[ale] VLANs for home with a Linux Router

Chuck Payne terrorpup at gmail.com
Mon Jan 2 21:40:20 EST 2017


On Mon, Jan 2, 2017 at 8:13 PM, Alex Carver <agcarver+ale at acarver.net>
wrote:

> On 2017-01-02 16:55, DJ-Pfulio wrote:
> > On 01/02/2017 06:55 PM, Robert L. Harris wrote:
> >> Linux firewall
> >
> > That can mean almost anything.
> >
> > VLANs are "suggestions", not security, unless there is physical
> separation at
> > some point.
> >
> > Better to segment the network using a different router port for each
> subnet and
> > separate "dumb" switches for each, as needed.
> >
> > This is actually how I do it, but with pfsense for the router. A normal
> linux
> > distro can do it, just tie the firewall rules to the specific interface.
> Don't
> > know about typical $20 home routers.
>
> If you have a router with something like OpenWRT installed then it can
> handle tagging, too.  Otherwise it's probably easiest to get something
> like a Ubiquiti EdgeRouter if an appliance is desired instead of rolling
> one from scratch.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>

Like JD, I use pfsense, but I also have a Netgear GT748 switch that does
vlans. I have four that my pfsense manages

vlan1 192.168.1.0/24 things that can be open
vlan2 192.168.5.0/24 things that are blocked ( my kids network, they have
their only wireless network )
vlan3  192.168.10.0/24 things that I need for work, they can be access via
my openvpn
vlan4  192.168.253.0/24 openvpn

I know it a bit much, but after catching someone spying on me this summer,
I had to bring things out. With kids under 18, I feel much better that I am
monitor and blocking things. Like, my 5 year finds youtube videos of let
things I not ready to talk about so easy, are bloclked now. The firewall
logs are great. You can click on ip and setup rules right there, in matters
of seconds.

I tried to do with this openSUSE, they have a great firewall that is built
in, but iptables rules can be hard to write. One thing that won me more
over with pfsense, was the fact I had a hard fail on my Saturday. I fired
up a virt, took a backup that I had made and restored it, it installed all
my adds (nmap, openvpnclient, darkstat, and more ) with our me asking. It
read it from the config, I only lost two vpn accounts because they made
after my last backup. But I was only down for 15mins, I have since
replaced the drive and it backup with the update config. Doing a fresh
install of openSUSE or Debian, usually takes much longer.


-- 
Terror PUP a.k.a
Chuck "PUP" Payne
-----------------------------------------
Discover it! Enjoy it! Share it! openSUSE Linux.
-----------------------------------------
openSUSE -- Terrorpup
openSUSE Ambassador/openSUSE Member
skype,twiiter,identica,friendfeed -- terrorpup
freenode(irc) --terrorpup/lupinstein
Register Linux Userid: 155363

Have you tried SUSE Studio? Need to create a Live CD,  an app you want to
package and distribute , or create your own linux distro. Give SUSE Studio
a try.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20170102/2ae2e8db/attachment.html>


More information about the Ale mailing list