Hello, I’m planning on creating a home server and getting some cameras.
I would like to have the server, cameras and all IOT devices be disconnected from the internet but still be able to access them within the house from different devices and maybe have limited access to them when outside.
Do I need a specific hardware for this? And what router would support this? I’m still in the planning phase but I’m looking for budget friendly solutions.
Thank you
You’d put a router with firewall capabilities in place of that cloud on the right. The devices you don’t want to have internet access will be put into a different subnet than your normal home LAN on the left. You’ll then make a “Deny all” rule so that the devices on the right can’t leave their subnet, with the exception of any explicit allow rules that you make.
This one of those questions I am overwhelmingly eqipped to answer, but only with the weird proprietary knowledge about software defined networking and microsegmentation that my job has endowed me with…
So I’ll resist the urge to give you that overcomplicated answer and just say get a firewall like others have suggested.
I know vlans is the answer, but I don’t know how to set it up. I really need to do this with my own network some day. There must be an OPNsense guide for this, I know it…
Pfsense and opnsense are also very good for this.
Vlans firewall rules and something to route between the different networks.
This can all be achieved with pretty much every Linux installation.
Are there any decent interfaces for configuring routing and vlans with linux these days?
OPNsense is excellent. You can run it on a cheap mini PC with multiple Ethernet ports and it makes a great router. I run several VLANs through it.
Edit: It’s based on FreeBSD, not Linux, in case that matters to you.
I do the exact same thing, only over PFSense (no issues with OPNSense at all, I just get along with PFSense better). 6 VLANs and 7 APs around the house, no VLAN can see the other, and all my "smart devices work exclusively local, and if I need to reach them from outside, I VPN into my house over WireGuard. It sounds more complicated than it is. Once it’s all set up, it just works.
OpenWRT?
Vlan I think. Don’t quote me on it
Vlan I think
he’s right, though. and a router between them.
vlans are not needed, but they are better than just using different ip ranges without physical seperation
I was just quoting COP because they said not to quote them
