Name or service not known
I removed my domain and IP from the last part. Thinking the DDNS was the issue I removed that too and got the same log except it had this at the end
2024-05-05T08:24:31-05:00 TheMothership ubios-udapi-server[2094]: service: ^^^ Apply new configuration done
2024-05-05T08:24:31-05:00 TheMothership ubios-udapi-server[2094]: process: Got process exit event for process ddns-eth9
So I gave up and restored my backup. I really have no reason I want to change it other than just because, but I have been unsucessful and I haven't found the solution in all the time I've spent googling. Any ideas?
Thank you!

Let me start with my total experience with what I am doing: 0 (2days of having fun) So I stumbled into this subreddit, and for now I dont want to go outside anymore.
So my current setup:
HW (Upgrades are coming later):
Rasp Pi 4b
64GB Micro SD Card
OS:
Ubuntu 24.04 LTS (Headless)
I finally got it working, I think more based on luck than anything else:
Sumarize what I did:
1 Installed fresh version of Ubuntu 24.04 LTS (Headless), and change the IP of the PI to Static 2 Installed Docker Compose 3 Installed Portainer Container 4 Installed PiHole Container 5 In my Ubuntu Enviro:

• sudo systemctl stop systemd-resolve (did this because of If you are using an Ubuntu to run the Pi-Hole Docker container, you may need to disable the Systemd-resolve service. The operating system uses this service to provide network name resolution. As Pi-Hole will want to operate on the same part the resolve service does, we need to disable it. Copied it from website i used for help: Pi Hole Docker Setup)
• sudo systemctl disable systemd-resolve (so it doesn start up when RaspPi is power cycled)
• sudo nano /etc/resolv.conf (Replace it with the following. This changes the nameserver to Cloudflare’s 1.1.1.1 service. I dont know why cloudfare but i did what it said: Pi Hole Docker Setup)

6 Start my docker containers
7 For PiHole, logged in and then:

• Local DNS->DNS Records
• Domain: portainer.internal
• IP Address: IP of my Rasp PI and then pressed Add

8 Went to Nginx proxy manager and then:

• Created username and password
• Hosts->Add Proxy Host
• Domain Name: portainer.internal
• Scheme: HTTPS
• Forward Hostname/IP: IP Address of my Rasp Pi
• Forwarded Port: 9443
• Cache Assets = off, Block Common Exploits = Off, Websocket Support =off

9 In my router

• Disable DHCP
• Assigned Static IP for my Raspberry PI via mac address (idk if this works, since DHCP is disabled, but the field did not gray out once i disabled DHCP)
• Under DNS: Primary was set to IP of Raspberry PI

10 My Desktop PC:

• Assigned IP manually for now (will explain below)
• IPV4 IP: in same subnet as Rasp Pi and Router
• IPV4: gateway: IP of router
• DNS: set to IP of Rasperry PI

10.Did a power cycle of both my router, raspberry PI and my computer, and it still worked. I can finally forget port numbers and just enter the domain name for my local services.
(Step 10 then turned into a slot machine of entering IP's into the gateway and DNS servers configuration of the ethernet adapter until I had access to the internet again. So I am planning to figure how the fuck my PiHole is not working as a dhcp.)
What I plan to work on now:

• Want to understand why I have to do Step 5
• Step 10 was initially suppose to be the PiHole act as my DHCP server and assign the IP to all connected devices on the network, but sadly I am getting this warning, and I think because of this no devices is getting a IP assigned to them

NSMASQ_WARN dnsmasq Warning in core: no address range available for DHCP request via eth0
I know this was a long post. But maybe it helps someone in the future. I will update again once progress has been made on Pihole acting as DHCP server.
Heres my setup: https://imgur.com/a/QZfAbSO