Filler

I admit that I have horrible organizational skills. I use different tools to account for that lack.

I love me some Kanban and it looks so pretty when I start. And then it gets left behind.

Git allows me to make cheap commits. It allows cheap branches.

The development model should be “Create Issue. Create a branch to match issue. Work the issue on the branch. Resolve issue on branch. Merge master to issue branch. Resolve conflicts. Merge the issue branch back to master and delete the issue branch.”

I have a branch which was “Add MD5 to images”. By the time I was ready to commit, I had almost 40 files that had been modified. I spent about an hour making commits. Moving to different branches to get the changes into the right branches.

Once that was done, my workflows kicked the commit because of issues. Four hours to create typing stubs and to lint the added code. Painful.

Why? Because I got the md5 done but was in the middle of using the new code, then a higher priority issue popped which got its branch but which …

About once every two weeks, I have to spend a day organizing to get things back to reasonable.

I love working at the Fort at No 4. The current director is wonderful. She is also in over her head and struggling to get everything done that needs to be done.

This leads to her moving from most important to next most important until there is no organization, no completion.

Yet, she keeps it all going. I don’t know how she does it.

Today we had a longish meeting to go over Use Cases for the new website.

For me, use cases are formalized brainstorming. Every use case is written as

“As {Actor} I {Want|Need} {something}”

The something needs to be well-defined, and it must be a single thing. You don’t write, As a web visitor, I want to be able to read the EULA and the Privacy Statement.

That is two different use cases.

As we were working our way though one section of use cases, she told me that the process of writing use cases for the website was helping her to organize her job as the director.

Which is an extra benefit.

I’m a bit tired right now. I stayed up way too late Tuesday Night, 0300 late. I’m in the making good progress, fighting my way through the tangled web of code.

Today will be an even better day.

Now all I need to do is find time to read some more court documents, without taking my blood pressure through the roof.

This Representative is talking out of both sides of her mouth.

According to her, “they” went into the Delaney Hall premises, guided by the guards.

She claims that she has oversight authority to be there.

Let me see, what happens when you enter a federal property, look around, take pictures and selfies, then walk back out, thanking the cops on duty?

If I remember correctly, you get tossed in jail without bail to wait till a judge decides to hear your case. You are given an option to confess or to be returned to your cell.

The rest of the story is that the Mayor of Newark was arrested. He does not have any “oversight” authority.

The democrat representatives were there for a camera opportunity. Not oversight. I do not know if they even sit on a committee that oversees this facility.

So the good news, is these stunts are getting these showboating politicians arrested.

Ally and I have had some long conversations about winning the hearts and minds of the middle.

The common saying is, “Where there’s smoke, there’s fire.”

This is normally true. Sometimes it is not.

In 2016, my parents expressed their disgust for Trump. They were convinced that he was doing horrible things.

Today, there are people that scream and call him a felon. The “fine people” hoax still lives on.

If you are a normal person, you can’t help but be inundated with negative coverage of Trump.

His tariffs will destroy the economy! There is a recession coming! All those empty ships sitting in China means that the US economy is failing and prices are going to go through the roof.

What I see when I see all of those empty container ships is tariffs working. Those are sales China is not making. That is their economy burning to the ground.

But I can’t talk to those in the middle about it. Yes, it is my opinion. My friends that are thinking and on the left, can’t get past the constant barrage of “Evil Trump”!

They just tune out or they get TDS. My ex-friend went that way. It was Trump’s fault that Roe v. Wade was reversed, and that meant there would be no “reproductive care” for women.

It is years since that decision, there are still abortions happening in this country. In some places, more than before the Dobbs decision.

Most of all, I’m reminded of the people telling me that because there are so many accusations of Trump, there is so much smoke coming from the Trump Administration, there must be fire there.

What I saw were arsonists and smoke bombs.

While scrolling through X, looking for something to write about, I stumbled on a posting regarding Trump’s annual physical and its results.

/Trump’s 2025 Annual Physical Results

The post and almost all the comments are of the “It’s a fake!” or “They’re lying!”

His temperature is normal. That can’t be because it is just an average. They lied.

He scored 30 out of 30 on the Montreal Cognitive Assessment. This is a lie, everybody has seen he is cognitively impaired.

We know his height and weight are BS.

His resting heart beat is too good. It must be a lie.

He was tested on the 11th of April, but they didn’t release the results until the 13th. This proves it is a lie. They wanted time to fabricate the results.

Or my favorite, they noted the scar on his right ear but not the scars from multiple failed hair transplants. Since the assassination attempt was fake, this proves the medical report is fake as well.

Trump got a clean bill of health, since he isn’t showing any issues, it must be wrong.

These people are sick in the head. They just want him, and us, dead.

P.S. My favorite bit of TDS this week was a bunch of people looking for information about the kid that attempted to assassinate Trump. Since the monster was killed and the attempt was faked, this is another indicator that Trump faked the assassination attempt.

A modern website is a complex system of inter related pieces. Each of which must work correctly and communicate correctly with the other parts of the system.

As website creators, we break the design into the Frontend and the Backend. The front end is anything the end user sees, while the back end is responsible for generating content to be displayed.

The backend is further subdivided into the Model, Controller, and View. The model is our term for the database and database access. The controller is the rules for the website. The view is the creation of content to be displayed.

Consider a website that allows you to purchase an item. The “model” would describe that item. SKU, size, weight, cost, price, images, description, name, and much more. The “controller” encodes the business rules. We can only ship to people that have paid us. And the view turns all the information into content for a browser to display.

The content is delivered as HTML. We can also supply JavaScript code and Cascading Style Sheets. The HTML can have the JavaScript and CSS embedded in the HTML or the HTML can link to other resources to be included with this page.

HyperText Markup Language

The US government wanted a standardized way of creating electronic documents for printing. This was the Standard Generalized Markup Language, ISO8879.

SGML has the advantage of being very application-specific. If you are writing a book, you use one set of tags, if you are creating the Message Of The Day, you use a different set of tags.

The power of markup is that you describe what you are marking up, rather than formatting whatever it might be.

Consider and address. Bilbo Baggins, 999 Bagshot Row, Hobbiton, The Shire. As written in this sentence, it is just a row of text. You could write it that way on a letter and it would be delivered, but the postman would be unhappy at the formatting

<b>Bilbo Baggins</b><br/>
999 Bagshot row<br/>
Hobbiton, The Shire<br/>

Is the address formatted, which looks like

Bilbo Baggins
999 Bagshot row
Hobbiton, The Shire

Using DocBook, a particular version of SGML, we would write that same address something like:

<address><surname>Baggins</surname><givenname>Bilbo</givenname>
<street>99 Bagshot row</street>
<city>Hobbiton</city><state>The Shire</state>
</address>

We do not know how to display the address, but we know that it is an address. If we are provided rules on how to display addresses, we can display this address per the rules.

Structure

HTML was designed to be simpler than SGML. There are fewer tags, and the fixed meaning of the tags made it easy to write HTML by hand.

Almost every post I create is written in raw HTML. That HTML is then styled and displayed in nearly pretty ways.

HTML defined the structure of the document. The structure was of a header section, describing the page, and a body section with the actual content.

Within the content section were the different displayable content. You had headers, levels 1 through 5, you had numbered lists, unnumbed lists, and definition lists (a word with an attached definition). There were paragraphs, links, tables, and finally, there were images.

This content was rendered however the browser wanted to.

There were formatting tags for bold, italics, blinking, and not much more.

If you wanted to “layout” your webpage, you used tables and fought to get things right.

Cascading Style Sheets

CSS allowed us to provide styling to an element. The paragraph above has margins, padding, and boarders applied to it. It has colors applied for the background and for the font. All are set via a style sheet. Your browser has a default style for each element.

The problem that arises is how to attach that styling to particular elements. The answer starts with the structure of the document.

p {
  color: red;
  background-color: green;
  margin-left: 50px;
  border: 2px;
}

This uses a CSS selector, ‘p’ to locate all paragraph elements. It then sets the background to green, the font to red, moves it to the right 50px, then draws a 2px solid border around the paragraph.

This is a basic selector. Selectors get very complex.

DOM

Every element in an HTML document is loaded into the DOM. From there, we can select elements and modify the style of the element with CSS and CSS Selectors.

The simplest method is to give important elements an ID. IDs are unique for a DOM. If there is more than one element with the same ID, this will generate an error, which most people will never see. The rules tell us which element will own that identifier.

To find a particular element with a particular ID you use the ‘#’ symbol. Thus, to find the header just above, we would write “#DOM”. While the header would look like <h3 id=”DOM”>DOM</h3>.

We can add a multiuse identifier, called a class, to multiple elements at the same time. <div class=”quote”> is the code I use to create a quote. The class “quote” has a CSS group attached. This causes all the divs of class quote to be rendered as a block quote.

We then have the tag selector. We used one above with the “p” element. This allows us to select all the elements of a particular type. The selector “li” would select all the list items in the DOM. We could use this to make every line italic.

We can combine selectors to limit which elements are selected. “ul>li” would select all line items of unordered(without numbers) list, while “ol>li” would select all line items which were part of an ordered (with numbers) list.

These selectors can even allow us to move through the DOM in a structured way. We can ask for the first paragraph after a header for special treatment.

DOM Manipulation

When we load JavaScript on a web page, that JavaScript can watch for events on elements. This is done by locating an element with a selector, then watching for a particular event to take place on that element.

The JavaScript can then modify the DOM. This can be by changing the structure of the DOM, or it can be modifying the style of elements in the DOM.

A recent example of this, I added a class to some table data items (td). I did it with a class. I then found all the elements with that class and watched for a mouse click on those elements.

When the click was detected, my JavaScript ran. The JavaScript grabbed the contents of the element, stripped out formatting, then put that content into a text input box, displayed the text input box for the user to edit.

When the user completed their edit, the value they entered was formatted, the input was removed from the DOM. The formatted value was then placed back in the element.

All with a bit of good selection to make it work.

Finally, Selenium uses different types of selectors to find elements for manipulation or testing.

Very powerful stuff.

In computer languages, there are very few that are structurally different.

FORTRAN is like COBOL, which is like Pascal, which is like BASIC, which is like ADA, which is like …

Forth is not like those above. Nor is APL or Lisp.

Assembly languages can be used in structured ways, just like FORTRAN, COBOL, Pascal, and many others. It requires the discipline to use if not condition jump skip_label; do stuff in condition; skip_label:. The actual programming logic stays the same.

The two computer languages I dislike the most are PHP and Python. Both because they are weakly typed.

In a strongly typed language, you declare a variable’s type before you use it. The type of the variable is immutable for its lifetime.

In other words, if you declare a variable of being of type integer and then attempt to assign a string to it, it will barf on you during compilation.

In PHP, all variables look the same, any variable can hold any type at any moment. The type can change from line to line. And the language will do implicit type casting. It is hateful.

Python has all the same characteristics I hate in PHP, with the added hateful feature of using indentation instead of begin-and markers for blocks.

I’m lucky that Python has an optional typing capability, which I use consistently. The optional part is a pain when I want to use a module that has no typing information. When that happens, I need to create my own typing stub.

But the worse part of all of this is that they get jumbled together in my head. How many entries in an array? In PHP, that is determined by the count() function, in Python it is the len() function.

In Python, the dot (.) is used to access methods and attributes of objects. In PHP, it is the concatenation symbol.

I am tired of writing Python in my PHP files and I dread switching back to Python because I know my fingers will mess things up.

Networking should be simple. Even when it was big, it was simple. Plug the wires in correctly, assign the IP address your system administrator gave you, and you are up and running on the internet.

We built each node on the net to be able to withstand attacks. Each node was a fortress.

But when we put Win95 machines on the net, that changed.

The mean time to having a Win95 machine compromised was less than 72 hours.

Today, an unhardened Windows box has about an hour before it is compromised. Many IoT devices have windows in the 5 minute range.

To “fix” this issue, we introduced firewalls. A firewall examines every packet that enters, deciding if the packet should be allowed forward.

Since everything was in plain text, it was easy to examine a packet and make decisions. This “fixed” the Windows Vulnerability issue.

The next complication came about because Jon Postel didn’t dream big enough. His belief was that there would never be more than a few thousand machines on the Internet.

This was an important argument as it shaped the new Internet Protocol. He wanted 2 bytes (16 bits) for host addressing. Mike wanted more. He argued that there would be 100s of thousands of machines on the Internet.

They compromised on a 4 byte, 32 bit address, or around 4 billion addresses. But since the address space was going to be sparse, the actual number would be less than that. Much less than that.

This meant that there was a limit on the number of networks available at a time when we needed more and more networks.

Add to that, we had homes that suddenly had more than one device on the Internet. There were sometimes two or even three devices in a single home.

Today, a normal home will have a dozen or more devices with an internet address within their home.

This led to the sharing of IP addresses. This required Network Address Translation.

stateDiagram-v2
  direction LR
  classDef outside fill:#f00
  classDef both fill:orange
  classDef inside fill:green
  Internet:::outside --> DataCenter
  DataCenter:::outside --> Firewall
  Firewall:::both --> Server
  class Server inside 

Here we see that we have an outside world which is dangerous red. The Firewall exists on both and creates safety for our Server in green.

stateDiagram-v2
  direction LR
  classDef outside fill:#f00
  classDef both fill:orange
  classDef inside fill:green

  Internet:::outside --> DataCenter
  DataCenter:::outside --> Firewall
  Firewall:::both --> LoadBalancer
  state LoadBalancer {
    Server1
    Server2
  }
class LoadBalancer inside

Server1 and Server2 are part of the compute cluster. The load balancer sends traffic to the servers in some balanced way.

stateDiagram-v2
  direction LR
  classDef outside fill:#f00
  classDef both fill:orange
  classDef inside fill:green

  Internet:::outside --> DataCenter
  DataCenter:::outside --> Firewall
  Firewall:::both --> LoadBalancer
  state LoadBalancer {
    Ingress1 --> Server1
    Ingress2 --> Server2
Server1 --> Compute1
Server1 --> Compute2
Server1 --> Compute3
Server2 --> Compute1
Server2 --> Compute2
Server2 --> Compute3
  }
class LoadBalancer inside

The firewall sends traffic to the load balancer. The load balancer sends traffic in a balanced fashion to Ingress 1 or Ingress 2. This configuration means that either Ingress 1 or Ingress 2 can be go offline and the cluster continues to work.

The actual structure is that the Ingress process runs on the different servers. It is normal to have 3 ingress processes running on 3 servers, with more servers hosting other processes.

So what’s so complicated? What’s complicated is that each of the devices in that path must be configured correctly. Which gets more complex than it should be.

The path packets travel is configured by routing configurations. This is done by BGP outside the Data Center and OSPF inside the Data Center. The Firewall must be configured to only pass the traffic it is supposed to.

Firewall rules grow and can be complex. My firewall rules exist as “If it ain’t broken, don’t fix it” It is always a concern when modifying firewall rules. It is not unheard of to lock yourself out of your firewall. Or to bring down a thousand sites from one bad configuration rule in a firewall.

The load balancer must also be configured correctly. In our case, our load balancers offload SSL/TLS work to allow routing decisions. It then uses internal SSL/TLS for all traffic within the cluster.

The Ingress processes live on a virtual network for intra-cluster communications and on the load balancer network for communications with the load balancers.

Each of the compute instances communicates on the intra-cluster network only.

All of this is wonderful. Until you start attempting to figure out how to get the correct packets to the correct servers.

The firewall is based on pfSense. The load balancer is based on HAProxy. The ingress services are provided by Nginx. The intra-cluster networking and containerizing is provided by docker/K8S.

The issue of the day, if I upload large files via the load balancer, it fails. Implying that HAProxy is the issue. Uploading to the ingress services directly works.

Frustration keeps growing. When will it get easy?

It is difficult for me to make friends. In general, my friends have come from my place of work or from my lady introducing me to people.

I make the effort when I’m out. I just don’t like people enough to be out and about.

I’ve been watching the pain that Ally has been going through as she has realized that she is now right of center.

It hurts her.

People on the left lives in such a self – created bubble that anything that threatens that bubble is unacceptable.

One of our acquaintances is full on TDS. At a recent event, they were going on and on about how horrible Trump is. But, they stepped way over the line when they attacked anybody who voted for him or supports him. They announced, proudly, that people who voted for, or support Trump will not be accepted around her.

The fear that exists and the need to not offend means that nobody who disagreed with her spoke up. This was a friendly gathering. To take up arms (or words) against her would have been unacceptable. Those that don’t have TDS just grit their teeth and stay silent.

The other day I was talking about an event in congress where a representative intentionally “misgendered” a trans person.

For me, it was a big middle finger to the “Trans Agenda”.

I took joy in that gesture. For Ally, my glee was hurtful to her. She still runs on emotion with a strong backdrop of facts and reasoning.

She was also hurting because this representative had an R after her name. She would rather not support somebody who she thought was being hurtful to somebody. She felt she was being forced to support this representative because she now was a conservative.

No, she didn’t have to support that person. This isn’t the left.

The jackals out there are eating their own. Everyone who doesn’t agree with them is evil. Everyone who isn’t in lockstep with them is a fascist. Everyone who isn’t attacking Elon and Trump must be a NAZI.

In a short skit I watched the other day, the person says they are leaving the Democrat party. They say how they are still the same person, but that the Democrat party no longer represents them. That they will still be friends with their former friends. That this doesn’t change anything between them, that they had been friends since kindergarten, they will be friends long into the future.

The “democrat” responds with, “The last time I looked, I’m not friends with Nazi’s”.

There are a few servers that are too old. There is a need for a few more servers to get a room level redundancy. These things can be expensive.

As I’m cheap, I’ve been using older servers that accept 3.5″ disk drives. Some except 2 drives, some 6, some could accept more, but the case doesn’t.

The fix I chose was to move to some four bay NAS enclosures. This is a reasonable size that balances with the network I/O capability.

These enclosures all take the Mini-ITX motherboard.

These motherboards are nothing short of amazing. In the middle tier, they have all the things a full-size motherboard has. Some have 4 memory slots, some only 2. They come with 1, 2, 4 Ethernet ports. Some have SFP ports. Some have SATA ports. The number of SATA ports ranges from 1 to 6. Some come with PCIe slots.

Depending on what your needs are, there is a motherboard for you.

Since this was going to be a NAS, the motherboard I selected had to have 4 SATA ports, an NVMe slot, and SFP+.

Yep, this exists. They don’t exist at the price point I wanted to pay. It finally clicked with me. I can just put an SFP+ PCIe card into the machine.

Thus, I picked a motherboard with 4 SATA, 1 Ethernet, 1 USB3, 1 PCIe slot, enough memory and 2 M.2 slots.

Some NAS enclosures do not have the opening for a PCI slot, so it was important to pick a case that had the card opening.

When I got the enclosure I was impressed.

It is a sturdy, thick steel case. There is no plastic on the entire thing. There are for hot swap disk bays plus mounting space for 2 2.5″ drives. Exactly what I was looking for.

When I went to install the motherboard, I was shocked to find that the CPU cooler didn’t fit. I ordered a low profile. I’m impressed with that as well.

I get the board mounted. It looks nice. I go to close the case and the cover won’t fit on. The cover has a folded U channel that goes over the bottom rail of the case to lock the case closed.

The problem is that there isn’t enough space between the edge of the motherboard and the bottom rail for the U channel to fit.

My first real use of the right-angle die grinder. I don’t have a cut-off wheel for it, so I just ground the edge away and it worked.

Of course, I gave myself a frost burn because I was too busy to put gloves on to handle the die grinder.

Back to the worktable, the cover now goes on. I plug a wireless USB dongle into the USB 3.0 and boot. Nothing.

It took me a couple of days before I figured it out. The case came with no documentation. The front panel connector has both a USB 3 plug and a USB 3 plug. I plugged both in. You are only supposed to plug in one. Fixed.

The installation happens, I’m happy. It is fast enough, it is responsive enough. I just need to get it put in place with the fiber configured.

I take the cover off the back slot. Go to put the PCI card in.

The (many bad words) slot does not line up with the opening in the back of the case.

The open in the back is off by 0.8 inches.

I consider cutting another card opening in the back. That won’t work. The card would be half out of the side of the case.

I ordered the cutoff wheels for the die grinder, I know I’m going to need them.

I decided to cut the back opening wider. This will leave an opening that can be taped closed on the PCI side. It allows me to use the existing slot with retaining hardware. I good idea.

All I need to do is unscrew the standoffs, drill and tap four holes in the right place, and I’m done.

Except… Those standoffs are pressed into place. They don’t unscrew.

No problem. I have a set of standoffs. I’ll just cut the existing standoffs off. Drill and tap holes in the right place and use my standoffs.

Except… My standoffs are the normal length. These standoffs are a custom length. I can’t do that.

Tools to the rescue

First stop, the arbor press. It is a small 2 ton press. I have no problems pushing out the standoffs. The press also removes the bulge from removing the standoffs.

Next step, the milling machine. Using the gage pins, I found the size of the holes is 0.197-0.198. Measuring the standoffs, I get 0.208. I settled on 0.201 for the hole size. I should have gone a 64th smaller.

There is no way to clamp this thing in the vise. I do have strap clamps. The case is quickly put into position.

The first hold is located, then drilled. No issues.

Except I don’t have enough travel to reach the other three holes. I reposition the case on the table and go for it.

I go back to the arbor press to put the standoffs back in. I don’t have enough height to support the case while installing the standoffs.

Back to the mill. Square to ends of a hunk of aluminum. Punch a 3/8in hole in it. Work on the mill vise and get the standoffs put back in place.

In the middle of this, I have an alarm, fearing that I put the standoffs in the wrong place. I do a quick test fit and everything is perfect.

It takes me a good hour to put the case back together with all the case mods done. It looks good. I’m happy with how it came out.

Today is search day. I have to find the 8 meter OM-4 fiber for this NAS, and I have to find the box of screws that came with the case for the hard drives. Once I have those, this can go into production.

I know what to look for on NAS cases. I’ll be building out a few more of these boxes over the coming months. First to replace two boxes which are too old. One for the redundancy.

The world will be good, or I’ll punch it again and again until it is good.

P.S. This is filler, the article about Trump’s win in the D.C. District court was taking to long.

We are in the process of moving from the image above to the image below.

At least in terms of what the infrastructure looks like.

Today I decommissioned an EdgeRouter 4 which features a “fanless router with a four-core, 1 GHz MIPS64 processor, 3 1Gbit RJ45 ports, and 1G SFP port.”

When they say “MIPS64” you can think of it as being in the same class as an ARM processor. Not a problem for what it is.

The issue was that there are only 1Gb interfaces. That and I’ve come to hate the configuration language.

This has been replaced with a pfSense router running on a TopTon “thing.” I call it a thing because it is from China and intended to be rebranded. It doesn’t have a real SKU.

It is based on an N100 with 4 cores and 8 threads. 2 2.5Gb Ethernet ports, 2 10Gb SFP+ ports. It can be upgraded and has multiple extras.

Besides the hardware, this is an entirely different animal in terms of what it can do. It is first, and foremost, a firewall. Everything else it does is above and beyond.

It is running NTP with a USB GPS unit attached. It runs DHCP, DNS, HAProxy, OSPF and a few other packages. The IDS/IPS system is running in notify mode at this time. That will be changed to full functionality very shortly.

So what’s the issue? The issue is that everything changed.

On the side, as I was replacing the router, I jiggled one of the Ceph servers. Jiggling it caused it to use just a few watts more, and the power supply gave out. It is a non-standard power supply, so it will be a day or two before the replacement arrives.

When I went to plug the fiber in, the fiber was too short. This required moving slack from the other end of the fiber back towards the router to have enough length where it was needed.

Having done this, plugging in the fiber gave me a dark result. I did a bit of diagnostic testing, isolated the issue to that one piece of fiber. I ran spare fiber to a different switch that was on the correct subnet, flashy lights.

Turns out that I had to degrade the fiber from the other router to work with the EdgeRouter 4. Once I took that off, the port did light off. But that was a few steps down the road.

Now the issue is that all the Wi-Fi access points have gone dark. Seems that they are not happy. This required reinstalling the control software and moving them from the old control software instance to the new one. Once that was done, I could see the error message from the access point complaining about a bad DHCP server.

After fighting this for far too long, I finally figured out that the pseudo Cisco like router was not forwarding DHCP packets within the same VLAN. I could not make it work. So I disabled the DHCP server on the new router/firewall and moved it back to the Cisco like router. Finally, Wi-Fi for the phones and everything seems to be working.

At which point I can’t log into the Vine of Liberty.

I can see the pages, I can’t log into the admin side. It is timing out.

3 hours later, I figured out that there was a bad DNS setting on the servers. The software reaches out to an external site for multiple reasons. The DNS lookup was taking so long that the connection was dropping.

I think this is an issue that I have just resolved.

But there’s more.

Even after I got the DNS cleaned up, many servers couldn’t touch base with the external monitoring servers. Why?

Routing all looked good, until things hit the firewall. Then it stopped.

Checking the rules, everything looks good. Checking from my box, everything works. It is only these servers.

Was it routing? Nope, that was working fine.

That was one thing that just worked. When I turned down the old router, the new router distributed routing information correctly and took over instantly.

So the issue is that pfSense “just works.” That is, there are default configurations that do the right thing out of the box.

One of those things is outbound firewall rules.

Anything on the LAN network is properly filtered and works.

But what is the definition of the LAN network? It is the subnet directly connected to the LAN interface(s).

Because I knew that I would need to be able to access the routers if routing goes wrong, my computer has a direct connection to the LAN Network attached to the routers. The Wi-Fi access points live in on the same subnet. So everything for my machine and the wireless devices “just worked”

The rest of the servers are on isolating subnets. That are part of the building LAN but they are not part of the “LAN Network”.

I know this, I defined an alias that contains all the building networks.

Once I added that to the firewall rules, it just worked.

Tomorrow’s tasks include more DHCP fights and moving away from Traefik. Which means making better use of the Ingress network.