5
I want to establish a second LAN at home. It’s supposed to host different
services on different infrastructure (vms, k8s, docker) and mostly serving as a
lab. I want to separate this from the default ISP router LAN (192.68.x.0/24). I
have a machine with 2 NIC (eno1 plugged in at ISP router and eno2), both with
corresponding bridges and proxmox. I already set up the eno2 bridge with a
10.x.x.x IP and installed a opnsense vm that has eno1 as the WAN interface in
the 192 network and eno2 as the LAN interface as 10. network with dhcp server. I
connected a laptop (no wifi) to eno2, got a dhcp lease and can connect the
opnsense interface, machines in the 192 network and the internet, same for a vm
on the eno2 bridge, so that part is working. There’s a pihole in the 192 network
that I successfuly set as the dns server in opnsense. Here’s what I am trying to
achieve and where I’m not sure about how to properly do it: - Block access from
the 10 network to 192 network except for specific devices - I guess that’s
simply firewall rules - Make services (by port) in the 10 network accessible to
the internet. I currently have a reverse proxy vm in the 192 network which got
80 and 443 forwarded by the ISP router. Do I need to add a second nic to the vm
or can I route some services through the firewall? I want to firewall that vm
down so it can’t open outgoing connections except for specific ports on specific
hosts. - Make devices in the 10 network available for devices in the 192 network
- here I’m not quite sure. Do I need to a static route? - Eventually I want to
move all non-enduser devices to the new LAN so I can experiment without harming
the family network but I want to make sure I understand it properly before doing
that I’d be glad for any hints on this, I’m a bit confused with the nomenclature
here. If you have other ideas on how to approach this, I’m open for that too.
You must log in or register to comment.