General network configuration

Hi all,

Before a complete reconfiguring of my network and a fresh install of ipfire I want to double check my ideas by this community.

My requirements:

blue interface only for guest (guests in the holiday flat)

orange interface for ftp, http, own-cloud, and probably smart-tv + game console + home automatisation hub, 2.nd NAS for music and movies to access from everywhere

green interface: all internal PCs, Laptops, 1. NAS , and probably via wifi AP also internal android devices

Now my questions:

  1. Is it a good idea to connect smart-tv and gaming console and home automatisation hub in orange? The idea is to separate these untrusted devices from green, but have access to movies and music for TVand and console.
  2. Does it makes sense to have a second blue interface for the internal android devices?
  3. What is the best place for the home automatisation hub, this would be a raspi which will provide a separate dedicated wlan only for home automation sensors and aktors.

My theoretical ideal configuration would be to have 3 x orange to separate smart-tv and console and a 3rd one only for the home automation. Additional to have 2 blue interfaces for guests and my own android devices.

The use of additional components like switches isn’t a problem for me.

Could you please comment my ideas and give me some hints for optimization?

BR
S.

Hi.

  1. In general, devices in the Orange interface (DMZ) are to be accessed from the Internet.
  2. Are you referring to your own android devices or guests? For your own, I would use the Green interface.
  3. If you need to have access from the Internet, I would suggest you set up a VPN either in Green or Blue interfaces that will connect you to raspberry.

I hope I helped a little bit :slight_smile:

IMVHO: way too much interfaces for a single house. But i will try to simplify, playing along.
1 red… it’s mandatory :wink:
1 green for wired devices.
1 blue/green for internal Android Devices
1 blue for guests
1 orange for Home automation, and specific rules for who’s allowed to access(green, blue/green internal, Red/internet if you like) and who’s not (other Oranges. guests)
1 orange for all the rest, quite useless to multiply separation, especially if you don’t need to access to media on “Green NAS”

If home automation won’t be accessed by internet (RED) maybe you could use the same blue/green for internal Android Devices, so you will have capabilities to deliver vLAN to your AP for separated SSID for different vLANS for Guests and yourself, saving some devices.

Why Blue/Green? Matter of trust. If you trust your wireless devices that will gonna be internal, if setted to green will ease a lot of traffic; don’t forget that any interface is a subnet, so rules can be applied not only from one interface to another, but also from one source or another (subnets included) or from one subnet to another, even if it’s in the same “segment”/Colour.

Hi,

I think you might want your devices and IoT things in the same subnet. They use multicasts to find each other and those won’t work across subnet borders.