Hi community,
for better understanding first I will describe my network configuration.
Server with 4 network interfaces with an installed Proxmox
All four interfaces are connected to the same switch
The switch is part of a windows network lets say 192.168.10.x
A router with 192.168.10.200 is the the gateway to the internet
A virtual machine with Nethserver and two network interfaces is installed at Proxmox
Nethserver has a green role IP: 192.168.11.1, gateway: empty with following DHCP settings Range:192.168.11.100 to 192.168.11.200, Gateway: 192.168.11.1, DNS 192.168.11.1
and a red role with IP:192.168.10.14, Gateway 192.168.10.200
DNS of Nethserver is standard google 8.8.8.8
The Windows Network has no DHCP
Hope I didn’t forgot anything.
My problem now is, that I don’t want to see the shares of the windows network (192.168.10.x) at my green network (192.168.11.x). 192.168.10.x should have it’s own shares and 192.168.11.x although. Is it possible without VLAN?
To be fair, this is “Security by obscurity”, even if using a firewall rule.
A vLAN would be the more secure way, when using only one switch…
But - you do need a vLAN capable Switch.
Any host with a network scanner would still “see” the windows network, even if on the NS network…
The switch always transmits both networks…
My Macbook would see both, and only because I have a tool to scan for devices and draw the network with that info… (And me not being a hacker…)
This would be the clean way to seperate networks, when only using one (managed) switch. The vLAN used here is vlan99, this is dedicated to Proxmox. No DHCP, no Gateway.
VLan1 is the normal, untagged network, that’s why one should never use vLans 0 or 1…
Here’s an example with a HP Switch, the vLAN seperated ports are 21, 22, 23, 24 these are only for Proxmox/NAS… (The 4er block to the right).
Thanks Andy,
we have two manageable switches, which we didn’t manage till now and a Lancom router. Also we have some not manageable switches. Do this work?
