homelan.eu logo

welcome @ homelan.eu

You have just reached my homelan, which consists not just of my normal everyday (home)working environment, but also my IT lab (play) environment.

I am a die-hard IT-guy with more than 25 years of experience, primarily in administering Windows networks. network devices such as routers, firewalls and switches and increasing knowledge in Linux.

My homelan is built on (amongst others):

HPE MicroServer Gen10 Plus
The HP Enterprise MicroServer Gen10 Plus with an Intel Xeon-2224 processor and currently 48GB of ECC-RAM serves as an important link in my homelan.
Equipped with 4 Gigabit network interfaces and a separate ILO-interface this is the perfect small (and energy-efficient) server to do some serious virtualization.
Proxmox VE Proxmox VE
Proxmox Virtual Environment is the virtualization platform running on my HPE MicroServer. Proxmox VE is an open source server virtualization management solution based on QEMU/KVM and LXC. It can create virtual machines as well as Linux Containers and it is free to use for home users.
It can handle ZFS for a reliable and very fast storage solution, especially with 2 (Data Center grade) Kingston DC500M 960 GB SATA drives operating in ZFS RAID.
Sophos XG Firewall
Another great product that is free to use in a home environment is the Sophos XG Firewall Home Edition.
This is a fully equipped software version of the Sophos XG firewall with full protection including anti-malware, web security, URL filtering, application control, IPS, VPN and more.
I am running this as a virtual machine on Proxmox on the HPE MicroServer and it is capable of delivering speeds of over 800Mbps using speedtest.net with just about all features switched on. That is without using IOMMU (Intel VT-d) to pass-through the physical NICs/processors from the server to the virtual firewall.
Synology DS920+ NAS
A Synology DS920+ NAS serves my homelan with the necessary storage capacity to store all my data as well as backups from my Proxmox virtual machines, my Microsoft365 environment, my personal Onedrive data and of course the computers in my home.

Besides my own data, this NAS also stores encrypted offsite backups of my parents' NAS while encrypted copies of my backups are stored offsite at the NAS at their location.
As a first defense against possible ransomware attacks, the NAS makes regular snapshots that can be restored really quickly.

Netgear GS324TP
The central switch in my homelan is this 'smart-managed' Netgear GS324TP gigabit switch with Power over Ethernet and capable of handling all my VLAN-needs. VLAN's in use are:
Traefik and Let's Encrypt
One of the docker containers running in docker in my environment is running the Traefik reverse proxy. Traefik is a reverse proxy that centrally manages all my available sites.
Traefik supports several middlewares to enhance its functionality. Some of the middlewares I use are GeoIP blocking, Crowdsec (an open-source and collaborative cybersecurity solution) and an Identiy Provider (IdP) to protect access to my resources and to make sure my security always uses a layered approach.
Pi-hole Pi-hole
Another docker container (or actually 3 containers in several VLANS) are running AdGuard Home DNS.
AdGuard is a network-level advertisement and internet tracker blocking application acting as a DNS sinkhole.
Main purpose is to remove as much ads as possible while browsing the internet from every device inside my house.
Windows Server 2019
Of course I also have a couple of (evaluation) versions of Windows Server 2019 installed in my homelan, all running as a virtual machine in Proxmox on the HPE MicroServer.
This environment is my playground in which I can make changes as much as I like and keep my knowledge at a high level without breaking anything in a production environment.

Currently I am running
Cloudflare DNS Cloudflare DNS
Cloudflare is not just the DNS resolver for all DNS names that Pi-hole allows, but I also use Cloudflare as a (free) DNS-provider for most of the domain names I own.
Cloudflare cooperates nicely with Let's Encrypt and is capable of automatically renewing wildcard SSL certificates. Cloudflare can also act as a proxy between a domain name and the physical IP-address (location) where a server is hosted, making websites running from my home environment reachable on multiple public IPv4 and IPv6 addresses.
And best of all is that Cloudflare supports creating a tunnel between their and my network, eliminating the need to forward ports on my firewall from my public IP-address. The tunnel is set up from a DMZ zone in my firewall and only allows traffic from this zone to my Traefik reverse proxy creating an additonal layer of security.
© 2025