Not trying to go down a rabbit hole, nor invade your teen’s privacy, but have you done any kind of packet inspection on what’s going out/in? Teens can surprise you with the kind of stuff they’re up to sometimes.

I’m not sure why your resolver started acting up but what you’re describing doesn’t sound like normal cause/effect. Four people on a residential connection, even if you throw in a ton of electronic devices and iot/crap that calls home constantly shouldn’t cause any kind of ISP engagement.

Not like it really matters, for 99.9% of people having a forwarder is easy and just fine and there isn’t good reason to troubleshoot it if there’s a working solution. I’m pretty privacy conscious and I don’t even think having my own forwarder is worth the hassle, I am just choosy about my upstream.

If pi hole is configured to use another DNS it will still forward your request, just not to your ISP DNS server. Essentially you’re providing your DNS requests to a 3rd party, for a slight boost to performance (because they’ll have tons of stuff cached and can do recursive queries faster if you’re requesting a site not in their cache.) Your web pages will load faster because you don’t have an SBC trying to manually figure out what’s the IP for bigfuckdaddyhairbrushemporium.net

The downside is you’re exposing your DNS queries to a 3rd party and it’s a bit of a privacy hit, as the upstream DNS server you select has your public IP correlated with your DNS requests. Doesn’t really matter to most, but it does for some.

Even if your ISP did have something in place to try and prevent abuse I find it unlikely it would trigger over normal traffic. Do you have a huge network/many hosts/exposed services?

You haven’t really given enough information about your config to diagnose.

If you’re able to access it from your local network but not your outside network it’s a port forwarding/firewall or routing issue. My guess is it’s a firewall issue either on your network edge (likely integrated into your router) or on your server that’s hosting immich.

Unless you do one of the following you won’t be able to access it from outside your network:

-set up a VPN and tunnel into your network. Wireguard or tailscale/zerotier will be easiest.

-set up port forwarding correctly. Not my first choice, best to VPN in rather than poke holes in your firewall, especially if you’re a noob.

-set up a reverse proxy. This is a bit more complicated than a VPN or overlay VPN (tail scale etc), but it works fine and will be secure as well.

If you haven’t done one of those three things then you won’t be able to access anything from outside your network, for good reason - your firewall is by default set up to deny connections that are initiated from outside your network, so when you’re trying to connect from the outside it looks at your traffic trying to start a connection to your server and naw dawg’s it.

Edit: just saw from another comment you’re not able to connect from your home Wi-Fi. If that’s the case, are you running a VPN on your phone? That can cause problems. Have you tried using the server’s local IP instead of your external IP? 192.168.x.x most likely. You can try to disable the server’s firewall and see if that lets you connect as well. Is your server on the same subnet as your phone? 192.168.1.x and 192.168.2.x won’t talk unless you set your router up correctly.

Just shooting in the dark here without more info

Edit2: if you’re running inmich in a container or VM your configs on that might not be set up correctly to allow you to reach it as well. It can be a lot of things but my money is on firewall/routing somewhere. Start by making sure you’re trying to connect to the local IP of the server, then try to disable server firewall (don’t forget to enable it again whether that solves it or not), and see if that works.

Um, TPMs for sure provide meaningful security. Maybe their use is implemented poorly a lot of the time, AND they can be abused to hold control over hardware you’ve purchased, but low level exploits are for sure a thing and TPMs and other dedicated hardware security modules (for enterprise) most definitely serve a purpose.

They’re a response to the ever evolving advancement of cyber exploits. Don’t knock them on principle, take affront to when they’re used poorly.

I’m not defending Israel. I’m answering this guy’s question, like wHaT PrOxIeS??

You can straw man all you want, but not once have I defended Israel’s actions. Just because Israel is shit to gazans doesn’t mean that Iran is not also shit to Israel. Straw man.

If we want to have a legitimate conversation about morality then we start by agreeing on facts.

Trying to claim Iran did nothing wrong is not factual.

The most prevalent proxies are the houthis and Hezbollah, which Iran has been arming, financially supporting, and influencing for about two decades now so they can attack Israel without getting themselves into an all out war with Israel and the USA, which they know they would likely lose.

Argue all you want about whether or not Israel should have bombed Iran, but calling it unprovoked is extremely disingenuous.

That same target audience would be the least equipped to install a new drive or handle any problems that do come up. How many John Q public people have even opened up their laptop to dust it out?

Problems might be rare, but if I am selling a product (in this case new storage with Linux on it) I need to be able to charge enough to cover all my overhead. Every time I sell it and it doesn’t work out of the box that’s time spent helping the customer, more shipping/return costs, or both. Markup has to cover all that, and I’d guess that it’s not viable as a business model to charge a high enough price to deal with all the random static from computer illiterate people.

I get what you’re saying but I just don’t see it being a viable business strategy to sell this product to that target audience.

Anyone who knows enough to seek out and purchase a Linux OS drive can just download and install it themselves.

Hmmmmmm… I think the hardware bugs might be rare, but common enough to make this a tricky product to sell consistently to the unknown masses.

Also, I think storage partitioning could be a problem; assuming some number of people would have other drives that they had OS/media together, or just separate storage with files they wanted to keep. Those would be NTFS, which can read/write on Linux but you won’t have the best compatibility with Linux program execution (depending on a ton of factors).

I’m sure this guy’s dad that needs help installing Linux will appreciate the clarification, good thing you’re here to point that out