NAS stands for ‘Network Attached Storage’ and there’s dedicated hardware for that task from multiple brands. It’s a somewhat spesific thing and from what I understand you have a multi-purpose server running on your network. For discussion it’s better to use the established terminology to avoid confusion on what’s what. Your generic server can of course act like a NAS, but a 100€ Synlogy NAS can’t (for the most part) act as a generic server.

Similarly there’s a dedicated hardware for routers and they are not the same than generic servers which can run whatever. Dedicated routers do some things way better/faster than generic server, and there’s pretty much always a trade-off between the two. You can of course install hardware to your server to be as good as or even better than any consumer grade router and run a pfsense on virtual machine on top of it, but that’s going to be at least more expensive than dedicated hardware.

So, your server is running pihole in a container on the same network address/hardware than the rest of your server, and I suppose you already gathered from other messages that the firewall component on it treats traffic coming from outside the server itself differently than traffic originating from the server itself. For this spesific case I’d say it’s just simpler to configure the server to use DNS server as localhost:1053 than trying to work out firewall forwarding rules for it, if possible. If not, and you absolutely insist that your pihole runs on a unprivileged port and that your server also has to use pihole as DNS sever, then you need to dig out a firewall config for outgoing traffic which redirects the destination port. Or you could set up a dns proxy on the server which uses pihole as upstream and serves addresses to localhost only or one of the other multiple ways to achieve what you’re after, but each of those have some kind of trade-off and there’s too many to go trough in a single post.

I personally don’t, but many do. But it doesn’t matter, my employer isn’t legally allowed to read my emails, unless it’s a sort of an emergency. My vacation, weekend, short sick leave and things like do not qualify. And even then, if the criteria is met, it’s illegal to read anything else than strictly work related things out of my box.

We even have a form where people leaving the company sign permission that their mailbox can be accessed by their team leader and without signature we’re not allowed to grant permissions to anyone, unless legal department is on the case and terms for privacy breach are met.

If the firewall was running on a router then you’d need to DNAT back to the same network from which they originated and that is (in general) quite a PITA to get running properly. My understanding is that the firewall doing port forwarding is running on the NAS. And we don’t have much information on what that ‘NAS’ even is, I tend to think devices like qnap or synology when talking on NAS-boxes, but that might as well be a full linux-system just running CIFS/NFS/whatever.

OP could obviously use his router as a DNS server for the network and set upstream DNS server for the router to pihole, but that’s a whole different scenario.

This is the same as complaining that my job puts a filter on my work computer that lets them know if I’m googling porn at work. You can cry big brother all you want, but I think most people are fine with the idea that the corporation I work for has a reasonable case for putting monitoring software on the computer they gave me.

European point of view: My work computer and the network in general has filters so I can’t access porn, gambling, malware and other stuff on it. It has monitoring for viruses and malware, that’s pretty normal and well understood need to have. BUT. It is straight up illegal for my work to actively monitor my email content (they’ll of course have filtering for incoming spam and such), my chats on teams/whatever and in general be intrusive of my privacy even at work.

There’s of course mechanisms in place where they can access my email if anyting work related requires that. So in case I’m laying in a hospital or something they are allowed to read work related emails from my inbox, but if there’s anything personal it’s protected by the same laws which apply to traditional letters and other communication.

Monitoring ‘every word’ is just not allowed, no matter how good your intentions are. And that’s a good thing.

As it’s only single device I’d suggest configuring DNS server for that to <ip-of-nas>:1053. Port forwarding rule on the nas firewall most likely applies only to ‘incoming’ traffic to the nas and as locally generated DNS request isn’t ‘incoming’ (you can think it as ‘incoming’ traffic is everything coming via ethernet cable into the nas) then the port redirection doesn’t trigger as you’re expecting.

Bare metal server sounds like optimal solution for you and set up a hypervisor on top of it, so it’s pretty trivial to migrate VMs to your own hardware when needed. But then for your ‘long term’ environment VPS would most likely be better and migrating a full VM from your hypervisor to VPS is a bit more work, but can be done.

I don’t know about providers in Australia, but Hetzner has both and combined billing and my personal experience with them is pretty good. But I’m in Europe, so bandwidth nor latency is not a problem.

My experiences are few years old, so I don’t remember excact models anymore, but some back-ups models (es series rings a bell, but as I said, it’s been a while) had batteries with soldered connectors and form-factor which (at least at the time) wasn’t available from anyone else than APC.

I have older 1500VA FSP UPS, I don’t think that exact model is available anymore, but it’s been solid for several years. It currently has 3rd or 4th set of batteries and they are standard bulk batteries, so replacements are easy to find from anywhere. Only problem I’ve had with that is that on display it doesn’t give out clear warnings when batteries degrade and it has crashed my system few times in a power outage, but I’ve been lazy and didn’t bother to properly monitor it nor have scheduled battery replacements, so that’s mostly on me.

Eaton seems to be pretty solid too, but I don’t have a ton of experience on any of their models. Local suppliers had dirt cheap PowerWalker UPS’s a few years ago, but one of them didn’t survive when battery died, so maybe I got what I paid for. Those worked fine too, but apparently they cooked the carging circuit when battery degraded.

This is of course just my own experience over a few models, but personally I wouldn’t spend my money on APC. Propietary batteries and multiple failures after battery replacement at work few years back were enough to choose something else.

I recommend Hetzner too. I’ve been a happy customer for a decade. Support, should you need it, works well and services are rock solid.

My ecotank died just like all the other inkjets. It went few weeks without printing and blue nozzle dried completely up and on the pipes I can see dried up ink on other colors as well. So I had to dig up old Brother HL3040 back to the duty which I retired after print quality started to drop (it needs new fuse unit or something similar, so not that big of a deal) and I thought having an option to print nice color pictures would be nice.

So, if you plan to run ecotank (which does have pretty good printing quality when it works) set up a scheduled task on your computer to print something, in color, quite frequently even if it wastes some ink and paper. I think the main issue with mine was that even if I print stuff somewhat often there was a period where I only needed b&w documents so color nozzles went unused for a while.

I might get a new set of nozzles and ink tanks for my unit as it’s a ton cheaper than a whole new printer, but if you’re looking for a printer this is something to take into consideration, regardless of their marketing material.

Edit: Mine is Epson, didn’t know that ecotank term is used by other manufacturers.

more specific to a subset of people who have time to bother

And that subset of people needs to have at least some kind of mindset to learn the viable minimum skills to even start with and a will to learn more and more and more. I’ve done various kinds of hosting as a career for couple of decades and as things change I’m fighting myself if it’s worth my time and effort to keep my home services running or should I just throw money to google/apple/microsoft/whoever to store my stuff and manage my IOT stuff and throw the hardware into recycling bin.

I have the skill set required for whatever my home network might need up to a point that I could somewhat easily host a small village from my home (money is of course a barrier after a certain point), but I find myself more and more often thinking if it’s worth the effort. My Z-wave setup needs some TLC as something isn’t playing nicely and it causes all kinds of problems with my automations, my wifi network could use a couple of sockets on the walls to work better, I should replace my NVR with something open source to include couple of more cameras around the yard and have better movement recognition and cameras should go to their own VLAN and so on.

Most of that stuff is pretty basic to set up and configure (well, that z-wave network is a bit of it’s own thing to manage) and it would actually be pretty nice to have all the things working as they should and expand on what I have to make my everyday life even more simpler than it already is. But as there’s a ton of things going on in life I just rather spend few hours gaming from my sofa than tinker with something.

That’s of course just me, if you get your reward and enjoyement on your network then good for you. Personally I think I’ll keep various things running around, but right now in this place I’m at, the self hosting, home network and automation and all that is more of a chore than a hobby. And I’m pretty sure I don’t like it.

As far as I know it is the default way of handling multiple DNS servers. I’d guess that at least some of the firmware running around treats them as primary/secondary, but based on my (limited) understanding at least majority of linux/bsd based software uses one or the other more or less randomly without any preference. So, it’s not always like that, but I’d say it’s less comon to treat dns entries with any kind of preference instead of picking one out randomly.

But as there’s a ton of various hardware/firmware around this of course isn’t conclusive, for your spesific case you need to dig out pretty deep to get the actual answer in your situation.

have an additional external DNS server

While I agree with you that additional DNS server is without a question a good thing, on this you need to understand that if you set up two nameservers on your laptop (or whatever) they don’t have any preference. So, if you have a pihole as one nameserver and google on another you will occasionally see ads on things and your pihole gets overrided every now and then.

There’s multiple ways of solving this, but people often seem to have a misinformed idea that the first item on your dns server list would be preferred and that is very much not the case.

Personally I’m running a pihole for my network on a VM and if that’s down for a longer time then I’ll just switch DNS servers from DHCP and reboot my access points (as family hardware is 99% on wifi) and the rest of the family has working internet while I’m working to bring rest of the infrastructure back on line, but that’s just my scenario, yours will most likely be more or less different.

A part of it is because technology, specially a decade or so ago, had restrictions. Like with ADSL which often/always couldn’t support higher upload speeds due to the end user hardware, and the same goes with 4/5G today, your cellphone just doesn’t have the power to transmit as fast/far as the tower access point.

But with wired connections, specially with fibre/coax, that doesn’t apply and money comes in to play. ISPs pay for the bandwidth to the ‘next step’ on the network. Your ‘last mile’ ISP buys some amount of traffic from the ‘state wide operator’ (kind-of, depends heavily on where you live, but the analogy should work anyways) and that’s where the “upload” and “download” traffic starts to play a part. I’m not an expert by any stretch here, so take this with a spoonful of salt, but the traffic inside your ISP’s network and going trough their hardware doesn’t cost ‘anything’ (electricity for the switches/routers and their maintenance is excluded as a cost of doing business) but once you push additional 10Gbps to the neighboring ISP it requires resources to manage that.

And that (at least in here) where the asymmetric connections plays a part. Let’s say that you have a 1Gbps connection to youtube/netflix/whatever. The original source needs to pay for the network for the bandwidth for your stream to go trough in order to get a decent user experience. But the traffic from your ISP to the network is far less, a blunt analogy would be that your computer sends a request to the network ‘show me the latest Me. Beast video’ and youtube server says ‘sure, here’s a few gigabits of video’.

Now, when everyone pays for the ‘next step’ connection by the actual amount of data consumed (as their hardware needs to have the capacity to take the load). On your generic home user profile, the amount downloaded (and going trough your network) is vastly bigger than the traffic going out of your network. That way your last mile ISP can negotiate with the ‘upstream’ operator to have capacity to take 10Gbps in (which is essentially free once the hardware is purchased) and that you only send 1Gbps out, so ‘upstream’ operator needs to have a lot less capacity going trough their network to ‘the other way’.

So, as the link speeds and amount of traffic is billed separately, it’s way more profitable to offer 1Gbps down and 100Mbps up for the home user. This all is of course a gross simplification of everything and in real world things are vastly more complex with caching servers, multiple connections to the other networks and so on, but at the end every bit you transfer has a price and if you mostly offer to sink in the data your users want and it’s significantly less than the data your users push trough to the upstream there’s money to be made in this imbalance and that’s why your connection might be asymmetric.

As a rule of thumb, if you pay more money you get a better product. With spinning drives that almost always means that more expensive drives (in average) run longer than cheaper ones. Performance is another metric, but balancing those is where the smoke and mirrors come into play. You can get a pretty darn fast drive for a premium price which will fail in 3-4 years or for a similar price you can get a bit slower drive which will last you a decade. And that’s in average. You might get a ‘cheap’ brand high-performance drive to run without any issues for a long long time and you might also get a brand name NAS drive which will fail in 2 years. Those averages start to play a role if you buy drives by a dozen.

Backblaze (among others) publish their very real world statistics on which drives to choose (again, on average), but for home gamer that’s not usually an option to run enough drives to get any benefits from statistical point of view. Obviously something from HGST or WD will most likely outperform any no-name brand from aliexpress and personally I’d only get something rated for 24/7 use, like WD RED, but it’s not a guarantee that those will actually run any longer as there’s always deviations from their gold standard.

So, long story short, you will most likely get a significantly different results depending on which brand/product line you choose, but it’s not guaranteed, so you need to work around that with backups, different raid scenarios (likely raid 5 or 6 for home gamer) and acceptable time for downtime (how fast you can get a replacement, how long it’ll take to pull data back from backups and so on). I’ll soon migrate my setup from somewhat professional setting to more hobbyist one and with my pretty decent internet connectivity I most likely go with 2-1-1 setup instead of the ‘industry standard’ 3-2-1 (for serious setup you should probably learn what those really mean, but in short: number of copies existing - number of different storage media - number of offsite copies),

On what you really should use, that depends heavily on your usage. For a media library a 5400rpm bigger drive might be better than a bit smaller 7200rpm drive and then there’s all kinds of edge cases plus potential options for ssd-caching and a ton of other stuff, so, unfortunately, the actual answer has quite a few of variables, starting from your wallet.

In theory you just send a link to click and that’s it. But, as there always is a but, your jitsi setup most likely don’t have massive load balancing, dozens of locations for servers and all the jazz which goes around random network issues and everything else which keeps the internet running.

There’s a ton of things well outside your control and they may or may not bite you in the process. Big players have tons of workforce and money to make sure that kind of things don’t happen and they still do now and then. Personally, for a single use scenario like yours, I wouldn’t bother, but I’m not stopping you either, it’s a pretty neat thing to do. My (now dead) jitsi instance once saved a city council meeting when teams had issues and that got me a pretty good bragging rights, so it can be pretty rewarding too.

Jitsi works, and they have open relays to test with, but as the thing here is very much analog and I’d assume she’d just need to see your position, how hands move etc, the audio quality isn’t the most important thing here. Sure, it helps, but personally I’d just use zoom/teams/hangouts/something readily available and invest in a decent microphone (and audio in general) + camera.

That way you don’t need to provide helpdesk on how to use your thing and waste time from actual lessons nor need to debug server issues while you’ve been scheduled to train with your teacher.

At least in here some of the older modems, specially from ADSL-era, only had two pairs in them, so they were only good up to 100Base-T, which is roughly 7MB/s. So maybe check if that’s the case and throw those into recycling bin.

At work where cable runs are usually made by maintenance people the most common problem is poor termination. They often just crimp a connector instead of using patch panels/sockets and unwind too much of the cable before connector which causes all kinds of problems. With proper termination problems usually go away.

But it can be a ton of other stuff too. Good cable tester is pretty much essential to figure out what’s going on. I’m using 1st gen version of Pocketethernet and it’s been pretty handy, but there’s a ton of those available, just get something a bit better than a simple indicator with blinking leds which can only indicate if the cable isn’t completely broken.

Yep. I’m running 1/1Gbps wan connection over cat5e just fine. Even on very noisy environment at work with a longish run (70+ meters) we ran pretty damn stable 1/1Gbps over good quality cat7.