Super insightful, thanks. Didn’t think about any of that.

I don’t disagree with you, but you’ve put some thought into this so maybe you can help us understand your logic and rationale more.

as soon as they deem profitable

What’s profitable about losing sales of adult games?

Also, what leverage do these groups have over banks and payment processors? If you have leverage over Visa and MasterCard, some of the most profitable companies in the world, I could imagine doing way more nefarious things than this. I just don’t get it. Some random group in Australia has leverage over Visa and MasterCard - American companies - is that what we’re saying here?

Those are things that should be handled by a government in defence of the public interest of everyone

I think you might have too much faith in government. Facebook and YouTube shouldn’t be hyper-polarizing brainwashing machines either, but here we are 20 years later and governments have done jack shit to address that. If anything, we’re going the wrong direction - Governments are seeing that and the TikTok model as tools they can have at their disposal to suppress dissent. But ironically, I think YouTube and many other platforms quietly accept that if we want to live in a somewhat harmonious society, we can’t leave it to the government to make all the rules. (eg. YouTube banning vaccine misinformation and disinformation during a public health emergency.)

On a tangent here, maybe the only potential upside from this situation with Steam is that horrifically misogynistic waifu simulators aren’t going to be 1 click away from the new Call of Duty. Seriously, Steam is just full of super gross anime shit that kids shouldn’t see, but the main audience of the platform is kids. The way Steam puts that content beside everything else is really gross and they really should get called out for that.

This law sounds good in theory, but there’s a lot of lawful content that is really undesirable (scams, spam, deepfakes, hate speech, etc.) and platforms need to be able to deal with that. The law isn’t fast or flexible enough to keep up, and every country has different (or laughable) definitions of some of these things.

The YouTube community guidelines are a pretty good overview of whatever shady shit people are trying to pull these days: https://support.google.com/youtube/answer/9288567?hl=en

That you misremembered the generation of Nintendo console that Quake 2 was on makes this the perfect chefs kiss millennial boomer comment, lol.

Wrapping up this thread, I really appreciate all the opinions and experiences everyone shared! Gave me lots of new perspectives to think about.

Yeah, this might be the way to go. OpenWRT supports hardware NAT with many of these ARM-based routers like many of the MediaTek-based ones, which gives them super high throughput at very low CPU usage. The efficiency blows x86 out of the water. The ability to migrate your OpenWRT config to new hardware (real or virtual) in the future means you kinda get the best of both worlds…

Do not use an SSD for cold storage - it will fail. SSDs need to be plugged in every once to refresh the charge in their NAND, otherwise they’ll lose the data.

This is not a theoretical thing - I’ve had a good Samsung 850 Pro drive fail while being off for 2 years.

Thanks, this is good data!

How fast is your internet?

Do a speed test and run htop… you’ll see CPU usage only on one core spiking. Not a big deal if your CPU can handle it, but the AMD GX-412TC in the APU2 I was using is too slow.

Even if the virtualized router is down, I’ll still have access to the physical server over the network until the DHCP lease expires. The switch does the work of delivering my packets on the LAN, not the router.

Thanks for the tip about the pfSense limit. After running pfSense for like 8 years, my opinion is that is flush with features but overall, it’s trash. Nobody, not even Netgate, understands how to configure limiters, queues, and QoS properly. The official documentation and all the guides on the internet are all contradictory and wrong. I did loads of testing and it worked somewhat, but never as well as it should have on paper (ie. I got ping spikes if I ran a bandwidth test simultaneously, which shouldn’t happen.) I don’t necessarily think OpenWRT is any better, but I know the Linux kernel has multithreaded PPPOE and I expect some modern basics like SQM to work properly in it.

The other thing to keep in mind is to pass through physical nics. Using just the vnics will potentially lead to security risks. That’s the reason I went back to physical fws.

I could throw an extra NIC in the server and pass it through, but what are the security risks of using the virtualized NICs? I’m just using virtio to share a dedicated bridge adapter with the router VM.

If you just use 2 nodes, you will need a q-device to make quorum if you have one of the nodes down

I could just use VRRP / keepalived instead, no?

I should try Proxmox, thanks for the suggestion. I set up ZFS recently on my NAS and I regret not learning it earlier. I can see how the snapshotting would make managing VMs easier!

That is pretty sweet. I have a second server I could use for an HA configuration of the router VM. I’ve been meaning to play around with live migrations (KVM) so this could be a cool use case for testing.

I appreciate the advice. I have like 3 spare routers I can swap in if the server fails, plus I have internet on my phone lol. It’s a home environment, not mission critical. I’m glad you mentioned this though, as it made me realize I should have one of these routers configured and ready-to-go as a backup.

My logic is partly that I think a VM on an x86 server could potentially be more reliable than some random SBC like a Banana Pi because it’ll be running a mainline kernel with common peripherals, plus I can have RAID and ECC, etc (better hardware). I just don’t fully buy the “separation of concerns” argument because you can always use that against VMs, and the argument for VMs is cost effectiveness via better utilization of hardware. At home, it can also mean spending money on better hardware instead of redundant hardware (why do I need another Linux box?).

There are also risks involved in running your firewall on the same host as all your other VM’s

I don’t follow. It’s isolated via a dedicated bridge adapter on the host, which is not shared with other VMs. Further, WAN traffic is also isolated by a VLAN, which only the router VM is configured for.