[ale] VLANs for home with a Linux Router

Fri Jan 6 08:58:07 EST 2017

Hmm. I'm on a custom small form factor build with Void Linux as the OS. My
edge firewall rules aren't that complicated, and really easy with `ipset`,
but some of those pfSense pre-fabs look nice. Especially the SG-1000 and
SG-2220.

On Mon, Jan 2, 2017 at 9:40 PM, Chuck Payne <terrorpup at gmail.com> wrote:

>
> On Mon, Jan 2, 2017 at 8:13 PM, Alex Carver <agcarver+ale at acarver.net>
> wrote:
>
>> On 2017-01-02 16:55, DJ-Pfulio wrote:
>> > On 01/02/2017 06:55 PM, Robert L. Harris wrote:
>> >> Linux firewall
>> >
>> > That can mean almost anything.
>> >
>> > VLANs are "suggestions", not security, unless there is physical
>> separation at
>> > some point.
>> >
>> > Better to segment the network using a different router port for each
>> subnet and
>> > separate "dumb" switches for each, as needed.
>> >
>> > This is actually how I do it, but with pfsense for the router. A normal
>> linux
>> > distro can do it, just tie the firewall rules to the specific
>> interface. Don't
>> > know about typical $20 home routers.
>>
>> If you have a router with something like OpenWRT installed then it can
>> handle tagging, too.  Otherwise it's probably easiest to get something
>> like a Ubiquiti EdgeRouter if an appliance is desired instead of rolling
>> one from scratch.
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>
> Like JD, I use pfsense, but I also have a Netgear GT748 switch that does
> vlans. I have four that my pfsense manages
>
> vlan1 192.168.1.0/24 things that can be open
> vlan2 192.168.5.0/24 things that are blocked ( my kids network, they have
> their only wireless network )
> vlan3  192.168.10.0/24 things that I need for work, they can be access
> via my openvpn
> vlan4  192.168.253.0/24 openvpn
>
> I know it a bit much, but after catching someone spying on me this summer,
> I had to bring things out. With kids under 18, I feel much better that I am
> monitor and blocking things. Like, my 5 year finds youtube videos of let
> things I not ready to talk about so easy, are bloclked now. The firewall
> logs are great. You can click on ip and setup rules right there, in matters
> of seconds.
>
> I tried to do with this openSUSE, they have a great firewall that is built
> in, but iptables rules can be hard to write. One thing that won me more
> over with pfsense, was the fact I had a hard fail on my Saturday. I fired
> up a virt, took a backup that I had made and restored it, it installed all
> my adds (nmap, openvpnclient, darkstat, and more ) with our me asking. It
> read it from the config, I only lost two vpn accounts because they made
> after my last backup. But I was only down for 15mins, I have since
> replaced the drive and it backup with the update config. Doing a fresh
> install of openSUSE or Debian, usually takes much longer.
>
>
> --
> Terror PUP a.k.a
> Chuck "PUP" Payne
> -----------------------------------------
> Discover it! Enjoy it! Share it! openSUSE Linux.
> -----------------------------------------
> openSUSE -- Terrorpup
> openSUSE Ambassador/openSUSE Member
> skype,twiiter,identica,friendfeed -- terrorpup
> freenode(irc) --terrorpup/lupinstein
> Register Linux Userid: 155363
>
> Have you tried SUSE Studio? Need to create a Live CD,  an app you want to
> package and distribute , or create your own linux distro. Give SUSE Studio
> a try.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>

-- 
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (music)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20170106/bc485be3/attachment.html>