Networking on heezy.blog

Pi-hole on Kubernetes with MetalLB and a Ruckus SSID

Wed, 15 Apr 2026 00:00:00 +0000

🚧 UNDER CONSTRUCTION 🚧 Switch and Ruckus configuration pending. Screenshots to be added.

Pi-hole was already running on the cluster. It worked fine from inside the cluster and via NodePort on weird high ports. The problem was that no actual client device could use it as a DNS server, because DNS clients expect port 53 and NodePort gives you 30054.

What started as “just give Pi-hole a real IP” turned into a new VLAN, a new DHCP server, firewall policy changes, switch configuration, and a Ruckus SSID. The usual homelab scope creep.

Split DNS, MetalLB, and the dnsmasq Debugging Saga

Sun, 12 Apr 2026 00:00:00 +0000

This is the story of building split-horizon DNS for a homelab with four VLANs, a FortiGate firewall, a 5-node MicroK8s cluster, and a Cloudflare tunnel. Then spending hours debugging why dnsmasq wouldn’t answer queries despite the port being open, the firewall allowing traffic, and the container running fine. The entire implementation and debugging session was driven through MCP tooling.

Networking the Heezy: VLANs, Firewall Zones, and How Traffic Moves

Thu, 12 Mar 2026 00:00:00 +0000

The network is the foundation of everything in the lab. Four VLANs, a FortiGate doing all the routing, a Cisco 3560 doing the switching, and a set of rules about what can talk to what. This post covers how it’s all wired together, how DNS works across zones, and how remote access gets in without exposing anything to the internet.

The Heezy: A Homelab That Got Out of Hand

Tue, 10 Mar 2026 00:00:00 +0000

What Even Is a Heezy

If you grew up in the early 2000s, you probably remember when Snoop Dogg had everyone adding “-izzle” to everything. “For sheezy” was peak vocabulary for a 12-year-old who spent too much time on Counter-Strike and not enough time on homework. “Heezy” rhymes with “easy,” which is what I told myself this project would be. It was not easy. But the name stuck, and now my entire infrastructure is named after slang that peaked in 2003. No regrets.

Tailscale, FortiGate CVEs, and Remote Access That Doesn't Suck

Tue, 10 Feb 2026 00:00:00 +0000

🚧 UNDER CONSTRUCTION 🚧 This post is a work in progress.

The Problem

I need to reach into my home network from anywhere. SSH into nodes, check Grafana dashboards, access services that aren’t exposed through Cloudflare. The traditional answer is a VPN, and I have a FortiGate sitting right there with IPSec and SSL VPN capabilities built in.

Cellular Backup Internet

Sat, 19 Nov 2022 00:00:00 +0000

🚧 UNDER CONSTRUCTION 🚧