Two simple routing question using the Firewall


(Paul Farrar) #1

I have multiple NIC ports and want to configure one as Red, one as Orange, one as Blue and one a Green.

Is there a basic rule of thumb to set up routing between these VLan’s when they are all on different IP sub nets (10.0.1.x, 10.0.2.x etc) or does the router bit just sort it out for you?

Can you set up a 5th VLan as a second “Green” LAN for management and monitoring purposes, so I can access everything else but not allow the other clients of the main “Green” LAN access to it.


(Alessio Fattorini) #2

Yes there is, check http://docs.nethserver.org/en/latest/firewall.html

Firewall policies allow inter-zone traffic accordingly to this schema:
GREEN -> BLUE -> ORANGE -> RED
Traffic is allowed from left to right, blocked from right to left.
You can create rules between zones to change default policies from Firewall rules page.

You can create as green as you want, I want to remind you that you should create VLAN only when you need to create two or more logically separated networks using a single interface


(Paul Farrar) #3

Thanks for your input, the second bit confused me slightly…

“You can create as green as you want, I want to remind you that you should create VLAN only when you need to create two or more logically separated networks using a single interface”

I am creating the VLANS on a linked pair of 24 port switches. In my Nethserver I have the single eth0 port on the Motherboard and 4 ports added in a 4 port NIC card, giving me 5 in total.

I will set one port for each zone, Green, Blue, Orange, Red. I assume Red would have to be a 192.168.0.x IP as my ISP has to be in this range at least for now as I am changing ISP’s soon and hope the new router from them will be more flexible.

Then I was going to make Green 10.0.1.x, Blue 10.0.2.x and Orange 10.0.3.x.

This would leave me with 1 spare Ethernet port and I was thinking about using this as a management LAN for my switches, the iLO on my HP server and possible access to the Nethserver as well as a range of IoT’s devices that communicate via radio (not WiFi) to a Raspberry Pi that in turn acts as a Gateway to my LAN.

I know this is over kill for home but I have proper cabling all around my House that I put in when we had the house rewired, two HP Micro servers and 2 decent switches and a collection of gadgets I want to connect up as well as all the home automation stuff. :slight_smile:


(Alessio Fattorini) #4

A bit overkill, definitely :slight_smile: btw great environment!