Hello, I’m planning on creating a home server and getting some cameras.
I would like to have the server, cameras and all IOT devices be disconnected from the internet but still be able to access them within the house from different devices and maybe have limited access to them when outside.
Do I need a specific hardware for this? And what router would support this? I’m still in the planning phase but I’m looking for budget friendly solutions.
Thank you
You’d put a router with firewall capabilities in place of that cloud on the right. The devices you don’t want to have internet access will be put into a different subnet than your normal home LAN on the left. You’ll then make a “Deny all” rule so that the devices on the right can’t leave their subnet, with the exception of any explicit allow rules that you make.
What about classic DMZ network and VPN?
The DMZ serves to your LAN only. You use the VPN to effectively become a part of your LAN.
I have a similar set-up
I use a wireless access point that can expose multiple ssid with different vlans (I think it a fairly common feature)
my router runs openwrt and the iot vlan is in a different firewall zone
use wireguard to remotely access the lan zone
Does the router creates the VLAN or the access points?
Also to achieve this I have to gave wiregaurd on a device connected to the internet right? I can’t install it on my home server if I wanted it disconnected from the internet, correct?
Vlans firewall rules and something to route between the different networks.
This can all be achieved with pretty much every Linux installation.
Are there any decent interfaces for configuring routing and vlans with linux these days?
OPNsense is excellent. You can run it on a cheap mini PC with multiple Ethernet ports and it makes a great router. I run several VLANs through it.
Edit: It’s based on FreeBSD, not Linux, in case that matters to you.
I do the exact same thing, only over PFSense (no issues with OPNSense at all, I just get along with PFSense better). 6 VLANs and 7 APs around the house, no VLAN can see the other, and all my "smart devices work exclusively local, and if I need to reach them from outside, I VPN into my house over WireGuard. It sounds more complicated than it is. Once it’s all set up, it just works.
OpenWRT?
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters AP WiFi Access Point DNS Domain Name Service/System IP Internet Protocol IoT Internet of Things for device controllers VPN Virtual Private Network
5 acronyms in this thread; the most compressed thread commented on today has 13 acronyms.
[Thread #625 for this sub, first seen 24th Mar 2024, 13:45] [FAQ] [Full list] [Contact] [Source code]
Pfsense and opnsense are also very good for this.
This one of those questions I am overwhelmingly eqipped to answer, but only with the weird proprietary knowledge about software defined networking and microsegmentation that my job has endowed me with…
So I’ll resist the urge to give you that overcomplicated answer and just say get a firewall like others have suggested.
I know vlans is the answer, but I don’t know how to set it up. I really need to do this with my own network some day. There must be an OPNsense guide for this, I know it…
Vlan I think. Don’t quote me on it
Vlan I think
he’s right, though. and a router between them.
vlans are not needed, but they are better than just using different ip ranges without physical seperation
I was just quoting COP because they said not to quote them