I need to create a VLAN and move my home users to that VLAN.
Right now, I have a LAN where I have the home users and a HOTLAN for IoT devices.
I have the following devices with static IP:
Router: 192.168.4.1
Unifi 60W managed switch:192.168.4.2
Unifi AP-AC lite: 192.168.4.3
PiHole: 192.168.4.4
Unifi controller: 192.168.4.6
Printer 192.168.4.7
I want to create a new VLAN 10 for users, but keep the network gears in LAN 192.168.4.0/24 network.
I also want to isolate VLAN10 from LAN and I know the HOTLAN is already separated from everything.
For the VLAN to access PiHole and the printer, what firewall rules I need to do? Is there an example some one point me to? or what would be the best path forward?
Right now, I have a LAN where I have the home users and a HOTLAN for IoT devices.
I have the following devices with static IP:
Router: 192.168.4.1
Unifi 60W managed switch:192.168.4.2
Unifi AP-AC lite: 192.168.4.3
PiHole: 192.168.4.4
Unifi controller: 192.168.4.6
Printer 192.168.4.7
I want to create a new VLAN 10 for users, but keep the network gears in LAN 192.168.4.0/24 network.
I also want to isolate VLAN10 from LAN and I know the HOTLAN is already separated from everything.
For the VLAN to access PiHole and the printer, what firewall rules I need to do? Is there an example some one point me to? or what would be the best path forward?
In IP Settings
Share this post:
Responses (4)
-
Accepted Answer
From reading your post I understood you wanted isolation of two of the LANs. which *may* suite the HotLAN model. In this model LAN's can access HotLANs but not vice versa. But I am not really clear on what you are trying to achieve.
Multiple HotLANs with that script also work with VLANs. it is up to you if you want VLAN's. The one thing you need to take into account, possibly is that HotLAN's can't access the server either (except for DHCP and DNS).
If you create a VLAN of the LAN type, it can access the other LAN. There is no isolation between LANs, but you can add isolation rules to the firewall if you want. -
Accepted Answer
-
Accepted Answer
@Nick Thanks
So, after crating a HotLan I put script file in /etc/clearos/firewall.d/04-hotlans folder.
This will keep all my HotLans and Lan isolated?
Why not I create a a VLAN, already I have a Lan and HotLan? Is this not a good idea?
For the 1st option of 2 Hotlans and a Lan, do I need any firewall to allow my Pihole and Printer accessible to the Hotlans from Lan? -
Accepted Answer
Unfortunately the way the HotLAN rules have been written is restrictive. You can still have multiple HotLANs but some crosstalk is allowed from one HotLAN to another but I can't remember the details. I believe I know how to fix the rules to allow as many HotLANs as you want. The problem is that I don't have a full test suite for the changes and risk breaking something. If you want to do a small script, have a look at the IP Settings docs.
I'm afraid I don't understand your comment about "network gears".
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »