GREEN was connected to a LAN switch and aWireless access point
So Wired and Wireless were seamlessly on the same subnet.
Netgear stopped supporting the WAP so I need to discontinue using it.
How could I recreate a seamless Green to Blue Pinhole where all Wired devices could talk to WIreless?. Ideally same subnet. I don’t mind manually addind MAC addressses for Blue
What is the problem with two networks connected to two NICs?
From a security aspect it is safe to have two separate networks. Green network ( usually Ethernet ) has a much more stricter physical access mode. You can only connect by wire.
The blue network ( wireless ) can be accessed/used just by sending/receiving on the frequencies of the AP. You can’t know exactly whether all these devices are allowed and trusted,
Seperating these nets allows mechanisms to control the access.
A possible solution ( if don’t have a 3rd NIC ) is to install a wireless card, capable of AP mode, and the hostapd addon. For trusted devices on blue you can allow access to green.
Thank you Bernhard. I understand the security concept of separating Blue and Green. I will use the MAC address filter for limited security but I prefer if the network functions seamlessly without anyone complaining they can’t access printers etc…
I have a wireless card NIC on Blue and using Hostapd addon.
How could I keep BLUE and Green together so they can share NTP, DNS, printers etc…
Trying to understand purpose here. Red, Green, Blue, Orange are just interface assignments. Nothing states any are strictly wired or wireless. You can have an AP on green same as you can have one on Blue or Orange. The Blue interface was just created for security reasons to isolate a subnet.
Fairly sure two interfaces cannot have the same subnet. If it is possible I can only imagine it would cause nothing but issues.
Unfiltered access is completely possible between two zones simply by make one firewall rule allowing all traffic to pass from Blue to Green. Green to Blue is allowed by default.
For separation each network has to be tied to its own NIC ( called red0, green0, blue0, orange0 )
Each NIC has its own characteristic wired/wireless
The purpose of the four networks is defined by design
red is the WAN
green is the LAN
blue is a second LAN which isn’t trusted as green, usually established by a 802.11 network
orange is a network of local servers that can be accessed from outside (WAN) through red0
According to the purpose and the trustiness each network has its own access rules, defined by iptable rules.
These can be altered by further rules. For example to allow access from blue device to green devices.
There are no restrictions to the kind of devices placed into the networks.
another option that I use is to add an old WiFi AP Ethernet wired to the Green network.
Put the AP in bridge mode, no DHCP. Any connected device (WiFi or one of the 4 Ethernet ports in my case) is just routed to the green as if direct wired.