Hi to all!
I would like to divide my domain of broadcast at home in two part, one for the pcs and the other for the NASs in order to reduce a ransomware risk.
IPFire [Core Update 158 ] is installed on a second hand board [COMMELL LE37DNX2 Intel - Celeron N2930 @1.83GHz - ram 4GB - SSD 120GB] with two nics [green + red].
I have also bought an old layer-2 switch [D-Link DGS-1100-08 8 ports], so I am able to manage the Vlans.
Now my question is this: on a single nic [green] is IPFire able to manage the routing between vlans or is it necessary to add a “router-on-a-stick”?
Reading this [blog.ipfire.org - IPFire 2.23 - Core Update 132 released] I don’t understand if it is possible to assign the two vlans [pcs and NASs] to Orange and Blue zone and if green zone is so able to manage itself the routing between the two.
Is anyone able to give me an answer about this question?
Many Thanks for your support and time.
Best Regards
Ciao
Paolo
Never done it myself, so take it with a kg of salt. As far as I know, IPFire should be able to manage the routing between VLANs, but I believe you need downstream of IPFire a switch to separate the traffic, which you have.
I believe you can assign one VLAN tag to one zone, per NIC and up to 4 VLAN tags (and their zone) in total. In other words, a NIC can have up to 4 VLANs, but a VLAN can be assigned only to one NIC. So in your case, you assign to the card reserved for the outgoing traffic from IPFire to the LAN (as in, not the red one but the other) a VLAN “green” destined to the NAS and a VLAN “blue” to the PCs (or orange, but I think it is better blue).
In other words, all the traffic to and from the LAN will go trough the NIC you have assigned as a green interface during the first setup of the installation of IPFire, but subsequently from the web user interface you should changed it so that the ethernet nic - again, to which you have initially assigned a green interface - will have two vlan assigned to it (blue and green). Documentation here
Hi cfusco,
many thanks for your help.
I will dedicate more time to understand better how IPFire manages the VLANs.
Again thanks
Ciao
Paolo